Package org.bouncycastle.openpgp.api

Class OpenPGPCertificate

java.lang.Object

org.bouncycastle.openpgp.api.OpenPGPCertificate

Direct Known Subclasses:

OpenPGPKey

public class OpenPGPCertificate
extends Object

OpenPGP certificates (TPKs - transferable public keys) are long-living structures that may change during their lifetime. A key-holder may add new components like subkeys or identities, along with associated binding self-signatures to the certificate and old components may expire / get revoked at some point. Since any such changes may have an influence on whether a data signature is valid at a given time, or what subkey should be used when generating an encrypted / signed message, an API is needed that provides a view on the certificate that takes into consideration a relevant window in time.

Compared to a PGPPublicKeyRing, an OpenPGPCertificate has been evaluated at (or rather for) a given evaluation time. It offers a clean API for accessing the key-holder's preferences at a specific point in time and makes sure, that relevant self-signatures on certificate components are validated and verified.

See Also:

• OpenPGP for Application Developers - Chapter 4 for background information on the terminology used in this class.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	OpenPGPCertificate.OpenPGPCertificateComponent	Component on an OpenPGP certificate.
static class	OpenPGPCertificate.OpenPGPComponentKey	A component key is either an OpenPGPCertificate.OpenPGPPrimaryKey, or an OpenPGPCertificate.OpenPGPSubkey.
static class	OpenPGPCertificate.OpenPGPComponentSignature	OpenPGP Signature made over some OpenPGPCertificate.OpenPGPCertificateComponent on a OpenPGPCertificate.
static class	OpenPGPCertificate.OpenPGPIdentityComponent	An identity bound to the OpenPGPCertificate.OpenPGPPrimaryKey of a OpenPGPCertificate.
static class	OpenPGPCertificate.OpenPGPPrimaryKey	The primary key of a OpenPGPCertificate.
static class	OpenPGPCertificate.OpenPGPSignatureChain	Chain of signatures.
static class	OpenPGPCertificate.OpenPGPSignatureChains	Collection of multiple OpenPGPCertificate.OpenPGPSignatureChain objects.
static class	OpenPGPCertificate.OpenPGPSubkey	A subkey on a OpenPGPCertificate.
static class	OpenPGPCertificate.OpenPGPUserAttribute	A UserAttribute.
static class	OpenPGPCertificate.OpenPGPUserId	A UserId.

Field Summary

Fields

Modifier and Type	Field	Description
protected PGPKeyRing	keyRing

Constructor Summary

Constructors

Constructor	Description
OpenPGPCertificate(PGPKeyRing keyRing)	Instantiate an OpenPGPCertificate from a passed PGPKeyRing using the default OpenPGPImplementation and its OpenPGPPolicy.
OpenPGPCertificate(PGPKeyRing keyRing, OpenPGPImplementation implementation)	Instantiate an OpenPGPCertificate from a parsed PGPKeyRing using the provided OpenPGPImplementation and its OpenPGPPolicy.
OpenPGPCertificate(PGPKeyRing keyRing, OpenPGPImplementation implementation, OpenPGPPolicy policy)	Instantiate an OpenPGPCertificate from a parsed PGPKeyRing using the provided OpenPGPImplementation and provided OpenPGPPolicy.

Method Summary

Modifier and Type	Method	Description
List<KeyIdentifier>	getAllKeyIdentifiers()	Return a list of ALL (sub-)key's identifiers, including those of expired / revoked / unbound keys.
List<OpenPGPCertificate.OpenPGPUserId>	getAllUserIds()	Return a List of all OpenPGPUserIds on the certificate, regardless of their validity.
OpenPGPCertificate.OpenPGPComponentSignature	getCertification()	Return the current self-certification signature.
OpenPGPCertificate.OpenPGPComponentSignature	getCertification(Date evaluationTime)	Return the most recent self-certification signature at evaluation time.
List<OpenPGPCertificate.OpenPGPComponentKey>	getCertificationKeys()	Return a List containing all currently valid marked certification keys.
List<OpenPGPCertificate.OpenPGPComponentKey>	getCertificationKeys(Date evaluationTime)	Return a list of all keys that - at evaluation time - are validly marked as certification keys.
List<OpenPGPCertificate.OpenPGPComponentKey>	getComponentKeysWithFlag(Date evaluationTime, int... keyFlags)	Return a List containing all component keys that carry any of the given key flags at evaluation time.
List<OpenPGPCertificate.OpenPGPCertificateComponent>	getComponents()	Return a List containing all components of the certificate.
OpenPGPCertificate.OpenPGPSignatureChain	getDelegationBy(OpenPGPCertificate thirdPartyCertificate)	Return an OpenPGPCertificate.OpenPGPSignatureChain from the given 3rd-party certificate to this certificate, which represents a delegation of trust.
OpenPGPCertificate.OpenPGPSignatureChain	getDelegationBy(OpenPGPCertificate thirdPartyCertificate, Date evaluationTime)	Return an OpenPGPCertificate.OpenPGPSignatureChain from the given 3rd-party certificate to this certificate, which represents a delegation of trust at evaluation time.
byte[]	getEncoded()	Return a byte array containing the binary representation of the certificate.
byte[]	getEncoded(PacketFormat format)	Return a byte array containing the binary representation of the certificate, encoded using the given packet length encoding format.
List<OpenPGPCertificate.OpenPGPComponentKey>	getEncryptionKeys()	Return a List containing all currently marked, valid encryption keys.
List<OpenPGPCertificate.OpenPGPComponentKey>	getEncryptionKeys(Date evaluationTime)	Return a list of all keys that are - at evaluation time - valid encryption keys.
Date	getExpirationTime()	Return the time at which the certificate expires.
Date	getExpirationTime(Date evaluationTime)	Return the time at which the certificate is expected to expire, considering the given evaluation time.
byte[]	getFingerprint()	Return the primary keys fingerprint in binary format.
List<OpenPGPCertificate.OpenPGPIdentityComponent>	getIdentities()	Return all identities (User IDs, User Attributes of the certificate.
OpenPGPCertificate.OpenPGPComponentKey	getKey(KeyIdentifier identifier)	Return the OpenPGPCertificate.OpenPGPComponentKey identified by the passed in KeyIdentifier.
KeyIdentifier	getKeyIdentifier()	Return the KeyIdentifier of the certificates primary key.
List<OpenPGPCertificate.OpenPGPComponentKey>	getKeys()	Return all OpenPGPComponentKeys in the certificate.
Date	getLastModificationDate()	Return the last time, the key was modified (before right now).
Date	getLastModificationDateAt(Date evaluationTime)	Return the last time, the key was modified before or at the given evaluation time.
PGPKeyRing	getPGPKeyRing()	Return the PGPKeyRing that this certificate is based on.
PGPPublicKeyRing	getPGPPublicKeyRing()	Return the underlying PGPPublicKeyRing.
String	getPrettyFingerprint()	Return the primary keys fingerprint as a pretty-printed String.
OpenPGPCertificate.OpenPGPPrimaryKey	getPrimaryKey()	Return the primary key of the certificate.
OpenPGPCertificate.OpenPGPUserId	getPrimaryUserId()	Return the current primary OpenPGPCertificate.OpenPGPUserId of the certificate.
OpenPGPCertificate.OpenPGPUserId	getPrimaryUserId(Date evaluationTime)	Return the OpenPGPCertificate.OpenPGPUserId that is considered primary at the given evaluation time.
Map<KeyIdentifier,OpenPGPCertificate.OpenPGPComponentKey>	getPublicKeys()	Get a Map of all public component keys keyed by their KeyIdentifier.
OpenPGPCertificate.OpenPGPComponentSignature	getRevocation()	Return the most recent revocation signature on the certificate.
OpenPGPCertificate.OpenPGPComponentSignature	getRevocation(Date evaluationTime)	Return the (at evaluation time) most recent revocation signature on the certificate.
OpenPGPCertificate.OpenPGPSignatureChain	getRevocationBy(OpenPGPCertificate thirdPartyCertificate)	Return an OpenPGPCertificate.OpenPGPSignatureChain from the given 3rd-party certificate to this certificate, which represents a revocation of trust.
OpenPGPCertificate.OpenPGPSignatureChain	getRevocationBy(OpenPGPCertificate thirdPartyCertificate, Date evaluationTime)	Return an OpenPGPCertificate.OpenPGPSignatureChain from the given 3rd-party certificate to this certificate, which (at evaluation time) represents a revocation of trust.
OpenPGPCertificate.OpenPGPComponentKey	getSigningKeyFor(PGPSignature signature)	Return the OpenPGPCertificate.OpenPGPComponentKey that likely issued the passed in PGPSignature.
List<OpenPGPCertificate.OpenPGPComponentKey>	getSigningKeys()	Return a List containing all currently valid marked signing keys.
List<OpenPGPCertificate.OpenPGPComponentKey>	getSigningKeys(Date evaluationTime)	Return a list of all keys that - at evaluation time - are validly marked as signing keys.
Map<KeyIdentifier,OpenPGPCertificate.OpenPGPSubkey>	getSubkeys()	Return a Map containing the subkeys of this certificate, keyed by their KeyIdentifier.
OpenPGPCertificate.OpenPGPUserId	getUserId(String userId)	Return the OpenPGPCertificate.OpenPGPUserId object matching the given user-id String.
List<OpenPGPCertificate.OpenPGPComponentKey>	getValidKeys()	Return a List of all component keys that are valid right now.
List<OpenPGPCertificate.OpenPGPComponentKey>	getValidKeys(Date evaluationTime)	Return a List of all component keys that are valid at the given evaluation time.
List<OpenPGPCertificate.OpenPGPUserId>	getValidUserIds()	Return a List of all valid OpenPGPUserIds on the certificate.
List<OpenPGPCertificate.OpenPGPUserId>	getValidUserIds(Date evaluationTime)	Return a List containing all OpenPGPUserIds that are valid at the given evaluation time.
boolean	isSecretKey()	Return true, if this object is an OpenPGPKey, false otherwise.
static OpenPGPCertificate	join(OpenPGPCertificate certificate, String armored)	Join two copies of the same OpenPGPCertificate, merging its components into a single instance.
static OpenPGPCertificate	join(OpenPGPCertificate certificate, OpenPGPCertificate other)	Join two copies of the same OpenPGPCertificate, merging its components into a single instance.
String	toAsciiArmoredString()	Return an ASCII armored String containing the certificate.
String	toAsciiArmoredString(PacketFormat packetFormat)	Return an ASCII armored String containing the certificate.
String	toAsciiArmoredString(PacketFormat packetFormat, ArmoredOutputStream.Builder armorBuilder)	Return an ASCII armored String containing the certificate.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

keyRing

protected PGPKeyRing keyRing

Constructor Details

OpenPGPCertificate

public OpenPGPCertificate(PGPKeyRing keyRing)

Instantiate an OpenPGPCertificate from a passed PGPKeyRing using the default OpenPGPImplementation and its OpenPGPPolicy.

Parameters:

keyRing - key ring

OpenPGPCertificate

public OpenPGPCertificate(PGPKeyRing keyRing,
 OpenPGPImplementation implementation)

Instantiate an OpenPGPCertificate from a parsed PGPKeyRing using the provided OpenPGPImplementation and its OpenPGPPolicy.

Parameters:

keyRing - public key ring

implementation - OpenPGP implementation

OpenPGPCertificate

public OpenPGPCertificate(PGPKeyRing keyRing,
 OpenPGPImplementation implementation,
 OpenPGPPolicy policy)

Instantiate an OpenPGPCertificate from a parsed PGPKeyRing using the provided OpenPGPImplementation and provided OpenPGPPolicy.

Parameters:

keyRing - public key ring

implementation - OpenPGP implementation

policy - OpenPGP policy

Method Details

isSecretKey

public boolean isSecretKey()

Return true, if this object is an OpenPGPKey, false otherwise.

Returns:

true if this is a secret key

getAllUserIds

public List<OpenPGPCertificate.OpenPGPUserId> getAllUserIds()

Return a List of all OpenPGPUserIds on the certificate, regardless of their validity.

Returns:

all user ids

getValidUserIds

public List<OpenPGPCertificate.OpenPGPUserId> getValidUserIds()

Return a List of all valid OpenPGPUserIds on the certificate.

Returns:

valid user ids

getValidUserIds

public List<OpenPGPCertificate.OpenPGPUserId> getValidUserIds(Date evaluationTime)

Return a List containing all OpenPGPUserIds that are valid at the given evaluation time.

Parameters:

evaluationTime - reference time

Returns:

user ids that are valid at the given evaluation time

getPublicKeys

public Map<KeyIdentifier,OpenPGPCertificate.OpenPGPComponentKey> getPublicKeys()

Get a Map of all public component keys keyed by their KeyIdentifier.

Returns:

all public keys

getPrimaryKey

public OpenPGPCertificate.OpenPGPPrimaryKey getPrimaryKey()

Return the primary key of the certificate.

Returns:

primary key

getSubkeys

public Map<KeyIdentifier,OpenPGPCertificate.OpenPGPSubkey> getSubkeys()

Return a Map containing the subkeys of this certificate, keyed by their KeyIdentifier. Note: This map does NOT contain the primary key (getPrimaryKey()).

Returns:

subkeys

getComponentKeysWithFlag

public List<OpenPGPCertificate.OpenPGPComponentKey> getComponentKeysWithFlag(Date evaluationTime,
 int... keyFlags)

Return a List containing all component keys that carry any of the given key flags at evaluation time. Note: To get all component keys that have EITHER KeyFlags.ENCRYPT_COMMS OR KeyFlags.ENCRYPT_STORAGE, call this method like this:

 keys = getComponentKeysWithFlag(date, KeyFlags.ENCRYPT_COMMS, KeyFlags.ENCRYPT_STORAGE);
 

If you instead want to access all keys, that have BOTH flags, you need to

&

both flags:

 keys = getComponentKeysWithFlag(date, KeyFlags.ENCRYPT_COMMS & KeyFlags.ENCRYPT_STORAGE);
 

Parameters:

evaluationTime - reference time

keyFlags - key flags

Returns:

list of keys that carry any of the given key flags at evaluation time

getComponents

public List<OpenPGPCertificate.OpenPGPCertificateComponent> getComponents()

Return a List containing all components of the certificate. Components are primary key, subkeys and identities (user-ids, user attributes).

Returns:

list of components

getKeys

public List<OpenPGPCertificate.OpenPGPComponentKey> getKeys()

Return all OpenPGPComponentKeys in the certificate. The return value is a List containing the OpenPGPCertificate.OpenPGPPrimaryKey and all OpenPGPSubkeys.

Returns:

list of all component keys

getValidKeys

public List<OpenPGPCertificate.OpenPGPComponentKey> getValidKeys()

Return a List of all component keys that are valid right now.

Returns:

all valid keys

getValidKeys

public List<OpenPGPCertificate.OpenPGPComponentKey> getValidKeys(Date evaluationTime)

Return a List of all component keys that are valid at the given evaluation time.

Parameters:

evaluationTime - reference time

Returns:

all keys that are valid at evaluation time

getKey

public OpenPGPCertificate.OpenPGPComponentKey getKey(KeyIdentifier identifier)

Return the OpenPGPCertificate.OpenPGPComponentKey identified by the passed in KeyIdentifier.

Parameters:

identifier - key identifier

Returns:

component key

getSigningKeyFor

public OpenPGPCertificate.OpenPGPComponentKey getSigningKeyFor(PGPSignature signature)

Return the OpenPGPCertificate.OpenPGPComponentKey that likely issued the passed in PGPSignature.

Parameters:

signature - signature

Returns:

issuer (sub-)key

getPGPKeyRing

public PGPKeyRing getPGPKeyRing()

Return the PGPKeyRing that this certificate is based on.

Returns:

underlying key ring

getPGPPublicKeyRing

public PGPPublicKeyRing getPGPPublicKeyRing()

Return the underlying PGPPublicKeyRing.

Returns:

public keys

getKeyIdentifier

public KeyIdentifier getKeyIdentifier()

Return the KeyIdentifier of the certificates primary key.

Returns:

primary key identifier

getAllKeyIdentifiers

public List<KeyIdentifier> getAllKeyIdentifiers()

Return a list of ALL (sub-)key's identifiers, including those of expired / revoked / unbound keys.

Returns:

all keys identifiers

getCertification

public OpenPGPCertificate.OpenPGPComponentSignature getCertification()

Return the current self-certification signature. This is either a DirectKey signature on the primary key, or the latest self-certification on a OpenPGPCertificate.OpenPGPUserId.

Returns:

latest certification signature

getCertification

public OpenPGPCertificate.OpenPGPComponentSignature getCertification(Date evaluationTime)

Return the most recent self-certification signature at evaluation time. This is either a DirectKey signature on the primary key, or the (at evaluation time) latest self-certification on an OpenPGPCertificate.OpenPGPUserId.

Parameters:

evaluationTime - reference time

Returns:

latest certification signature

getRevocation

public OpenPGPCertificate.OpenPGPComponentSignature getRevocation()

Return the most recent revocation signature on the certificate. This is either a KeyRevocation signature on the primary key, or the latest certification revocation signature on an OpenPGPCertificate.OpenPGPUserId.

Returns:

latest certification revocation

getRevocation

public OpenPGPCertificate.OpenPGPComponentSignature getRevocation(Date evaluationTime)

Return the (at evaluation time) most recent revocation signature on the certificate. This is either a KeyRevocation signature on the primary key, or the latest certification revocation signature on an OpenPGPCertificate.OpenPGPUserId.

Parameters:

evaluationTime - reference time

Returns:

latest certification revocation

getLastModificationDate

public Date getLastModificationDate()

Return the last time, the key was modified (before right now). A modification is the addition of a new subkey, or key signature.

Returns:

last modification time

getLastModificationDateAt

public Date getLastModificationDateAt(Date evaluationTime)

Return the last time, the key was modified before or at the given evaluation time.

Parameters:

evaluationTime - evaluation time

Returns:

last modification time before or at evaluation time

join

public static OpenPGPCertificate join(OpenPGPCertificate certificate,
 String armored)
                               throws IOException,
PGPException

Join two copies of the same OpenPGPCertificate, merging its components into a single instance. The ASCII armored String might contain more than one OpenPGPCertificate. Items that are not a copy of the base certificate are silently ignored.

Parameters:

certificate - base certificate

armored - ASCII armored String containing one or more copies of the same certificate, possibly containing a different set of components

Returns:

merged certificate

Throws:

IOException - if the armored data cannot be processed

PGPException - if a protocol level error occurs

join

public static OpenPGPCertificate join(OpenPGPCertificate certificate,
 OpenPGPCertificate other)
                               throws PGPException

Join two copies of the same OpenPGPCertificate, merging its components into a single instance.

Parameters:

certificate - base certificate

other - copy of the same certificate, potentially carrying a different set of components

Returns:

merged certificate

Throws:

PGPException - if a protocol level error occurs

getFingerprint

public byte[] getFingerprint()

Return the primary keys fingerprint in binary format.

Returns:

primary key fingerprint

getPrettyFingerprint

public String getPrettyFingerprint()

Return the primary keys fingerprint as a pretty-printed String.

Returns:

pretty-printed primary key fingerprint

toAsciiArmoredString

public String toAsciiArmoredString()
                            throws IOException

Return an ASCII armored String containing the certificate.

Returns:

armored certificate

Throws:

IOException - if the cert cannot be encoded

toAsciiArmoredString

public String toAsciiArmoredString(PacketFormat packetFormat)
                            throws IOException

Return an ASCII armored String containing the certificate.

Parameters:

packetFormat - packet length encoding format

Returns:

armored certificate

Throws:

IOException - if the cert cannot be encoded

toAsciiArmoredString

public String toAsciiArmoredString(PacketFormat packetFormat,
 ArmoredOutputStream.Builder armorBuilder)
                            throws IOException

Return an ASCII armored String containing the certificate. The ArmoredOutputStream.Builder can be used to customize the ASCII armor (headers, CRC etc.).

Parameters:

packetFormat - packet length encoding format

armorBuilder - builder for the ASCII armored output stream

Returns:

armored certificate

Throws:

IOException - if the cert cannot be encoded

getEncoded

public byte[] getEncoded()
                  throws IOException

Return a byte array containing the binary representation of the certificate.

Returns:

binary encoded certificate

Throws:

IOException - if the certificate cannot be encoded

getEncoded

public byte[] getEncoded(PacketFormat format)
                  throws IOException

Return a byte array containing the binary representation of the certificate, encoded using the given packet length encoding format.

Parameters:

format - packet length encoding format

Returns:

binary encoded certificate

Throws:

IOException - if the certificate cannot be encoded

getEncryptionKeys

public List<OpenPGPCertificate.OpenPGPComponentKey> getEncryptionKeys()

Return a List containing all currently marked, valid encryption keys.

Returns:

encryption keys

getEncryptionKeys

public List<OpenPGPCertificate.OpenPGPComponentKey> getEncryptionKeys(Date evaluationTime)

Return a list of all keys that are - at evaluation time - valid encryption keys.

Parameters:

evaluationTime - evaluation time

Returns:

encryption keys

getSigningKeys

public List<OpenPGPCertificate.OpenPGPComponentKey> getSigningKeys()

Return a List containing all currently valid marked signing keys.

Returns:

list of signing keys

getSigningKeys

public List<OpenPGPCertificate.OpenPGPComponentKey> getSigningKeys(Date evaluationTime)

Return a list of all keys that - at evaluation time - are validly marked as signing keys.

Parameters:

evaluationTime - evaluation time

Returns:

list of signing keys

getCertificationKeys

public List<OpenPGPCertificate.OpenPGPComponentKey> getCertificationKeys()

Return a List containing all currently valid marked certification keys.

Returns:

list of certification keys

getCertificationKeys

public List<OpenPGPCertificate.OpenPGPComponentKey> getCertificationKeys(Date evaluationTime)

Return a list of all keys that - at evaluation time - are validly marked as certification keys.

Parameters:

evaluationTime - evaluation time

Returns:

list of certification keys

getIdentities

public List<OpenPGPCertificate.OpenPGPIdentityComponent> getIdentities()

Return all identities (User IDs, User Attributes of the certificate.

Returns:

identities

getPrimaryUserId

public OpenPGPCertificate.OpenPGPUserId getPrimaryUserId()

Return the current primary OpenPGPCertificate.OpenPGPUserId of the certificate.

Returns:

primary user id

getPrimaryUserId

public OpenPGPCertificate.OpenPGPUserId getPrimaryUserId(Date evaluationTime)

Return the OpenPGPCertificate.OpenPGPUserId that is considered primary at the given evaluation time.

Parameters:

evaluationTime - evaluation time

Returns:

primary user-id at evaluation time

getUserId

public OpenPGPCertificate.OpenPGPUserId getUserId(String userId)

Return the OpenPGPCertificate.OpenPGPUserId object matching the given user-id String.

Parameters:

userId - user-id

Returns:

user-id

getExpirationTime

public Date getExpirationTime()

Return the time at which the certificate expires.

Returns:

expiration time of the certificate

getExpirationTime

public Date getExpirationTime(Date evaluationTime)

Return the time at which the certificate is expected to expire, considering the given evaluation time.

Parameters:

evaluationTime - reference time

Returns:

expiration time at evaluation time

getDelegationBy

public OpenPGPCertificate.OpenPGPSignatureChain getDelegationBy(OpenPGPCertificate thirdPartyCertificate)

Return an OpenPGPCertificate.OpenPGPSignatureChain from the given 3rd-party certificate to this certificate, which represents a delegation of trust. If no delegation signature is found, return null.

Parameters:

thirdPartyCertificate - OpenPGPCertificate of a 3rd party.

Returns:

chain containing the latest delegation issued by the 3rd-party certificate

getDelegationBy

public OpenPGPCertificate.OpenPGPSignatureChain getDelegationBy(OpenPGPCertificate thirdPartyCertificate,
 Date evaluationTime)

Return an OpenPGPCertificate.OpenPGPSignatureChain from the given 3rd-party certificate to this certificate, which represents a delegation of trust at evaluation time. If no delegation signature is found, return null.

Parameters:

thirdPartyCertificate - OpenPGPCertificate of a 3rd party.

evaluationTime - reference time

Returns:

chain containing the (at evaluation time) latest delegation issued by the 3rd-party certificate

getRevocationBy

public OpenPGPCertificate.OpenPGPSignatureChain getRevocationBy(OpenPGPCertificate thirdPartyCertificate)

Return an OpenPGPCertificate.OpenPGPSignatureChain from the given 3rd-party certificate to this certificate, which represents a revocation of trust.

Parameters:

thirdPartyCertificate - OpenPGPCertificate of a 3rd party.

Returns:

chain containing the latest revocation issued by the 3rd party certificate

getRevocationBy

public OpenPGPCertificate.OpenPGPSignatureChain getRevocationBy(OpenPGPCertificate thirdPartyCertificate,
 Date evaluationTime)

Return an OpenPGPCertificate.OpenPGPSignatureChain from the given 3rd-party certificate to this certificate, which (at evaluation time) represents a revocation of trust.

Parameters:

thirdPartyCertificate - OpenPGPCertificate of a 3rd party.

evaluationTime - reference time

Returns:

chain containing the (at evaluation time) latest revocation issued by the 3rd party certificate