diff --git a/pgpainless-wot/src/main/java/org/pgpainless/wot/WebOfTrust.java b/pgpainless-wot/src/main/java/org/pgpainless/wot/WebOfTrust.java
index bdea02c1..cb5002fd 100644
--- a/pgpainless-wot/src/main/java/org/pgpainless/wot/WebOfTrust.java
+++ b/pgpainless-wot/src/main/java/org/pgpainless/wot/WebOfTrust.java
@@ -41,6 +41,18 @@ import org.slf4j.LoggerFactory;
import pgp.certificate_store.certificate.Certificate;
import pgp.certificate_store.exception.BadDataException;
+/**
+ * Build a Web of Trust from a set of certificates.
+ *
+ * The process of building a WoT is as follows:
+ *
+ * - Consume and synopsize all certificates as network nodes
+ * - Iterate over cross-certificate signatures and perform signature verification
+ * - Identify signatures as edges between nodes
+ *
+ *
+ * @see OpenPGP Web of Trust
+ */
public class WebOfTrust implements CertificateAuthority {
private static final Logger LOGGER = LoggerFactory.getLogger(WebOfTrust.class);
@@ -122,7 +134,8 @@ public class WebOfTrust implements CertificateAuthority {
Iterable validatedCertificates,
Policy policy,
ReferenceTime referenceTime) {
-
+
+ // TODO: Move heavy lifting from NetworkBuilder constructor to buildNetwork()?
NetworkBuilder nb = new NetworkBuilder(validatedCertificates, policy, referenceTime);
return nb.buildNetwork();
}
@@ -299,11 +312,17 @@ public class WebOfTrust implements CertificateAuthority {
}
}
+ /**
+ * Return the constructed, initialized {@link Network}.
+ *
+ * @return finished network
+ */
public Network buildNetwork() {
return new Network(certSynopsisMap, edges, reverseEdges, referenceTime);
}
}
+ // Map signature to its revocation state
private static RevocationState revocationStateFromSignature(PGPSignature revocation) {
if (revocation == null) {
return RevocationState.notRevoked();
@@ -318,6 +337,7 @@ public class WebOfTrust implements CertificateAuthority {
RevocationState.hardRevoked() : RevocationState.softRevoked(revocation.getCreationTime());
}
+ // Java 8 is not supported on old Android
private static V getOrDefault(Map map, K key, Supplier defaultValue) {
V value = map.get(key);
if (value == null) {
@@ -329,6 +349,7 @@ public class WebOfTrust implements CertificateAuthority {
@Override
public boolean isAuthorized(PGPPublicKeyRing certificate, String userId) {
+ // TODO: Heiko! Implement!
return false;
}