Class SignedMailValidator
java.lang.Object
org.bouncycastle.mail.smime.validator.SignedMailValidator
-
Nested Class Summary
Nested Classes -
Constructor Summary
ConstructorsConstructorDescriptionSignedMailValidator
(javax.mail.internet.MimeMessage message, PKIXParameters param) Validates the signedMimeMessage
message.SignedMailValidator
(javax.mail.internet.MimeMessage message, PKIXParameters param, Class certPathReviewerClass) Validates the signedMimeMessage
message. -
Method Summary
Modifier and TypeMethodDescriptionprotected void
checkSignerCert
(X509Certificate cert, List errors, List notifications) static CertPath
createCertPath
(X509Certificate signerCert, Set trustanchors, List certStores) static Object[]
createCertPath
(X509Certificate signerCert, Set trustanchors, List systemCertStores, List userCertStores) Returns an Object array containing a CertPath and a List of Booleans.static Set
static Date
getSignatureTime
(org.bouncycastle.cms.SignerInformation signer) org.bouncycastle.cms.SignerInformationStore
getValidationResult
(org.bouncycastle.cms.SignerInformation signer) protected void
validateSignatures
(PKIXParameters pkixParam)
-
Constructor Details
-
SignedMailValidator
public SignedMailValidator(javax.mail.internet.MimeMessage message, PKIXParameters param) throws SignedMailValidatorException Validates the signedMimeMessage
message. ThePKIXParameters
from param are used for the certificate path validation. The actual PKIXParameters used for the certificate path validation is a copy of param with the followin changes:
- The validation date is changed to the signature time
- A CertStore with certificates and crls from the mail message is added to the CertStores.
Inparam
it's also possible to add additional CertStores with intermediate Certificates and/or CRLs which then are also used for the validation.- Parameters:
message
- the signed MimeMessageparam
- the parameters for the certificate path validation- Throws:
SignedMailValidatorException
- if the message is no signed message or if an exception occurs reading the message
-
SignedMailValidator
public SignedMailValidator(javax.mail.internet.MimeMessage message, PKIXParameters param, Class certPathReviewerClass) throws SignedMailValidatorException Validates the signedMimeMessage
message. ThePKIXParameters
from param are used for the certificate path validation. The actual PKIXParameters used for the certificate path validation is a copy of param with the followin changes:
- The validation date is changed to the signature time
- A CertStore with certificates and crls from the mail message is added to the CertStores.
Inparam
it's also possible to add additional CertStores with intermediate Certificates and/or CRLs which then are also used for the validation.- Parameters:
message
- the signed MimeMessageparam
- the parameters for the certificate path validationcertPathReviewerClass
- a subclass ofPKIXCertPathReviewer
. The SignedMailValidator uses objects of this type for the cert path vailidation. The class must have an empty constructor.- Throws:
SignedMailValidatorException
- if the message is no signed message or if an exception occurs reading the messageIllegalArgumentException
- if the certPathReviewerClass is not a subclass ofPKIXCertPathReviewer
or objects of certPathReviewerClass can not be instantiated
-
-
Method Details
-
validateSignatures
-
getEmailAddresses
public static Set getEmailAddresses(X509Certificate cert) throws IOException, CertificateEncodingException -
checkSignerCert
-
getSignatureTime
-
createCertPath
public static CertPath createCertPath(X509Certificate signerCert, Set trustanchors, List certStores) throws GeneralSecurityException - Parameters:
signerCert
- the end of the pathtrustanchors
- trust anchors for the pathcertStores
-- Returns:
- the resulting certificate path.
- Throws:
GeneralSecurityException
-
createCertPath
public static Object[] createCertPath(X509Certificate signerCert, Set trustanchors, List systemCertStores, List userCertStores) throws GeneralSecurityException Returns an Object array containing a CertPath and a List of Booleans. The list contains the valuetrue
if the corresponding certificate in the CertPath was taken from the user provided CertStores.- Parameters:
signerCert
- the end of the pathtrustanchors
- trust anchors for the pathsystemCertStores
- list ofCertStore
provided by the systemuserCertStores
- list ofCertStore
provided by the user- Returns:
- a CertPath and a List of booleans.
- Throws:
GeneralSecurityException
-
getCertsAndCRLs
-
getSignerInformationStore
public org.bouncycastle.cms.SignerInformationStore getSignerInformationStore() -
getValidationResult
public SignedMailValidator.ValidationResult getValidationResult(org.bouncycastle.cms.SignerInformation signer) throws SignedMailValidatorException - Throws:
SignedMailValidatorException
-