All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.gpg.keybox.CertificateBlob Maven / Gradle / Ivy

Go to download

The Bouncy Castle Java APIs for the OpenPGP Protocol. The APIs are designed primarily to be used in conjunction with the BC FIPS provider. The APIs may also be used with other providers although if being used in a FIPS context it is the responsibility of the user to ensure that any other providers used are FIPS certified and used appropriately.

There is a newer version: 2.0.9
Show newest version
package org.bouncycastle.gpg.keybox;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

/**
 * A PGP blob holds key material.
 */
public class CertificateBlob
    extends KeyBlob
{
    private CertificateBlob(int base, long length,
                            BlobType type,
                            int version,
                            int blobFlags,
                            int keyNumber,
                            List keyInformation,
                            byte[] serialNumber,
                            int numberOfUserIDs,
                            List userIds,
                            int numberOfSignatures,
                            List expirationTime,
                            int assignedOwnerTrust,
                            int allValidity,
                            long recheckAfter,
                            long newestTimestamp,
                            long blobCreatedAt,
                            byte[] keyBytes,
                            byte[] reserveBytes,
                            byte[] sha1Checksum)
    {
        super(base, length, type, version, blobFlags, keyNumber,
            keyInformation, serialNumber, numberOfUserIDs, userIds, numberOfSignatures,
            expirationTime, assignedOwnerTrust, allValidity, recheckAfter, newestTimestamp, blobCreatedAt,
            keyBytes, reserveBytes, sha1Checksum);
    }


    static Blob parseContent(int base, long length, BlobType type, int version, KeyBoxByteBuffer buffer, BlobVerifier blobVerifier)
        throws IOException
    {

        //
        // u32  Length of this blob (including these 4 bytes)
        // byte Blob type
        //             2 = OpenPGP
        //             3 = X509
        //  byte Version number of this blob type
        //             1 = The only defined value
        //


        //
        // Take checksum first.
        //
        verifyDigest(base, length, buffer, blobVerifier);


        int blobFlags = buffer.u16(); //  u16  Blob flags
        long keyBlockOffset = buffer.u32();   //  u32  offset to the OpenPGP keyblock or X509 DER encoded certificate
        long keyBlockLength = buffer.u32(); // u32  and its length

        int keyNumber = buffer.u16(); //  u16  number of keys (at least 1!) [X509: always 1]


        // This value defines the length of the space reserved for the AdditionalKeyInformation
        int keyInformationStructureSize = buffer.u16(); // u16  size of additional key information

        //
        // Load the additional key information.
        //
        List keyInformation = new ArrayList();

        for (int t = keyNumber - 1; t >= 0; t--)
        {
            keyInformation.add(KeyInformation.getInstance(buffer, keyInformationStructureSize, base));
        }

        int sizeOfSerialNumber = buffer.u16(); // size of serialnumber(may be zero)

        byte[] serialNumber = buffer.bN(sizeOfSerialNumber);
        // buffer.bN(serialNumber); // n  u16 (see above) bytes of serial number

        int numberOfUserIDs = buffer.u16(); //  u16  number of user IDs
        buffer.u16(); // size of additional user ID information

        //
        // User IDS.
        //
        List userIds = new ArrayList();
        for (int t = numberOfUserIDs - 1; t >= 0; t--)
        {
            userIds.add(UserID.getInstance(buffer, base));
        }

        int numberOfSignatures = buffer.u16();
        buffer.u16();


        List signatureExpirationTime = new ArrayList();
        for (int t = numberOfSignatures - 1; t >= 0; t--)
        {
            signatureExpirationTime.add(buffer.u32());
        }

        int assignedOwnerTrust = buffer.u8(); //  din.read();
        int allValidity = buffer.u8();

        buffer.u16(); // RFU
        long recheckAfter = buffer.u32();
        long newestTimestamp = buffer.u32();
        long blobCreatedAt = buffer.u32();

        long sizeOfReservedSpace = buffer.u32();


        // Arbitrary reserved space, that may hold X509 V3 certificate IDs.!
        byte[] reserveData = buffer.bN((int)sizeOfReservedSpace); // Reserved space of size NRES for future use.
//        buffer.bN(reserveData);


        //
        // Key block is loaded based from the start of the blob rather than
        //

        byte[] keyData = buffer.rangeOf(
            (int)(base + keyBlockOffset),
            (int)(base + keyBlockOffset + keyBlockLength)); // Defined near top of structure..


        //
        // Reserve space.
        //
        int dataSize = (int)(length - (buffer.position() - base) - 20);
        byte[] data = buffer.bN(dataSize);


        byte[] sha1Checksum = buffer.rangeOf((int)(base + length - 20), (int)(base + length));
        buffer.consume(sha1Checksum.length);

        return new CertificateBlob(base, length,
            type,
            version,
            blobFlags,
            keyNumber,
            keyInformation,
            serialNumber,
            numberOfUserIDs,
            userIds,
            numberOfSignatures,
            signatureExpirationTime,
            assignedOwnerTrust,
            allValidity,
            recheckAfter,
            newestTimestamp,
            blobCreatedAt,
            keyData, reserveData, sha1Checksum);
    }

    /**
     * Return the encoded certificate.
     * 

* This is the raw certificate data, if you are using the JCA then you can * convert it back to an X509 Certificate using. *

* Example: * byte[] certData = keyBlob.getEncodedCertificate(); * CertificateFactory factory = CertificateFactory.getInstance("X509"); * certificate = factory.generateCertificate(new ByteArrayInputStream(certData)); * * @return */ public byte[] getEncodedCertificate() { return getKeyBytes(); } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy