Package com.helger.as2lib.crypto

Interface ICryptoHelper

All Known Implementing Classes:

BCCryptoHelper

public interface ICryptoHelper

Base interface for all crypto related methods in this project.

Author:

Philip Helger

Method Summary

Modifier and Type	Method	Description
MIC	calculateMIC(jakarta.mail.internet.MimeBodyPart aPart, ECryptoAlgorithmSign eDigestAlgorithm, boolean bIncludeHeaders)	Calculate the MIC
KeyStore	createNewKeyStore(com.helger.security.keystore.IKeyStoreType aKeyStoreType)
jakarta.mail.internet.MimeBodyPart	decrypt(jakarta.mail.internet.MimeBodyPart aPart, X509Certificate aCert, PrivateKey aKey, boolean bForceDecrypt, AS2ResourceHelper aResHelper)
jakarta.mail.internet.MimeBodyPart	encrypt(jakarta.mail.internet.MimeBodyPart aPart, X509Certificate aCert, ECryptoAlgorithmCrypt eAlgorithm, com.helger.mail.cte.EContentTransferEncoding eCTE)
boolean	isCompressed(String sContentType)	Check if the passed content type indicates compression.
boolean	isEncrypted(jakarta.mail.internet.MimeBodyPart aPart)	Check if the passed MIME body part is encrypted.
boolean	isSigned(jakarta.mail.internet.MimeBodyPart aPart)	Check if the passed MIME body part is signed.
KeyStore	loadKeyStore(com.helger.security.keystore.IKeyStoreType aKeyStoreType, InputStream aIS, char[] aPassword)	Load a key store from the specified input stream.
jakarta.mail.internet.MimeBodyPart	sign(jakarta.mail.internet.MimeBodyPart aPart, X509Certificate aCert, PrivateKey aKey, ECryptoAlgorithmSign eAlgorithm, boolean bIncludeCertificateInSignedContent, boolean bUseOldRFC3851MicAlgs, boolean bRemoveCmsAlgorithmProtect, com.helger.mail.cte.EContentTransferEncoding eCTE)	Sign a MIME body part.
jakarta.mail.internet.MimeBodyPart	verify(jakarta.mail.internet.MimeBodyPart aPart, X509Certificate aCert, boolean bUseCertificateInBodyPart, boolean bForceVerify, Consumer<X509Certificate> aEffectiveCertificateConsumer, AS2ResourceHelper aResHelper)	Verify the specified Mime Body part against the part certificate

Method Details

createNewKeyStore

@Nonnull
KeyStore createNewKeyStore(@Nonnull
 com.helger.security.keystore.IKeyStoreType aKeyStoreType)
                    throws GeneralSecurityException

Parameters:

aKeyStoreType - Key store type to use. May not be null.

Returns:

A new key store.

Throws:

GeneralSecurityException - In case something goes wrong.

loadKeyStore

@Nonnull
KeyStore loadKeyStore(@Nonnull
 com.helger.security.keystore.IKeyStoreType aKeyStoreType,
 @Nonnull @WillNotClose
 InputStream aIS,
 @Nonnull
 char[] aPassword)
               throws Exception

Load a key store from the specified input stream.

Parameters:

aKeyStoreType - Key store type to use. May not be null.

aIS - The input stream to load the key store from. May not be null.

aPassword - The password to be used for loading. May not be null.

Returns:

The loaded key store and never null.

Throws:

Exception - In case loading fails.

isEncrypted

boolean isEncrypted(@Nonnull
 jakarta.mail.internet.MimeBodyPart aPart)
             throws Exception

Check if the passed MIME body part is encrypted. The default implementation checks if the base type of the content type is "application/pkcs7-mime" and if the parameter "smime-type" has the value "enveloped-data".

Parameters:

aPart - The part to be checked.

Returns:

true if it is encrypted, false otherwise.

Throws:

Exception - In case something goes wrong.

isSigned

boolean isSigned(@Nonnull
 jakarta.mail.internet.MimeBodyPart aPart)
          throws Exception

Check if the passed MIME body part is signed. The default implementation checks if the base type of the content type is "multipart/signed".

Parameters:

aPart - The part to be checked.

Returns:

true if it is signed, false otherwise.

Throws:

Exception - In case something goes wrong.

isCompressed

boolean isCompressed(@Nonnull
 String sContentType)
              throws AS2Exception

Check if the passed content type indicates compression. The default implementation checks if the parameter "smime-type" has the value "compressed-data".

Parameters:

sContentType - The content type to be checked. May not be null.

Returns:

true if it is compressed, false otherwise.

Throws:

AS2Exception - In case something goes wrong.

calculateMIC

@Nonnull
MIC calculateMIC(@Nonnull
 jakarta.mail.internet.MimeBodyPart aPart,
 @Nonnull
 ECryptoAlgorithmSign eDigestAlgorithm,
 boolean bIncludeHeaders)
          throws Exception

Calculate the MIC

Parameters:

aPart - MIME part to calculate the MIC from. May not be null.

eDigestAlgorithm - The digest algorithm to be used. May not be null.

bIncludeHeaders - true if the MIME headers should be included, false if only the content should be used.

Returns:

The calculated MIC and never null.

Throws:

Exception - In case something goes wrong.

encrypt

@Nonnull
jakarta.mail.internet.MimeBodyPart encrypt(@Nonnull
 jakarta.mail.internet.MimeBodyPart aPart,
 @Nonnull
 X509Certificate aCert,
 @Nonnull
 ECryptoAlgorithmCrypt eAlgorithm,
 @Nonnull
 com.helger.mail.cte.EContentTransferEncoding eCTE)
                                    throws Exception

Throws:

Exception

decrypt

@Nonnull
jakarta.mail.internet.MimeBodyPart decrypt(@Nonnull
 jakarta.mail.internet.MimeBodyPart aPart,
 @Nonnull
 X509Certificate aCert,
 @Nonnull
 PrivateKey aKey,
 boolean bForceDecrypt,
 @Nonnull
 AS2ResourceHelper aResHelper)
                                    throws Exception

Throws:

Exception

sign

@Nonnull
jakarta.mail.internet.MimeBodyPart sign(@Nonnull
 jakarta.mail.internet.MimeBodyPart aPart,
 @Nonnull
 X509Certificate aCert,
 @Nonnull
 PrivateKey aKey,
 @Nonnull
 ECryptoAlgorithmSign eAlgorithm,
 boolean bIncludeCertificateInSignedContent,
 boolean bUseOldRFC3851MicAlgs,
 boolean bRemoveCmsAlgorithmProtect,
 @Nonnull
 com.helger.mail.cte.EContentTransferEncoding eCTE)
                                 throws Exception

Sign a MIME body part.

Parameters:

aPart - MIME body part to be signed. May not be null.

aCert - The certificate that should be added to the signed information. May not be null.

aKey - Private key to be used for signing. May not be null.

eAlgorithm - The algorithm to be used for signing. May not be null.

bIncludeCertificateInSignedContent - true if the passed certificate should be part of the signed content, false if the certificate should not be put in the content. E.g. for PEPPOL this must be true.

bUseOldRFC3851MicAlgs - true to use the old RFC 3851 MIC algorithm names (e.g. sha1), false to use the new RFC 5751 MIC algorithm names (e.g. sha-1).

bRemoveCmsAlgorithmProtect - if true, the CMS attribute "AlgorithmProtect" will be removed. This is needed in compatibility with e.g. IBM Sterling. Default value should be false. Since 4.10.1. See Issue #137.

eCTE - The Content-Transfer-Encoding to be used. May not be null.

Returns:

The signed MIME body part. Never null.

Throws:

Exception - In case something goes wrong.

verify

@Nonnull
jakarta.mail.internet.MimeBodyPart verify(@Nonnull
 jakarta.mail.internet.MimeBodyPart aPart,
 @Nullable
 X509Certificate aCert,
 boolean bUseCertificateInBodyPart,
 boolean bForceVerify,
 @Nullable
 Consumer<X509Certificate> aEffectiveCertificateConsumer,
 @Nonnull
 AS2ResourceHelper aResHelper)
                                   throws Exception

Verify the specified Mime Body part against the part certificate

Parameters:

aPart - Original part

aCert - Certificate to check against or null if the certificate provided in the message should be used.

bUseCertificateInBodyPart - If true any certificate that is passed in the body part is used for verification. If false only the provided certificate is used.

bForceVerify - true to force verification even if the Content-Type header does not indicate so.

aEffectiveCertificateConsumer - An optional consumer that takes the effective certificate that was used for verification. May be null.

aResHelper - The resource helper to use. May not be null.

Returns:

The signed content. Never null.

Throws:

Exception - In case something goes wrong.

Since:

4.4.1