oracle.security.crypto.smime

Class SmimeSigned

java.lang.Object

oracle.security.crypto.smime.SmimeSigned

All Implemented Interfaces:

SmimeObject, SmimeSignedObject

public class SmimeSigned
extends java.lang.Object
implements SmimeSignedObject

A S/MIME Signed Message.

Constructor Summary

Constructors

Constructor and Description
SmimeSigned() Create an empty SmimeSigned.
SmimeSigned(MimeBodyPart content) Create a SmimeSigned.
SmimeSigned(MimeBodyPart content, boolean useCompression) Create a SmimeSigned.

Method Summary

Modifier and Type	Method and Description
void	addCertificate(java.security.cert.X509Certificate cert) Add a Certificate.
void	addCRL(CRL crl) Add a CRL.
void	addSignature(java.security.PrivateKey signerKey, java.security.cert.X509Certificate signerCert, AlgorithmIdentifier digestAlgID) Add a Signature.
void	addSignature(java.security.PrivateKey signerKey, java.security.cert.X509Certificate signerCert, AlgorithmIdentifier digestAlgID, AttributeSet signedAttributes) Add a Signature.
void	addSignature(java.security.PrivateKey signerKey, java.security.cert.X509Certificate signerCert, AlgorithmIdentifier digestAlgID, java.util.Date timeStamp) Add a Signature.
void	addSignature(java.security.PrivateKey signerKey, java.security.cert.X509Certificate signerCert, AlgorithmIdentifier digestAlgID, java.util.Date timeStamp, SmimeCapabilities smimeCaps) Add a Signature.
void	addSignature(java.security.PrivateKey signerKey, java.security.cert.X509Certificate signerCert, AlgorithmIdentifier digestAlgID, SmimeCapabilities smimeCaps) Add a Signature.
java.lang.String	generateContentType() Returns the content type.
java.lang.String	generateContentType(boolean useStandardContentTypes) Returns the content type.
java.util.Vector	getCertificates() Returns the list of X509 certificates included with this signed data object.
java.util.Vector	getCRLs() Returns the list of CRLs included with this signed data object.
MimeBodyPart	getEnclosedBodyPart() Returns the message content that was signed.
EquivalentLabels	getEquivalentLabels(java.security.cert.X509Certificate signerCert) Returns the EquivalentLabels if present or null.
ESSSecurityLabel	getESSSecurityLabel(java.security.cert.X509Certificate signerCert) Returns the ESSSecurityLabel if present or null.
MLExpansionHistory	getMLExpansionHistory(java.security.cert.X509Certificate signerCert) Returns the MLExpansionHistory if present or null.
ESSReceipt	getReceipt() Returns the Receipt if this object is a signed receipt.
ReceiptRequest	getReceiptRequest(java.security.cert.X509Certificate signerCert) Returns the ReceiptRequest if present or null.
SigningCertificate	getSigningCertificate(java.security.cert.X509Certificate signerCert) Returns the SigningCertificate Attribute if present or null.
boolean	isSignedReceipt() Indicates if this Object is a signed receipt.
java.util.Enumeration	signers() Returns the list of signers.
void	verify(CertificateTrustPolicy trustPolicy) Verify the Signature using the specified trust policy.
void	verify(CertificateTrustPolicy trustPolicy, Address[] senderAddresses) Verify the Signature using the specified trust policy and list of email addresses.
void	verifySignature(java.security.cert.X509Certificate signerCert) Verify the Signature using the specified certificate.
void	verifySignature(java.security.cert.X509Certificate signerCert, Address[] senderAddresses) Verify the Signature using the specified certificate and list of email addresses.
void	writeTo(java.io.OutputStream os, java.lang.String mimeType) Writes this SmimeSigned to the given output stream.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SmimeSigned

public SmimeSigned()

Create an empty SmimeSigned.

SmimeSigned

public SmimeSigned(MimeBodyPart content)
            throws MessagingException,
                   java.io.IOException

Create a SmimeSigned.

Parameters:

content - The message content.

Throws:

MessagingException - An error occurred while setting the message content.

java.io.IOException - The message content is empty.

SmimeSigned

public SmimeSigned(MimeBodyPart content,
                   boolean useCompression)
            throws MessagingException,
                   java.io.IOException

Create a SmimeSigned.

Parameters:

content - The message content.

useCompression - Indicate if the content must be compressed.

Throws:

MessagingException - An error occurred while setting the message content.

java.io.IOException - The message content is empty.

Method Detail

addCertificate

public void addCertificate(java.security.cert.X509Certificate cert)

Add a Certificate.

Note the change in the method signature

Previously : public void addCertificate (X509)

Now : public void addCertificate (X509Certificate )

Parameters:

cert - The X509 certificate.

addCRL

public void addCRL(CRL crl)

Add a CRL.

Parameters:

crl - The CRL.

addSignature

public void addSignature(java.security.PrivateKey signerKey,
                         java.security.cert.X509Certificate signerCert,
                         AlgorithmIdentifier digestAlgID)
                  throws java.security.InvalidKeyException,
                         java.security.SignatureException,
                         java.security.NoSuchAlgorithmException,
                         java.security.cert.CertificateEncodingException,
                         java.io.IOException

Add a Signature.

The contentType and messageDigest must not be present in the AttributeSet signedAttributes.

Note the changes in the method signature

Previously :public void addSignature (oracle.security.crypto.core.PrivateKey , X509, AlgorithmIdentifier)

Now :public void addSignature (java.security.PrivateKey , X509Certificate , AlgorithmIdentifier )

Note the changes in the exceptions

Exceptions introduced --NoSuchAlgorithmException, IOException,CertificateEncodingException,java.security.InvalidKeyException, java.security.SignatureException

Exceptions no longer thrown-- AlgorithmIdentifierException , oracle.security.crypto.core.InvalidKeyException, oracle.security.crypto.core.signatureException

Parameters:

signerKey - The private key of the signer.

signerCert - The X509 certificate of the signer.

digestAlgID - The digest algorithm.

Throws:

java.security.NoSuchAlgorithmException - The digest or signature algorithm is not supported.

java.security.SignatureException - An error occurred during signature generation.

java.security.InvalidKeyException - The private key is not valid.

java.security.cert.CertificateEncodingException - Specifies an encoding error

java.io.IOException - Input/Output Exception while instantiating X509 from an inputstream

addSignature

public void addSignature(java.security.PrivateKey signerKey,
                         java.security.cert.X509Certificate signerCert,
                         AlgorithmIdentifier digestAlgID,
                         java.util.Date timeStamp)
                  throws java.security.InvalidKeyException,
                         java.security.SignatureException,
                         java.security.NoSuchAlgorithmException,
                         java.security.cert.CertificateEncodingException,
                         java.io.IOException

Add a Signature.

The contentType and messageDigest must not be present in the AttributeSet signedAttributes.

Note the changes in the method signature

Previously :public void addSignature (oracle.security.crypto.core.PrivateKey , X509, AlgorithmIdentifier ,Date)

Now :public void addSignature (java.security.PrivateKey , X509Certificate , AlgorithmIdentifier,Date )

Note the changes in the exceptions

Exceptions introduced --NoSuchAlgorithmException, IOException,CertificateEncodingException,java.security.InvalidKeyException, java.security.SignatureException

Exceptions no longer thrown-- AlgorithmIdentifierException , oracle.security.crypto.core.InvalidKeyException, oracle.security.crypto.core.signatureException

Parameters:

signerKey - The private key of the signer.

signerCert - The X509 certificate of the signer.

digestAlgID - The digest algorithm.

timeStamp - The Signing Time.

Throws:

java.security.NoSuchAlgorithmException - The digest or signature algorithm is not supported.

java.security.SignatureException - An error occurred during signature generation.

java.security.InvalidKeyException - The private key is not valid.

java.security.cert.CertificateEncodingException - Specifies an encoding error

java.io.IOException - Input/Output Exception while instantiating X509 from an inputstream

addSignature

public void addSignature(java.security.PrivateKey signerKey,
                         java.security.cert.X509Certificate signerCert,
                         AlgorithmIdentifier digestAlgID,
                         SmimeCapabilities smimeCaps)
                  throws java.security.InvalidKeyException,
                         java.security.SignatureException,
                         java.security.NoSuchAlgorithmException,
                         java.security.cert.CertificateEncodingException,
                         java.io.IOException

Add a Signature.

The contentType and messageDigest must not be present in the AttributeSet signedAttributes.

Note the changes in the method signature

Previously :public void addSignature (oracle.security.crypto.core.PrivateKey , X509, AlgorithmIdentifier ,SmimeCapabilities)

Now :public void addSignature (java.security.PrivateKey , X509Certificate , AlgorithmIdentifier,SmimeCapabilities )

Note the changes in the exceptions

Exceptions introduced --NoSuchAlgorithmException, IOException,CertificateEncodingException,java.security.InvalidKeyException, java.security.SignatureException

Exceptions no longer thrown-- AlgorithmIdentifierException , oracle.security.crypto.core.InvalidKeyException, oracle.security.crypto.core.signatureException

Parameters:

signerKey - The private key of the signer.

signerCert - The X509 certificate of the signer.

digestAlgID - The digest algorithm.

smimeCaps - The Smime Capabilities.

Throws:

java.security.NoSuchAlgorithmException - The digest or signature algorithm is not supported.

java.security.SignatureException - An error occurred during signature generation.

java.security.InvalidKeyException - The private key is not valid.

java.security.cert.CertificateEncodingException - Specifies an encoding error

java.io.IOException - Input/Output Exception while instantiating X509 from an inputstream

addSignature

public void addSignature(java.security.PrivateKey signerKey,
                         java.security.cert.X509Certificate signerCert,
                         AlgorithmIdentifier digestAlgID,
                         java.util.Date timeStamp,
                         SmimeCapabilities smimeCaps)
                  throws java.security.InvalidKeyException,
                         java.security.SignatureException,
                         java.security.NoSuchAlgorithmException,
                         java.security.cert.CertificateEncodingException,
                         java.io.IOException

Add a Signature.

The contentType and messageDigest must not be present in the AttributeSet signedAttributes.

Note the changes in the method signature

Previously :public void addSignature (oracle.security.crypto.core.PrivateKey , X509, AlgorithmIdentifier ,Date, SmimeCapabilities)

Now :public void addSignature (java.security.PrivateKey , X509Certificate , AlgorithmIdentifier,Date, SmimeCapabilities )

Note the changes in the exceptions

Exceptions introduced --NoSuchAlgorithmException, IOException,CertificateEncodingException,java.security.InvalidKeyException, java.security.SignatureException

Exceptions no longer thrown-- AlgorithmIdentifierException , oracle.security.crypto.core.InvalidKeyException, oracle.security.crypto.core.signatureException

Parameters:

signerKey - The private key of the signer.

signerCert - The X509 certificate of the signer.

digestAlgID - The digest algorithm.

timeStamp - The Signing Time.

smimeCaps - The Smime Capabilities.

Throws:

java.security.NoSuchAlgorithmException - The digest or signature algorithm is not supported.

java.security.SignatureException - An error occurred during signature generation.

java.security.InvalidKeyException - The private key is not valid.

java.security.cert.CertificateEncodingException - Specifies an encoding error

java.io.IOException - Input/Output Exception while instantiating X509 from an inputstream

addSignature

public void addSignature(java.security.PrivateKey signerKey,
                         java.security.cert.X509Certificate signerCert,
                         AlgorithmIdentifier digestAlgID,
                         AttributeSet signedAttributes)
                  throws java.security.InvalidKeyException,
                         java.security.SignatureException,
                         java.security.NoSuchAlgorithmException,
                         java.io.IOException,
                         java.security.cert.CertificateEncodingException

Add a Signature.

The contentType, messageDigest, signingTime and smimeCapabilities must not be present in the AttributeSet signedAttributes.

Note the changes in the method signature

Previously :public void addSignature (oracle.security.crypto.core.PrivateKey , X509, AlgorithmIdentifier ,AttributeSet)

Now :public void addSignature (java.security.PrivateKey , X509Certificate , AlgorithmIdentifier,AttributeSet)

Note the changes in the exceptions

Exceptions introduced --NoSuchAlgorithmException, IOException,CertificateEncodingException,java.security.InvalidKeyException, java.security.SignatureException

Exceptions no longer thrown-- AlgorithmIdentifierException , oracle.security.crypto.core.InvalidKeyException, oracle.security.crypto.core.signatureException

Parameters:

signerKey - The private key of the signer.

signerCert - The X509 certificate of the signer.

digestAlgID - The digest algorithm.

signedAttributes - The set of signed attributes.

Throws:

java.security.NoSuchAlgorithmException - The digest or signature algorithm is not supported.

java.security.SignatureException - An error occurred during signature generation.

java.security.InvalidKeyException - The private key is not valid.

java.security.cert.CertificateEncodingException - Specifies an encoding error

java.io.IOException - Input/Output Exception while instantiating X509 from an inputstream

getReceipt

public ESSReceipt getReceipt()

Returns the Receipt if this object is a signed receipt.

Returns:

A ESSReceipt if present or null otherwise.

getEnclosedBodyPart

public MimeBodyPart getEnclosedBodyPart()
                                 throws InvalidInputException,
                                        MessagingException

Returns the message content that was signed.

Specified by:

getEnclosedBodyPart in interface SmimeSignedObject

Returns:

The message content as a MimeBodyPart.

Throws:

InvalidInputException - The message content type is not correct.

MessagingException - An error occurred while initializing the content.

isSignedReceipt

public boolean isSignedReceipt()

Indicates if this Object is a signed receipt.

If the S/MIME message content type parameters are missing, it will be treated as a signed message but the data content handler.

Returns:

If true this object is wrapped; false otherwise.

getCertificates

public java.util.Vector getCertificates()

Returns the list of X509 certificates included with this signed data object.

Specified by:

getCertificates in interface SmimeSignedObject

Returns:

A Vector containing X509Certificate objects or null if no list of certificates is present.

getCRLs

public java.util.Vector getCRLs()

Returns the list of CRLs included with this signed data object.

Specified by:

getCRLs in interface SmimeSignedObject

Returns:

A Vector containing CRL objects or null if no list of CRLs is present.

signers

public java.util.Enumeration signers()

Returns the list of signers.

Specified by:

signers in interface SmimeSignedObject

Returns:

A Vector containing CMSSignerInfo objects.

verifySignature

public void verifySignature(java.security.cert.X509Certificate signerCert)
                     throws AuthenticationException,
                            java.security.SignatureException

Verify the Signature using the specified certificate.

Note the changes in the method signature

Previously :public void verifySignature (X509)

Now :public void verifySignature (X509Certificate )

Specified by:

verifySignature in interface SmimeSignedObject

Parameters:

signerCert - The X509 certificate.

Throws:

AuthenticationException - Signature verification failed.

java.security.SignatureException - The specified certificate does not belong to any of the message signers.

verifySignature

public void verifySignature(java.security.cert.X509Certificate signerCert,
                            Address[] senderAddresses)
                     throws AuthenticationException,
                            java.security.SignatureException

Verify the Signature using the specified certificate and list of email addresses.

Note the changes in the method signature

Previously :public void verifySignature (X509,Address[])

Now :public void verifySignature (X509Certificate ,Address[])

Specified by:

verifySignature in interface SmimeSignedObject

Parameters:

signerCert - The X509 certificate.

Throws:

AuthenticationException - Signature verification failed or the email address in the certificate did not match any in the email address list.

java.security.SignatureException - The specified certificate does not belong to any of the message signers.

verify

public void verify(CertificateTrustPolicy trustPolicy)
            throws AuthenticationException

Verify the Signature using the specified trust policy.

Specified by:

verify in interface SmimeSignedObject

Parameters:

trustPolicy - The certificate trust policy.

Throws:

AuthenticationException - Signature verification failed.

verify

public void verify(CertificateTrustPolicy trustPolicy,
                   Address[] senderAddresses)
            throws AuthenticationException

Verify the Signature using the specified trust policy and list of email addresses.

Specified by:

verify in interface SmimeSignedObject

Parameters:

trustPolicy - The certificate trust policy.

Throws:

AuthenticationException - Signature verification failed or the email address in the certificate did not match any in the email address list.

getESSSecurityLabel

public ESSSecurityLabel getESSSecurityLabel(java.security.cert.X509Certificate signerCert)
                                     throws AuthenticationException,
                                            java.security.SignatureException

Returns the ESSSecurityLabel if present or null.

The signature of the SignerInfo that covers the ESSSecurityLabel is first verified. Then, it verifies that all the ESSSecurityLabel's in the signed message are identical.

Note the changes in the method signature

Previously : public ESSSecurityLabel getESSSecurityLabel(X509)

Now : public ESSSecurityLabel getESSSecurityLabel(X509Certificate )

Specified by:

getESSSecurityLabel in interface SmimeSignedObject

Returns:

A valid security label.

Throws:

AuthenticationException - Signature verification did not succeed on any SignerInfo.

java.security.SignatureException - No valid security label could be found.

getEquivalentLabels

public EquivalentLabels getEquivalentLabels(java.security.cert.X509Certificate signerCert)
                                     throws AuthenticationException,
                                            java.security.SignatureException

Returns the EquivalentLabels if present or null.

The signature of the SignerInfo that covers the EquivalentLabels is first verified. Then, it verifies that all the EquivalentLabels in the signed message are identical.

Note the changes in the method signature

Previously : public EquivalentLabels getEquivalentLabels(X509)

Now : public EquivalentLabels getEquivalentLabels(X509Certificate )

Specified by:

getEquivalentLabels in interface SmimeSignedObject

Returns:

A valid equivalent labels.

Throws:

AuthenticationException - Signature verification did not succeed on any SignerInfo.

java.security.SignatureException - No valid equivalent labels could be found.

getSigningCertificate

public SigningCertificate getSigningCertificate(java.security.cert.X509Certificate signerCert)
                                         throws AuthenticationException,
                                                java.security.SignatureException

Returns the SigningCertificate Attribute if present or null.

The signature of the SignerInfo that covers the SigningCertificate is verified.

Note the changes in the method signature

Previously : public SigningCertificate getSigningCertificate (X509)

Now : public SigningCertificate getSigningCertificate (X509Certificate )

Specified by:

getSigningCertificate in interface SmimeSignedObject

Returns:

A valid signing certificate.

Throws:

AuthenticationException - Signature verification did not succeed on any SignerInfo.

java.security.SignatureException - No valid signing certificate could be found.

getMLExpansionHistory

public MLExpansionHistory getMLExpansionHistory(java.security.cert.X509Certificate signerCert)
                                         throws AuthenticationException,
                                                java.security.SignatureException

Returns the MLExpansionHistory if present or null.

The signature of the SignerInfo that covers the MLExpansionHistory is first verified. Then, it verifies that all the MLExpansionHistory's in the signed message are identical.

Note the changes in the method signature

Previously : public MLExpansionHistory getMLExpansionHistory(X509)

Now : public MLExpansionHistory getMLExpansionHistory(X509Certificate )

Specified by:

getMLExpansionHistory in interface SmimeSignedObject

Returns:

A valid mailing list expansion history.

Throws:

AuthenticationException - Signature verification did not succeed on any SignerInfo.

java.security.SignatureException - No valid mailing list expansion history could be found.

getReceiptRequest

public ReceiptRequest getReceiptRequest(java.security.cert.X509Certificate signerCert)
                                 throws AuthenticationException,
                                        java.security.SignatureException

Returns the ReceiptRequest if present or null.

The signature of the SignerInfo that covers the ReceiptRequest is first verified. Then, it verifies that all the ReceiptRequest's in the signed message are identical.

Note the changes in the method signature

Previously : public ReceiptRequest getReceiptRequest(X509)

Now : public ReceiptRequest getReceiptRequest(X509Certificate )

Specified by:

getReceiptRequest in interface SmimeSignedObject

Returns:

A valid receipt request.

Throws:

AuthenticationException - Signature verification did not succeed on any SignerInfo.

java.security.SignatureException - No valid receipt request could be found.

generateContentType

public java.lang.String generateContentType(boolean useStandardContentTypes)

Returns the content type.

Specified by:

generateContentType in interface SmimeObject

Parameters:

useStandardContentTypes - If true the standard content type is generated; If false the experimental content type is generated.

Returns:

The content type string.

generateContentType

public java.lang.String generateContentType()

Returns the content type.

Specified by:

generateContentType in interface SmimeObject

Returns:

The content type string.

writeTo

public void writeTo(java.io.OutputStream os,
                    java.lang.String mimeType)
             throws java.io.IOException,
                    MessagingException

Writes this SmimeSigned to the given output stream. Relevant canonicalizations, such as transforming text line-breaks to CRLF, are applied.

Specified by:

writeTo in interface SmimeObject

Parameters:

os - The output stream to which this SmimeEnveloped will be written.

mimeType - Ignored.

Throws:

java.io.IOException - An I/O error occurred.

MessagingException - An error occurred while writing the smime message.