Package com.helger.as2lib.crypto

Class BCCryptoHelper

java.lang.Object
com.helger.as2lib.crypto.BCCryptoHelper
All Implemented Interfaces:
ICryptoHelper
public class BCCryptoHelper extends Object implements ICryptoHelper
Implementation of ICryptoHelper based on BouncyCastle.
Author:
Philip Helger

  • Field Details

    • DEFAULT_SECURITY_PROVIDER_NAME

      public static final String DEFAULT_SECURITY_PROVIDER_NAME

  • Constructor Details

    • BCCryptoHelper

      public BCCryptoHelper()

  • Method Details

    • getSecurityProviderName

      @Nonnull @Nonempty public String getSecurityProviderName()
      Returns:
      The security provider name to use. BC by default.
      Since:
      4.2.0

    • setSecurityProviderName

      @Nonnull public BCCryptoHelper setSecurityProviderName(@Nonnull @Nonempty String sSecurityProviderName)
      Set the security provider name to use.
      Parameters:
      sSecurityProviderName - The provider name. May neither be null nor empty.
      Returns:
      this for chaining
      Since:
      4.2.0

    • createNewKeyStore

      @Nonnull public KeyStore createNewKeyStore(@Nonnull com.helger.security.keystore.IKeyStoreType aKeyStoreType) throws GeneralSecurityException
      Specified by:
      createNewKeyStore in interface ICryptoHelper
      Parameters:
      aKeyStoreType - Key store type to use. May not be null.
      Returns:
      A new key store.
      Throws:
      GeneralSecurityException - In case something goes wrong.

    • loadKeyStore

      @Nonnull public KeyStore loadKeyStore(@Nonnull com.helger.security.keystore.IKeyStoreType aKeyStoreType, @Nullable @WillNotClose InputStream aIS, @Nonnull char[] aPassword) throws Exception
      Description copied from interface: ICryptoHelper
      Load a key store from the specified input stream.
      Specified by:
      loadKeyStore in interface ICryptoHelper
      Parameters:
      aKeyStoreType - Key store type to use. May not be null.
      aIS - The input stream to load the key store from. May not be null.
      aPassword - The password to be used for loading. May not be null.
      Returns:
      The loaded key store and never null.
      Throws:
      Exception - In case loading fails.

    • isEncrypted

      public boolean isEncrypted(@Nonnull jakarta.mail.internet.MimeBodyPart aPart) throws jakarta.mail.MessagingException
      Description copied from interface: ICryptoHelper
      Check if the passed MIME body part is encrypted. The default implementation checks if the base type of the content type is "application/pkcs7-mime" and if the parameter "smime-type" has the value "enveloped-data".
      Specified by:
      isEncrypted in interface ICryptoHelper
      Parameters:
      aPart - The part to be checked.
      Returns:
      true if it is encrypted, false otherwise.
      Throws:
      jakarta.mail.MessagingException

    • isSigned

      public boolean isSigned(@Nonnull jakarta.mail.internet.MimeBodyPart aPart) throws jakarta.mail.MessagingException
      Description copied from interface: ICryptoHelper
      Check if the passed MIME body part is signed. The default implementation checks if the base type of the content type is "multipart/signed".
      Specified by:
      isSigned in interface ICryptoHelper
      Parameters:
      aPart - The part to be checked.
      Returns:
      true if it is signed, false otherwise.
      Throws:
      jakarta.mail.MessagingException

    • isCompressed

      public boolean isCompressed(@Nonnull String sContentType) throws AS2Exception
      Description copied from interface: ICryptoHelper
      Check if the passed content type indicates compression. The default implementation checks if the parameter "smime-type" has the value "compressed-data".
      Specified by:
      isCompressed in interface ICryptoHelper
      Parameters:
      sContentType - The content type to be checked. May not be null.
      Returns:
      true if it is compressed, false otherwise.
      Throws:
      AS2Exception - In case something goes wrong.

    • calculateMIC

      @Nonnull public MIC calculateMIC(@Nonnull jakarta.mail.internet.MimeBodyPart aPart, @Nonnull ECryptoAlgorithmSign eDigestAlgorithm, boolean bIncludeHeaders) throws GeneralSecurityException, jakarta.mail.MessagingException, IOException
      Description copied from interface: ICryptoHelper
      Calculate the MIC
      Specified by:
      calculateMIC in interface ICryptoHelper
      Parameters:
      aPart - MIME part to calculate the MIC from. May not be null.
      eDigestAlgorithm - The digest algorithm to be used. May not be null.
      bIncludeHeaders - true if the MIME headers should be included, false if only the content should be used.
      Returns:
      The calculated MIC and never null.
      Throws:
      GeneralSecurityException
      jakarta.mail.MessagingException
      IOException

    • decrypt

      @Nonnull public jakarta.mail.internet.MimeBodyPart decrypt(@Nonnull jakarta.mail.internet.MimeBodyPart aPart, @Nonnull X509Certificate aX509Cert, @Nonnull PrivateKey aPrivateKey, boolean bForceDecrypt, @Nonnull AS2ResourceHelper aResHelper) throws GeneralSecurityException, jakarta.mail.MessagingException, org.bouncycastle.cms.CMSException, org.bouncycastle.mail.smime.SMIMEException, IOException
      Specified by:
      decrypt in interface ICryptoHelper
      Throws:
      GeneralSecurityException
      jakarta.mail.MessagingException
      org.bouncycastle.cms.CMSException
      org.bouncycastle.mail.smime.SMIMEException
      IOException

    • encrypt

      @Nonnull public jakarta.mail.internet.MimeBodyPart encrypt(@Nonnull jakarta.mail.internet.MimeBodyPart aPart, @Nonnull X509Certificate aX509Cert, @Nonnull ECryptoAlgorithmCrypt eAlgorithm, @Nonnull com.helger.mail.cte.EContentTransferEncoding eCTE) throws GeneralSecurityException, org.bouncycastle.mail.smime.SMIMEException, org.bouncycastle.cms.CMSException
      Specified by:
      encrypt in interface ICryptoHelper
      Throws:
      GeneralSecurityException
      org.bouncycastle.mail.smime.SMIMEException
      org.bouncycastle.cms.CMSException

    • sign

      @Nonnull public jakarta.mail.internet.MimeBodyPart sign(@Nonnull jakarta.mail.internet.MimeBodyPart aPart, @Nonnull X509Certificate aX509Cert, @Nonnull PrivateKey aPrivateKey, @Nonnull ECryptoAlgorithmSign eAlgorithm, boolean bIncludeCertificateInSignedContent, boolean bUseOldRFC3851MicAlgs, boolean bRemoveCmsAlgorithmProtect, @Nonnull com.helger.mail.cte.EContentTransferEncoding eCTE) throws GeneralSecurityException, org.bouncycastle.mail.smime.SMIMEException, jakarta.mail.MessagingException, org.bouncycastle.operator.OperatorCreationException
      Description copied from interface: ICryptoHelper
      Sign a MIME body part.
      Specified by:
      sign in interface ICryptoHelper
      Parameters:
      aPart - MIME body part to be signed. May not be null.
      aX509Cert - The certificate that should be added to the signed information. May not be null.
      aPrivateKey - Private key to be used for signing. May not be null.
      eAlgorithm - The algorithm to be used for signing. May not be null.
      bIncludeCertificateInSignedContent - true if the passed certificate should be part of the signed content, false if the certificate should not be put in the content. E.g. for PEPPOL this must be true.
      bUseOldRFC3851MicAlgs - true to use the old RFC 3851 MIC algorithm names (e.g. sha1), false to use the new RFC 5751 MIC algorithm names (e.g. sha-1).
      bRemoveCmsAlgorithmProtect - if true, the CMS attribute "AlgorithmProtect" will be removed. This is needed in compatibility with e.g. IBM Sterling. Default value should be false. Since 4.10.1. See Issue #137.
      eCTE - The Content-Transfer-Encoding to be used. May not be null.
      Returns:
      The signed MIME body part. Never null.
      Throws:
      GeneralSecurityException
      org.bouncycastle.mail.smime.SMIMEException
      jakarta.mail.MessagingException
      org.bouncycastle.operator.OperatorCreationException

    • verify

      @Nonnull public jakarta.mail.internet.MimeBodyPart verify(@Nonnull jakarta.mail.internet.MimeBodyPart aPart, @Nullable X509Certificate aX509Cert, boolean bUseCertificateInBodyPart, boolean bForceVerify, @Nullable Consumer<X509Certificate> aEffectiveCertificateConsumer, @Nonnull AS2ResourceHelper aResHelper) throws GeneralSecurityException, IOException, jakarta.mail.MessagingException, org.bouncycastle.cms.CMSException, org.bouncycastle.operator.OperatorCreationException
      Description copied from interface: ICryptoHelper
      Verify the specified Mime Body part against the part certificate
      Specified by:
      verify in interface ICryptoHelper
      Parameters:
      aPart - Original part
      aX509Cert - Certificate to check against or null if the certificate provided in the message should be used.
      bUseCertificateInBodyPart - If true any certificate that is passed in the body part is used for verification. If false only the provided certificate is used.
      bForceVerify - true to force verification even if the Content-Type header does not indicate so.
      aEffectiveCertificateConsumer - An optional consumer that takes the effective certificate that was used for verification. May be null.
      aResHelper - The resource helper to use. May not be null.
      Returns:
      The signed content. Never null.
      Throws:
      GeneralSecurityException
      IOException
      jakarta.mail.MessagingException
      org.bouncycastle.cms.CMSException
      org.bouncycastle.operator.OperatorCreationException