org.bouncycastle.openpgp.api

Class OpenPGPCertificate

java.lang.Object

org.bouncycastle.openpgp.api.OpenPGPCertificate

Direct Known Subclasses:

OpenPGPKey

public class OpenPGPCertificate
extends java.lang.Object

OpenPGP certificates (TPKs - transferable public keys) are long-living structures that may change during their lifetime. A key-holder may add new components like subkeys or identities, along with associated binding self-signatures to the certificate and old components may expire / get revoked at some point. Since any such changes may have an influence on whether a data signature is valid at a given time, or what subkey should be used when generating an encrypted / signed message, an API is needed that provides a view on the certificate that takes into consideration a relevant window in time.

Compared to a PGPPublicKeyRing, an OpenPGPCertificate has been evaluated at (or rather for) a given evaluation time. It offers a clean API for accessing the key-holder's preferences at a specific point in time and makes sure, that relevant self-signatures on certificate components are validated and verified.

See Also:

OpenPGP for Application Developers - Chapter 4 for background information on the terminology used in this class.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	OpenPGPCertificate.OpenPGPCertificateComponent Component on an OpenPGP certificate.
static class	OpenPGPCertificate.OpenPGPComponentKey A component key is either an OpenPGPCertificate.OpenPGPPrimaryKey, or an OpenPGPCertificate.OpenPGPSubkey.
static class	OpenPGPCertificate.OpenPGPComponentSignature OpenPGP Signature made over some OpenPGPCertificate.OpenPGPCertificateComponent on a OpenPGPCertificate.
static class	OpenPGPCertificate.OpenPGPIdentityComponent An identity bound to the OpenPGPCertificate.OpenPGPPrimaryKey of a OpenPGPCertificate.
static class	OpenPGPCertificate.OpenPGPPrimaryKey The primary key of a OpenPGPCertificate.
static class	OpenPGPCertificate.OpenPGPSignatureChain Chain of signatures.
static class	OpenPGPCertificate.OpenPGPSignatureChains Collection of multiple OpenPGPCertificate.OpenPGPSignatureChain objects.
static class	OpenPGPCertificate.OpenPGPSubkey A subkey on a OpenPGPCertificate.
static class	OpenPGPCertificate.OpenPGPUserAttribute A UserAttribute.
static class	OpenPGPCertificate.OpenPGPUserId A UserId.

Field Summary

Fields

Modifier and Type	Field and Description
protected PGPKeyRing	keyRing

Constructor Summary

Constructors

Constructor and Description
OpenPGPCertificate(PGPKeyRing keyRing) Instantiate an OpenPGPCertificate from a passed PGPKeyRing using the default OpenPGPImplementation and its OpenPGPPolicy.
OpenPGPCertificate(PGPKeyRing keyRing, OpenPGPImplementation implementation) Instantiate an OpenPGPCertificate from a parsed PGPKeyRing using the provided OpenPGPImplementation and its OpenPGPPolicy.
OpenPGPCertificate(PGPKeyRing keyRing, OpenPGPImplementation implementation, OpenPGPPolicy policy) Instantiate an OpenPGPCertificate from a parsed PGPKeyRing using the provided OpenPGPImplementation and provided OpenPGPPolicy.

Method Summary

Modifier and Type	Method and Description
java.util.List<KeyIdentifier>	getAllKeyIdentifiers() Return a list of ALL (sub-)key's identifiers, including those of expired / revoked / unbound keys.
java.util.List<OpenPGPCertificate.OpenPGPComponentSignature>	getAllThirdPartyKeySignatures() Return a list containing all third-party issued key signatures on the primary key (delegations and revocations).
java.util.List<OpenPGPCertificate.OpenPGPUserId>	getAllUserIds() Return a List of all OpenPGPUserIds on the certificate, regardless of their validity.
OpenPGPCertificate.OpenPGPComponentSignature	getCertification() Return the current self-certification signature.
OpenPGPCertificate.OpenPGPComponentSignature	getCertification(java.util.Date evaluationTime) Return the most recent self-certification signature at evaluation time.
java.util.List<OpenPGPCertificate.OpenPGPComponentKey>	getCertificationKeys() Return a List containing all currently valid marked certification keys.
java.util.List<OpenPGPCertificate.OpenPGPComponentKey>	getCertificationKeys(java.util.Date evaluationTime) Return a list of all keys that - at evaluation time - are validly marked as certification keys.
java.util.List<OpenPGPCertificate.OpenPGPComponentKey>	getComponentKeysWithFlag(java.util.Date evaluationTime, int... keyFlags) Return a List containing all component keys that carry any of the given key flags at evaluation time.
java.util.List<OpenPGPCertificate.OpenPGPCertificateComponent>	getComponents() Return a List containing all components of the certificate.
OpenPGPCertificate.OpenPGPSignatureChain	getDelegationBy(OpenPGPCertificate thirdPartyCertificate) Return an OpenPGPCertificate.OpenPGPSignatureChain from the given 3rd-party certificate to this certificate, which represents a delegation of trust.
OpenPGPCertificate.OpenPGPSignatureChain	getDelegationBy(OpenPGPCertificate thirdPartyCertificate, java.util.Date evaluationTime) Return an OpenPGPCertificate.OpenPGPSignatureChain from the given 3rd-party certificate to this certificate, which represents a delegation of trust at evaluation time.
OpenPGPCertificate.OpenPGPSignatureChains	getDelegationsBy(OpenPGPCertificate thirdPartyCertificate) Return all OpenPGPCertificate.OpenPGPSignatureChains that represent delegations by the given third-party OpenPGPCertificate on this certificates primary key.
byte[]	getEncoded() Return a byte array containing the binary representation of the certificate.
byte[]	getEncoded(PacketFormat format) Return a byte array containing the binary representation of the certificate, encoded using the given packet length encoding format.
java.util.List<OpenPGPCertificate.OpenPGPComponentKey>	getEncryptionKeys() Return a List containing all currently marked, valid encryption keys.
java.util.List<OpenPGPCertificate.OpenPGPComponentKey>	getEncryptionKeys(java.util.Date evaluationTime) Return a list of all keys that are - at evaluation time - valid encryption keys.
java.util.List<OpenPGPCertificate.OpenPGPComponentKey>	getEncryptionKeys(java.util.Date evaluationTime, int... keyFlags) Return a list of all keys that are - at evaluation time - valid encryption keys and carry any of the given key flags.
java.util.Date	getExpirationTime() Return the time at which the certificate expires.
java.util.Date	getExpirationTime(java.util.Date evaluationTime) Return the time at which the certificate is expected to expire, considering the given evaluation time.
byte[]	getFingerprint() Return the primary keys fingerprint in binary format.
java.util.List<OpenPGPCertificate.OpenPGPIdentityComponent>	getIdentities() Return all identities (User IDs, User Attributes of the certificate.
OpenPGPCertificate.OpenPGPComponentKey	getKey(KeyIdentifier identifier) Return the OpenPGPCertificate.OpenPGPComponentKey identified by the passed in KeyIdentifier.
KeyIdentifier	getKeyIdentifier() Return the KeyIdentifier of the certificates primary key.
java.util.List<OpenPGPCertificate.OpenPGPComponentKey>	getKeys() Return all OpenPGPComponentKeys in the certificate.
java.util.Date	getLastModificationDate() Return the last time, the key was modified (before right now).
java.util.Date	getLastModificationDateAt(java.util.Date evaluationTime) Return the last time, the key was modified before or at the given evaluation time.
PGPKeyRing	getPGPKeyRing() Return the PGPKeyRing that this certificate is based on.
PGPPublicKeyRing	getPGPPublicKeyRing() Return the underlying PGPPublicKeyRing.
java.lang.String	getPrettyFingerprint() Return the primary keys fingerprint as a pretty-printed String.
OpenPGPCertificate.OpenPGPPrimaryKey	getPrimaryKey() Return the primary key of the certificate.
OpenPGPCertificate.OpenPGPUserId	getPrimaryUserId() Return the current primary OpenPGPCertificate.OpenPGPUserId of the certificate.
OpenPGPCertificate.OpenPGPUserId	getPrimaryUserId(java.util.Date evaluationTime) Return the OpenPGPCertificate.OpenPGPUserId that is considered primary at the given evaluation time.
java.util.Map<KeyIdentifier,OpenPGPCertificate.OpenPGPComponentKey>	getPublicKeys() Get a Map of all public component keys keyed by their KeyIdentifier.
OpenPGPCertificate.OpenPGPComponentSignature	getRevocation() Return the most recent revocation signature on the certificate.
OpenPGPCertificate.OpenPGPComponentSignature	getRevocation(java.util.Date evaluationTime) Return the (at evaluation time) most recent revocation signature on the certificate.
OpenPGPCertificate.OpenPGPSignatureChain	getRevocationBy(OpenPGPCertificate thirdPartyCertificate) Return an OpenPGPCertificate.OpenPGPSignatureChain from the given 3rd-party certificate to this certificate, which represents a revocation of trust.
OpenPGPCertificate.OpenPGPSignatureChain	getRevocationBy(OpenPGPCertificate thirdPartyCertificate, java.util.Date evaluationTime) Return an OpenPGPCertificate.OpenPGPSignatureChain from the given 3rd-party certificate to this certificate, which (at evaluation time) represents a revocation of trust.
OpenPGPCertificate.OpenPGPSignatureChains	getRevocationsBy(OpenPGPCertificate thirdPartyCertificate) Return all OpenPGPCertificate.OpenPGPSignatureChains that represent revocations of delegations by the given third-party OpenPGPCertificate on this certificates primary key.
OpenPGPCertificate.OpenPGPComponentKey	getSigningKeyFor(PGPSignature signature) Return the OpenPGPCertificate.OpenPGPComponentKey that likely issued the passed in PGPSignature.
java.util.List<OpenPGPCertificate.OpenPGPComponentKey>	getSigningKeys() Return a List containing all currently valid marked signing keys.
java.util.List<OpenPGPCertificate.OpenPGPComponentKey>	getSigningKeys(java.util.Date evaluationTime) Return a list of all keys that - at evaluation time - are validly marked as signing keys.
java.util.Map<KeyIdentifier,OpenPGPCertificate.OpenPGPSubkey>	getSubkeys() Return a Map containing the subkeys of this certificate, keyed by their KeyIdentifier.
OpenPGPCertificate.OpenPGPUserId	getUserId(java.lang.String userId) Return the OpenPGPCertificate.OpenPGPUserId object matching the given user-id String.
java.util.List<OpenPGPCertificate.OpenPGPComponentKey>	getValidKeys() Return a List of all component keys that are valid right now.
java.util.List<OpenPGPCertificate.OpenPGPComponentKey>	getValidKeys(java.util.Date evaluationTime) Return a List of all component keys that are valid at the given evaluation time.
java.util.List<OpenPGPCertificate.OpenPGPUserId>	getValidUserIds() Return a List of all valid OpenPGPUserIds on the certificate.
java.util.List<OpenPGPCertificate.OpenPGPUserId>	getValidUserIds(java.util.Date evaluationTime) Return a List containing all OpenPGPUserIds that are valid at the given evaluation time.
boolean	isSecretKey() Return true, if this object is an OpenPGPKey, false otherwise.
static OpenPGPCertificate	join(OpenPGPCertificate certificate, OpenPGPCertificate other) Join two copies of the same OpenPGPCertificate, merging its components into a single instance.
static OpenPGPCertificate	join(OpenPGPCertificate certificate, java.lang.String armored) Join two copies of the same OpenPGPCertificate, merging its components into a single instance.
java.lang.String	toAsciiArmoredString() Return an ASCII armored String containing the certificate.
java.lang.String	toAsciiArmoredString(PacketFormat packetFormat) Return an ASCII armored String containing the certificate.
java.lang.String	toAsciiArmoredString(PacketFormat packetFormat, ArmoredOutputStream.Builder armorBuilder) Return an ASCII armored String containing the certificate.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

keyRing

protected PGPKeyRing keyRing

Constructor Detail

OpenPGPCertificate

public OpenPGPCertificate(PGPKeyRing keyRing)

Instantiate an OpenPGPCertificate from a passed PGPKeyRing using the default OpenPGPImplementation and its OpenPGPPolicy.

Parameters:

keyRing - key ring

OpenPGPCertificate

public OpenPGPCertificate(PGPKeyRing keyRing,
                          OpenPGPImplementation implementation)

Instantiate an OpenPGPCertificate from a parsed PGPKeyRing using the provided OpenPGPImplementation and its OpenPGPPolicy.

Parameters:

keyRing - public key ring

implementation - OpenPGP implementation

OpenPGPCertificate

public OpenPGPCertificate(PGPKeyRing keyRing,
                          OpenPGPImplementation implementation,
                          OpenPGPPolicy policy)

Instantiate an OpenPGPCertificate from a parsed PGPKeyRing using the provided OpenPGPImplementation and provided OpenPGPPolicy.

Parameters:

keyRing - public key ring

implementation - OpenPGP implementation

policy - OpenPGP policy

Method Detail

isSecretKey

public boolean isSecretKey()

Return true, if this object is an OpenPGPKey, false otherwise.

Returns:

true if this is a secret key

getAllUserIds

public java.util.List<OpenPGPCertificate.OpenPGPUserId> getAllUserIds()

Return a List of all OpenPGPUserIds on the certificate, regardless of their validity.

Returns:

all user ids

getValidUserIds

public java.util.List<OpenPGPCertificate.OpenPGPUserId> getValidUserIds()

Return a List of all valid OpenPGPUserIds on the certificate.

Returns:

valid user ids

getValidUserIds

public java.util.List<OpenPGPCertificate.OpenPGPUserId> getValidUserIds(java.util.Date evaluationTime)

Return a List containing all OpenPGPUserIds that are valid at the given evaluation time.

Parameters:

evaluationTime - reference time

Returns:

user ids that are valid at the given evaluation time

getPublicKeys

public java.util.Map<KeyIdentifier,OpenPGPCertificate.OpenPGPComponentKey> getPublicKeys()

Get a Map of all public component keys keyed by their KeyIdentifier.

Returns:

all public keys

getPrimaryKey

public OpenPGPCertificate.OpenPGPPrimaryKey getPrimaryKey()

Return the primary key of the certificate.

Returns:

primary key

getSubkeys

public java.util.Map<KeyIdentifier,OpenPGPCertificate.OpenPGPSubkey> getSubkeys()

Return a Map containing the subkeys of this certificate, keyed by their KeyIdentifier. Note: This map does NOT contain the primary key (getPrimaryKey()).

Returns:

subkeys

getComponentKeysWithFlag

public java.util.List<OpenPGPCertificate.OpenPGPComponentKey> getComponentKeysWithFlag(java.util.Date evaluationTime,
                                                                                       int... keyFlags)

Return a List containing all component keys that carry any of the given key flags at evaluation time. Note: To get all component keys that have EITHER KeyFlags.ENCRYPT_COMMS OR KeyFlags.ENCRYPT_STORAGE, call this method like this:

 keys = getComponentKeysWithFlag(date, KeyFlags.ENCRYPT_COMMS, KeyFlags.ENCRYPT_STORAGE);
 

If you instead want to access all keys, that have BOTH flags, you need to

|

both flags:

 keys = getComponentKeysWithFlag(date, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE);
 

Parameters:

evaluationTime - reference time

keyFlags - key flags

Returns:

list of keys that carry any of the given key flags at evaluation time

getComponents

public java.util.List<OpenPGPCertificate.OpenPGPCertificateComponent> getComponents()

Return a List containing all components of the certificate. Components are primary key, subkeys and identities (user-ids, user attributes).

Returns:

list of components

getKeys

public java.util.List<OpenPGPCertificate.OpenPGPComponentKey> getKeys()

Return all OpenPGPComponentKeys in the certificate. The return value is a List containing the OpenPGPCertificate.OpenPGPPrimaryKey and all OpenPGPSubkeys.

Returns:

list of all component keys

getValidKeys

public java.util.List<OpenPGPCertificate.OpenPGPComponentKey> getValidKeys()

Return a List of all component keys that are valid right now.

Returns:

all valid keys

getValidKeys

public java.util.List<OpenPGPCertificate.OpenPGPComponentKey> getValidKeys(java.util.Date evaluationTime)

Return a List of all component keys that are valid at the given evaluation time.

Parameters:

evaluationTime - reference time

Returns:

all keys that are valid at evaluation time

getKey

public OpenPGPCertificate.OpenPGPComponentKey getKey(KeyIdentifier identifier)

Return the OpenPGPCertificate.OpenPGPComponentKey identified by the passed in KeyIdentifier.

Parameters:

identifier - key identifier

Returns:

component key

getSigningKeyFor

public OpenPGPCertificate.OpenPGPComponentKey getSigningKeyFor(PGPSignature signature)

Return the OpenPGPCertificate.OpenPGPComponentKey that likely issued the passed in PGPSignature.

Parameters:

signature - signature

Returns:

issuer (sub-)key

getPGPKeyRing

public PGPKeyRing getPGPKeyRing()

Return the PGPKeyRing that this certificate is based on.

Returns:

underlying key ring

getPGPPublicKeyRing

public PGPPublicKeyRing getPGPPublicKeyRing()

Return the underlying PGPPublicKeyRing.

Returns:

public keys

getKeyIdentifier

public KeyIdentifier getKeyIdentifier()

Return the KeyIdentifier of the certificates primary key.

Returns:

primary key identifier

getAllKeyIdentifiers

public java.util.List<KeyIdentifier> getAllKeyIdentifiers()

Return a list of ALL (sub-)key's identifiers, including those of expired / revoked / unbound keys.

Returns:

all keys identifiers

getCertification

public OpenPGPCertificate.OpenPGPComponentSignature getCertification()

Return the current self-certification signature. This is either a DirectKey signature on the primary key, or the latest self-certification on a OpenPGPCertificate.OpenPGPUserId.

Returns:

latest certification signature

getCertification

public OpenPGPCertificate.OpenPGPComponentSignature getCertification(java.util.Date evaluationTime)

Return the most recent self-certification signature at evaluation time. This is either a DirectKey signature on the primary key, or the (at evaluation time) latest self-certification on an OpenPGPCertificate.OpenPGPUserId.

Parameters:

evaluationTime - reference time

Returns:

latest certification signature

getRevocation

public OpenPGPCertificate.OpenPGPComponentSignature getRevocation()

Return the most recent revocation signature on the certificate. This is either a KeyRevocation signature on the primary key, or the latest certification revocation signature on an OpenPGPCertificate.OpenPGPUserId.

Returns:

latest certification revocation

getRevocation

public OpenPGPCertificate.OpenPGPComponentSignature getRevocation(java.util.Date evaluationTime)

Return the (at evaluation time) most recent revocation signature on the certificate. This is either a KeyRevocation signature on the primary key, or the latest certification revocation signature on an OpenPGPCertificate.OpenPGPUserId.

Parameters:

evaluationTime - reference time

Returns:

latest certification revocation

getLastModificationDate

public java.util.Date getLastModificationDate()

Return the last time, the key was modified (before right now). A modification is the addition of a new subkey, or key signature.

Returns:

last modification time

getLastModificationDateAt

public java.util.Date getLastModificationDateAt(java.util.Date evaluationTime)

Return the last time, the key was modified before or at the given evaluation time.

Parameters:

evaluationTime - evaluation time

Returns:

last modification time before or at evaluation time

join

public static OpenPGPCertificate join(OpenPGPCertificate certificate,
                                      java.lang.String armored)
                               throws java.io.IOException,
                                      PGPException

Join two copies of the same OpenPGPCertificate, merging its components into a single instance. The ASCII armored String might contain more than one OpenPGPCertificate. Items that are not a copy of the base certificate are silently ignored.

Parameters:

certificate - base certificate

armored - ASCII armored String containing one or more copies of the same certificate, possibly containing a different set of components

Returns:

merged certificate

Throws:

java.io.IOException - if the armored data cannot be processed

PGPException - if a protocol level error occurs

join

public static OpenPGPCertificate join(OpenPGPCertificate certificate,
                                      OpenPGPCertificate other)
                               throws PGPException

Join two copies of the same OpenPGPCertificate, merging its components into a single instance.

Parameters:

certificate - base certificate

other - copy of the same certificate, potentially carrying a different set of components

Returns:

merged certificate

Throws:

PGPException - if a protocol level error occurs

getFingerprint

public byte[] getFingerprint()

Return the primary keys fingerprint in binary format.

Returns:

primary key fingerprint

getPrettyFingerprint

public java.lang.String getPrettyFingerprint()

Return the primary keys fingerprint as a pretty-printed String.

Returns:

pretty-printed primary key fingerprint

toAsciiArmoredString

public java.lang.String toAsciiArmoredString()
                                      throws java.io.IOException

Return an ASCII armored String containing the certificate.

Returns:

armored certificate

Throws:

java.io.IOException - if the cert cannot be encoded

toAsciiArmoredString

public java.lang.String toAsciiArmoredString(PacketFormat packetFormat)
                                      throws java.io.IOException

Return an ASCII armored String containing the certificate.

Parameters:

packetFormat - packet length encoding format

Returns:

armored certificate

Throws:

java.io.IOException - if the cert cannot be encoded

toAsciiArmoredString

public java.lang.String toAsciiArmoredString(PacketFormat packetFormat,
                                             ArmoredOutputStream.Builder armorBuilder)
                                      throws java.io.IOException

Return an ASCII armored String containing the certificate. The ArmoredOutputStream.Builder can be used to customize the ASCII armor (headers, CRC etc.).

Parameters:

packetFormat - packet length encoding format

armorBuilder - builder for the ASCII armored output stream

Returns:

armored certificate

Throws:

java.io.IOException - if the cert cannot be encoded

getEncoded

public byte[] getEncoded()
                  throws java.io.IOException

Return a byte array containing the binary representation of the certificate.

Returns:

binary encoded certificate

Throws:

java.io.IOException - if the certificate cannot be encoded

getEncoded

public byte[] getEncoded(PacketFormat format)
                  throws java.io.IOException

Return a byte array containing the binary representation of the certificate, encoded using the given packet length encoding format.

Parameters:

format - packet length encoding format

Returns:

binary encoded certificate

Throws:

java.io.IOException - if the certificate cannot be encoded

getEncryptionKeys

public java.util.List<OpenPGPCertificate.OpenPGPComponentKey> getEncryptionKeys()

Return a List containing all currently marked, valid encryption keys.

Returns:

encryption keys

getEncryptionKeys

public java.util.List<OpenPGPCertificate.OpenPGPComponentKey> getEncryptionKeys(java.util.Date evaluationTime)

Return a list of all keys that are - at evaluation time - valid encryption keys.

Parameters:

evaluationTime - evaluation time

Returns:

encryption keys

getEncryptionKeys

public java.util.List<OpenPGPCertificate.OpenPGPComponentKey> getEncryptionKeys(java.util.Date evaluationTime,
                                                                                int... keyFlags)

Return a list of all keys that are - at evaluation time - valid encryption keys and carry any of the given key flags. Note: To get all keys that have EITHER flag A or B, call

getEncryptionKeys(evalTime, A, B)

. To instead get all keys that have BOTH flags A AND B, call

getEncryptionKeys(evalTime, A | B)

.

Parameters:

evaluationTime - evaluation time

keyFlags - key flags

Returns:

keys with the given flags

See Also:

KeyFlags

getSigningKeys

public java.util.List<OpenPGPCertificate.OpenPGPComponentKey> getSigningKeys()

Return a List containing all currently valid marked signing keys.

Returns:

list of signing keys

getSigningKeys

public java.util.List<OpenPGPCertificate.OpenPGPComponentKey> getSigningKeys(java.util.Date evaluationTime)

Return a list of all keys that - at evaluation time - are validly marked as signing keys.

Parameters:

evaluationTime - evaluation time

Returns:

list of signing keys

getCertificationKeys

public java.util.List<OpenPGPCertificate.OpenPGPComponentKey> getCertificationKeys()

Return a List containing all currently valid marked certification keys.

Returns:

list of certification keys

getCertificationKeys

public java.util.List<OpenPGPCertificate.OpenPGPComponentKey> getCertificationKeys(java.util.Date evaluationTime)

Return a list of all keys that - at evaluation time - are validly marked as certification keys.

Parameters:

evaluationTime - evaluation time

Returns:

list of certification keys

getIdentities

public java.util.List<OpenPGPCertificate.OpenPGPIdentityComponent> getIdentities()

Return all identities (User IDs, User Attributes of the certificate.

Returns:

identities

getPrimaryUserId

public OpenPGPCertificate.OpenPGPUserId getPrimaryUserId()

Return the current primary OpenPGPCertificate.OpenPGPUserId of the certificate.

Returns:

primary user id

getPrimaryUserId

public OpenPGPCertificate.OpenPGPUserId getPrimaryUserId(java.util.Date evaluationTime)

Return the OpenPGPCertificate.OpenPGPUserId that is considered primary at the given evaluation time.

Parameters:

evaluationTime - evaluation time

Returns:

primary user-id at evaluation time

getUserId

public OpenPGPCertificate.OpenPGPUserId getUserId(java.lang.String userId)

Return the OpenPGPCertificate.OpenPGPUserId object matching the given user-id String.

Parameters:

userId - user-id

Returns:

user-id

getExpirationTime

public java.util.Date getExpirationTime()

Return the time at which the certificate expires.

Returns:

expiration time of the certificate

getExpirationTime

public java.util.Date getExpirationTime(java.util.Date evaluationTime)

Return the time at which the certificate is expected to expire, considering the given evaluation time.

Parameters:

evaluationTime - reference time

Returns:

expiration time at evaluation time

getAllThirdPartyKeySignatures

public java.util.List<OpenPGPCertificate.OpenPGPComponentSignature> getAllThirdPartyKeySignatures()

Return a list containing all third-party issued key signatures on the primary key (delegations and revocations). Note: This list DOES NOT contain third-party certifications over user-ids.

Returns:

third-party key signatures

getDelegationsBy

public OpenPGPCertificate.OpenPGPSignatureChains getDelegationsBy(OpenPGPCertificate thirdPartyCertificate)

Return all OpenPGPCertificate.OpenPGPSignatureChains that represent delegations by the given third-party OpenPGPCertificate on this certificates primary key. A delegation is a signature of type PGPSignature.DIRECT_KEY, which represents a delegation of trust and can be used to mark the certificate as a trusted introducer. Each delegation is returned as an OpenPGPCertificate.OpenPGPSignatureChain where the delegation is the leaf link prepended by the binding signature chain of the issuing third-party certificate component at delegation signature creation time.

Parameters:

thirdPartyCertificate - third-party certificate which issued the delegation signatures

Returns:

full signature chains of all delegations by the third-party certificate over this certificate

getDelegationBy

public OpenPGPCertificate.OpenPGPSignatureChain getDelegationBy(OpenPGPCertificate thirdPartyCertificate)

Return an OpenPGPCertificate.OpenPGPSignatureChain from the given 3rd-party certificate to this certificate, which represents a delegation of trust. The delegation is returned as an OpenPGPCertificate.OpenPGPSignatureChain where the delegation is the leaf link prepended by the binding signature chain of the issuing third-party certificate component at delegation signature creation time. If no delegation signature is found, return null.

Parameters:

thirdPartyCertificate - OpenPGPCertificate of a 3rd party.

Returns:

full signature chain of the latest delegation issued by the 3rd-party certificate

getDelegationBy

public OpenPGPCertificate.OpenPGPSignatureChain getDelegationBy(OpenPGPCertificate thirdPartyCertificate,
                                                                java.util.Date evaluationTime)

Return an OpenPGPCertificate.OpenPGPSignatureChain from the given 3rd-party certificate to this certificate, which represents a delegation of trust at evaluation time. The delegation is returned as an OpenPGPCertificate.OpenPGPSignatureChain where the delegation is the leaf link prepended by the binding signature chain of the issuing third-party certificate component at delegation signature creation time. If no delegation signature is found, return null.

Parameters:

thirdPartyCertificate - OpenPGPCertificate of a 3rd party.

evaluationTime - reference time

Returns:

full signature chain of the (at evaluation time) latest delegation issued by the 3rd-party certificate

getRevocationsBy

public OpenPGPCertificate.OpenPGPSignatureChains getRevocationsBy(OpenPGPCertificate thirdPartyCertificate)

Return all OpenPGPCertificate.OpenPGPSignatureChains that represent revocations of delegations by the given third-party OpenPGPCertificate on this certificates primary key. A delegation revocation is a signature of type PGPSignature.KEY_REVOCATION, which revokes an earlier delegation of trust. Each revocation is returned as an OpenPGPCertificate.OpenPGPSignatureChain where the revocation is the leaf link prepended by the binding signature chain of the issuing third-party certificate component at revocation signature creation time.

Parameters:

thirdPartyCertificate - third-party certificate which issued the revocation signatures

Returns:

full signature chains for all revocations by the third-party certificate over this certificate

getRevocationBy

public OpenPGPCertificate.OpenPGPSignatureChain getRevocationBy(OpenPGPCertificate thirdPartyCertificate)

Return an OpenPGPCertificate.OpenPGPSignatureChain from the given 3rd-party certificate to this certificate, which represents a revocation of trust. The revocation is returned as an OpenPGPCertificate.OpenPGPSignatureChain where the revocation is the leaf link prepended by the binding signature chain of the issuing third-party certificate component at revocation signature creation time.

Parameters:

thirdPartyCertificate - OpenPGPCertificate of a 3rd party.

Returns:

full signature chain containing the latest revocation issued by the 3rd party certificate

getRevocationBy

public OpenPGPCertificate.OpenPGPSignatureChain getRevocationBy(OpenPGPCertificate thirdPartyCertificate,
                                                                java.util.Date evaluationTime)

Return an OpenPGPCertificate.OpenPGPSignatureChain from the given 3rd-party certificate to this certificate, which (at evaluation time) represents a revocation of trust. The revocation is returned as an OpenPGPCertificate.OpenPGPSignatureChain where the revocation is the leaf link prepended by the binding signature chain of the issuing third-party certificate component at revocation signature creation time.

Parameters:

thirdPartyCertificate - OpenPGPCertificate of a 3rd party.

evaluationTime - reference time

Returns:

full signature chain containing the (at evaluation time) latest revocation issued by the 3rd party certificate