Package com.helger.as2lib.crypto
Class BCCryptoHelper
java.lang.Object
com.helger.as2lib.crypto.BCCryptoHelper
- All Implemented Interfaces:
ICryptoHelper
Implementation of
ICryptoHelper
based on BouncyCastle.- Author:
- Philip Helger
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptioncalculateMIC
(jakarta.mail.internet.MimeBodyPart aPart, ECryptoAlgorithmSign eDigestAlgorithm, boolean bIncludeHeaders) Calculate the MICcreateNewKeyStore
(com.helger.security.keystore.IKeyStoreType aKeyStoreType) jakarta.mail.internet.MimeBodyPart
decrypt
(jakarta.mail.internet.MimeBodyPart aPart, X509Certificate aX509Cert, PrivateKey aPrivateKey, boolean bForceDecrypt, AS2ResourceHelper aResHelper) jakarta.mail.internet.MimeBodyPart
encrypt
(jakarta.mail.internet.MimeBodyPart aPart, X509Certificate aX509Cert, ECryptoAlgorithmCrypt eAlgorithm, com.helger.mail.cte.EContentTransferEncoding eCTE) boolean
isCompressed
(String sContentType) Check if the passed content type indicates compression.boolean
isEncrypted
(jakarta.mail.internet.MimeBodyPart aPart) Check if the passed MIME body part is encrypted.boolean
isSigned
(jakarta.mail.internet.MimeBodyPart aPart) Check if the passed MIME body part is signed.loadKeyStore
(com.helger.security.keystore.IKeyStoreType aKeyStoreType, InputStream aIS, char[] aPassword) Load a key store from the specified input stream.setSecurityProviderName
(String sSecurityProviderName) Set the security provider name to use.jakarta.mail.internet.MimeBodyPart
sign
(jakarta.mail.internet.MimeBodyPart aPart, X509Certificate aX509Cert, PrivateKey aPrivateKey, ECryptoAlgorithmSign eAlgorithm, boolean bIncludeCertificateInSignedContent, boolean bUseOldRFC3851MicAlgs, boolean bRemoveCmsAlgorithmProtect, com.helger.mail.cte.EContentTransferEncoding eCTE) Sign a MIME body part.jakarta.mail.internet.MimeBodyPart
verify
(jakarta.mail.internet.MimeBodyPart aPart, X509Certificate aX509Cert, boolean bUseCertificateInBodyPart, boolean bForceVerify, Consumer<X509Certificate> aEffectiveCertificateConsumer, AS2ResourceHelper aResHelper) Verify the specified Mime Body part against the part certificate
-
Field Details
-
DEFAULT_SECURITY_PROVIDER_NAME
-
-
Constructor Details
-
BCCryptoHelper
public BCCryptoHelper()
-
-
Method Details
-
getSecurityProviderName
- Returns:
- The security provider name to use.
BC
by default. - Since:
- 4.2.0
-
setSecurityProviderName
@Nonnull public BCCryptoHelper setSecurityProviderName(@Nonnull @Nonempty String sSecurityProviderName) Set the security provider name to use.- Parameters:
sSecurityProviderName
- The provider name. May neither benull
nor empty.- Returns:
- this for chaining
- Since:
- 4.2.0
-
createNewKeyStore
@Nonnull public KeyStore createNewKeyStore(@Nonnull com.helger.security.keystore.IKeyStoreType aKeyStoreType) throws GeneralSecurityException - Specified by:
createNewKeyStore
in interfaceICryptoHelper
- Parameters:
aKeyStoreType
- Key store type to use. May not benull
.- Returns:
- A new key store.
- Throws:
GeneralSecurityException
- In case something goes wrong.
-
loadKeyStore
@Nonnull public KeyStore loadKeyStore(@Nonnull com.helger.security.keystore.IKeyStoreType aKeyStoreType, @Nullable @WillNotClose InputStream aIS, @Nonnull char[] aPassword) throws Exception Description copied from interface:ICryptoHelper
Load a key store from the specified input stream.- Specified by:
loadKeyStore
in interfaceICryptoHelper
- Parameters:
aKeyStoreType
- Key store type to use. May not benull
.aIS
- The input stream to load the key store from. May not benull
.aPassword
- The password to be used for loading. May not benull
.- Returns:
- The loaded key store and never
null
. - Throws:
Exception
- In case loading fails.
-
isEncrypted
public boolean isEncrypted(@Nonnull jakarta.mail.internet.MimeBodyPart aPart) throws jakarta.mail.MessagingException Description copied from interface:ICryptoHelper
Check if the passed MIME body part is encrypted. The default implementation checks if the base type of the content type is "application/pkcs7-mime" and if the parameter "smime-type" has the value "enveloped-data".- Specified by:
isEncrypted
in interfaceICryptoHelper
- Parameters:
aPart
- The part to be checked.- Returns:
true
if it is encrypted,false
otherwise.- Throws:
jakarta.mail.MessagingException
-
isSigned
public boolean isSigned(@Nonnull jakarta.mail.internet.MimeBodyPart aPart) throws jakarta.mail.MessagingException Description copied from interface:ICryptoHelper
Check if the passed MIME body part is signed. The default implementation checks if the base type of the content type is "multipart/signed".- Specified by:
isSigned
in interfaceICryptoHelper
- Parameters:
aPart
- The part to be checked.- Returns:
true
if it is signed,false
otherwise.- Throws:
jakarta.mail.MessagingException
-
isCompressed
Description copied from interface:ICryptoHelper
Check if the passed content type indicates compression. The default implementation checks if the parameter "smime-type" has the value "compressed-data".- Specified by:
isCompressed
in interfaceICryptoHelper
- Parameters:
sContentType
- The content type to be checked. May not benull
.- Returns:
true
if it is compressed,false
otherwise.- Throws:
AS2Exception
- In case something goes wrong.
-
calculateMIC
@Nonnull public MIC calculateMIC(@Nonnull jakarta.mail.internet.MimeBodyPart aPart, @Nonnull ECryptoAlgorithmSign eDigestAlgorithm, boolean bIncludeHeaders) throws GeneralSecurityException, jakarta.mail.MessagingException, IOException Description copied from interface:ICryptoHelper
Calculate the MIC- Specified by:
calculateMIC
in interfaceICryptoHelper
- Parameters:
aPart
- MIME part to calculate the MIC from. May not benull
.eDigestAlgorithm
- The digest algorithm to be used. May not benull
.bIncludeHeaders
-true
if the MIME headers should be included,false
if only the content should be used.- Returns:
- The calculated MIC and never
null
. - Throws:
GeneralSecurityException
jakarta.mail.MessagingException
IOException
-
decrypt
@Nonnull public jakarta.mail.internet.MimeBodyPart decrypt(@Nonnull jakarta.mail.internet.MimeBodyPart aPart, @Nonnull X509Certificate aX509Cert, @Nonnull PrivateKey aPrivateKey, boolean bForceDecrypt, @Nonnull AS2ResourceHelper aResHelper) throws GeneralSecurityException, jakarta.mail.MessagingException, org.bouncycastle.cms.CMSException, org.bouncycastle.mail.smime.SMIMEException, IOException - Specified by:
decrypt
in interfaceICryptoHelper
- Throws:
GeneralSecurityException
jakarta.mail.MessagingException
org.bouncycastle.cms.CMSException
org.bouncycastle.mail.smime.SMIMEException
IOException
-
encrypt
@Nonnull public jakarta.mail.internet.MimeBodyPart encrypt(@Nonnull jakarta.mail.internet.MimeBodyPart aPart, @Nonnull X509Certificate aX509Cert, @Nonnull ECryptoAlgorithmCrypt eAlgorithm, @Nonnull com.helger.mail.cte.EContentTransferEncoding eCTE) throws GeneralSecurityException, org.bouncycastle.mail.smime.SMIMEException, org.bouncycastle.cms.CMSException - Specified by:
encrypt
in interfaceICryptoHelper
- Throws:
GeneralSecurityException
org.bouncycastle.mail.smime.SMIMEException
org.bouncycastle.cms.CMSException
-
sign
@Nonnull public jakarta.mail.internet.MimeBodyPart sign(@Nonnull jakarta.mail.internet.MimeBodyPart aPart, @Nonnull X509Certificate aX509Cert, @Nonnull PrivateKey aPrivateKey, @Nonnull ECryptoAlgorithmSign eAlgorithm, boolean bIncludeCertificateInSignedContent, boolean bUseOldRFC3851MicAlgs, boolean bRemoveCmsAlgorithmProtect, @Nonnull com.helger.mail.cte.EContentTransferEncoding eCTE) throws GeneralSecurityException, org.bouncycastle.mail.smime.SMIMEException, jakarta.mail.MessagingException, org.bouncycastle.operator.OperatorCreationException Description copied from interface:ICryptoHelper
Sign a MIME body part.- Specified by:
sign
in interfaceICryptoHelper
- Parameters:
aPart
- MIME body part to be signed. May not benull
.aX509Cert
- The certificate that should be added to the signed information. May not benull
.aPrivateKey
- Private key to be used for signing. May not benull
.eAlgorithm
- The algorithm to be used for signing. May not benull
.bIncludeCertificateInSignedContent
-true
if the passed certificate should be part of the signed content,false
if the certificate should not be put in the content. E.g. for PEPPOL this must betrue
.bUseOldRFC3851MicAlgs
-true
to use the old RFC 3851 MIC algorithm names (e.g.sha1
),false
to use the new RFC 5751 MIC algorithm names (e.g.sha-1
).bRemoveCmsAlgorithmProtect
- iftrue
, the CMS attribute "AlgorithmProtect" will be removed. This is needed in compatibility with e.g. IBM Sterling. Default value should befalse
. Since 4.10.1. See Issue #137.eCTE
- The Content-Transfer-Encoding to be used. May not benull
.- Returns:
- The signed MIME body part. Never
null
. - Throws:
GeneralSecurityException
org.bouncycastle.mail.smime.SMIMEException
jakarta.mail.MessagingException
org.bouncycastle.operator.OperatorCreationException
-
verify
@Nonnull public jakarta.mail.internet.MimeBodyPart verify(@Nonnull jakarta.mail.internet.MimeBodyPart aPart, @Nullable X509Certificate aX509Cert, boolean bUseCertificateInBodyPart, boolean bForceVerify, @Nullable Consumer<X509Certificate> aEffectiveCertificateConsumer, @Nonnull AS2ResourceHelper aResHelper) throws GeneralSecurityException, IOException, jakarta.mail.MessagingException, org.bouncycastle.cms.CMSException, org.bouncycastle.operator.OperatorCreationException Description copied from interface:ICryptoHelper
Verify the specified Mime Body part against the part certificate- Specified by:
verify
in interfaceICryptoHelper
- Parameters:
aPart
- Original partaX509Cert
- Certificate to check against ornull
if the certificate provided in the message should be used.bUseCertificateInBodyPart
- Iftrue
any certificate that is passed in the body part is used for verification. Iffalse
only the provided certificate is used.bForceVerify
-true
to force verification even if the Content-Type header does not indicate so.aEffectiveCertificateConsumer
- An optional consumer that takes the effective certificate that was used for verification. May benull
.aResHelper
- The resource helper to use. May not benull
.- Returns:
- The signed content. Never
null
. - Throws:
GeneralSecurityException
IOException
jakarta.mail.MessagingException
org.bouncycastle.cms.CMSException
org.bouncycastle.operator.OperatorCreationException
-