Package com.helger.as2lib.crypto

Class BCCryptoHelper

    • Field Detail

      • DEFAULT_SECURITY_PROVIDER_NAME

        public static final String DEFAULT_SECURITY_PROVIDER_NAME

    • Constructor Detail

      • BCCryptoHelper

        public BCCryptoHelper()

    • Method Detail

      • getSecurityProviderName

        @Nonnull
@Nonempty
public String getSecurityProviderName()
        Returns:
        The security provider name to use. BC by default.
        Since:
        4.2.0

      • setSecurityProviderName

        @Nonnull
public BCCryptoHelper setSecurityProviderName​(@Nonnull @Nonempty
                                              String sSecurityProviderName)
        Set the security provider name to use.
        Parameters:
        sSecurityProviderName - The provider name. May neither be null nor empty.
        Returns:
        this for chaining
        Since:
        4.2.0

      • loadKeyStore

        @Nonnull
public KeyStore loadKeyStore​(@Nonnull
                             com.helger.security.keystore.IKeyStoreType aKeyStoreType,
                             @Nullable @WillNotClose
                             InputStream aIS,
                             @Nonnull
                             char[] aPassword)
                      throws Exception
        Description copied from interface: ICryptoHelper
        Load a key store from the specified input stream.
        Specified by:
        loadKeyStore in interface ICryptoHelper
        Parameters:
        aKeyStoreType - Key store type to use. May not be null.
        aIS - The input stream to load the key store from. May not be null.
        aPassword - The password to be used for loading. May not be null.
        Returns:
        The loaded key store and never null.
        Throws:
        Exception - In case loading fails.

      • isEncrypted

        public boolean isEncrypted​(@Nonnull
                           jakarta.mail.internet.MimeBodyPart aPart)
                    throws jakarta.mail.MessagingException
        Description copied from interface: ICryptoHelper
        Check if the passed MIME body part is encrypted. The default implementation checks if the base type of the content type is "application/pkcs7-mime" and if the parameter "smime-type" has the value "enveloped-data".
        Specified by:
        isEncrypted in interface ICryptoHelper
        Parameters:
        aPart - The part to be checked.
        Returns:
        true if it is encrypted, false otherwise.
        Throws:
        jakarta.mail.MessagingException

      • isSigned

        public boolean isSigned​(@Nonnull
                        jakarta.mail.internet.MimeBodyPart aPart)
                 throws jakarta.mail.MessagingException
        Description copied from interface: ICryptoHelper
        Check if the passed MIME body part is signed. The default implementation checks if the base type of the content type is "multipart/signed".
        Specified by:
        isSigned in interface ICryptoHelper
        Parameters:
        aPart - The part to be checked.
        Returns:
        true if it is signed, false otherwise.
        Throws:
        jakarta.mail.MessagingException

      • isCompressed

        public boolean isCompressed​(@Nonnull
                            String sContentType)
                     throws AS2Exception
        Description copied from interface: ICryptoHelper
        Check if the passed content type indicates compression. The default implementation checks if the parameter "smime-type" has the value "compressed-data".
        Specified by:
        isCompressed in interface ICryptoHelper
        Parameters:
        sContentType - The content type to be checked. May not be null.
        Returns:
        true if it is compressed, false otherwise.
        Throws:
        AS2Exception - In case something goes wrong.

      • sign

        @Nonnull
public jakarta.mail.internet.MimeBodyPart sign​(@Nonnull
                                               jakarta.mail.internet.MimeBodyPart aPart,
                                               @Nonnull
                                               X509Certificate aX509Cert,
                                               @Nonnull
                                               PrivateKey aPrivateKey,
                                               @Nonnull
                                               ECryptoAlgorithmSign eAlgorithm,
                                               boolean bIncludeCertificateInSignedContent,
                                               boolean bUseOldRFC3851MicAlgs,
                                               boolean bRemoveCmsAlgorithmProtect,
                                               @Nonnull
                                               com.helger.mail.cte.EContentTransferEncoding eCTE)
                                        throws GeneralSecurityException,
                                               org.bouncycastle.mail.smime.SMIMEException,
                                               jakarta.mail.MessagingException,
                                               org.bouncycastle.operator.OperatorCreationException
        Description copied from interface: ICryptoHelper
        Sign a MIME body part.
        Specified by:
        sign in interface ICryptoHelper
        Parameters:
        aPart - MIME body part to be signed. May not be null.
        aX509Cert - The certificate that should be added to the signed information. May not be null.
        aPrivateKey - Private key to be used for signing. May not be null.
        eAlgorithm - The algorithm to be used for signing. May not be null.
        bIncludeCertificateInSignedContent - true if the passed certificate should be part of the signed content, false if the certificate should not be put in the content. E.g. for PEPPOL this must be true.
        bUseOldRFC3851MicAlgs - true to use the old RFC 3851 MIC algorithm names (e.g. sha1), false to use the new RFC 5751 MIC algorithm names (e.g. sha-1).
        bRemoveCmsAlgorithmProtect - if true, the CMS attribute "AlgorithmProtect" will be removed. This is needed in compatibility with e.g. IBM Sterling. Default value should be false. Since 4.10.1. See Issue #137.
        eCTE - The Content-Transfer-Encoding to be used. May not be null.
        Returns:
        The signed MIME body part. Never null.
        Throws:
        GeneralSecurityException
        org.bouncycastle.mail.smime.SMIMEException
        jakarta.mail.MessagingException
        org.bouncycastle.operator.OperatorCreationException

      • verify

        @Nonnull
public jakarta.mail.internet.MimeBodyPart verify​(@Nonnull
                                                 jakarta.mail.internet.MimeBodyPart aPart,
                                                 @Nullable
                                                 X509Certificate aX509Cert,
                                                 boolean bUseCertificateInBodyPart,
                                                 boolean bForceVerify,
                                                 @Nullable
                                                 Consumer<X509Certificate> aEffectiveCertificateConsumer,
                                                 @Nonnull
                                                 AS2ResourceHelper aResHelper)
                                          throws GeneralSecurityException,
                                                 IOException,
                                                 jakarta.mail.MessagingException,
                                                 org.bouncycastle.cms.CMSException,
                                                 org.bouncycastle.operator.OperatorCreationException
        Description copied from interface: ICryptoHelper
        Verify the specified Mime Body part against the part certificate
        Specified by:
        verify in interface ICryptoHelper
        Parameters:
        aPart - Original part
        aX509Cert - Certificate to check against or null if the certificate provided in the message should be used.
        bUseCertificateInBodyPart - If true any certificate that is passed in the body part is used for verification. If false only the provided certificate is used.
        bForceVerify - true to force verification even if the Content-Type header does not indicate so.
        aEffectiveCertificateConsumer - An optional consumer that takes the effective certificate that was used for verification. May be null.
        aResHelper - The resource helper to use. May not be null.
        Returns:
        The signed content. Never null.
        Throws:
        GeneralSecurityException
        IOException
        jakarta.mail.MessagingException
        org.bouncycastle.cms.CMSException
        org.bouncycastle.operator.OperatorCreationException