OpenPGP/GnuPG WOT (web of trust) implementation - trustdb.gpg

pgwot/build.gradle

@@ -0,0 +1,18 @@
+dependencies {
+    compile project(':pg')
+}
+
+sourceCompatibility = JavaVersion.VERSION_1_7
+targetCompatibility = JavaVersion.VERSION_1_7
+
+cobertura {
+   coverageDirs = [
+       "${rootProject.projectDir}/pgwot/build/classes/main"
+  ] 
+}
+
+project.ext.logbackVersion = '1.0.13'
+
+dependencies {
+	testCompile 'org.assertj:assertj-core:1.5.0'
+}

pgwot/src/main/java/org/bouncycastle/openpgp/wot/Config.java

@@ -0,0 +1,69 @@
+package org.bouncycastle.openpgp.wot;
+
+/**
+ * Configuration settings for the trust calculation.
+ */
+public class Config implements TrustConst
+{
+    public static final int TM_CLASSIC = 0;
+    public static final int TM_PGP = 1;
+    public static final int TM_EXTERNAL = 2;
+    public static final int TM_ALWAYS = 3;
+    public static final int TM_DIRECT = 4;
+
+    private static final Config instance = new Config();
+
+    protected Config()
+    {
+    }
+
+    public static Config getInstance()
+    {
+        return instance;
+    }
+
+    public short getMarginalsNeeded()
+    {
+        return 3;
+    }
+
+    public short getCompletesNeeded()
+    {
+        return 1;
+    }
+
+    public short getMaxCertDepth()
+    {
+        return 5;
+    }
+
+    public short getTrustModel()
+    {
+        return TM_PGP; // This must never be anything else! We support only
+                       // TM_PGP = 1!!!
+    }
+
+    public short getMinCertLevel()
+    {
+        return 2;
+    }
+
+    public String getTrustModelAsString()
+    {
+        switch (getTrustModel())
+        {
+            case TM_CLASSIC:
+                return "classic";
+            case TM_PGP:
+                return "PGP";
+            case TM_EXTERNAL:
+                return "external";
+            case TM_ALWAYS:
+                return "always";
+            case TM_DIRECT:
+                return "direct";
+            default:
+                return "unknown[" + getTrustModel() + "]";
+        }
+    }
+}

pgwot/src/main/java/org/bouncycastle/openpgp/wot/OwnerTrust.java

@@ -0,0 +1,104 @@
+package org.bouncycastle.openpgp.wot;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.bouncycastle.openpgp.wot.internal.TrustDbImpl;
+
+/**
+ * The owner-trust is assigned to a key, but does <i>not</i> describe the key itself. It specifies how reliable the
+ * <i>owner</i> of this key is in his function as notary certifying other keys.
+ * <p>
+ * When judging the owner-trust of a person, you should answer the following questions:
+ * <ul>
+ * <li>How well does this person understand OpenPGP?
+ * <li>How well does this person protect his computer's integrity and most importantly his private key?
+ * <li>How well does this person check the authenticity of another key before signing (= certifying) it?
+ * <li>Would this person certify a key in bad faith?
+ * </ul>
+ * <p>
+ * Whether you trust this person on a personal level, should have only a minor influence on the owner-trust. For
+ * example, you certainly trust your mother, but unless she's really computer-savvy, you likely assign a low owner-trust
+ * to her key.
+
+ * @see TrustDbImpl#getOwnerTrust(org.bouncycastle.openpgp.wot.key.PgpKey)
+ */
+public enum OwnerTrust
+{
+    /**
+     * It is unknown, how reliable the key's owner is as notary for other keys.
+     * <p>
+     * This causes no transitive trust.
+     */
+    UNKNOWN(TrustConst.TRUST_UNKNOWN), // 0
+
+    /**
+     * The key's owner should not be trusted.
+     * <p>
+     * This causes no transitive trust.
+     */
+    NEVER(TrustConst.TRUST_NEVER), // 3
+
+    /**
+     * The key's owner is a marginally trustable notary. Certifications of keys made by this key's owner can thus be
+     * trusted a little.
+     * <p>
+     * This causes some transitive trust. Together with other "marginally" trusted owner's certifications, it might
+     * cause a key to be trusted fully.
+     */
+    MARGINAL(TrustConst.TRUST_MARGINAL), // 4
+
+    /**
+     * The key's owner is a fully trusted notary. Certificaton of keys made by this key's owner are thus considered very
+     * reliable.
+     * <p>
+     * This causes significant transitive trust. Depending on the settings, this is already enough for a certified key
+     * to be trusted fully, or it might require further signatures.
+     */
+    FULL(TrustConst.TRUST_FULL), // 5
+
+    /**
+     * The key's owner can be ultimately trusted. One single signature of a notary whose key is marked 'ultimate' is
+     * sufficient for full transitive trust.
+     * <p>
+     * Usually, the user himself marks all his own keys with this owner-trust.
+     */
+    ULTIMATE(TrustConst.TRUST_ULTIMATE) // 6
+    ;
+
+    private final int numericValue;
+
+    private static volatile Map<Integer, OwnerTrust> numericValue2OwnerTrust;
+
+    private OwnerTrust(final int numericValue)
+    {
+        this.numericValue = numericValue;
+    }
+
+    public int getNumericValue()
+    {
+        return numericValue;
+    }
+
+    public static OwnerTrust fromNumericValue(final int numericValue)
+    {
+        final OwnerTrust ownerTrust = getNumericValue2OwnerTrust().get(numericValue);
+        if (ownerTrust == null)
+            throw new IllegalArgumentException("numericValue unknown: " + numericValue);
+
+        return ownerTrust;
+    }
+
+    private static Map<Integer, OwnerTrust> getNumericValue2OwnerTrust()
+    {
+        if (numericValue2OwnerTrust == null)
+        {
+            Map<Integer, OwnerTrust> m = new HashMap<>(values().length);
+            for (OwnerTrust ownerTrust : values())
+                m.put(ownerTrust.getNumericValue(), ownerTrust);
+
+            numericValue2OwnerTrust = m;
+        }
+        return numericValue2OwnerTrust;
+    }
+}

pgwot/src/main/java/org/bouncycastle/openpgp/wot/TrustConst.java

@@ -0,0 +1,39 @@
+package org.bouncycastle.openpgp.wot;
+
+public interface TrustConst
+{
+    int TRUST_RECORD_LEN = 40;
+    int SIGS_PER_RECORD = (TRUST_RECORD_LEN - 10) / 5;
+    int ITEMS_PER_HTBL_RECORD = (TRUST_RECORD_LEN - 2) / 4;
+    int ITEMS_PER_HLST_RECORD = (TRUST_RECORD_LEN - 6) / 5;
+    int ITEMS_PER_PREF_RECORD = TRUST_RECORD_LEN - 10;
+    int MAX_LIST_SIGS_DEPTH = 20;
+    int MAX_CACHE_SIZE = 1024 * 1024;
+
+    int TRUST_MASK = 15;
+    /** o: not yet calculated/assigned */
+    int TRUST_UNKNOWN = 0;
+    // /** e: calculation may be invalid */
+    // int TRUST_EXPIRED = 1; // unused?! gnupg seems to never assign this value...
+    /** q: not enough information for calculation */
+    int TRUST_UNDEFINED = 2;
+    /** n: never trust this pubkey */
+    int TRUST_NEVER = 3;
+    /** m: marginally trusted */
+    int TRUST_MARGINAL = 4;
+    /** f: fully trusted */
+    int TRUST_FULL = 5;
+    /** u: ultimately trusted */
+    int TRUST_ULTIMATE = 6;
+
+    // BEGIN trust values not covered by the mask
+    /** r: revoked */
+    int TRUST_FLAG_REVOKED = 32;
+    /** r: revoked but for subkeys */
+    int TRUST_FLAG_SUB_REVOKED = 64;
+    /** d: key/uid disabled */
+    int TRUST_FLAG_DISABLED = 128;
+    /** a check-trustdb is pending */
+    int TRUST_FLAG_PENDING_CHECK = 256;
+    // END trust values not covered by the mask
+}