1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-12-22 19:08:00 +01:00

Integrate WoT by adding EncryptionOptions.addAuthenticatableRecipients() method

This commit is contained in:
Paul Schaub 2023-07-21 16:38:34 +02:00
parent 9d93c0f5ae
commit bf9bf94fb0
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
2 changed files with 45 additions and 0 deletions

View file

@ -8,6 +8,7 @@ import org.pgpainless.key.OpenPgpFingerprint;
import javax.annotation.Nonnull;
import java.util.Date;
import java.util.List;
public interface CertificateAuthority {
@ -30,4 +31,20 @@ public interface CertificateAuthority {
boolean email,
@Nonnull Date referenceTime,
int targetAmount);
/**
* Identify certificates, which carry a trustworthy binding to the given userId.
*
* @param userId userId
* @param email if true, the user-ID will be treated as an email address and all user-IDs containing
* the email address will be matched.
* @param referenceTime reference time at which the binding shall be evaluated
* @param targetAmount target trust amount (120 = fully authenticated, 240 = doubly authenticated,
* 60 = partially authenticated...)
* @return list of identified bindings
*/
List<CertificateAuthenticity> identify(@Nonnull String userId,
boolean email,
@Nonnull Date referenceTime,
int targetAmount);
}

View file

@ -23,6 +23,8 @@ import org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator;
import org.bouncycastle.openpgp.operator.PublicKeyKeyEncryptionMethodGenerator;
import org.pgpainless.algorithm.EncryptionPurpose;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.authentication.CertificateAuthenticity;
import org.pgpainless.authentication.CertificateAuthority;
import org.pgpainless.exception.KeyException;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.OpenPgpFingerprint;
@ -113,6 +115,32 @@ public class EncryptionOptions {
return new EncryptionOptions(EncryptionPurpose.STORAGE);
}
/**
* Identify authenticatable certificates for the given user-ID by querying the {@link CertificateAuthority} for
* identifiable bindings.
* Add all acceptable bindings, whose trust amount is larger or equal to the target amount to the list of recipients.
* @param userId userId
* @param email if true, treat the user-ID as an email address and match all user-IDs containing the mail address
* @param authority certificate authority
* @param targetAmount target amount (120 = fully authenticated, 240 = doubly authenticated,
* 60 = partially authenticated...)
* @return encryption options
*/
public EncryptionOptions addAuthenticatableRecipients(String userId, boolean email, CertificateAuthority authority, int targetAmount) {
List<CertificateAuthenticity> identifiedCertificates = authority.identify(userId, email, new Date(), targetAmount);
boolean foundAcceptable = false;
for (CertificateAuthenticity candidate : identifiedCertificates) {
if (candidate.isAuthenticated()) {
addRecipient(candidate.getCertificate());
foundAcceptable = true;
}
}
if (!foundAcceptable) {
throw new IllegalArgumentException("Could not identify any trust-worthy certificates for '" + userId + "' and target trust amount " + targetAmount);
}
return this;
}
/**
* Add all key rings in the provided {@link Iterable} (e.g. {@link PGPPublicKeyRingCollection}) as recipients.
*