Package org.bouncycastle.mail.smime.validator

Class SignedMailValidator

java.lang.Object

org.bouncycastle.mail.smime.validator.SignedMailValidator

public class SignedMailValidator
extends Object

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	SignedMailValidator.ValidationResult

Constructor Summary

Constructors

Constructor	Description
SignedMailValidator(javax.mail.internet.MimeMessage message, PKIXParameters param)	Validates the signed MimeMessage message.
SignedMailValidator(javax.mail.internet.MimeMessage message, PKIXParameters param, Class certPathReviewerClass)	Validates the signed MimeMessage message.

Method Summary

Modifier and Type	Method	Description
protected void	checkSignerCert(X509Certificate cert, List errors, List notifications)
static CertPath	createCertPath(X509Certificate signerCert, Set trustanchors, List certStores)
static Object[]	createCertPath(X509Certificate signerCert, Set trustanchors, List systemCertStores, List userCertStores)	Returns an Object array containing a CertPath and a List of Booleans.
CertStore	getCertsAndCRLs()
static Set	getEmailAddresses(X509Certificate cert)
static Date	getSignatureTime(org.bouncycastle.cms.SignerInformation signer)
org.bouncycastle.cms.SignerInformationStore	getSignerInformationStore()
SignedMailValidator.ValidationResult	getValidationResult(org.bouncycastle.cms.SignerInformation signer)
protected void	validateSignatures(PKIXParameters pkixParam)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SignedMailValidator

public SignedMailValidator(javax.mail.internet.MimeMessage message,
 PKIXParameters param)
                    throws SignedMailValidatorException

Validates the signed MimeMessage message. The PKIXParameters from param are used for the certificate path validation. The actual PKIXParameters used for the certificate path validation is a copy of param with the followin changes:
- The validation date is changed to the signature time
- A CertStore with certificates and crls from the mail message is added to the CertStores.

In param it's also possible to add additional CertStores with intermediate Certificates and/or CRLs which then are also used for the validation.

Parameters:

message - the signed MimeMessage

param - the parameters for the certificate path validation

Throws:

SignedMailValidatorException - if the message is no signed message or if an exception occurs reading the message

SignedMailValidator

public SignedMailValidator(javax.mail.internet.MimeMessage message,
 PKIXParameters param,
 Class certPathReviewerClass)
                    throws SignedMailValidatorException

Validates the signed MimeMessage message. The PKIXParameters from param are used for the certificate path validation. The actual PKIXParameters used for the certificate path validation is a copy of param with the followin changes:
- The validation date is changed to the signature time
- A CertStore with certificates and crls from the mail message is added to the CertStores.

In param it's also possible to add additional CertStores with intermediate Certificates and/or CRLs which then are also used for the validation.

Parameters:

message - the signed MimeMessage

param - the parameters for the certificate path validation

certPathReviewerClass - a subclass of PKIXCertPathReviewer. The SignedMailValidator uses objects of this type for the cert path vailidation. The class must have an empty constructor.

Throws:

SignedMailValidatorException - if the message is no signed message or if an exception occurs reading the message

IllegalArgumentException - if the certPathReviewerClass is not a subclass of PKIXCertPathReviewer or objects of certPathReviewerClass can not be instantiated

Method Details

validateSignatures

protected void validateSignatures(PKIXParameters pkixParam)

getEmailAddresses

public static Set getEmailAddresses(X509Certificate cert)
                             throws IOException,
CertificateEncodingException

Throws:

IOException

CertificateEncodingException

checkSignerCert

protected void checkSignerCert(X509Certificate cert,
 List errors,
 List notifications)

getSignatureTime

public static Date getSignatureTime(org.bouncycastle.cms.SignerInformation signer)

createCertPath

public static CertPath createCertPath(X509Certificate signerCert,
 Set trustanchors,
 List certStores)
                               throws GeneralSecurityException

Parameters:

signerCert - the end of the path

trustanchors - trust anchors for the path

certStores -

Returns:

the resulting certificate path.

Throws:

GeneralSecurityException

createCertPath

public static Object[] createCertPath(X509Certificate signerCert,
 Set trustanchors,
 List systemCertStores,
 List userCertStores)
                               throws GeneralSecurityException

Returns an Object array containing a CertPath and a List of Booleans. The list contains the value true if the corresponding certificate in the CertPath was taken from the user provided CertStores.

Parameters:

signerCert - the end of the path

trustanchors - trust anchors for the path

systemCertStores - list of CertStore provided by the system

userCertStores - list of CertStore provided by the user

Returns:

a CertPath and a List of booleans.

Throws:

GeneralSecurityException

getCertsAndCRLs

public CertStore getCertsAndCRLs()

getSignerInformationStore

public org.bouncycastle.cms.SignerInformationStore getSignerInformationStore()

getValidationResult

public SignedMailValidator.ValidationResult getValidationResult(org.bouncycastle.cms.SignerInformation signer)
                                                         throws SignedMailValidatorException

Throws:

SignedMailValidatorException