List of usage examples for org.bouncycastle.openpgp PGPSecretKey getUserAttributes
public Iterator<PGPUserAttributeSubpacketVector> getUserAttributes()
From source file:org.sufficientlysecure.keychain.pgp.PgpToX509.java
License:Open Source License
/** * Creates a self-signed certificate from a PGP Secret Key. * * @param pgpSecKey PGP Secret Key (from which one can extract the public and private * keys and other attributes). * @param pgpPrivKey PGP Private Key corresponding to the Secret Key (password callbacks * should be done before calling this method) * @param subjAltNameURI optional URI to embed in the subject alternative-name * @return self-signed certificate//from w w w . j a v a 2 s . c om * @throws PGPException * @throws NoSuchProviderException * @throws InvalidKeyException * @throws NoSuchAlgorithmException * @throws SignatureException * @throws CertificateException * @author Bruno Harbulot */ public static X509Certificate createSelfSignedCert(PGPSecretKey pgpSecKey, PGPPrivateKey pgpPrivKey, String subjAltNameURI) throws PGPException, NoSuchProviderException, InvalidKeyException, NoSuchAlgorithmException, SignatureException, CertificateException { // get public key from secret key PGPPublicKey pgpPubKey = pgpSecKey.getPublicKey(); // LOGGER.info("Key ID: " + Long.toHexString(pgpPubKey.getKeyID() & 0xffffffffL)); /* * The X.509 Name to be the subject DN is prepared. The CN is extracted from the Secret Key * user ID. */ Vector<DERObjectIdentifier> x509NameOids = new Vector<DERObjectIdentifier>(); Vector<String> x509NameValues = new Vector<String>(); x509NameOids.add(X509Name.O); x509NameValues.add(DN_COMMON_PART_O); x509NameOids.add(X509Name.OU); x509NameValues.add(DN_COMMON_PART_OU); for (@SuppressWarnings("unchecked") Iterator<Object> it = (Iterator<Object>) pgpSecKey.getUserIDs(); it.hasNext();) { Object attrib = it.next(); x509NameOids.add(X509Name.CN); x509NameValues.add("CryptoCall"); // x509NameValues.add(attrib.toString()); } /* * Currently unused. */ Log.d(Constants.TAG, "User attributes: "); for (@SuppressWarnings("unchecked") Iterator<Object> it = (Iterator<Object>) pgpSecKey.getUserAttributes(); it.hasNext();) { Object attrib = it.next(); Log.d(Constants.TAG, " - " + attrib + " -- " + attrib.getClass()); } X509Name x509name = new X509Name(x509NameOids, x509NameValues); Log.d(Constants.TAG, "Subject DN: " + x509name); /* * To check the signature from the certificate on the recipient side, the creation time * needs to be embedded in the certificate. It seems natural to make this creation time be * the "not-before" date of the X.509 certificate. Unlimited PGP keys have a validity of 0 * second. In this case, the "not-after" date will be the same as the not-before date. This * is something that needs to be checked by the service receiving this certificate. */ Date creationTime = pgpPubKey.getCreationTime(); Log.d(Constants.TAG, "pgp pub key creation time=" + DateFormat.getDateInstance().format(creationTime)); Log.d(Constants.TAG, "pgp valid seconds=" + pgpPubKey.getValidSeconds()); Date validTo = null; if (pgpPubKey.getValidSeconds() > 0) { validTo = new Date(creationTime.getTime() + 1000L * pgpPubKey.getValidSeconds()); } X509Certificate selfSignedCert = createSelfSignedCert( pgpPubKey.getKey(Constants.BOUNCY_CASTLE_PROVIDER_NAME), pgpPrivKey.getKey(), x509name, creationTime, validTo, subjAltNameURI); return selfSignedCert; }