Example usage for org.bouncycastle.openpgp PGPSecretKey getUserAttributes

Introduction

In this page you can find the example usage for org.bouncycastle.openpgp PGPSecretKey getUserAttributes.

Prototype

public Iterator<PGPUserAttributeSubpacketVector> getUserAttributes() 

Source Link

Document

Return any user attribute vectors associated with the key.

Usage

From source file:org.sufficientlysecure.keychain.pgp.PgpToX509.java

License:Open Source License

/**
 * Creates a self-signed certificate from a PGP Secret Key.
 *
 * @param pgpSecKey      PGP Secret Key (from which one can extract the public and private
 *                       keys and other attributes).
 * @param pgpPrivKey     PGP Private Key corresponding to the Secret Key (password callbacks
 *                       should be done before calling this method)
 * @param subjAltNameURI optional URI to embed in the subject alternative-name
 * @return self-signed certificate//from   w w  w  .  j  a v  a 2 s  . c om
 * @throws PGPException
 * @throws NoSuchProviderException
 * @throws InvalidKeyException
 * @throws NoSuchAlgorithmException
 * @throws SignatureException
 * @throws CertificateException
 * @author Bruno Harbulot
 */
public static X509Certificate createSelfSignedCert(PGPSecretKey pgpSecKey, PGPPrivateKey pgpPrivKey,
        String subjAltNameURI) throws PGPException, NoSuchProviderException, InvalidKeyException,
        NoSuchAlgorithmException, SignatureException, CertificateException {
    // get public key from secret key
    PGPPublicKey pgpPubKey = pgpSecKey.getPublicKey();

    // LOGGER.info("Key ID: " + Long.toHexString(pgpPubKey.getKeyID() & 0xffffffffL));

    /*
     * The X.509 Name to be the subject DN is prepared. The CN is extracted from the Secret Key
     * user ID.
     */
    Vector<DERObjectIdentifier> x509NameOids = new Vector<DERObjectIdentifier>();
    Vector<String> x509NameValues = new Vector<String>();

    x509NameOids.add(X509Name.O);
    x509NameValues.add(DN_COMMON_PART_O);

    x509NameOids.add(X509Name.OU);
    x509NameValues.add(DN_COMMON_PART_OU);

    for (@SuppressWarnings("unchecked")
    Iterator<Object> it = (Iterator<Object>) pgpSecKey.getUserIDs(); it.hasNext();) {
        Object attrib = it.next();
        x509NameOids.add(X509Name.CN);
        x509NameValues.add("CryptoCall");
        // x509NameValues.add(attrib.toString());
    }

    /*
     * Currently unused.
     */
    Log.d(Constants.TAG, "User attributes: ");
    for (@SuppressWarnings("unchecked")
    Iterator<Object> it = (Iterator<Object>) pgpSecKey.getUserAttributes(); it.hasNext();) {
        Object attrib = it.next();
        Log.d(Constants.TAG, " - " + attrib + " -- " + attrib.getClass());
    }

    X509Name x509name = new X509Name(x509NameOids, x509NameValues);

    Log.d(Constants.TAG, "Subject DN: " + x509name);

    /*
     * To check the signature from the certificate on the recipient side, the creation time
     * needs to be embedded in the certificate. It seems natural to make this creation time be
     * the "not-before" date of the X.509 certificate. Unlimited PGP keys have a validity of 0
     * second. In this case, the "not-after" date will be the same as the not-before date. This
     * is something that needs to be checked by the service receiving this certificate.
     */
    Date creationTime = pgpPubKey.getCreationTime();
    Log.d(Constants.TAG, "pgp pub key creation time=" + DateFormat.getDateInstance().format(creationTime));
    Log.d(Constants.TAG, "pgp valid seconds=" + pgpPubKey.getValidSeconds());
    Date validTo = null;
    if (pgpPubKey.getValidSeconds() > 0) {
        validTo = new Date(creationTime.getTime() + 1000L * pgpPubKey.getValidSeconds());
    }

    X509Certificate selfSignedCert = createSelfSignedCert(
            pgpPubKey.getKey(Constants.BOUNCY_CASTLE_PROVIDER_NAME), pgpPrivKey.getKey(), x509name,
            creationTime, validTo, subjAltNameURI);

    return selfSignedCert;
}

---