mirror of
https://codeberg.org/PGPainless/cert-d-java.git
synced 2024-11-26 09:22:06 +01:00
Add javadoc for interfaces
This commit is contained in:
parent
a956aec5fc
commit
662f96ff77
4 changed files with 279 additions and 0 deletions
|
@ -17,12 +17,23 @@ import java.util.Iterator;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Implementation of the Shared PGP Certificate Directory.
|
||||||
|
*
|
||||||
|
* @see <a href="https://sequoia-pgp.gitlab.io/pgp-cert-d/">Shared PGP Certificate Directory Specification</a>
|
||||||
|
*/
|
||||||
public class PGPCertificateDirectory
|
public class PGPCertificateDirectory
|
||||||
implements ReadOnlyPGPCertificateDirectory, WritingPGPCertificateDirectory, SubkeyLookup {
|
implements ReadOnlyPGPCertificateDirectory, WritingPGPCertificateDirectory, SubkeyLookup {
|
||||||
|
|
||||||
final Backend backend;
|
final Backend backend;
|
||||||
final SubkeyLookup subkeyLookup;
|
final SubkeyLookup subkeyLookup;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Constructor for a PGP certificate directory.
|
||||||
|
*
|
||||||
|
* @param backend storage backend
|
||||||
|
* @param subkeyLookup subkey lookup mechanism to map subkey-ids to certificates
|
||||||
|
*/
|
||||||
public PGPCertificateDirectory(Backend backend, SubkeyLookup subkeyLookup) {
|
public PGPCertificateDirectory(Backend backend, SubkeyLookup subkeyLookup) {
|
||||||
this.backend = backend;
|
this.backend = backend;
|
||||||
this.subkeyLookup = subkeyLookup;
|
this.subkeyLookup = subkeyLookup;
|
||||||
|
@ -189,30 +200,119 @@ public class PGPCertificateDirectory
|
||||||
subkeyLookup.storeCertificateSubkeyIds(certificate, subkeyIds);
|
subkeyLookup.storeCertificateSubkeyIds(certificate, subkeyIds);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Storage backend.
|
||||||
|
*/
|
||||||
public interface Backend {
|
public interface Backend {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the locking mechanism to write-lock the backend.
|
||||||
|
*
|
||||||
|
* @return lock
|
||||||
|
*/
|
||||||
LockingMechanism getLock();
|
LockingMechanism getLock();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Read a {@link Certificate} by its OpenPGP fingerprint.
|
||||||
|
*
|
||||||
|
* @param fingerprint fingerprint
|
||||||
|
* @return certificate
|
||||||
|
*
|
||||||
|
* @throws BadNameException if the fingerprint is malformed
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws BadDataException if the certificate contains bad data
|
||||||
|
*/
|
||||||
Certificate readByFingerprint(String fingerprint) throws BadNameException, IOException, BadDataException;
|
Certificate readByFingerprint(String fingerprint) throws BadNameException, IOException, BadDataException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Read a {@link Certificate} or {@link pgp.certificate_store.certificate.Key} by the given special name.
|
||||||
|
*
|
||||||
|
* @param specialName special name
|
||||||
|
* @return certificate or key
|
||||||
|
*
|
||||||
|
* @throws BadNameException if the special name is not known
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws BadDataException if the certificate contains bad data
|
||||||
|
*/
|
||||||
KeyMaterial readBySpecialName(String specialName) throws BadNameException, IOException, BadDataException;
|
KeyMaterial readBySpecialName(String specialName) throws BadNameException, IOException, BadDataException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return an {@link Iterator} of all {@link Certificate Certificates} in the store, except for certificates
|
||||||
|
* stored under a special name.
|
||||||
|
*
|
||||||
|
* @return iterator
|
||||||
|
*/
|
||||||
Iterator<Certificate> readItems();
|
Iterator<Certificate> readItems();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Insert a {@link pgp.certificate_store.certificate.Key} or {@link Certificate} as trust-root.
|
||||||
|
*
|
||||||
|
* @param data input stream containing the key material
|
||||||
|
* @param merge callback to merge the key material with existing key material
|
||||||
|
* @return merged or inserted key material
|
||||||
|
*
|
||||||
|
* @throws BadDataException if the data stream or existing key material contains bad data
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
*/
|
||||||
KeyMaterial doInsertTrustRoot(InputStream data, KeyMaterialMerger merge)
|
KeyMaterial doInsertTrustRoot(InputStream data, KeyMaterialMerger merge)
|
||||||
throws BadDataException, IOException;
|
throws BadDataException, IOException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Insert a {@link Certificate} identified by its fingerprint into the directory.
|
||||||
|
*
|
||||||
|
* @param data input stream containing the certificate data
|
||||||
|
* @param merge callback to merge the certificate with existing key material
|
||||||
|
* @return merged or inserted certificate
|
||||||
|
*
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws BadDataException if the data stream or existing certificate contains bad data
|
||||||
|
*/
|
||||||
Certificate doInsert(InputStream data, KeyMaterialMerger merge)
|
Certificate doInsert(InputStream data, KeyMaterialMerger merge)
|
||||||
throws IOException, BadDataException;
|
throws IOException, BadDataException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Insert a {@link pgp.certificate_store.certificate.Key} or {@link Certificate} under the given special name.
|
||||||
|
*
|
||||||
|
* @param specialName special name to identify the key material with
|
||||||
|
* @param data data stream containing the key or certificate
|
||||||
|
* @param merge callback to merge the key/certificate with existing key material
|
||||||
|
* @return certificate component of the merged or inserted key material
|
||||||
|
*
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws BadDataException if the data stream or existing key material contains bad data
|
||||||
|
* @throws BadNameException if the special name is not known
|
||||||
|
*/
|
||||||
Certificate doInsertWithSpecialName(String specialName, InputStream data, KeyMaterialMerger merge)
|
Certificate doInsertWithSpecialName(String specialName, InputStream data, KeyMaterialMerger merge)
|
||||||
throws IOException, BadDataException, BadNameException;
|
throws IOException, BadDataException, BadNameException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Calculate the tag of the certificate with the given fingerprint.
|
||||||
|
*
|
||||||
|
* @param fingerprint fingerprint
|
||||||
|
* @return tag
|
||||||
|
*
|
||||||
|
* @throws BadNameException if the fingerprint is malformed
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws IllegalArgumentException if the certificate does not exist
|
||||||
|
*/
|
||||||
Long getTagForFingerprint(String fingerprint) throws BadNameException, IOException;
|
Long getTagForFingerprint(String fingerprint) throws BadNameException, IOException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Calculate the tag of the certificate identified by the given special name.
|
||||||
|
*
|
||||||
|
* @param specialName special name
|
||||||
|
* @return tag
|
||||||
|
*
|
||||||
|
* @throws BadNameException if the special name is not known
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws IllegalArgumentException if the certificate or key does not exist
|
||||||
|
*/
|
||||||
Long getTagForSpecialName(String specialName) throws BadNameException, IOException;
|
Long getTagForSpecialName(String specialName) throws BadNameException, IOException;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Interface for a write-locking mechanism.
|
||||||
|
*/
|
||||||
public interface LockingMechanism {
|
public interface LockingMechanism {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -234,6 +334,11 @@ public class PGPCertificateDirectory
|
||||||
*/
|
*/
|
||||||
boolean tryLockDirectory() throws IOException;
|
boolean tryLockDirectory() throws IOException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return true if the lock is in locked state.
|
||||||
|
*
|
||||||
|
* @return true if locked
|
||||||
|
*/
|
||||||
boolean isLocked();
|
boolean isLocked();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -11,27 +11,113 @@ import pgp.certificate_store.exception.BadNameException;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Interface for a read-only OpenPGP certificate directory.
|
||||||
|
*/
|
||||||
public interface ReadOnlyPGPCertificateDirectory {
|
public interface ReadOnlyPGPCertificateDirectory {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the trust-root certificate. This is a certificate which is stored under the special name
|
||||||
|
* <pre>trust-root</pre>.
|
||||||
|
* If no such certificate is found, <pre>null</pre> is returned.
|
||||||
|
*
|
||||||
|
* @return trust-root certificate
|
||||||
|
*
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws BadDataException if the certificate contains bad data
|
||||||
|
*/
|
||||||
Certificate getTrustRootCertificate()
|
Certificate getTrustRootCertificate()
|
||||||
throws IOException, BadDataException;
|
throws IOException, BadDataException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the trust-root certificate if it has changed.
|
||||||
|
* This method uses the <pre>tag</pre> to calculate if the certificate might have changed.
|
||||||
|
* If the computed tag equals the given tag, the certificate has not changed, so <pre>null</pre> is returned.
|
||||||
|
* Otherwise. the changed certificate is returned.
|
||||||
|
*
|
||||||
|
* @param tag tag
|
||||||
|
* @return changed certificate, or null if the certificate is unchanged or not found.
|
||||||
|
*
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws BadDataException if the certificate contains bad data
|
||||||
|
*/
|
||||||
Certificate getTrustRootCertificateIfChanged(long tag)
|
Certificate getTrustRootCertificateIfChanged(long tag)
|
||||||
throws IOException, BadDataException;
|
throws IOException, BadDataException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the certificate identified by the given fingerprint.
|
||||||
|
* If no such certificate is found, return <pre>null</pre>.
|
||||||
|
*
|
||||||
|
* @param fingerprint lower-case fingerprint of the certificate
|
||||||
|
* @return certificate or null if no such certificate has been found
|
||||||
|
*
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws BadNameException if the fingerprint is malformed
|
||||||
|
* @throws BadDataException if the certificate contains bad data
|
||||||
|
*/
|
||||||
Certificate getByFingerprint(String fingerprint)
|
Certificate getByFingerprint(String fingerprint)
|
||||||
throws IOException, BadNameException, BadDataException;
|
throws IOException, BadNameException, BadDataException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the certificate identified by the given fingerprint if it has changed.
|
||||||
|
* This method uses the <pre>tag</pre> to calculate, if the certificate might have changed.
|
||||||
|
* If the computed tag equals the given tag, the certificate has not changed, so <pre>null</pre> is returned.
|
||||||
|
* Otherwise, the changed certificate is returned.
|
||||||
|
*
|
||||||
|
* @param fingerprint lower-case fingerprint of the certificate
|
||||||
|
* @param tag tag
|
||||||
|
* @return certificate or null if the certificate has not been changed or has not been found
|
||||||
|
*
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws BadNameException if the fingerprint is malformed
|
||||||
|
* @throws BadDataException if the certificate contains bad data
|
||||||
|
*/
|
||||||
Certificate getByFingerprintIfChanged(String fingerprint, long tag)
|
Certificate getByFingerprintIfChanged(String fingerprint, long tag)
|
||||||
throws IOException, BadNameException, BadDataException;
|
throws IOException, BadNameException, BadDataException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the certificate identified by the given special name.
|
||||||
|
* If no such certificate is found, <pre>null</pre> is returned.
|
||||||
|
*
|
||||||
|
* @param specialName special name
|
||||||
|
* @return certificate or null
|
||||||
|
*
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws BadNameException if the special name is not known
|
||||||
|
* @throws BadDataException if the certificate contains bad data
|
||||||
|
*/
|
||||||
Certificate getBySpecialName(String specialName)
|
Certificate getBySpecialName(String specialName)
|
||||||
throws IOException, BadNameException, BadDataException;
|
throws IOException, BadNameException, BadDataException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the certificate identified by the given special name or null, if it has not been changed.
|
||||||
|
* This method uses the <pre>tag</pre> to calculate, if the certificate might have changed.
|
||||||
|
* If the computed tag equals the given tag, the certificate has not changed, so <pre>null</pre> is returned.
|
||||||
|
* Otherwise, the changed certificate is returned.
|
||||||
|
*
|
||||||
|
* @param specialName special name
|
||||||
|
* @param tag tag
|
||||||
|
* @return certificate or null
|
||||||
|
*
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws BadNameException if the special name is not known
|
||||||
|
* @throws BadDataException if the certificate contains bad data
|
||||||
|
*/
|
||||||
Certificate getBySpecialNameIfChanged(String specialName, long tag)
|
Certificate getBySpecialNameIfChanged(String specialName, long tag)
|
||||||
throws IOException, BadNameException, BadDataException;
|
throws IOException, BadNameException, BadDataException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get all certificates in the directory, except for certificates which are stored by special name.
|
||||||
|
*
|
||||||
|
* @return iterator of certificates
|
||||||
|
*/
|
||||||
Iterator<Certificate> items();
|
Iterator<Certificate> items();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the fingerprints of all certificates in the directory, except for certificates which are stored by
|
||||||
|
* special name.
|
||||||
|
*
|
||||||
|
* @return iterator of fingerprints
|
||||||
|
*/
|
||||||
Iterator<String> fingerprints();
|
Iterator<String> fingerprints();
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,26 +13,113 @@ import pgp.certificate_store.exception.BadNameException;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Interface for a writing OpenPGP certificate directory.
|
||||||
|
*/
|
||||||
public interface WritingPGPCertificateDirectory {
|
public interface WritingPGPCertificateDirectory {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return the certificate or key identified by the special name <pre>trust-root</pre>.
|
||||||
|
*
|
||||||
|
* @return trust-root key or certificate
|
||||||
|
*
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws BadDataException if the certificate contains bad data
|
||||||
|
*/
|
||||||
KeyMaterial getTrustRoot()
|
KeyMaterial getTrustRoot()
|
||||||
throws IOException, BadDataException;
|
throws IOException, BadDataException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Insert a key or certificate under the special name <pre>trust-root</pre>.
|
||||||
|
* This method blocks until the key material has been written.
|
||||||
|
*
|
||||||
|
* @param data input stream containing the key or certificate
|
||||||
|
* @param merge key material merger to merge the key or certificate with existing key material
|
||||||
|
* @return the merged or inserted key or certificate
|
||||||
|
*
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws BadDataException if the data stream or the existing trust-root key material contains bad data
|
||||||
|
* @throws InterruptedException if the thread is interrupted
|
||||||
|
*/
|
||||||
KeyMaterial insertTrustRoot(InputStream data, KeyMaterialMerger merge)
|
KeyMaterial insertTrustRoot(InputStream data, KeyMaterialMerger merge)
|
||||||
throws IOException, BadDataException, InterruptedException;
|
throws IOException, BadDataException, InterruptedException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Insert a key or certificate under the special name <pre>trust-root</pre>.
|
||||||
|
* Contrary to {@link #insertTrustRoot(InputStream, KeyMaterialMerger)}, this method does not block.
|
||||||
|
* Instead, it returns null if the write-lock cannot be obtained.
|
||||||
|
*
|
||||||
|
* @param data input stream containing the key or certificate
|
||||||
|
* @param merge key material merger to merge the key or certificate with existing key material
|
||||||
|
* @return the merged or inserted key or certificate, or null if the write-lock cannot be obtained
|
||||||
|
*
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws BadDataException if the thread is interrupted
|
||||||
|
*/
|
||||||
KeyMaterial tryInsertTrustRoot(InputStream data, KeyMaterialMerger merge)
|
KeyMaterial tryInsertTrustRoot(InputStream data, KeyMaterialMerger merge)
|
||||||
throws IOException, BadDataException;
|
throws IOException, BadDataException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Insert a certificate identified by its fingerprint.
|
||||||
|
* This method blocks until the certificate has been written.
|
||||||
|
*
|
||||||
|
* @param data input stream containing the certificate data
|
||||||
|
* @param merge merge callback to merge the certificate with existing certificate material
|
||||||
|
* @return the merged or inserted certificate
|
||||||
|
*
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws BadDataException if the data stream or existing certificate contains bad data
|
||||||
|
* @throws InterruptedException if the thread is interrupted
|
||||||
|
*/
|
||||||
Certificate insert(InputStream data, KeyMaterialMerger merge)
|
Certificate insert(InputStream data, KeyMaterialMerger merge)
|
||||||
throws IOException, BadDataException, InterruptedException;
|
throws IOException, BadDataException, InterruptedException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Insert a certificate identified by its fingerprint.
|
||||||
|
* Contrary to {@link #insert(InputStream, KeyMaterialMerger)}, this method does not block.
|
||||||
|
* Instead, it returns null if the write-lock cannot be obtained.
|
||||||
|
*
|
||||||
|
* @param data input stream containing the certificate data
|
||||||
|
* @param merge merge callback to merge the certificate with existing certificate material
|
||||||
|
* @return the merged or inserted certificate
|
||||||
|
*
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws BadDataException if the data stream or existing certificate contains bad data
|
||||||
|
*/
|
||||||
Certificate tryInsert(InputStream data, KeyMaterialMerger merge)
|
Certificate tryInsert(InputStream data, KeyMaterialMerger merge)
|
||||||
throws IOException, BadDataException;
|
throws IOException, BadDataException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Insert a certificate or key under the given special name.
|
||||||
|
* This method blocks until the certificate/key has been written.
|
||||||
|
*
|
||||||
|
* @param specialName special name under which the key material shall be inserted
|
||||||
|
* @param data input stream containing the key/certificate data
|
||||||
|
* @param merge callback to merge the key/certificate with existing key material
|
||||||
|
* @return certificate component of the merged or inserted key material data
|
||||||
|
*
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws BadDataException if the data stream or the existing certificate contains bad data
|
||||||
|
* @throws BadNameException if the special name is not known
|
||||||
|
* @throws InterruptedException if the thread is interrupted
|
||||||
|
*/
|
||||||
Certificate insertWithSpecialName(String specialName, InputStream data, KeyMaterialMerger merge)
|
Certificate insertWithSpecialName(String specialName, InputStream data, KeyMaterialMerger merge)
|
||||||
throws IOException, BadDataException, BadNameException, InterruptedException;
|
throws IOException, BadDataException, BadNameException, InterruptedException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Insert a certificate or key under the given special name.
|
||||||
|
* Contrary to {@link #insertWithSpecialName(String, InputStream, KeyMaterialMerger)}, this method does not block.
|
||||||
|
* Instead, it returns null if the write-lock cannot be obtained.
|
||||||
|
*
|
||||||
|
* @param specialName special name under which the key material shall be inserted
|
||||||
|
* @param data input stream containing the key material
|
||||||
|
* @param merge callback to merge the key/certificate with existing key material
|
||||||
|
* @return certificate component of the merged or inserted key material
|
||||||
|
*
|
||||||
|
* @throws IOException in case of an IO error
|
||||||
|
* @throws BadDataException if the data stream or existing key material contains bad data
|
||||||
|
* @throws BadNameException if the special name is not known
|
||||||
|
*/
|
||||||
Certificate tryInsertWithSpecialName(String specialName, InputStream data, KeyMaterialMerger merge)
|
Certificate tryInsertWithSpecialName(String specialName, InputStream data, KeyMaterialMerger merge)
|
||||||
throws IOException, BadDataException, BadNameException;
|
throws IOException, BadDataException, BadNameException;
|
||||||
|
|
||||||
|
|
|
@ -15,6 +15,7 @@ public interface KeyMaterialReaderBackend {
|
||||||
* Read a {@link KeyMaterial} (either {@link Key} or {@link Certificate}) from the given {@link InputStream}.
|
* Read a {@link KeyMaterial} (either {@link Key} or {@link Certificate}) from the given {@link InputStream}.
|
||||||
*
|
*
|
||||||
* @param data input stream containing the binary representation of the key.
|
* @param data input stream containing the binary representation of the key.
|
||||||
|
* @param tag tag for the key material. Might be null.
|
||||||
* @return key or certificate object
|
* @return key or certificate object
|
||||||
*
|
*
|
||||||
* @throws IOException in case of an IO error
|
* @throws IOException in case of an IO error
|
||||||
|
|
Loading…
Reference in a new issue