org.bouncycastle.gpg.keybox.CertificateBlob Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bcpg-fips Show documentation
Show all versions of bcpg-fips Show documentation
The Bouncy Castle Java APIs for the OpenPGP Protocol. The APIs are designed primarily to be used in conjunction with the BC FIPS provider. The APIs may also be used with other providers although if being used in a FIPS context it is the responsibility of the user to ensure that any other providers used are FIPS certified and used appropriately.
package org.bouncycastle.gpg.keybox;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
/**
* A PGP blob holds key material.
*/
public class CertificateBlob
extends KeyBlob
{
private CertificateBlob(int base, long length,
BlobType type,
int version,
int blobFlags,
int keyNumber,
List keyInformation,
byte[] serialNumber,
int numberOfUserIDs,
List userIds,
int numberOfSignatures,
List expirationTime,
int assignedOwnerTrust,
int allValidity,
long recheckAfter,
long newestTimestamp,
long blobCreatedAt,
byte[] keyBytes,
byte[] reserveBytes,
byte[] sha1Checksum)
{
super(base, length, type, version, blobFlags, keyNumber,
keyInformation, serialNumber, numberOfUserIDs, userIds, numberOfSignatures,
expirationTime, assignedOwnerTrust, allValidity, recheckAfter, newestTimestamp, blobCreatedAt,
keyBytes, reserveBytes, sha1Checksum);
}
static Blob parseContent(int base, long length, BlobType type, int version, KeyBoxByteBuffer buffer, BlobVerifier blobVerifier)
throws IOException
{
//
// u32 Length of this blob (including these 4 bytes)
// byte Blob type
// 2 = OpenPGP
// 3 = X509
// byte Version number of this blob type
// 1 = The only defined value
//
//
// Take checksum first.
//
verifyDigest(base, length, buffer, blobVerifier);
int blobFlags = buffer.u16(); // u16 Blob flags
long keyBlockOffset = buffer.u32(); // u32 offset to the OpenPGP keyblock or X509 DER encoded certificate
long keyBlockLength = buffer.u32(); // u32 and its length
int keyNumber = buffer.u16(); // u16 number of keys (at least 1!) [X509: always 1]
// This value defines the length of the space reserved for the AdditionalKeyInformation
int keyInformationStructureSize = buffer.u16(); // u16 size of additional key information
//
// Load the additional key information.
//
List keyInformation = new ArrayList();
for (int t = keyNumber - 1; t >= 0; t--)
{
keyInformation.add(KeyInformation.getInstance(buffer, keyInformationStructureSize, base));
}
int sizeOfSerialNumber = buffer.u16(); // size of serialnumber(may be zero)
byte[] serialNumber = buffer.bN(sizeOfSerialNumber);
// buffer.bN(serialNumber); // n u16 (see above) bytes of serial number
int numberOfUserIDs = buffer.u16(); // u16 number of user IDs
buffer.u16(); // size of additional user ID information
//
// User IDS.
//
List userIds = new ArrayList();
for (int t = numberOfUserIDs - 1; t >= 0; t--)
{
userIds.add(UserID.getInstance(buffer, base));
}
int numberOfSignatures = buffer.u16();
buffer.u16();
List signatureExpirationTime = new ArrayList();
for (int t = numberOfSignatures - 1; t >= 0; t--)
{
signatureExpirationTime.add(buffer.u32());
}
int assignedOwnerTrust = buffer.u8(); // din.read();
int allValidity = buffer.u8();
buffer.u16(); // RFU
long recheckAfter = buffer.u32();
long newestTimestamp = buffer.u32();
long blobCreatedAt = buffer.u32();
long sizeOfReservedSpace = buffer.u32();
// Arbitrary reserved space, that may hold X509 V3 certificate IDs.!
byte[] reserveData = buffer.bN((int)sizeOfReservedSpace); // Reserved space of size NRES for future use.
// buffer.bN(reserveData);
//
// Key block is loaded based from the start of the blob rather than
//
byte[] keyData = buffer.rangeOf(
(int)(base + keyBlockOffset),
(int)(base + keyBlockOffset + keyBlockLength)); // Defined near top of structure..
//
// Reserve space.
//
int dataSize = (int)(length - (buffer.position() - base) - 20);
byte[] data = buffer.bN(dataSize);
byte[] sha1Checksum = buffer.rangeOf((int)(base + length - 20), (int)(base + length));
buffer.consume(sha1Checksum.length);
return new CertificateBlob(base, length,
type,
version,
blobFlags,
keyNumber,
keyInformation,
serialNumber,
numberOfUserIDs,
userIds,
numberOfSignatures,
signatureExpirationTime,
assignedOwnerTrust,
allValidity,
recheckAfter,
newestTimestamp,
blobCreatedAt,
keyData, reserveData, sha1Checksum);
}
/**
* Return the encoded certificate.
*
* This is the raw certificate data, if you are using the JCA then you can
* convert it back to an X509 Certificate using.
*
* Example:
* byte[] certData = keyBlob.getEncodedCertificate();
* CertificateFactory factory = CertificateFactory.getInstance("X509");
* certificate = factory.generateCertificate(new ByteArrayInputStream(certData));
*
* @return
*/
public byte[] getEncodedCertificate()
{
return getKeyBytes();
}
}