Package org.bouncycastle.openpgp.api

Class OpenPGPSignature

java.lang.Object
org.bouncycastle.openpgp.api.OpenPGPSignature
Direct Known Subclasses:
OpenPGPCertificate.OpenPGPComponentSignature, OpenPGPSignature.OpenPGPDocumentSignature
public abstract class OpenPGPSignature extends Object
An OpenPGP signature. This is a wrapper around PGPSignature which tracks the verification state of the signature.

  • Field Details

  • Constructor Details

  • Method Details

    • getSignature

      public PGPSignature getSignature()
      Return the PGPSignature.
      Returns:
      signature

    • getIssuer

      public OpenPGPCertificate.OpenPGPComponentKey getIssuer()
      Return the OpenPGPCertificate.OpenPGPComponentKey subkey that issued this signature. This method might return null, if the issuer certificate is not available.
      Returns:
      issuer subkey or null

    • getIssuerCertificate

      public OpenPGPCertificate getIssuerCertificate()
      Return the OpenPGPCertificate that contains the subkey that issued this signature. This method might return null if the issuer certificate is not available
      Returns:
      issuer certificate or null

    • getKeyIdentifiers

      public List<KeyIdentifier> getKeyIdentifiers()
      Return a List of possible KeyIdentifier candidates.
      Returns:
      key identifier candidates

    • getKeyIdentifier

      public KeyIdentifier getKeyIdentifier()
      Return the most expressive KeyIdentifier from available candidates.
      Returns:
      most expressive key identifier

    • getMostExpressiveIdentifier

      public static KeyIdentifier getMostExpressiveIdentifier(List<KeyIdentifier> identifiers)
      Return the most expressive issuer KeyIdentifier. Due to historic reasons, signatures MAY contain more than one issuer packet, which might contain inconsistent information (issuer key-ids / issuer fingerprints). Throw wildcards (anonymous issuers) into the mix, and it becomes apparent, that there needs to be a way to select the "best" issuer identifier. If there are more than one issuer packet, this method returns the most expressive (prefer fingerprints over key-ids, prefer non-wildcard over wildcard) and returns that.
      Parameters:
      identifiers - list of available identifiers
      Returns:
      the best identifier

    • isTestedCorrect

      public boolean isTestedCorrect()
      Return true, if this signature has been tested and is correct.
      Returns:
      true if the signature is tested and is correct, false otherwise

    • getCreationTime

      public Date getCreationTime()
      Return the creation time of the signature.
      Returns:
      signature creation time

    • getExpirationTime

      public Date getExpirationTime()
      Return the expiration time of the signature. If no expiration time was included (or if the signature was explicitly marked as non-expiring), return null, otherwise return the time of expiration. The signature is no longer valid, once the expiration time is exceeded.
      Returns:
      expiration time

    • isEffectiveAt

      public boolean isEffectiveAt(Date evaluationTime)
      Return true, if the signature is not a hard revocation, and if the evaluation time falls into the period between signature creation time and expiration or revocation.
      Parameters:
      evaluationTime - time for which you want to determine effectiveness of the signature
      Returns:
      true if the signature is effective at the given evaluation time

    • isHardRevocation

      public boolean isHardRevocation()
      Return true, if this signature is a hard revocation. Contrary to soft revocations (the key / signature / user-id was gracefully retired), a hard revocation has a serious reason, like key compromise, or no reason at all. Hard revocations invalidate the key / signature / user-id retroactively, while soft revocations only invalidate from the time of revocation signature creation onwards.
      Returns:
      true if the signature is a hard revocation

    • isCertification

      public boolean isCertification()
      Return true, if this signature is a certification. Certification signatures are used to bind user-ids to a key.
      Returns:
      true if the signature is a certification

    • isRevocation

      public boolean isRevocation()
      Return true, if this signature is a revocation, false otherwise.
      Returns:
      true if signature is revocation

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • getIssuerDisplay

      protected String getIssuerDisplay()

    • getTargetDisplay

      protected abstract String getTargetDisplay()

    • getType

      protected String getType()

    • toAsciiArmoredString

      public String toAsciiArmoredString() throws IOException
      Return an ASCII armored String representation of the signature. If the signature contains issuer information, the fingerprint or key-id of the issuer will be added to the ASCII armor as a comment header.
      Returns:
      ASCII armored signature
      Throws:
      IOException - if the signature cannot be encoded

    • toAsciiArmoredString

      public String toAsciiArmoredString(PacketFormat packetFormat) throws IOException
      Return an ASCII armored String representation of the signature. If the signature contains issuer information, the fingerprint or key-id of the issuer will be added to the ASCII armor as a comment header.
      Parameters:
      packetFormat - decide, which packet format to use when encoding the signature
      Returns:
      ASCII armored signature
      Throws:
      IOException - if the signature cannot be encoded

    • toAsciiArmoredString

      public String toAsciiArmoredString(PacketFormat packetFormat, ArmoredOutputStream.Builder armorBuilder) throws IOException
      Return an ASCII armored String representation of the signature. The ASCII armor can be configured using the passed ArmoredOutputStream.Builder.
      Parameters:
      packetFormat - decide, which packet format to use when encoding the signature
      armorBuilder - builder for the ASCII armored output stream
      Returns:
      ASCII armored signature
      Throws:
      IOException - if the signature cannot be encoded

    • getEncoded

      public byte[] getEncoded() throws IOException
      Return the binary encoding of the signature.
      Returns:
      binary encoding
      Throws:
      IOException - if the signature cannot be encoded

    • getEncoded

      public byte[] getEncoded(PacketFormat packetFormat) throws IOException
      Return the binary encoding of the signature.
      Parameters:
      packetFormat - decide, which packet format to use when encoding the signature
      Returns:
      binary encoding
      Throws:
      IOException - if the signature cannot be encoded