multipaz/org.multipaz.trustmanagement/TrustManager

TrustManager

class TrustManager(storage: Storage, val identifier: String = "default", partitionId: String = "default_") : TrustEntryBasedTrustManager

A robust, thread-safe implementation of TrustManagerInterface that securely manages and persists trust points (X.509 Certificates, VICALs, and RICALs).

This manager is backed by a persistent Storage instance and uses an internal Mutex to guarantee memory consistency across highly concurrent read and write operations. It also exposes an eventFlow that external components can observe to reactively update their state whenever trust entries are added, modified, or deleted.

Parameters

storage

the Storage interface used for persistent storage.

identifier

an identifier for the TrustManagerInterface instance.

partitionId

an identifier used to namespace data if multiple TrustManager instances share the same storage.

Constructors

Link copied to clipboard
constructor(storage: Storage, identifier: String = "default", partitionId: String = "default_")

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard
open override val eventFlow: SharedFlow<Unit>

A reactive stream of events emitted whenever the underlying trust data changes. Observers can collect this flow to know when to refresh their cached UI states.

Link copied to clipboard
open override val identifier: String

Functions

Link copied to clipboard
suspend fun addRical(encodedSignedRical: ByteString, metadata: TrustMetadata): TrustEntryRical

Adds a signed RICAL (Reader Issuer Certificate Authority List) to the trust manager.

Link copied to clipboard
suspend fun addVical(encodedSignedVical: ByteString, metadata: TrustMetadata): TrustEntryVical

Adds a signed VICAL (Verified Issuer Certificate Authority List) to the trust manager.

Link copied to clipboard
suspend fun addX509Cert(certificate: X509Cert, metadata: TrustMetadata): TrustEntryX509Cert

Adds a standalone X.509 certificate to the trust manager.

Link copied to clipboard
suspend fun deleteAll()

Purges all managed trust entries from this partition and clears the memory cache. Warning: This operation is irreversible.

Link copied to clipboard
suspend fun deleteEntry(entry: TrustEntry): Boolean

Deletes a specific TrustEntry from both memory and persistent storage.

Link copied to clipboard
open suspend override fun getEntries(): List<TrustEntry>

Retrieves all TrustEntry items currently managed.

Link copied to clipboard
open suspend override fun getTrustPoints(): List<TrustPoint>

Retrieves a flattened list of all TrustPoints currently managed. This includes standalone X.509 certificates as well as individual certificates embedded within managed VICALs and RICALs.

Link copied to clipboard
suspend fun updateMetadata(entry: TrustEntry, metadata: TrustMetadata): TrustEntry

Updates the mutable TrustMetadata associated with an existing TrustEntry.

Link copied to clipboard
suspend fun updateRical(entry: TrustEntryRical, encodedSignedRical: ByteString): TrustEntryRical

Updates the underlying byte data of an existing RICAL entry while preserving its metadata.

Link copied to clipboard
suspend fun updateVical(entry: TrustEntryVical, encodedSignedVical: ByteString): TrustEntryVical

Updates the underlying byte data of an existing VICAL entry while preserving its metadata.

Link copied to clipboard
open suspend override fun verify(chain: List<X509Cert>, atTime: Instant): TrustResult

Evaluates a given X.509 certificate chain against all managed trust points to determine if it is trusted.

Generated by Dokka
© 2026 Copyright