oracle.security.crypto.smime

Class SmimeSignedReceipt

java.lang.Object

oracle.security.crypto.smime.SmimeSignedReceipt

All Implemented Interfaces:

SmimeObject, SmimeSignedObject

public class SmimeSignedReceipt
extends java.lang.Object
implements SmimeSignedObject

This class encapsulates a wrapped signed receipt.

Constructor Summary

Constructors

Constructor and Description
SmimeSignedReceipt(ESSReceipt receipt, byte[] msgSigDigest, Address[] receiptsToAddresses) Create a SmimeSignedReceipt.
SmimeSignedReceipt(java.io.InputStream is) Create a SmimeSignedReceipt by reading the BER encoding from the specified input stream.
SmimeSignedReceipt(SmimeSignedObject smimeObj) Create a SmimeSignedReceipt.
SmimeSignedReceipt(SmimeSignedObject smimeSigned, java.security.cert.X509Certificate signerCert, Address[] messageRecipientAddresses) Create a SmimeSignedReceipt using the signed message containing a receipt request.
SmimeSignedReceipt(SmimeSignedObject smimeSigned, java.security.cert.X509Certificate signerCert, Address[] messageRecipientAddresses, MLExpansionHistory mlExpansionHistory) Create a SmimeSignedReceipt using the signed message containing a receipt request.

Method Summary

Modifier and Type	Method and Description
void	addCertificate(java.security.cert.X509Certificate cert) Adds a X509 Certificate
void	addCRL(CRL crl)
void	addSignature(java.security.PrivateKey signerKey, java.security.cert.X509Certificate signerCert, AlgorithmIdentifier digestAlgID) Adds a signature object
void	addSignature(java.security.PrivateKey signerKey, java.security.cert.X509Certificate signerCert, AlgorithmIdentifier digestAlgID, AttributeSet signedAttributes) Adds a signature object
void	addSignature(java.security.PrivateKey signerKey, java.security.cert.X509Certificate signerCert, AlgorithmIdentifier digestAlgID, java.util.Date timeStamp) Adds a signature object
void	addSignature(java.security.PrivateKey signerKey, java.security.cert.X509Certificate signerCert, AlgorithmIdentifier digestAlgID, java.util.Date timeStamp, SmimeCapabilities smimeCaps) Adds a signature object
void	addSignature(java.security.PrivateKey signerKey, java.security.cert.X509Certificate signerCert, AlgorithmIdentifier digestAlgID, SmimeCapabilities smimeCaps) Adds a signature object
java.lang.String	generateContentType() Returns the content type of this smime object.
java.lang.String	generateContentType(boolean useStandardContentTypes) Returns the content type of this smime object.
java.util.Vector	getCertificates() Returns the list of Certificates included with this signed data object, or null if no list of Certificates is present.
java.util.Vector	getCRLs() Returns the list of CRLs included with this signed data object, or null if no list of CRLs is present.
MimeBodyPart	getEnclosedBodyPart() Returns a MimeBodyPart containing a DER encoded ESS Receipt.
ESSReceipt	getEnclosedReceipt() Returns the ESS Receipt.
EquivalentLabels	getEquivalentLabels(java.security.cert.X509Certificate signerCert) Returns the EquivalentLabels if present or null.
ESSSecurityLabel	getESSSecurityLabel(java.security.cert.X509Certificate signerCert) Returns the ESSSecurityLabel if present or null.
MLExpansionHistory	getMLExpansionHistory(java.security.cert.X509Certificate signerCert) Returns the MLExpansionHistory if present or null.
ReceiptRequest	getReceiptRequest(java.security.cert.X509Certificate signerCert) Returns the ReceiptRequest if present or null.
Address[]	getReceiptsToAddresses() Returns the list of recipients to whom the receipt must be sent.
SigningCertificate	getSigningCertificate(java.security.cert.X509Certificate signerCert) Returns the SigningCertificate Attribute if present or null.
java.util.Enumeration	signers() Returns the signatures on this signed data object, in the form of an enumeration, each element of which is an instance of CMSSignerInfo.
void	verify(CertificateTrustPolicy trustPolicy) Returns normally if this CMS signed data object contains at least one valid signature, according to the given trust policy; otherwise throws an AuthenticationException.
void	verify(CertificateTrustPolicy trustPolicy, Address[] senderAddresses) Does the same thing as SmimeSignedObject.verify(CertificateTrustPolicy), except that in addition, it checks to make sure that the terminating certificate of the validating certificate chain contains an email address which is present in the specified list of sender addresses.
void	verifyReceipt(SmimeSignedObject originalSmimeSignedObject, java.security.cert.X509Certificate signerCert) Stores the SignerInfo object that contains the original receipt request that will be used to validate a received receipt
void	verifySignature(java.security.cert.X509Certificate signerCert) Verify the signature
void	verifySignature(java.security.cert.X509Certificate signerCert, Address[] senderAddresses) Verify the signature
void	writeTo(java.io.OutputStream os, java.lang.String mimeType) Writes this SmimeSigned to the given output stream.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SmimeSignedReceipt

public SmimeSignedReceipt(SmimeSignedObject smimeSigned,
                          java.security.cert.X509Certificate signerCert,
                          Address[] messageRecipientAddresses)
                   throws InvalidInputException,
                          ESSException

Create a SmimeSignedReceipt using the signed message containing a receipt request.

Note the changes in the method signature

Previouslypublic SmimeSignedReceipt (SmimeSignedObject , X509, Address[] )

Nowpublic SmimeSignedReceipt (SmimeSignedObject , X509Certificate, Address[] )

Parameters:

smimeSigned - A signed message (must not be a signed receipt).

signerCert - The signer certificate that will be used to verify the signature.

messageRecipientAddresses - Addresses of the message recipient.

Throws:

InvalidInputException - The receipt request attribute encoding was incorrect or multipe receipt request attribute were present or the input signed object is a receipt.

ESSException - This message does not require a receipt be generated.

SmimeSignedReceipt

public SmimeSignedReceipt(SmimeSignedObject smimeSigned,
                          java.security.cert.X509Certificate signerCert,
                          Address[] messageRecipientAddresses,
                          MLExpansionHistory mlExpansionHistory)
                   throws InvalidInputException,
                          ESSException

Create a SmimeSignedReceipt using the signed message containing a receipt request.

Note the changes in the method signature

Previouslypublic SmimeSignedReceipt (SmimeSignedObject , X509, Address[],MLExpansionHistory )

Nowpublic SmimeSignedReceipt (SmimeSignedObject , X509Certificate, Address[],MLExpansionHistory )

Parameters:

smimeSigned - A signed message (must not be a signed receipt).

signerCert - The signer certificate that will be used to verify the signature.

mlExpansionHistory - The MLExpansionHistory attribute present in the outermost signed-data block or null otherwise.

messageRecipientAddresses - Addresses of the message recipient.

Throws:

InvalidInputException - The receipt request attribute encoding was incorrect or multipe receipt request attributes were present.

ESSException - This message does not require a receipt be generated.

SmimeSignedReceipt

public SmimeSignedReceipt(SmimeSignedObject smimeObj)
                   throws InvalidInputException

Create a SmimeSignedReceipt.

Parameters:

smimeObj - The SmimeSignedObject containing a receipt.

Throws:

InvalidInputException - The signed object does not contain a receipt.

SmimeSignedReceipt

public SmimeSignedReceipt(ESSReceipt receipt,
                          byte[] msgSigDigest,
                          Address[] receiptsToAddresses)

Create a SmimeSignedReceipt.

Parameters:

receipt - The pre-computed receipt to send.

SmimeSignedReceipt

public SmimeSignedReceipt(java.io.InputStream is)
                   throws java.io.IOException

Create a SmimeSignedReceipt by reading the BER encoding from the specified input stream.

Parameters:

is - The input stream.

Throws:

java.io.IOException - The input encoding is not correct or an I/O error occurred.

Method Detail

addCertificate

public void addCertificate(java.security.cert.X509Certificate cert)

Adds a X509 Certificate

Note the changes in the method signature

Previouslypublic void addCertificate (X509Certificate cert)

Nowpublic void addCertificate (X509Certificate cert)

Parameters:

cert - X509Certificate that needs to be added

addCRL

public void addCRL(CRL crl)

addSignature

public void addSignature(java.security.PrivateKey signerKey,
                         java.security.cert.X509Certificate signerCert,
                         AlgorithmIdentifier digestAlgID)
                  throws java.security.NoSuchAlgorithmException,
                         java.security.SignatureException,
                         java.security.InvalidKeyException,
                         java.io.IOException,
                         java.security.cert.CertificateEncodingException

Adds a signature object

Note the changes in the method signature

Previouslypublic void addSignature (oracle.security.crypto.core.PrivateKey , X509, AlgorithmIdentifier )

Nowpublic void addSignature (java.security.PrivateKey , X509Certificate , AlgorithmIdentifier )

Parameters:

signerKey - The key used for signing

signerCert - The signer's certificate

digestAlgID - The digest Algorithm

Throws:

java.security.NoSuchAlgorithmException - Algorithm not supported

java.security.SignatureException - Error while signature creation

java.security.InvalidKeyException - The key is invalid

java.io.IOException - IOException while creating an X509 certificate

java.security.cert.CertificateEncodingException - Error when certificate encoding

addSignature

public void addSignature(java.security.PrivateKey signerKey,
                         java.security.cert.X509Certificate signerCert,
                         AlgorithmIdentifier digestAlgID,
                         java.util.Date timeStamp)
                  throws java.security.NoSuchAlgorithmException,
                         java.security.SignatureException,
                         java.security.InvalidKeyException,
                         java.io.IOException,
                         java.security.cert.CertificateEncodingException

Adds a signature object

Note the changes in the method signature

Previouslypublic void addSignature (oracle.security.crypto.core.PrivateKey , X509, AlgorithmIdentifier,Date )

Nowpublic void addSignature (java.security.PrivateKey , X509Certificate , AlgorithmIdentifier ,Date)

Parameters:

signerKey - The key used for signing

signerCert - The signer's certificate

digestAlgID - The digest Algorithm

timeStamp - Signing time

Throws:

java.security.NoSuchAlgorithmException - Algorithm not supported

java.security.SignatureException - Error while signature creation

java.security.InvalidKeyException - The key is invalid

java.io.IOException - IOException while creating an X509 certificate

java.security.cert.CertificateEncodingException - Error when certificate encoding

addSignature

public void addSignature(java.security.PrivateKey signerKey,
                         java.security.cert.X509Certificate signerCert,
                         AlgorithmIdentifier digestAlgID,
                         SmimeCapabilities smimeCaps)
                  throws java.security.NoSuchAlgorithmException,
                         java.security.SignatureException,
                         java.security.InvalidKeyException,
                         java.io.IOException,
                         java.security.cert.CertificateEncodingException

Adds a signature object

Note the changes in the method signature

Previouslypublic void addSignature (oracle.security.crypto.core.PrivateKey , X509, AlgorithmIdentifier,SmimeCapabilities )

Nowpublic void addSignature (java.security.PrivateKey , X509Certificate , AlgorithmIdentifier ,SmimeCapabilities)

Parameters:

signerKey - The key used for signing

signerCert - The signer's certificate

digestAlgID - The digest Algorithm

smimeCaps - The smime capabilities

Throws:

java.security.NoSuchAlgorithmException - Algorithm not supported

java.security.SignatureException - Error while signature creation

java.security.InvalidKeyException - The key is invalid

java.io.IOException - IOException while creating an X509 certificate

java.security.cert.CertificateEncodingException - Error when certificate encoding

addSignature

public void addSignature(java.security.PrivateKey signerKey,
                         java.security.cert.X509Certificate signerCert,
                         AlgorithmIdentifier digestAlgID,
                         java.util.Date timeStamp,
                         SmimeCapabilities smimeCaps)
                  throws java.security.NoSuchAlgorithmException,
                         java.security.SignatureException,
                         java.security.InvalidKeyException,
                         java.io.IOException,
                         java.security.cert.CertificateEncodingException

Adds a signature object

Note the changes in the method signature

Previouslypublic void addSignature (oracle.security.crypto.core.PrivateKey , X509, AlgorithmIdentifier, Date ,SmimeCapabilities )

Nowpublic void addSignature (java.security.PrivateKey , X509Certificate , AlgorithmIdentifier, Date ,SmimeCapabilities)

Parameters:

signerKey - The key used for signing

signerCert - The signer's certificate

digestAlgID - The digest Algorithm

timeStamp - Signing time

smimeCaps - The smime capabilities

Throws:

java.security.NoSuchAlgorithmException - Algorithm not supported

java.security.SignatureException - Error while signature creation

java.security.InvalidKeyException - The key is invalid

java.io.IOException - IOException while creating an X509 certificate

java.security.cert.CertificateEncodingException - Error when certificate encoding

addSignature

public void addSignature(java.security.PrivateKey signerKey,
                         java.security.cert.X509Certificate signerCert,
                         AlgorithmIdentifier digestAlgID,
                         AttributeSet signedAttributes)
                  throws java.security.NoSuchAlgorithmException,
                         java.security.SignatureException,
                         java.security.InvalidKeyException,
                         java.io.IOException,
                         java.security.cert.CertificateEncodingException

Adds a signature object

Note the changes in the method signature

Previouslypublic void addSignature (oracle.security.crypto.core.PrivateKey , X509, AlgorithmIdentifier,AttributeSet )

Nowpublic void addSignature (java.security.PrivateKey , X509Certificate , AlgorithmIdentifier, AttributeSet)

Parameters:

signerKey - The key used for signing

signerCert - The signer's certificate

digestAlgID - The digest Algorithm

signedAttributes - The attributes that are signed

Throws:

java.security.NoSuchAlgorithmException - Algorithm not supported

java.security.SignatureException - Error while signature creation

java.security.InvalidKeyException - The key is invalid

java.io.IOException - IOException while creating an X509 certificate

java.security.cert.CertificateEncodingException - Error when certificate encoding

getReceiptsToAddresses

public Address[] getReceiptsToAddresses()

Returns the list of recipients to whom the receipt must be sent.

Returns:

The list of recipients or null.

getEnclosedReceipt

public ESSReceipt getEnclosedReceipt()

Returns the ESS Receipt.

Returns:

The receipt.

getEnclosedBodyPart

public MimeBodyPart getEnclosedBodyPart()
                                 throws InvalidInputException,
                                        MessagingException

Returns a MimeBodyPart containing a DER encoded ESS Receipt.

Specified by:

getEnclosedBodyPart in interface SmimeSignedObject

Returns:

The message content as a MimeBodyPart.

Throws:

InvalidInputException

MessagingException

getCertificates

public java.util.Vector getCertificates()

Returns the list of Certificates included with this signed data object, or null if no list of Certificates is present.

Specified by:

getCertificates in interface SmimeSignedObject

Returns:

A Vector containing X509 objects or null if no list of certificates is present.

getCRLs

public java.util.Vector getCRLs()

Returns the list of CRLs included with this signed data object, or null if no list of CRLs is present.

Specified by:

getCRLs in interface SmimeSignedObject

Returns:

A Vector containing CRL objects or null if no list of CRLs is present.

signers

public java.util.Enumeration signers()

Returns the signatures on this signed data object, in the form of an enumeration, each element of which is an instance of CMSSignerInfo.

This method never returns null.

Specified by:

signers in interface SmimeSignedObject

Returns:

A Vector containing CMSSignerInfo objects.

verifySignature

public void verifySignature(java.security.cert.X509Certificate signerCert)
                     throws AuthenticationException,
                            java.security.SignatureException

Verify the signature

Note the changes in the method signature

Previously public void verifySignature (X509)

Now public void verifySignature (X509Certificate )

Specified by:

verifySignature in interface SmimeSignedObject

Parameters:

signerCert - The signer's certificate

Throws:

oracle.security.crypto.core.AuthenticationException - Signature verification failed

java.security.SignatureException - Error while creating signature object for verification

AuthenticationException - if the signature is not valid, or could not be verified for some reason (e.g., the algorithm identifier is unrecognized)

verifySignature

public void verifySignature(java.security.cert.X509Certificate signerCert,
                            Address[] senderAddresses)
                     throws AuthenticationException,
                            java.security.SignatureException

Verify the signature

Note the changes in the method signature

Previously public void verifySignature (X509,Address[])

Now public void verifySignature (X509Certificate ,Address[])

Specified by:

verifySignature in interface SmimeSignedObject

Parameters:

signerCert - The signer's certificate

senderAddresses - Addresses of the sender

Throws:

oracle.security.crypto.core.AuthenticationException - Signature verification failed

java.security.SignatureException - Error while creating signature object for verification

AuthenticationException

verify

public void verify(CertificateTrustPolicy trustPolicy)
            throws AuthenticationException

Description copied from interface: SmimeSignedObject

Returns normally if this CMS signed data object contains at least one valid signature, according to the given trust policy; otherwise throws an AuthenticationException.

In order to be considered valid, there must be at least one signature on this CMS message which is validated by one of the certificates included with it; furthermore, the validating certificate must itself be valid according to the given certificate trust policy. This latter validation process may involve examining the other certificates or CRLs included with this object, if called for by the trust policy.

If a signature is encountered for which a certification path can be found, but is invalid, an AuthenticationException will be created, but will not be thrown until all other signatures have been checked. If another signature is found which is valid, then the method simply returns and no exception at all is thrown.

Specified by:

verify in interface SmimeSignedObject

Throws:

AuthenticationException - if there is no valid signature

verify

public void verify(CertificateTrustPolicy trustPolicy,
                   Address[] senderAddresses)
            throws AuthenticationException

Description copied from interface: SmimeSignedObject

Does the same thing as SmimeSignedObject.verify(CertificateTrustPolicy), except that in addition, it checks to make sure that the terminating certificate of the validating certificate chain contains an email address which is present in the specified list of sender addresses.

The list of sender addresses should be obtained by invoking the getFrom() method on the instance of javax.mail.Message which contains this object as its content.

Specified by:

verify in interface SmimeSignedObject

Throws:

AuthenticationException

verifyReceipt

public void verifyReceipt(SmimeSignedObject originalSmimeSignedObject,
                          java.security.cert.X509Certificate signerCert)
                   throws AuthenticationException

Stores the SignerInfo object that contains the original receipt request that will be used to validate a received receipt

Note the changes in the method signature

Previouslypublic void verifyReceipt (SmimeSignedObject , X509 )

Nowpublic void verifyReceipt (SmimeSignedObject , X509Certificate )

Parameters:

originalSmimeSignedObject - object that contains the original receipt request

Throws:

AuthenticationException

getESSSecurityLabel

public ESSSecurityLabel getESSSecurityLabel(java.security.cert.X509Certificate signerCert)
                                     throws AuthenticationException,
                                            java.security.SignatureException

Returns the ESSSecurityLabel if present or null.

The signature of the SignerInfo that covers the ESSSecurityLabel is first verified. Then, it verifies that all the ESSSecurityLabel's in the signed message are identical.

Note the changes in the method signature

Previously public ESSSecurityLabel getESSSecurityLabel(X509)

Now public ESSSecurityLabel getESSSecurityLabel(X509Certificate)

Specified by:

getESSSecurityLabel in interface SmimeSignedObject

Returns:

A valid security label.

Throws:

AuthenticationException - Signature verification did not succeed on any SignerInfo.

java.security.SignatureException - No valid security label could be found.

getEquivalentLabels

public EquivalentLabels getEquivalentLabels(java.security.cert.X509Certificate signerCert)
                                     throws AuthenticationException,
                                            java.security.SignatureException

Returns the EquivalentLabels if present or null.

The signature of the SignerInfo that covers the EquivalentLabels is first verified. Then, it verifies that all the EquivalentLabels in the signed message are identical.

Note the changes in the method signature

Previously public EquivalentLabels getEquivalentLabels(X509)

Now public EquivalentLabels getEquivalentLabels(X509Certificate)

Specified by:

getEquivalentLabels in interface SmimeSignedObject

Returns:

A valid equivalent labels.

Throws:

AuthenticationException - Signature verification did not succeed on any SignerInfo.

java.security.SignatureException - No valid equivalent labels could be found.

getSigningCertificate

public SigningCertificate getSigningCertificate(java.security.cert.X509Certificate signerCert)
                                         throws AuthenticationException,
                                                java.security.SignatureException

Returns the SigningCertificate Attribute if present or null.

The signature of the SignerInfo that covers the SigningCertificate is verified.

Note the changes in the method signature

Previously public SigningCertificate getSigningCertificate(X509)

Now public SigningCertificate getSigningCertificate(X509Certificate)

Specified by:

getSigningCertificate in interface SmimeSignedObject

Returns:

A valid signing certificate.

Throws:

AuthenticationException - Signature verification did not succeed on any SignerInfo.

java.security.SignatureException - No valid signing certificate could be found.

getMLExpansionHistory

public MLExpansionHistory getMLExpansionHistory(java.security.cert.X509Certificate signerCert)
                                         throws AuthenticationException,
                                                java.security.SignatureException

Returns the MLExpansionHistory if present or null.

The signature of the SignerInfo that covers the MLExpansionHistory is first verified. Then, it verifies that all the MLExpansionHistory's in the signed message are identical.

Note the changes in the method signature

Previously public MLExpansionHistory getMLExpansionHistory (X509)

Now public MLExpansionHistory getMLExpansionHistory (X509Certificate)

Specified by:

getMLExpansionHistory in interface SmimeSignedObject

Returns:

A valid mailing list expansion history.

Throws:

AuthenticationException - Signature verification did not succeed on any SignerInfo.

java.security.SignatureException - No valid mailing list expansion history could be found.

getReceiptRequest

public ReceiptRequest getReceiptRequest(java.security.cert.X509Certificate signerCert)
                                 throws AuthenticationException,
                                        java.security.SignatureException

Returns the ReceiptRequest if present or null.

NOTE: RFC 2634 prohibits the presence of a ReceiptRequest attribute in a signed receipt.

The signature of the SignerInfo that covers the ReceiptRequest is first verified. Then, it verifies that all the ReceiptRequest's in the signed message are identical.

Note the changes in the method signature

Previouslypublic ReceiptRequest getReceiptRequest (X509)

Now public ReceiptRequest getReceiptRequest (X509Certificate)

Specified by:

getReceiptRequest in interface SmimeSignedObject

Returns:

A valid receipt request.

Throws:

AuthenticationException - Signature verification did not succeed on any SignerInfo.

java.security.SignatureException - No valid receipt request could be found.

generateContentType

public java.lang.String generateContentType(boolean useStandardContentTypes)

Description copied from interface: SmimeObject

Returns the content type of this smime object.

Specified by:

generateContentType in interface SmimeObject

Parameters:

useStandardContentTypes - If true the standard content type is generated; If false the experimental content type is generated.

Returns:

The content type string.

generateContentType

public java.lang.String generateContentType()

Description copied from interface: SmimeObject

Returns the content type of this smime object.

Specified by:

generateContentType in interface SmimeObject

Returns:

The content type string.

writeTo

public void writeTo(java.io.OutputStream os,
                    java.lang.String mimeType)
             throws java.io.IOException,
                    MessagingException

Writes this SmimeSigned to the given output stream. Relevant canonicalizations, such as transforming text line-breaks to CRLF, are applied.

Specified by:

writeTo in interface SmimeObject

Parameters:

os - The output stream to which this SmimeEnveloped will be written.

mimeType - Ignored.

Throws:

java.io.IOException - An I/O error occurred.

MessagingException - An error occurred while writing the smime message.