Cryptix OpenPGP

cryptix.openpgp
Class PGPCertificate

java.lang.Object
  extended byjava.security.cert.Certificate
      extended bycryptix.pki.ExtendedCertificate
          extended bycryptix.openpgp.PGPCertificate
All Implemented Interfaces:
java.io.Serializable

public abstract class PGPCertificate
extends ExtendedCertificate

An OpenPGP Certificate.

Version:
$Revision: 1.3 $
Author:
Edwin Woudt , Ingo Luetkebohle
See Also:
Serialized Form

Nested Class Summary
 
Nested classes inherited from class java.security.cert.Certificate
java.security.cert.Certificate.CertificateRep
 
Constructor Summary
protected PGPCertificate(java.lang.String type)
          Create a new Certificate object with the given type.
 
Method Summary
abstract  java.util.Date getCreationDate()
          Returns the creation date and time.
abstract  java.util.Date getExpirationDate()
          Returns the expiration date and time.
abstract  java.util.Properties getHumanReadableNotationData()
          Returns the list of human readable notations on the certification that the issuer wishes to make.
abstract  KeyID getIssuerKeyID()
          Returns the keyID of the key issuing the certificate.
abstract  PGPPrincipal getIssuerUserID()
          Returns which user id of the issuer was used to issue this certificate.
abstract  boolean getKeyFlagCertification()
          Returns whether the certified key may be used to certify other keys.
abstract  boolean getKeyFlagEncryptCommunication()
          Returns whether the certified key may be used to encrypt communications.
abstract  boolean getKeyFlagEncryptStorage()
          Returns whether the certified key may be used to encrypt storage.
abstract  boolean getKeyFlagSignData()
          Returns whether the certified key may be used to sign data.
abstract  boolean getKeyFlagsSpecified()
          Returns whether key flags are specified Corresponds with OpenPGP signature subpacket type 27: 'key flags'.
abstract  java.util.Properties getMachineReadableNotationData()
          Returns the list of machine readable notations on the certification that the issuer wishes to make.
abstract  cryptix.openpgp.packet.PGPSignaturePacket getPacket()
          Return the contained signature packet.
abstract  java.lang.String getPolicyURL()
          Returns a URL of a document that describes the policy that the signature was issued under Corresponds with OpenPGP signature subpacket type 26: 'policy URL'.
abstract  int getTrustAmount()
          Returns the trust amount Corresponds with OpenPGP signature subpacket type 5: 'trust signature'.
abstract  int getTrustLevel()
          Returns the trust level Corresponds with OpenPGP signature subpacket type 5: 'trust signature'.
abstract  java.lang.String getTrustRegularExpression()
          Returns a regular expression that limits the scope of trust levels > 0.
abstract  boolean isExportable()
          Returns whether a certification signature is exportable.
abstract  boolean isRevocable()
          Returns signature's revocability status.
 
Methods inherited from class cryptix.pki.ExtendedCertificate
checkValidity, checkValidity, getSubject, isSelfSigned, verify
 
Methods inherited from class java.security.cert.Certificate
equals, getEncoded, getPublicKey, getType, hashCode, toString, verify, verify, writeReplace
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Constructor Detail

PGPCertificate

protected PGPCertificate(java.lang.String type)
Create a new Certificate object with the given type.

Method Detail

getPacket

public abstract cryptix.openpgp.packet.PGPSignaturePacket getPacket()
Return the contained signature packet.

Note: packets are part of the low-level API. Normally you don't need to use this method as other options are available.


getCreationDate

public abstract java.util.Date getCreationDate()
                                        throws java.security.cert.CertificateParsingException
Returns the creation date and time.

Corresponds with OpenPGP signature subpacket type 2: 'signature creation type'.

Throws:
java.security.cert.CertificateParsingException

getExpirationDate

public abstract java.util.Date getExpirationDate()
                                          throws java.security.cert.CertificateParsingException
Returns the expiration date and time.

Corresponds with OpenPGP signature subpacket type 3: 'signature expiration type'.

Throws:
java.security.cert.CertificateParsingException

isExportable

public abstract boolean isExportable()
                              throws java.security.cert.CertificateParsingException
Returns whether a certification signature is exportable.

Corresponds with OpenPGP signature subpacket type 4: 'exportable certification'.

Non-exportable, or "local," certifications are signatures made by a user to mark a key as valid within that user's implementation only. Thus, when an implementation prepares a user's copy of a key for transport to another user (this is the process of "exporting" the key), any local certification signatures are deleted from the key.

Throws:
java.security.cert.CertificateParsingException

getTrustLevel

public abstract int getTrustLevel()
                           throws java.security.cert.CertificateParsingException
Returns the trust level

Corresponds with OpenPGP signature subpacket type 5: 'trust signature'.

Meaning of the levels: Level 0 has the same meaning as an ordinary validity signature. Level 1 means that the signed key is asserted to be a valid trusted introducer, with the 2nd octet of the body specifying the degree of trust. Level 2 means that the signed key is asserted to be trusted to issue level 1 trust signatures, i.e. that it is a "meta introducer". Generally, a level n trust signature asserts that a key is trusted to issue level n-1 trust signatures.

Throws:
java.security.cert.CertificateParsingException

getTrustAmount

public abstract int getTrustAmount()
                            throws java.security.cert.CertificateParsingException
Returns the trust amount

Corresponds with OpenPGP signature subpacket type 5: 'trust signature'.

The trust amount is in a range from 0-255, interpreted such that values less than 120 indicate partial trust and values of 120 or greater indicate complete trust. The default values used by most applications are 60 for partial trust and 120 for complete trust.

Throws:
java.security.cert.CertificateParsingException

getTrustRegularExpression

public abstract java.lang.String getTrustRegularExpression()
                                                    throws java.security.cert.CertificateParsingException
Returns a regular expression that limits the scope of trust levels > 0.

Corresponds with OpenPGP signature subpacket type 6: 'regular expression'.

Used in conjunction with trust signature packets (of level > 0) to limit the scope of trust that is extended. Only signatures by the target key on user IDs that match the regular expression in the body of this packet have trust extended by the trust signature subpacket.

Regarding the syntax, here is an integral quote from RFC 2440:

 8. Regular Expressions
 
    A regular expression is zero or more branches, separated by '|'. It
    matches anything that matches one of the branches.
 
    A branch is zero or more pieces, concatenated. It matches a match
    for the first, followed by a match for the second, etc.
 
    A piece is an atom possibly followed by '*', '+', or '?'. An atom
    followed by '*' matches a sequence of 0 or more matches of the atom.
    An atom followed by '+' matches a sequence of 1 or more matches of
    the atom. An atom followed by '?' matches a match of the atom, or
    the null string.
 
    An atom is a regular expression in parentheses (matching a match for
    the regular expression), a range (see below), '.' (matching any
    single character), '^' (matching the null string at the beginning of
    the input string), '$' (matching the null string at the end of the
    input string), a '\' followed by a single character (matching that
    character), or a single character with no other significance
    (matching that character).
 
    A range is a sequence of characters enclosed in '[]'. It normally
    matches any single character from the sequence. If the sequence
    begins with '^', it matches any single character not from the rest
    of the sequence. If two characters in the sequence are separated by
    '-', this is shorthand for the full list of ASCII characters between
    them (e.g. '[0-9]' matches any decimal digit). To include a literal
    ']' in the sequence, make it the first character (following a
    possible '^').  To include a literal '-', make it the first or last
    character.
 

Returns:
the regular expression or null if no regular expression is available
Throws:
java.security.cert.CertificateParsingException

isRevocable

public abstract boolean isRevocable()
                             throws java.security.cert.CertificateParsingException
Returns signature's revocability status.

Corresponds with OpenPGP signature subpacket type 7: 'revocable'.

Returns a boolean flag indicating whether the signature is revocable. Signatures that are not revocable have any later revocation signatures ignored. They represent a commitment by the signer that he cannot revoke his signature for the life of his key.

Throws:
java.security.cert.CertificateParsingException

getIssuerKeyID

public abstract KeyID getIssuerKeyID()
                              throws java.security.cert.CertificateParsingException
Returns the keyID of the key issuing the certificate.

Corresponds with OpenPGP signature subpacket type 16: 'issuer key ID'.

Throws:
java.security.cert.CertificateParsingException

getMachineReadableNotationData

public abstract java.util.Properties getMachineReadableNotationData()
                                                             throws java.security.cert.CertificateParsingException
Returns the list of machine readable notations on the certification that the issuer wishes to make.

Corresponds with OpenPGP signature subpacket type 20: 'notation data'.

Returned is a Properties object, containing a (possibly empty) set of keys and values. The keys reside in two name spaces: The IETF name space and the user name space.

The IETF name space is registered with IANA. These keys will not contain the "@" character (0x40) as this is a tag for the user name space.

Keys in the user name space consist of a string tag followed by "@" followed by a DNS domain name. For example, the "sample" tag used by Example Corporation could be "sample@example.com".

Throws:
java.security.cert.CertificateParsingException

getHumanReadableNotationData

public abstract java.util.Properties getHumanReadableNotationData()
                                                           throws java.security.cert.CertificateParsingException
Returns the list of human readable notations on the certification that the issuer wishes to make.

Corresponds with OpenPGP signature subpacket type 20: 'notation data'.

Returned is a Properties object, containing a (possibly empty) set of keys and values. The keys reside in two name spaces: The IETF name space and the user name space.

The IETF name space is registered with IANA. These keys will not contain the "@" character (0x40) as this is a tag for the user name space.

Keys in the user name space consist of a string tag followed by "@" followed by a DNS domain name. For example, the "sample" tag used by Example Corporation could be "sample@example.com".

Throws:
java.security.cert.CertificateParsingException

getPolicyURL

public abstract java.lang.String getPolicyURL()
                                       throws java.security.cert.CertificateParsingException
Returns a URL of a document that describes the policy that the signature was issued under

Corresponds with OpenPGP signature subpacket type 26: 'policy URL'.

Throws:
java.security.cert.CertificateParsingException

getKeyFlagsSpecified

public abstract boolean getKeyFlagsSpecified()
                                      throws java.security.cert.CertificateParsingException
Returns whether key flags are specified

Corresponds with OpenPGP signature subpacket type 27: 'key flags'.

If this method returns true, the application can call one of the other getKeyFlag* methods for the specific key flags.

Throws:
java.security.cert.CertificateParsingException

getKeyFlagCertification

public abstract boolean getKeyFlagCertification()
                                         throws java.security.cert.CertificateParsingException
Returns whether the certified key may be used to certify other keys.

Throws:
java.lang.UnsupportedOperationException - if getKeyFlagsSpecified() returns false;
java.security.cert.CertificateParsingException

getKeyFlagSignData

public abstract boolean getKeyFlagSignData()
                                    throws java.security.cert.CertificateParsingException
Returns whether the certified key may be used to sign data.

Throws:
java.lang.UnsupportedOperationException - if getKeyFlagsSpecified() returns false;
java.security.cert.CertificateParsingException

getKeyFlagEncryptCommunication

public abstract boolean getKeyFlagEncryptCommunication()
                                                throws java.security.cert.CertificateParsingException
Returns whether the certified key may be used to encrypt communications.

Throws:
java.lang.UnsupportedOperationException - if getKeyFlagsSpecified() returns false;
java.security.cert.CertificateParsingException

getKeyFlagEncryptStorage

public abstract boolean getKeyFlagEncryptStorage()
                                          throws java.security.cert.CertificateParsingException
Returns whether the certified key may be used to encrypt storage.

Throws:
java.lang.UnsupportedOperationException - if getKeyFlagsSpecified() returns false;
java.security.cert.CertificateParsingException

getIssuerUserID

public abstract PGPPrincipal getIssuerUserID()
                                      throws java.security.cert.CertificateParsingException
Returns which user id of the issuer was used to issue this certificate.

Corresponds with OpenPGP signature subpacket type 28: 'signer's user id'.

Many keyholders use a single key for different purposes, such as business communications as well as personal communications. This subpacket allows such a keyholder to state which of their roles is making a signature.

Throws:
java.security.cert.CertificateParsingException

Cryptix OpenPGP

Copyright (C) 1999-2003 The Cryptix Foundation Ltd.