|
Cryptix OpenPGP | ||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectjava.security.cert.Certificate
cryptix.pki.ExtendedCertificate
cryptix.openpgp.PGPCertificate
An OpenPGP Certificate.
Nested Class Summary |
Nested classes inherited from class java.security.cert.Certificate |
java.security.cert.Certificate.CertificateRep |
Constructor Summary | |
protected |
PGPCertificate(java.lang.String type)
Create a new Certificate object with the given type. |
Method Summary | |
abstract java.util.Date |
getCreationDate()
Returns the creation date and time. |
abstract java.util.Date |
getExpirationDate()
Returns the expiration date and time. |
abstract java.util.Properties |
getHumanReadableNotationData()
Returns the list of human readable notations on the certification that the issuer wishes to make. |
abstract KeyID |
getIssuerKeyID()
Returns the keyID of the key issuing the certificate. |
abstract PGPPrincipal |
getIssuerUserID()
Returns which user id of the issuer was used to issue this certificate. |
abstract boolean |
getKeyFlagCertification()
Returns whether the certified key may be used to certify other keys. |
abstract boolean |
getKeyFlagEncryptCommunication()
Returns whether the certified key may be used to encrypt communications. |
abstract boolean |
getKeyFlagEncryptStorage()
Returns whether the certified key may be used to encrypt storage. |
abstract boolean |
getKeyFlagSignData()
Returns whether the certified key may be used to sign data. |
abstract boolean |
getKeyFlagsSpecified()
Returns whether key flags are specified Corresponds with OpenPGP signature subpacket type 27: 'key flags'. |
abstract java.util.Properties |
getMachineReadableNotationData()
Returns the list of machine readable notations on the certification that the issuer wishes to make. |
abstract cryptix.openpgp.packet.PGPSignaturePacket |
getPacket()
Return the contained signature packet. |
abstract java.lang.String |
getPolicyURL()
Returns a URL of a document that describes the policy that the signature was issued under Corresponds with OpenPGP signature subpacket type 26: 'policy URL'. |
abstract int |
getTrustAmount()
Returns the trust amount Corresponds with OpenPGP signature subpacket type 5: 'trust signature'. |
abstract int |
getTrustLevel()
Returns the trust level Corresponds with OpenPGP signature subpacket type 5: 'trust signature'. |
abstract java.lang.String |
getTrustRegularExpression()
Returns a regular expression that limits the scope of trust levels > 0. |
abstract boolean |
isExportable()
Returns whether a certification signature is exportable. |
abstract boolean |
isRevocable()
Returns signature's revocability status. |
Methods inherited from class cryptix.pki.ExtendedCertificate |
checkValidity, checkValidity, getSubject, isSelfSigned, verify |
Methods inherited from class java.security.cert.Certificate |
equals, getEncoded, getPublicKey, getType, hashCode, toString, verify, verify, writeReplace |
Methods inherited from class java.lang.Object |
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Constructor Detail |
protected PGPCertificate(java.lang.String type)
Method Detail |
public abstract cryptix.openpgp.packet.PGPSignaturePacket getPacket()
Note: packets are part of the low-level API. Normally you don't need to use this method as other options are available.
public abstract java.util.Date getCreationDate() throws java.security.cert.CertificateParsingException
Corresponds with OpenPGP signature subpacket type 2: 'signature creation type'.
java.security.cert.CertificateParsingException
public abstract java.util.Date getExpirationDate() throws java.security.cert.CertificateParsingException
Corresponds with OpenPGP signature subpacket type 3: 'signature expiration type'.
java.security.cert.CertificateParsingException
public abstract boolean isExportable() throws java.security.cert.CertificateParsingException
Corresponds with OpenPGP signature subpacket type 4: 'exportable certification'.
Non-exportable, or "local," certifications are signatures made by a user to mark a key as valid within that user's implementation only. Thus, when an implementation prepares a user's copy of a key for transport to another user (this is the process of "exporting" the key), any local certification signatures are deleted from the key.
java.security.cert.CertificateParsingException
public abstract int getTrustLevel() throws java.security.cert.CertificateParsingException
Corresponds with OpenPGP signature subpacket type 5: 'trust signature'.
Meaning of the levels: Level 0 has the same meaning as an ordinary validity signature. Level 1 means that the signed key is asserted to be a valid trusted introducer, with the 2nd octet of the body specifying the degree of trust. Level 2 means that the signed key is asserted to be trusted to issue level 1 trust signatures, i.e. that it is a "meta introducer". Generally, a level n trust signature asserts that a key is trusted to issue level n-1 trust signatures.
java.security.cert.CertificateParsingException
public abstract int getTrustAmount() throws java.security.cert.CertificateParsingException
Corresponds with OpenPGP signature subpacket type 5: 'trust signature'.
The trust amount is in a range from 0-255, interpreted such that values less than 120 indicate partial trust and values of 120 or greater indicate complete trust. The default values used by most applications are 60 for partial trust and 120 for complete trust.
java.security.cert.CertificateParsingException
public abstract java.lang.String getTrustRegularExpression() throws java.security.cert.CertificateParsingException
Corresponds with OpenPGP signature subpacket type 6: 'regular expression'.
Used in conjunction with trust signature packets (of level > 0) to limit the scope of trust that is extended. Only signatures by the target key on user IDs that match the regular expression in the body of this packet have trust extended by the trust signature subpacket.
Regarding the syntax, here is an integral quote from RFC 2440:
8. Regular Expressions A regular expression is zero or more branches, separated by '|'. It matches anything that matches one of the branches. A branch is zero or more pieces, concatenated. It matches a match for the first, followed by a match for the second, etc. A piece is an atom possibly followed by '*', '+', or '?'. An atom followed by '*' matches a sequence of 0 or more matches of the atom. An atom followed by '+' matches a sequence of 1 or more matches of the atom. An atom followed by '?' matches a match of the atom, or the null string. An atom is a regular expression in parentheses (matching a match for the regular expression), a range (see below), '.' (matching any single character), '^' (matching the null string at the beginning of the input string), '$' (matching the null string at the end of the input string), a '\' followed by a single character (matching that character), or a single character with no other significance (matching that character). A range is a sequence of characters enclosed in '[]'. It normally matches any single character from the sequence. If the sequence begins with '^', it matches any single character not from the rest of the sequence. If two characters in the sequence are separated by '-', this is shorthand for the full list of ASCII characters between them (e.g. '[0-9]' matches any decimal digit). To include a literal ']' in the sequence, make it the first character (following a possible '^'). To include a literal '-', make it the first or last character.
java.security.cert.CertificateParsingException
public abstract boolean isRevocable() throws java.security.cert.CertificateParsingException
Corresponds with OpenPGP signature subpacket type 7: 'revocable'.
Returns a boolean flag indicating whether the signature is revocable. Signatures that are not revocable have any later revocation signatures ignored. They represent a commitment by the signer that he cannot revoke his signature for the life of his key.
java.security.cert.CertificateParsingException
public abstract KeyID getIssuerKeyID() throws java.security.cert.CertificateParsingException
Corresponds with OpenPGP signature subpacket type 16: 'issuer key ID'.
java.security.cert.CertificateParsingException
public abstract java.util.Properties getMachineReadableNotationData() throws java.security.cert.CertificateParsingException
Corresponds with OpenPGP signature subpacket type 20: 'notation data'.
Returned is a Properties object, containing a (possibly empty) set of keys and values. The keys reside in two name spaces: The IETF name space and the user name space.
The IETF name space is registered with IANA. These keys will not contain the "@" character (0x40) as this is a tag for the user name space.
Keys in the user name space consist of a string tag followed by "@" followed by a DNS domain name. For example, the "sample" tag used by Example Corporation could be "sample@example.com".
java.security.cert.CertificateParsingException
public abstract java.util.Properties getHumanReadableNotationData() throws java.security.cert.CertificateParsingException
Corresponds with OpenPGP signature subpacket type 20: 'notation data'.
Returned is a Properties object, containing a (possibly empty) set of keys and values. The keys reside in two name spaces: The IETF name space and the user name space.
The IETF name space is registered with IANA. These keys will not contain the "@" character (0x40) as this is a tag for the user name space.
Keys in the user name space consist of a string tag followed by "@" followed by a DNS domain name. For example, the "sample" tag used by Example Corporation could be "sample@example.com".
java.security.cert.CertificateParsingException
public abstract java.lang.String getPolicyURL() throws java.security.cert.CertificateParsingException
Corresponds with OpenPGP signature subpacket type 26: 'policy URL'.
java.security.cert.CertificateParsingException
public abstract boolean getKeyFlagsSpecified() throws java.security.cert.CertificateParsingException
Corresponds with OpenPGP signature subpacket type 27: 'key flags'.
If this method returns true, the application can call one of the other getKeyFlag* methods for the specific key flags.
java.security.cert.CertificateParsingException
public abstract boolean getKeyFlagCertification() throws java.security.cert.CertificateParsingException
java.lang.UnsupportedOperationException
- if getKeyFlagsSpecified() returns
false;
java.security.cert.CertificateParsingException
public abstract boolean getKeyFlagSignData() throws java.security.cert.CertificateParsingException
java.lang.UnsupportedOperationException
- if getKeyFlagsSpecified() returns
false;
java.security.cert.CertificateParsingException
public abstract boolean getKeyFlagEncryptCommunication() throws java.security.cert.CertificateParsingException
java.lang.UnsupportedOperationException
- if getKeyFlagsSpecified() returns
false;
java.security.cert.CertificateParsingException
public abstract boolean getKeyFlagEncryptStorage() throws java.security.cert.CertificateParsingException
java.lang.UnsupportedOperationException
- if getKeyFlagsSpecified() returns
false;
java.security.cert.CertificateParsingException
public abstract PGPPrincipal getIssuerUserID() throws java.security.cert.CertificateParsingException
Corresponds with OpenPGP signature subpacket type 28: 'signer's user id'.
Many keyholders use a single key for different purposes, such as business communications as well as personal communications. This subpacket allows such a keyholder to state which of their roles is making a signature.
java.security.cert.CertificateParsingException
|
Cryptix OpenPGP | ||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |