Package com.helger.as2lib.crypto
Interface ICryptoHelper
- All Known Implementing Classes:
BCCryptoHelper
public interface ICryptoHelper
Base interface for all crypto related methods in this project.
- Author:
- Philip Helger
-
Method Summary
Modifier and TypeMethodDescriptioncalculateMIC
(jakarta.mail.internet.MimeBodyPart aPart, ECryptoAlgorithmSign eDigestAlgorithm, boolean bIncludeHeaders) Calculate the MICcreateNewKeyStore
(com.helger.security.keystore.IKeyStoreType aKeyStoreType) jakarta.mail.internet.MimeBodyPart
decrypt
(jakarta.mail.internet.MimeBodyPart aPart, X509Certificate aCert, PrivateKey aKey, boolean bForceDecrypt, AS2ResourceHelper aResHelper) jakarta.mail.internet.MimeBodyPart
encrypt
(jakarta.mail.internet.MimeBodyPart aPart, X509Certificate aCert, ECryptoAlgorithmCrypt eAlgorithm, com.helger.mail.cte.EContentTransferEncoding eCTE) boolean
isCompressed
(String sContentType) Check if the passed content type indicates compression.boolean
isEncrypted
(jakarta.mail.internet.MimeBodyPart aPart) Check if the passed MIME body part is encrypted.boolean
isSigned
(jakarta.mail.internet.MimeBodyPart aPart) Check if the passed MIME body part is signed.loadKeyStore
(com.helger.security.keystore.IKeyStoreType aKeyStoreType, InputStream aIS, char[] aPassword) Load a key store from the specified input stream.jakarta.mail.internet.MimeBodyPart
sign
(jakarta.mail.internet.MimeBodyPart aPart, X509Certificate aCert, PrivateKey aKey, ECryptoAlgorithmSign eAlgorithm, boolean bIncludeCertificateInSignedContent, boolean bUseOldRFC3851MicAlgs, boolean bRemoveCmsAlgorithmProtect, com.helger.mail.cte.EContentTransferEncoding eCTE) Sign a MIME body part.jakarta.mail.internet.MimeBodyPart
verify
(jakarta.mail.internet.MimeBodyPart aPart, X509Certificate aCert, boolean bUseCertificateInBodyPart, boolean bForceVerify, Consumer<X509Certificate> aEffectiveCertificateConsumer, AS2ResourceHelper aResHelper) Verify the specified Mime Body part against the part certificate
-
Method Details
-
createNewKeyStore
@Nonnull KeyStore createNewKeyStore(@Nonnull com.helger.security.keystore.IKeyStoreType aKeyStoreType) throws GeneralSecurityException - Parameters:
aKeyStoreType
- Key store type to use. May not benull
.- Returns:
- A new key store.
- Throws:
GeneralSecurityException
- In case something goes wrong.
-
loadKeyStore
@Nonnull KeyStore loadKeyStore(@Nonnull com.helger.security.keystore.IKeyStoreType aKeyStoreType, @Nonnull @WillNotClose InputStream aIS, @Nonnull char[] aPassword) throws Exception Load a key store from the specified input stream.- Parameters:
aKeyStoreType
- Key store type to use. May not benull
.aIS
- The input stream to load the key store from. May not benull
.aPassword
- The password to be used for loading. May not benull
.- Returns:
- The loaded key store and never
null
. - Throws:
Exception
- In case loading fails.
-
isEncrypted
Check if the passed MIME body part is encrypted. The default implementation checks if the base type of the content type is "application/pkcs7-mime" and if the parameter "smime-type" has the value "enveloped-data".- Parameters:
aPart
- The part to be checked.- Returns:
true
if it is encrypted,false
otherwise.- Throws:
Exception
- In case something goes wrong.
-
isSigned
Check if the passed MIME body part is signed. The default implementation checks if the base type of the content type is "multipart/signed".- Parameters:
aPart
- The part to be checked.- Returns:
true
if it is signed,false
otherwise.- Throws:
Exception
- In case something goes wrong.
-
isCompressed
Check if the passed content type indicates compression. The default implementation checks if the parameter "smime-type" has the value "compressed-data".- Parameters:
sContentType
- The content type to be checked. May not benull
.- Returns:
true
if it is compressed,false
otherwise.- Throws:
AS2Exception
- In case something goes wrong.
-
calculateMIC
@Nonnull MIC calculateMIC(@Nonnull jakarta.mail.internet.MimeBodyPart aPart, @Nonnull ECryptoAlgorithmSign eDigestAlgorithm, boolean bIncludeHeaders) throws Exception Calculate the MIC- Parameters:
aPart
- MIME part to calculate the MIC from. May not benull
.eDigestAlgorithm
- The digest algorithm to be used. May not benull
.bIncludeHeaders
-true
if the MIME headers should be included,false
if only the content should be used.- Returns:
- The calculated MIC and never
null
. - Throws:
Exception
- In case something goes wrong.
-
encrypt
@Nonnull jakarta.mail.internet.MimeBodyPart encrypt(@Nonnull jakarta.mail.internet.MimeBodyPart aPart, @Nonnull X509Certificate aCert, @Nonnull ECryptoAlgorithmCrypt eAlgorithm, @Nonnull com.helger.mail.cte.EContentTransferEncoding eCTE) throws Exception - Throws:
Exception
-
decrypt
@Nonnull jakarta.mail.internet.MimeBodyPart decrypt(@Nonnull jakarta.mail.internet.MimeBodyPart aPart, @Nonnull X509Certificate aCert, @Nonnull PrivateKey aKey, boolean bForceDecrypt, @Nonnull AS2ResourceHelper aResHelper) throws Exception - Throws:
Exception
-
sign
@Nonnull jakarta.mail.internet.MimeBodyPart sign(@Nonnull jakarta.mail.internet.MimeBodyPart aPart, @Nonnull X509Certificate aCert, @Nonnull PrivateKey aKey, @Nonnull ECryptoAlgorithmSign eAlgorithm, boolean bIncludeCertificateInSignedContent, boolean bUseOldRFC3851MicAlgs, boolean bRemoveCmsAlgorithmProtect, @Nonnull com.helger.mail.cte.EContentTransferEncoding eCTE) throws Exception Sign a MIME body part.- Parameters:
aPart
- MIME body part to be signed. May not benull
.aCert
- The certificate that should be added to the signed information. May not benull
.aKey
- Private key to be used for signing. May not benull
.eAlgorithm
- The algorithm to be used for signing. May not benull
.bIncludeCertificateInSignedContent
-true
if the passed certificate should be part of the signed content,false
if the certificate should not be put in the content. E.g. for PEPPOL this must betrue
.bUseOldRFC3851MicAlgs
-true
to use the old RFC 3851 MIC algorithm names (e.g.sha1
),false
to use the new RFC 5751 MIC algorithm names (e.g.sha-1
).bRemoveCmsAlgorithmProtect
- iftrue
, the CMS attribute "AlgorithmProtect" will be removed. This is needed in compatibility with e.g. IBM Sterling. Default value should befalse
. Since 4.10.1. See Issue #137.eCTE
- The Content-Transfer-Encoding to be used. May not benull
.- Returns:
- The signed MIME body part. Never
null
. - Throws:
Exception
- In case something goes wrong.
-
verify
@Nonnull jakarta.mail.internet.MimeBodyPart verify(@Nonnull jakarta.mail.internet.MimeBodyPart aPart, @Nullable X509Certificate aCert, boolean bUseCertificateInBodyPart, boolean bForceVerify, @Nullable Consumer<X509Certificate> aEffectiveCertificateConsumer, @Nonnull AS2ResourceHelper aResHelper) throws Exception Verify the specified Mime Body part against the part certificate- Parameters:
aPart
- Original partaCert
- Certificate to check against ornull
if the certificate provided in the message should be used.bUseCertificateInBodyPart
- Iftrue
any certificate that is passed in the body part is used for verification. Iffalse
only the provided certificate is used.bForceVerify
-true
to force verification even if the Content-Type header does not indicate so.aEffectiveCertificateConsumer
- An optional consumer that takes the effective certificate that was used for verification. May benull
.aResHelper
- The resource helper to use. May not benull
.- Returns:
- The signed content. Never
null
. - Throws:
Exception
- In case something goes wrong.- Since:
- 4.4.1
-