|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.dstc.security.smime.SMIMESignature
A class for signing or verifying MIME messages according to S/MIME v3.
Constructor Summary | |
SMIMESignature()
Default constructor |
Method Summary | |
void |
initSign(String digestAlgName,
PrivateKey priv,
X509Certificate[] certChain,
boolean opaque)
Initializes for signing one or more MimeMessages with a supplied private key and certificate chain, a digest algorithm and an indication of whether 'clear signing' or 'opaque signing' is required. |
void |
initVerify(Vector trusted,
Vector certStore)
Initializes for verifying one or more MimeMessages with a Vector of trusted certificates (trust anchors) and an optional certificate store for certification path construction. |
void |
setMessage(MimeMessage origMsg)
Sets the message to be signed or verified. |
MimeMessage |
sign()
Signs the previously set MimeMessage, and if successful returns a MimeMessage encapsulating a representation of the signed message. |
VerificationResult |
verify()
Verifies the previously set MimeMessage, and if successful returns a VerificationResult. |
Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
Constructor Detail |
public SMIMESignature()
Method Detail |
public void initSign(String digestAlgName, PrivateKey priv, X509Certificate[] certChain, boolean opaque) throws SMIMEException
The certificate chain must start with the user certificate, and must be at least length 1. The user certificate must have its key usage set for signing, if a key usage extension exists. Current practice is to include all the certificates in the chain up to (but not including) the root certificate (if intermediate CA certificates are not included, a verifier will need a supplementary certificate store or repository in order to perform certificate path validation).
The parameter opaque must be set to true for "opaque signing" and false for "clear signing". Supported digest algorithms are "MD5" and "SHA-1" (recommended).
priv
- private key to sign messages withcertChain
- certificate chain associated with priv, with the
user certificate being the first entryopaque
- true for opaque signing and false for clear signingpublic void initVerify(Vector trusted, Vector certStore) throws SMIMEException
A certificate store will be required for certificate path validation if the certificates carried in the message itself is insufficient for that to happen (for instance, if intermediate CA certificates are not carried).
trusted
- Vector of trusted X509CertificatescertStore
- Vector of X509Certificates representing a
supplementary storage for certificates useful
in certificate path building.public void setMessage(MimeMessage origMsg) throws IOException, MessagingException, SMIMEException
origMsg
- MimeMessage to be signed or verified.public MimeMessage sign() throws SMIMEException, IOException, MessagingException
After this call, the CMSSignature is returned to the state it was in after the previous initSign() call, and is ready to sign more messages.
After this call, the state is reset to what it was in right after the previous call to initSign().
public VerificationResult verify() throws SMIMEException, MessagingException, IOException
After this call, the CMSSignature is returned to the state it was in after the previous initVerify() call, and is ready to verify more messages.
NB: If the previously set MimeMessage does not represent a signed message, a CMSException will be thrown.
After this call, the state is reset to what it was in right after the previous call to initVerify().
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |