Package org.pgpainless.authentication

Interface CertificateAuthority

  • public interface CertificateAuthority
    Interface for a CA that can authenticate trust-worthy certificates. Such a CA might be a fixed list of trustworthy certificates, or a dynamic implementation like the Web-of-Trust.
    See Also:
    PGPainless-WOT, OpenPGP Web of Trust

    • Method Detail

      • authenticateBinding

        CertificateAuthenticity authenticateBinding​(@Nonnull
                                            OpenPgpFingerprint fingerprint,
                                            @Nonnull
                                            java.lang.String userId,
                                            boolean email,
                                            @Nonnull
                                            java.util.Date referenceTime,
                                            int targetAmount)
        Determine the authenticity of the binding between the given fingerprint and the userId. In other words, determine, how much evidence can be gathered, that the certificate with the given fingerprint really belongs to the user with the given userId.
        Parameters:
        fingerprint - fingerprint of the certificate
        userId - userId
        email - if true, the userId will be treated as an email address and all user-IDs containing the email address will be matched.
        referenceTime - reference time at which the binding shall be evaluated
        targetAmount - target trust amount (120 = fully authenticated, 240 = doubly authenticated, 60 = partially authenticated...)
        Returns:
        information about the authenticity of the binding

      • lookupByUserId

        java.util.List<CertificateAuthenticity> lookupByUserId​(@Nonnull
                                                       java.lang.String userId,
                                                       boolean email,
                                                       @Nonnull
                                                       java.util.Date referenceTime,
                                                       int targetAmount)
        Lookup certificates, which carry a trustworthy binding to the given userId.
        Parameters:
        userId - userId
        email - if true, the user-ID will be treated as an email address and all user-IDs containing the email address will be matched.
        referenceTime - reference time at which the binding shall be evaluated
        targetAmount - target trust amount (120 = fully authenticated, 240 = doubly authenticated, 60 = partially authenticated...)
        Returns:
        list of identified bindings

      • identifyByFingerprint

        java.util.List<CertificateAuthenticity> identifyByFingerprint​(@Nonnull
                                                              OpenPgpFingerprint fingerprint,
                                                              @Nonnull
                                                              java.util.Date referenceTime,
                                                              int targetAmount)
        Identify trustworthy bindings for a certificate. The result is a list of authenticatable userIds on the certificate.
        Parameters:
        fingerprint - fingerprint of the certificate
        referenceTime - reference time for trust calculations
        targetAmount - target trust amount (120 = fully authenticated, 240 = doubly authenticated, 60 = partially authenticated...)
        Returns:
        list of identified bindings