com.helger.as2lib.crypto

Interface ICryptoHelper

All Known Implementing Classes:

BCCryptoHelper

public interface ICryptoHelper

Base interface for all crypto related methods in this project.

Author:

Philip Helger

Method Summary

Modifier and Type	Method and Description
MIC	calculateMIC(javax.mail.internet.MimeBodyPart aPart, ECryptoAlgorithmSign eDigestAlgorithm, boolean bIncludeHeaders) Calculate the MIC
KeyStore	createNewKeyStore(com.helger.security.keystore.IKeyStoreType aKeyStoreType)
javax.mail.internet.MimeBodyPart	decrypt(javax.mail.internet.MimeBodyPart aPart, X509Certificate aCert, PrivateKey aKey, boolean bForceDecrypt, AS2ResourceHelper aResHelper)
javax.mail.internet.MimeBodyPart	encrypt(javax.mail.internet.MimeBodyPart aPart, X509Certificate aCert, ECryptoAlgorithmCrypt eAlgorithm, com.helger.mail.cte.EContentTransferEncoding eCTE)
boolean	isCompressed(String sContentType) Check if the passed content type indicates compression.
boolean	isEncrypted(javax.mail.internet.MimeBodyPart aPart) Check if the passed MIME body part is encrypted.
boolean	isSigned(javax.mail.internet.MimeBodyPart aPart) Check if the passed MIME body part is signed.
KeyStore	loadKeyStore(com.helger.security.keystore.IKeyStoreType aKeyStoreType, InputStream aIS, char[] aPassword) Load a key store from the specified input stream.
javax.mail.internet.MimeBodyPart	sign(javax.mail.internet.MimeBodyPart aPart, X509Certificate aCert, PrivateKey aKey, ECryptoAlgorithmSign eAlgorithm, boolean bIncludeCertificateInSignedContent, boolean bUseOldRFC3851MicAlgs, boolean bRemoveCmsAlgorithmProtect, com.helger.mail.cte.EContentTransferEncoding eCTE) Sign a MIME body part.
javax.mail.internet.MimeBodyPart	verify(javax.mail.internet.MimeBodyPart aPart, X509Certificate aCert, boolean bUseCertificateInBodyPart, boolean bForceVerify, Consumer<X509Certificate> aEffectiveCertificateConsumer, AS2ResourceHelper aResHelper) Verify the specified Mime Body part against the part certificate

Method Detail

createNewKeyStore

@Nonnull
KeyStore createNewKeyStore(@Nonnull
                                     com.helger.security.keystore.IKeyStoreType aKeyStoreType)
                              throws GeneralSecurityException

Parameters:

aKeyStoreType - Key store type to use. May not be null.

Returns:

A new key store.

Throws:

GeneralSecurityException - In case something goes wrong.

loadKeyStore

@Nonnull
KeyStore loadKeyStore(@Nonnull
                                com.helger.security.keystore.IKeyStoreType aKeyStoreType,
                                @Nonnull @WillNotClose
                                InputStream aIS,
                                @Nonnull
                                char[] aPassword)
                         throws Exception

Load a key store from the specified input stream.

Parameters:

aKeyStoreType - Key store type to use. May not be null.

aIS - The input stream to load the key store from. May not be null.

aPassword - The password to be used for loading. May not be null.

Returns:

The loaded key store and never null.

Throws:

Exception - In case loading fails.

isEncrypted

boolean isEncrypted(@Nonnull
                    javax.mail.internet.MimeBodyPart aPart)
             throws Exception

Check if the passed MIME body part is encrypted. The default implementation checks if the base type of the content type is "application/pkcs7-mime" and if the parameter "smime-type" has the value "enveloped-data".

Parameters:

aPart - The part to be checked.

Returns:

true if it is encrypted, false otherwise.

Throws:

Exception - In case something goes wrong.

isSigned

boolean isSigned(@Nonnull
                 javax.mail.internet.MimeBodyPart aPart)
          throws Exception

Check if the passed MIME body part is signed. The default implementation checks if the base type of the content type is "multipart/signed".

Parameters:

aPart - The part to be checked.

Returns:

true if it is signed, false otherwise.

Throws:

Exception - In case something goes wrong.

isCompressed

boolean isCompressed(@Nonnull
                     String sContentType)
              throws AS2Exception

Check if the passed content type indicates compression. The default implementation checks if the parameter "smime-type" has the value "compressed-data".

Parameters:

sContentType - The content type to be checked. May not be null.

Returns:

true if it is compressed, false otherwise.

Throws:

AS2Exception - In case something goes wrong.

calculateMIC

@Nonnull
MIC calculateMIC(@Nonnull
                           javax.mail.internet.MimeBodyPart aPart,
                           @Nonnull
                           ECryptoAlgorithmSign eDigestAlgorithm,
                           boolean bIncludeHeaders)
                    throws Exception

Calculate the MIC

Parameters:

aPart - MIME part to calculate the MIC from. May not be null.

eDigestAlgorithm - The digest algorithm to be used. May not be null.

bIncludeHeaders - true if the MIME headers should be included, false if only the content should be used.

Returns:

The calculated MIC and never null.

Throws:

Exception - In case something goes wrong.

encrypt

@Nonnull
javax.mail.internet.MimeBodyPart encrypt(@Nonnull
                                                   javax.mail.internet.MimeBodyPart aPart,
                                                   @Nonnull
                                                   X509Certificate aCert,
                                                   @Nonnull
                                                   ECryptoAlgorithmCrypt eAlgorithm,
                                                   @Nonnull
                                                   com.helger.mail.cte.EContentTransferEncoding eCTE)
                                            throws Exception

Throws:

Exception

decrypt

@Nonnull
javax.mail.internet.MimeBodyPart decrypt(@Nonnull
                                                   javax.mail.internet.MimeBodyPart aPart,
                                                   @Nonnull
                                                   X509Certificate aCert,
                                                   @Nonnull
                                                   PrivateKey aKey,
                                                   boolean bForceDecrypt,
                                                   @Nonnull
                                                   AS2ResourceHelper aResHelper)
                                            throws Exception

Throws:

Exception

sign

@Nonnull
javax.mail.internet.MimeBodyPart sign(@Nonnull
                                                javax.mail.internet.MimeBodyPart aPart,
                                                @Nonnull
                                                X509Certificate aCert,
                                                @Nonnull
                                                PrivateKey aKey,
                                                @Nonnull
                                                ECryptoAlgorithmSign eAlgorithm,
                                                boolean bIncludeCertificateInSignedContent,
                                                boolean bUseOldRFC3851MicAlgs,
                                                boolean bRemoveCmsAlgorithmProtect,
                                                @Nonnull
                                                com.helger.mail.cte.EContentTransferEncoding eCTE)
                                         throws Exception

Sign a MIME body part.

Parameters:

aPart - MIME body part to be signed. May not be null.

aCert - The certificate that should be added to the signed information. May not be null.

aKey - Private key to be used for signing. May not be null.

eAlgorithm - The algorithm to be used for signing. May not be null.

bIncludeCertificateInSignedContent - true if the passed certificate should be part of the signed content, false if the certificate should not be put in the content. E.g. for PEPPOL this must be true.

bUseOldRFC3851MicAlgs - true to use the old RFC 3851 MIC algorithm names (e.g. sha1), false to use the new RFC 5751 MIC algorithm names (e.g. sha-1).

bRemoveCmsAlgorithmProtect - if true, the CMS attribute "AlgorithmProtect" will be removed. This is needed in compatibility with e.g. IBM Sterling. Default value should be false. Since 4.10.1. See Issue #137.

eCTE - The Content-Transfer-Encoding to be used. May not be null.

Returns:

The signed MIME body part. Never null.

Throws:

Exception - In case something goes wrong.

verify

@Nonnull
javax.mail.internet.MimeBodyPart verify(@Nonnull
                                                  javax.mail.internet.MimeBodyPart aPart,
                                                  @Nullable
                                                  X509Certificate aCert,
                                                  boolean bUseCertificateInBodyPart,
                                                  boolean bForceVerify,
                                                  @Nullable
                                                  Consumer<X509Certificate> aEffectiveCertificateConsumer,
                                                  @Nonnull
                                                  AS2ResourceHelper aResHelper)
                                           throws Exception

Verify the specified Mime Body part against the part certificate

Parameters:

aPart - Original part

aCert - Certificate to check against or null if the certificate provided in the message should be used.

bUseCertificateInBodyPart - If true any certificate that is passed in the body part is used for verification. If false only the provided certificate is used.

bForceVerify - true to force verification even if the Content-Type header does not indicate so.

aEffectiveCertificateConsumer - An optional consumer that takes the effective certificate that was used for verification. May be null.

aResHelper - The resource helper to use. May not be null.

Returns:

The signed content. Never null.

Throws:

Exception - In case something goes wrong.

Since:

4.4.1