Class PGPPublicKeyService


  • public abstract class PGPPublicKeyService
    extends Object
    A service for managing and searching keys. Implementations may make use of a key server to fetch up-to-date information about keys. Implementations should generally provide support for caching and efficient lookup of keys, especially lookup based on key ID because signatures generally use key IDs and this is the primary use case.

    Implementors of this service are responsible for registering the implementation with the provisioning agent either explicitly or via an agent service factory.

    Since:
    2.6
    See Also:
    PGPPublicKey.getKeyID(), PGPSignature.getKeyID(), IAgentServiceFactory, IProvisioningAgent.registerService(String, Object)
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static String SERVICE_NAME
      The name used for obtaining a reference to the key service.
    • Method Summary

      All Methods Static Methods Instance Methods Abstract Methods Concrete Methods 
      Modifier and Type Method Description
      abstract org.bouncycastle.openpgp.PGPPublicKey addKey​(org.bouncycastle.openpgp.PGPPublicKey key)
      Adds the given key to this key service.
      static long compareSignatureTimeToKeyValidityTime​(org.bouncycastle.openpgp.PGPSignature signature, org.bouncycastle.openpgp.PGPPublicKey key)
      If the signature's creation time is before the key's creation time, this returns a negative value equal to the number of milliseconds that the signature was created before the key was created.
      org.bouncycastle.openpgp.PGPPublicKey getKey​(byte[] fingerprint)
      Returns the key associated with the given fingerprint.
      abstract org.bouncycastle.openpgp.PGPPublicKey getKey​(String fingerprint)
      Returns the key associated with the given fingerprint represented as a hexadecimal string value.
      abstract Collection<org.bouncycastle.openpgp.PGPPublicKey> getKeys​(long keyID)
      Returns the keys associated with the given key ID.
      abstract Set<org.bouncycastle.openpgp.PGPPublicKey> getVerifiedCertifications​(org.bouncycastle.openpgp.PGPPublicKey key)
      Returns the set of keys that have been verified to have signed the given key.
      abstract Date getVerifiedRevocationDate​(org.bouncycastle.openpgp.PGPPublicKey key)
      If this key has a revocation signature that is verified to have been signed by the public key of that revocation signature, this returns the creation time of that signature, otherwise it returns null.
      boolean isCreatedBeforeRevocation​(org.bouncycastle.openpgp.PGPSignature signature, org.bouncycastle.openpgp.PGPPublicKey key)
      Returns whether the signature's creation time is before the key's verified revocation date, if that key has one.
      static String toHex​(byte[] bytes)
      Returns the hexadecimal representation of the given bytes.
      static String toHex​(long keyID)
      Returns the hexadecimal representation of the given long value, typically a key ID, padded with leading zeros to a length of 16.
      static String toHexFingerprint​(org.bouncycastle.openpgp.PGPPublicKey key)
      Returns the hexadecimal representation of the key's fingerprint.
    • Constructor Detail

      • PGPPublicKeyService

        public PGPPublicKeyService()
    • Method Detail

      • getKey

        public org.bouncycastle.openpgp.PGPPublicKey getKey​(byte[] fingerprint)
        Returns the key associated with the given fingerprint.
        Parameters:
        fingerprint - the fingerprint for which to search.
        Returns:
        the key with the matching fingerprint.
        See Also:
        PGPPublicKey.getFingerprint()
      • getKey

        public abstract org.bouncycastle.openpgp.PGPPublicKey getKey​(String fingerprint)
        Returns the key associated with the given fingerprint represented as a hexadecimal string value.
        Parameters:
        fingerprint - the fingerprint for which to search.
        Returns:
        the key with the matching fingerprint.
        See Also:
        PGPPublicKey.getFingerprint(), toHex(byte[])
      • getKeys

        public abstract Collection<org.bouncycastle.openpgp.PGPPublicKey> getKeys​(long keyID)
        Returns the keys associated with the given key ID. In general, key ID collisions are possible so implementations must be tolerant of that.
        Parameters:
        keyID - the key ID for which to search.
        Returns:
        the keys with the matching key IDs.
        See Also:
        PGPPublicKey.getKeyID(), PGPSignature.getKeyID()
      • addKey

        public abstract org.bouncycastle.openpgp.PGPPublicKey addKey​(org.bouncycastle.openpgp.PGPPublicKey key)
        Adds the given key to this key service. An implementations may fetch more up-to-date information about this key from a key server and may return a different key than the one passed in here. In general an implementation may also return an existing key, with the same fingerprint, already known to the key service.
        Parameters:
        key - the key to add.
        Returns:
        the normalized key available in this key service.
      • getVerifiedCertifications

        public abstract Set<org.bouncycastle.openpgp.PGPPublicKey> getVerifiedCertifications​(org.bouncycastle.openpgp.PGPPublicKey key)
        Returns the set of keys that have been verified to have signed the given key. These are the links in the web of trust.
        Parameters:
        key - the key for which to find keys that have signed it.
        Returns:
        the set of keys that have been verified to have signed the given key.
        See Also:
        PGPSignature.verifyCertification(String, PGPPublicKey), PGPSignature.verifyCertification(PGPPublicKey, PGPPublicKey)
      • getVerifiedRevocationDate

        public abstract Date getVerifiedRevocationDate​(org.bouncycastle.openpgp.PGPPublicKey key)
        If this key has a revocation signature that is verified to have been signed by the public key of that revocation signature, this returns the creation time of that signature, otherwise it returns null.
        Parameters:
        key - the key to test for revocation.
        Returns:
        when this key was verifiably revoked, or null if it is not revoked.
        See Also:
        PGPSignature.getKeyID(), PGPPublicKey.hasRevocation(), PGPSignature.getCreationTime(), PGPSignature.KEY_REVOCATION, PGPSignature.SUBKEY_REVOCATION
      • isCreatedBeforeRevocation

        public boolean isCreatedBeforeRevocation​(org.bouncycastle.openpgp.PGPSignature signature,
                                                 org.bouncycastle.openpgp.PGPPublicKey key)
        Returns whether the signature's creation time is before the key's verified revocation date, if that key has one.
        Parameters:
        signature - the signature to test.
        key - the corresponding key of this signature against which to test.
        Returns:
        true if the signature was created before the key was revoked or if the key is not revoked, false otherwise.
        Throws:
        IllegalArgumentException - if the signature's key is not the same as the key's key ID
      • toHexFingerprint

        public static String toHexFingerprint​(org.bouncycastle.openpgp.PGPPublicKey key)
        Returns the hexadecimal representation of the key's fingerprint.
        Parameters:
        key - the key for which to get the hexadecimal fingerprint.
        Returns:
        the hexadecimal representation of the key's fingerprint.
      • toHex

        public static String toHex​(byte[] bytes)
        Returns the hexadecimal representation of the given bytes.
        Parameters:
        bytes - the bytes to convert to a hexadecimal representation.
        Returns:
        the hexadecimal representation of the given bytes.
      • toHex

        public static String toHex​(long keyID)
        Returns the hexadecimal representation of the given long value, typically a key ID, padded with leading zeros to a length of 16.
        Parameters:
        keyID - the long value, typically a key ID, to convert to a hexadecimal representation.
        Returns:
        the hexadecimal representation of the given long value, padded with leading zeros.
      • compareSignatureTimeToKeyValidityTime

        public static long compareSignatureTimeToKeyValidityTime​(org.bouncycastle.openpgp.PGPSignature signature,
                                                                 org.bouncycastle.openpgp.PGPPublicKey key)
        If the signature's creation time is before the key's creation time, this returns a negative value equal to the number of milliseconds that the signature was created before the key was created. If the key has a validity period, i.e., if the key expires, and the signature's creation time is after the key's expiration, returns a positive value equal to the number of milliseconds that the signature was created after the key's expiration. Otherwise, the signature was created during the period of time that the key was valid and this returns 0.
        Parameters:
        signature - the signature to test.
        key - the corresponding key of this signature against which to test.
        Returns:
        a negative value representing the number of milliseconds the signature was created before the key was created, a positive value representing the number of milliseconds the signature as created after the key expired, or 0 if the signature was created during the valid period of the key.
        Throws:
        IllegalArgumentException - if the signature's key is not the same as the key's key ID