MasterKey.java

package com.wesabe.grendel.openpgp;

import java.security.NoSuchProviderException;

import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPSecretKey;

/**
 * A PGP master key, used for signing and verifying data. <b>Must</b> be a
 * self-certified key.
 * 
 * @author coda
 */
public class MasterKey extends AbstractKey {
	
	/**
	 * Loads a master key from a {@link PGPSecretKey} instance and verifies its
	 * certification.
	 * 
	 * @param key a {@link PGPSecretKey} instance
	 * @return a {@link MasterKey} instance
	 * @throws CryptographicException if the key is not a self-signed master key
	 */
	public static MasterKey load(PGPSecretKey key) throws CryptographicException {
		final MasterKey masterKey = new MasterKey(key);
		if (verify(masterKey)) {
			return masterKey;
		}
		throw new CryptographicException("not a self-signed master key");
	}

	private static boolean verify(MasterKey key) {
		return (key.signature != null) && key.signature.verifyCertification(key);
	}

	protected MasterKey(PGPSecretKey secretKey) {
		super(secretKey, secretKey, SignatureType.POSITIVE_CERTIFICATION);
	}

	@Override
	public UnlockedMasterKey unlock(char[] passphrase) throws CryptographicException {
		try {
			final PGPPrivateKey privateKey = secretKey.extractPrivateKey(passphrase, "BC");
			return new UnlockedMasterKey(secretKey, privateKey);
		} catch (NoSuchProviderException e) {
			throw new CryptographicException(e);
		} catch (PGPException e) {
			throw new CryptographicException("incorrect passphrase");
		}
	}
}