Interface CertificateAuthority


public interface CertificateAuthority
Interface for a CA that can authenticate trust-worthy certificates. Such a CA might be a fixed list of trustworthy certificates, or a dynamic implementation like the Web-of-Trust.
See Also:
  • Method Details

    • authenticateBinding

      CertificateAuthenticity authenticateBinding(@Nonnull OpenPgpFingerprint fingerprint, @Nonnull String userId, boolean email, @Nonnull Date referenceTime, int targetAmount)
      Determine the authenticity of the binding between the given fingerprint and the userId. In other words, determine, how much evidence can be gathered, that the certificate with the given fingerprint really belongs to the user with the given userId.
      Parameters:
      fingerprint - fingerprint of the certificate
      userId - userId
      email - if true, the userId will be treated as an email address and all user-IDs containing the email address will be matched.
      referenceTime - reference time at which the binding shall be evaluated
      targetAmount - target trust amount (120 = fully authenticated, 240 = doubly authenticated, 60 = partially authenticated...)
      Returns:
      information about the authenticity of the binding
    • lookupByUserId

      List<CertificateAuthenticity> lookupByUserId(@Nonnull String userId, boolean email, @Nonnull Date referenceTime, int targetAmount)
      Lookup certificates, which carry a trustworthy binding to the given userId.
      Parameters:
      userId - userId
      email - if true, the user-ID will be treated as an email address and all user-IDs containing the email address will be matched.
      referenceTime - reference time at which the binding shall be evaluated
      targetAmount - target trust amount (120 = fully authenticated, 240 = doubly authenticated, 60 = partially authenticated...)
      Returns:
      list of identified bindings
    • identifyByFingerprint

      List<CertificateAuthenticity> identifyByFingerprint(@Nonnull OpenPgpFingerprint fingerprint, @Nonnull Date referenceTime, int targetAmount)
      Identify trustworthy bindings for a certificate. The result is a list of authenticatable userIds on the certificate.
      Parameters:
      fingerprint - fingerprint of the certificate
      referenceTime - reference time for trust calculations
      targetAmount - target trust amount (120 = fully authenticated, 240 = doubly authenticated, 60 = partially authenticated...)
      Returns:
      list of identified bindings