Class PGPPublicKeyService
java.lang.Object
org.eclipse.equinox.p2.repository.spi.PGPPublicKeyService
A service for managing and searching
keys
.
Implementations may make use of a
key
server to fetch up-to-date information about keys. Implementations should
generally provide support for caching and efficient lookup of keys,
especially lookup based on key ID
because
signatures generally use key IDs
and this is
the primary use case.
Implementors of this service are responsible for registering the
implementation with the provisioning agent
either
explicitly
or via
an agent service factory
.
- Since:
- 2.6
- See Also:
-
PGPPublicKey.getKeyID()
PGPSignature.getKeyID()
IAgentServiceFactory
IProvisioningAgent.registerService(String, Object)
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The name used for obtaining a reference to the key service. -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionabstract org.bouncycastle.openpgp.PGPPublicKey
addKey
(org.bouncycastle.openpgp.PGPPublicKey key) Adds the given key to this key service.static long
compareSignatureTimeToKeyValidityTime
(org.bouncycastle.openpgp.PGPSignature signature, org.bouncycastle.openpgp.PGPPublicKey key) If the signature'screation time
is before the key'screation time
, this returns a negative value equal to the number of milliseconds that the signature was created before the key was created.org.bouncycastle.openpgp.PGPPublicKey
getKey
(byte[] fingerprint) Returns the key associated with the givenfingerprint
.abstract org.bouncycastle.openpgp.PGPPublicKey
Returns the key associated with the givenfingerprint
represented as ahexadecimal
string value.abstract Collection<org.bouncycastle.openpgp.PGPPublicKey>
getKeys
(long keyID) Returns the keys associated with the givenkey ID
.abstract Set<org.bouncycastle.openpgp.PGPPublicKey>
getVerifiedCertifications
(org.bouncycastle.openpgp.PGPPublicKey key) Returns the set of keys that have been verified to have signed the given key.abstract Date
getVerifiedRevocationDate
(org.bouncycastle.openpgp.PGPPublicKey key) If this key has a revocation signature that is verified to have been signed by the public key of that revocation signature, this returns thecreation time
of that signature, otherwise it returnsnull
.boolean
isCreatedBeforeRevocation
(org.bouncycastle.openpgp.PGPSignature signature, org.bouncycastle.openpgp.PGPPublicKey key) Returns whether the signature'screation time
is before the key'sverified revocation date
, if that key has one.static String
toHex
(byte[] bytes) Returns the hexadecimal representation of the given bytes.static String
toHex
(long keyID) Returns the hexadecimal representation of the given long value, typically a key ID, padded with leading zeros to a length of 16.static String
toHexFingerprint
(org.bouncycastle.openpgp.PGPPublicKey key) Returns the hexadecimal representation of the key'sfingerprint
.
-
Field Details
-
SERVICE_NAME
The name used for obtaining a reference to the key service.
-
-
Constructor Details
-
PGPPublicKeyService
public PGPPublicKeyService()
-
-
Method Details
-
getKey
public org.bouncycastle.openpgp.PGPPublicKey getKey(byte[] fingerprint) Returns the key associated with the givenfingerprint
.- Parameters:
fingerprint
- the fingerprint for which to search.- Returns:
- the key with the matching fingerprint.
- See Also:
-
PGPPublicKey.getFingerprint()
-
getKey
Returns the key associated with the givenfingerprint
represented as ahexadecimal
string value.- Parameters:
fingerprint
- the fingerprint for which to search.- Returns:
- the key with the matching fingerprint.
- See Also:
-
PGPPublicKey.getFingerprint()
toHex(byte[])
-
getKeys
Returns the keys associated with the givenkey ID
. In general, key ID collisions are possible so implementations must be tolerant of that.- Parameters:
keyID
- the key ID for which to search.- Returns:
- the keys with the matching key IDs.
- See Also:
-
PGPPublicKey.getKeyID()
PGPSignature.getKeyID()
-
addKey
public abstract org.bouncycastle.openpgp.PGPPublicKey addKey(org.bouncycastle.openpgp.PGPPublicKey key) Adds the given key to this key service. An implementations may fetch more up-to-date information about this key from a key server and may return a different key than the one passed in here. In general an implementation may also return an existing key, with the same fingerprint, already known to the key service.- Parameters:
key
- the key to add.- Returns:
- the normalized key available in this key service.
-
getVerifiedCertifications
public abstract Set<org.bouncycastle.openpgp.PGPPublicKey> getVerifiedCertifications(org.bouncycastle.openpgp.PGPPublicKey key) Returns the set of keys that have been verified to have signed the given key. These are the links in the web of trust.- Parameters:
key
- the key for which to find keys that have signed it.- Returns:
- the set of keys that have been verified to have signed the given key.
- See Also:
-
PGPSignature.verifyCertification(String, PGPPublicKey)
PGPSignature.verifyCertification(PGPPublicKey, PGPPublicKey)
-
getVerifiedRevocationDate
If this key has a revocation signature that is verified to have been signed by the public key of that revocation signature, this returns thecreation time
of that signature, otherwise it returnsnull
.- Parameters:
key
- the key to test for revocation.- Returns:
- when this key was verifiably revoked, or
null
if it is not revoked. - See Also:
-
PGPSignature.getKeyID()
PGPPublicKey.hasRevocation()
PGPSignature.getCreationTime()
PGPSignature.KEY_REVOCATION
PGPSignature.SUBKEY_REVOCATION
-
isCreatedBeforeRevocation
public boolean isCreatedBeforeRevocation(org.bouncycastle.openpgp.PGPSignature signature, org.bouncycastle.openpgp.PGPPublicKey key) Returns whether the signature'screation time
is before the key'sverified revocation date
, if that key has one.- Parameters:
signature
- the signature to test.key
- the corresponding key of this signature against which to test.- Returns:
true
if the signature was created before the key was revoked or if the key is not revoked,false
otherwise.- Throws:
IllegalArgumentException
- if the signature'skey
is not the same as the key'skey ID
-
toHexFingerprint
Returns the hexadecimal representation of the key'sfingerprint
.- Parameters:
key
- the key for which to get the hexadecimal fingerprint.- Returns:
- the hexadecimal representation of the key's fingerprint.
-
toHex
Returns the hexadecimal representation of the given bytes.- Parameters:
bytes
- the bytes to convert to a hexadecimal representation.- Returns:
- the hexadecimal representation of the given bytes.
-
toHex
Returns the hexadecimal representation of the given long value, typically a key ID, padded with leading zeros to a length of 16.- Parameters:
keyID
- the long value, typically a key ID, to convert to a hexadecimal representation.- Returns:
- the hexadecimal representation of the given long value, padded with leading zeros.
-
compareSignatureTimeToKeyValidityTime
public static long compareSignatureTimeToKeyValidityTime(org.bouncycastle.openpgp.PGPSignature signature, org.bouncycastle.openpgp.PGPPublicKey key) If the signature'screation time
is before the key'screation time
, this returns a negative value equal to the number of milliseconds that the signature was created before the key was created. If the key has avalidity period
, i.e., if the key expires, and the signature's creation time is after the key's expiration, returns a positive value equal to the number of milliseconds that the signature was created after the key's expiration. Otherwise, the signature was created during the period of time that the key was valid and this returns0
.- Parameters:
signature
- the signature to test.key
- the corresponding key of this signature against which to test.- Returns:
- a negative value representing the number of milliseconds the
signature was created before the key was created, a positive value
representing the number of milliseconds the signature as created
after the key expired, or
0
if the signature was created during the valid period of the key. - Throws:
IllegalArgumentException
- if the signature'skey
is not the same as the key'skey ID
-