List of usage examples for org.bouncycastle.openpgp PGPPublicKey getSignaturesOfType
public Iterator getSignaturesOfType(int signatureType)
From source file:com.google.e2e.bcdriver.KeyChecker.java
License:Apache License
/** * <p>This is the primary way to use this utility. It examines a * provided PGPPublicKeyRing and returns a wrapped object that * provides access only to verified key material.</p> * * @param pkr is the keyring to be examined. * @return an object that provides filtered access to verified key material. *//*from w w w . jav a2 s.c o m*/ public static final PKR validate(PGPPublicKeyRing pkr) throws PGPException, SignatureException, IOException { // First handle keyring revocation/designated revokers PGPPublicKey masterpk = pkr.getPublicKey(); if (!masterpk.isMasterKey()) { throw new IllegalArgumentException("Unexpected - first key is not master"); } StringBuilder errors = new StringBuilder(); List<UserID> userids = new ArrayList<UserID>(); List<Subkey> subkeys = new ArrayList<Subkey>(); int validRejects = 0; if (masterpk.hasRevocation()) { // Second pass - check for revocations. Iterator<PGPSignature> masterSigit = Util.getTypedIterator( masterpk.getSignaturesOfType(PGPSignature.KEY_REVOCATION), PGPSignature.class); while (masterSigit.hasNext()) { PGPSignature sig = masterSigit.next(); if (isGoodDirectSignature(sig, masterpk, masterpk, errors)) { validRejects++; } } } if (validRejects > 0) { // Primary key is revoked, discard everything else. return new PKR(PKR.Status.REVOKED, pkr, userids, subkeys, errors); } // Filter for valid userids. Iterator<String> uidit = Util.getTypedIterator(masterpk.getUserIDs(), String.class); while (uidit.hasNext()) { maybeAddUserID(userids, masterpk, uidit.next(), errors); } // Don't bother with subkeys if we don't have a valid uid. if ((userids.size() == 0)) { return new PKR(PKR.Status.UNUSABLE, pkr, userids, subkeys, errors); } // Now start checking subkeys. Iterator<PGPPublicKey> keysit = pkr.getPublicKeys(); // Skip the first (master) key. keysit.next(); while (keysit.hasNext()) { PGPPublicKey subkey = keysit.next(); if (subkey.isMasterKey()) { throw new IllegalArgumentException("unexpected"); } maybeAddSubkey(subkeys, masterpk, subkey, errors); } return new PKR(PKR.Status.OK, pkr, userids, subkeys, errors); }
From source file:com.google.gerrit.gpg.PublicKeyCheckerTest.java
License:Apache License
private PGPPublicKeyRing removeRevokers(PGPPublicKeyRing kr) { PGPPublicKey k = kr.getPublicKey(); @SuppressWarnings("unchecked") Iterator<PGPSignature> sigs = k.getSignaturesOfType(DIRECT_KEY); while (sigs.hasNext()) { PGPSignature sig = sigs.next();/* ww w . j a v a2s . com*/ if (sig.getHashedSubPackets().hasSubpacket(REVOCATION_KEY)) { k = PGPPublicKey.removeCertification(k, sig); } } return PGPPublicKeyRing.insertPublicKey(kr, k); }
From source file:org.kontalk.xmppserver.pgp.PGPUtils.java
License:Open Source License
public static boolean findValidRevocationSignature(PGPPublicKey key) throws PGPException { PGPSignature valid = null;//www. j ava2 s . c o m @SuppressWarnings("unchecked") Iterator<PGPSignature> sigs = key.getSignaturesOfType(PGPSignature.KEY_REVOCATION); while (sigs != null && sigs.hasNext()) { PGPSignature sig = sigs.next(); if (sig.getKeyID() == key.getKeyID() && verifyKeySignature(key, sig)) { if (valid == null || valid.getCreationTime().before(sig.getCreationTime())) valid = sig; // TODO else if (sig.getSignatureType() == PGPSignature.CERTIFICATION_REVOCATION) ... } } return valid != null; }