mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-22 19:08:00 +01:00
Integrate WoT by adding EncryptionOptions.addAuthenticatableRecipients() method
This commit is contained in:
parent
9d93c0f5ae
commit
bf9bf94fb0
2 changed files with 45 additions and 0 deletions
|
@ -8,6 +8,7 @@ import org.pgpainless.key.OpenPgpFingerprint;
|
||||||
|
|
||||||
import javax.annotation.Nonnull;
|
import javax.annotation.Nonnull;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
public interface CertificateAuthority {
|
public interface CertificateAuthority {
|
||||||
|
|
||||||
|
@ -30,4 +31,20 @@ public interface CertificateAuthority {
|
||||||
boolean email,
|
boolean email,
|
||||||
@Nonnull Date referenceTime,
|
@Nonnull Date referenceTime,
|
||||||
int targetAmount);
|
int targetAmount);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Identify certificates, which carry a trustworthy binding to the given userId.
|
||||||
|
*
|
||||||
|
* @param userId userId
|
||||||
|
* @param email if true, the user-ID will be treated as an email address and all user-IDs containing
|
||||||
|
* the email address will be matched.
|
||||||
|
* @param referenceTime reference time at which the binding shall be evaluated
|
||||||
|
* @param targetAmount target trust amount (120 = fully authenticated, 240 = doubly authenticated,
|
||||||
|
* 60 = partially authenticated...)
|
||||||
|
* @return list of identified bindings
|
||||||
|
*/
|
||||||
|
List<CertificateAuthenticity> identify(@Nonnull String userId,
|
||||||
|
boolean email,
|
||||||
|
@Nonnull Date referenceTime,
|
||||||
|
int targetAmount);
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,8 @@ import org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator;
|
||||||
import org.bouncycastle.openpgp.operator.PublicKeyKeyEncryptionMethodGenerator;
|
import org.bouncycastle.openpgp.operator.PublicKeyKeyEncryptionMethodGenerator;
|
||||||
import org.pgpainless.algorithm.EncryptionPurpose;
|
import org.pgpainless.algorithm.EncryptionPurpose;
|
||||||
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
||||||
|
import org.pgpainless.authentication.CertificateAuthenticity;
|
||||||
|
import org.pgpainless.authentication.CertificateAuthority;
|
||||||
import org.pgpainless.exception.KeyException;
|
import org.pgpainless.exception.KeyException;
|
||||||
import org.pgpainless.implementation.ImplementationFactory;
|
import org.pgpainless.implementation.ImplementationFactory;
|
||||||
import org.pgpainless.key.OpenPgpFingerprint;
|
import org.pgpainless.key.OpenPgpFingerprint;
|
||||||
|
@ -113,6 +115,32 @@ public class EncryptionOptions {
|
||||||
return new EncryptionOptions(EncryptionPurpose.STORAGE);
|
return new EncryptionOptions(EncryptionPurpose.STORAGE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Identify authenticatable certificates for the given user-ID by querying the {@link CertificateAuthority} for
|
||||||
|
* identifiable bindings.
|
||||||
|
* Add all acceptable bindings, whose trust amount is larger or equal to the target amount to the list of recipients.
|
||||||
|
* @param userId userId
|
||||||
|
* @param email if true, treat the user-ID as an email address and match all user-IDs containing the mail address
|
||||||
|
* @param authority certificate authority
|
||||||
|
* @param targetAmount target amount (120 = fully authenticated, 240 = doubly authenticated,
|
||||||
|
* 60 = partially authenticated...)
|
||||||
|
* @return encryption options
|
||||||
|
*/
|
||||||
|
public EncryptionOptions addAuthenticatableRecipients(String userId, boolean email, CertificateAuthority authority, int targetAmount) {
|
||||||
|
List<CertificateAuthenticity> identifiedCertificates = authority.identify(userId, email, new Date(), targetAmount);
|
||||||
|
boolean foundAcceptable = false;
|
||||||
|
for (CertificateAuthenticity candidate : identifiedCertificates) {
|
||||||
|
if (candidate.isAuthenticated()) {
|
||||||
|
addRecipient(candidate.getCertificate());
|
||||||
|
foundAcceptable = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!foundAcceptable) {
|
||||||
|
throw new IllegalArgumentException("Could not identify any trust-worthy certificates for '" + userId + "' and target trust amount " + targetAmount);
|
||||||
|
}
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Add all key rings in the provided {@link Iterable} (e.g. {@link PGPPublicKeyRingCollection}) as recipients.
|
* Add all key rings in the provided {@link Iterable} (e.g. {@link PGPPublicKeyRingCollection}) as recipients.
|
||||||
*
|
*
|
||||||
|
|
Loading…
Reference in a new issue