public interface SmimeSignedObject extends SmimeObject
Modifier and Type | Method and Description |
---|---|
java.util.Vector |
getCertificates()
Returns the list of X509 certificates included with this signed data object.
|
java.util.Vector |
getCRLs()
Returns the list of CRLs included with this signed data object.
|
javax.mail.internet.MimeBodyPart |
getEnclosedBodyPart()
Returns the message content that was signed.
|
EquivalentLabels |
getEquivalentLabels(java.security.cert.X509Certificate signerCert)
Returns the
EquivalentLabels if present or null . |
ESSSecurityLabel |
getESSSecurityLabel(java.security.cert.X509Certificate signerCert)
Returns the
ESSSecurityLabel if present or null . |
MLExpansionHistory |
getMLExpansionHistory(java.security.cert.X509Certificate signerCert)
Returns the
MLExpansionHistory Attribute if present or null . |
ReceiptRequest |
getReceiptRequest(java.security.cert.X509Certificate signerCert)
Returns the
ReceiptRequest Attribute if present or null . |
SigningCertificate |
getSigningCertificate(java.security.cert.X509Certificate signerCert)
Returns the
SigningCertificate Attribute if present or null . |
java.util.Enumeration |
signers()
Returns the list of signers.
|
void |
verify(oracle.security.crypto.cert.CertificateTrustPolicy trustPolicy)
Returns normally if this CMS signed data object contains at least one valid signature, according to the given trust policy; otherwise throws an
AuthenticationException . |
void |
verify(oracle.security.crypto.cert.CertificateTrustPolicy trustPolicy, javax.mail.Address[] senderAddresses)
Does the same thing as
verify(CertificateTrustPolicy) , except that in addition, it checks to make sure that the terminating certificate of the validating certificate chain contains an email address which is present in the specified list of sender addresses. |
void |
verifySignature(java.security.cert.X509Certificate signerCert)
Returns successfully if this CMS signed data object contains a signature which is validated by the given certificate; otherwise throws an
AuthenticationException . |
void |
verifySignature(java.security.cert.X509Certificate signerCert, javax.mail.Address[] senderAddresses)
Does the same thing as
#verifySignature(X509) , except that in addition, it checks to make sure that the email address in the given certificate is present in the specified list of sender addresses. |
generateContentType, generateContentType, writeTo
java.util.Enumeration signers()
Vector
containing CMSSignerInfo
objects.java.util.Vector getCertificates()
Vector
containing X509
objects or null
if no list of certificates is present.java.util.Vector getCRLs()
Vector
containing CRL
objects or null
if no list of CRLs is present.javax.mail.internet.MimeBodyPart getEnclosedBodyPart() throws oracle.security.crypto.util.InvalidInputException, javax.mail.MessagingException
MimeBodyPart
.oracle.security.crypto.util.InvalidInputException
- The message content type is not correct.javax.mail.MessagingException
- An error occurred while initializing the content.void verifySignature(java.security.cert.X509Certificate signerCert) throws oracle.security.crypto.core.AuthenticationException, java.security.SignatureException
AuthenticationException
.
This method verifies the specified signature directly and ignores any certificates or CRLs which may be contained in this CMS object. A more complex verification process, which does make use of attached certificates and CRLs, is provided by the verify
method.
Note the changes in the method signature
Previously public void verifySignature (X509)
Now public void verifySignature(X509Certificate)
java.security.SignatureException
- if no signature corresponding to the given certificate existsoracle.security.crypto.core.AuthenticationException
- if the signature is not valid, or could not be verified for some reason (e.g., the algorithm identifier is unrecognized)void verifySignature(java.security.cert.X509Certificate signerCert, javax.mail.Address[] senderAddresses) throws oracle.security.crypto.core.AuthenticationException, java.security.SignatureException
#verifySignature(X509)
, except that in addition, it checks to make sure that the email address in the given certificate is present in the specified list of sender addresses.
The list of sender addresses should be obtained by invoking the getFrom()
method on the instance of javax.mail.Message
which contains this object as its content.
Note the changes in the method signature
Previously public void verifySignature (X509, Address[])
Now public void verifySignature(X509Certificate, Address[])
oracle.security.crypto.core.AuthenticationException
java.security.SignatureException
void verify(oracle.security.crypto.cert.CertificateTrustPolicy trustPolicy) throws oracle.security.crypto.core.AuthenticationException
AuthenticationException
.
In order to be considered valid, there must be at least one signature on this CMS message which is validated by one of the certificates included with it; furthermore, the validating certificate must itself be valid according to the given certificate trust policy. This latter validation process may involve examining the other certificates or CRLs included with this object, if called for by the trust policy.
If a signature is encountered for which a certification path can be found, but is invalid, an AuthenticationException
will be created, but will not be thrown until all other signatures have been checked. If another signature is found which is valid, then the method simply returns and no exception at all is thrown.
oracle.security.crypto.core.AuthenticationException
- if there is no valid signaturevoid verify(oracle.security.crypto.cert.CertificateTrustPolicy trustPolicy, javax.mail.Address[] senderAddresses) throws oracle.security.crypto.core.AuthenticationException
verify(CertificateTrustPolicy)
, except that in addition, it checks to make sure that the terminating certificate of the validating certificate chain contains an email address which is present in the specified list of sender addresses.
The list of sender addresses should be obtained by invoking the getFrom()
method on the instance of javax.mail.Message
which contains this object as its content.
oracle.security.crypto.core.AuthenticationException
ESSSecurityLabel getESSSecurityLabel(java.security.cert.X509Certificate signerCert) throws oracle.security.crypto.core.AuthenticationException, java.security.SignatureException
ESSSecurityLabel
if present or null
.
The signature of the SignerInfo that covers the ESSSecurityLabel is first verified. Then, it verifies that all the ESSSecurityLabel's in the signed message are identical.
Note the changes in the method signature
Previously public ESSSecurityLabel getESSSecurityLabel(X509)
Now public ESSSecurityLabel getESSSecurityLabel(X509Certificate)
oracle.security.crypto.core.AuthenticationException
java.security.SignatureException
EquivalentLabels getEquivalentLabels(java.security.cert.X509Certificate signerCert) throws oracle.security.crypto.core.AuthenticationException, java.security.SignatureException
EquivalentLabels
if present or null
.
The signature of the SignerInfo that covers the EquivalentLabels is first verified. Then, it verifies that all the EquivalentLabels in the signed message are identical.
Note the changes in the method signature
Previously public EquivalentLabels getEquivalentLabels(X509)
Now public EquivalentLabels getEquivalentLabels(X509Certificate)
oracle.security.crypto.core.AuthenticationException
java.security.SignatureException
SigningCertificate getSigningCertificate(java.security.cert.X509Certificate signerCert) throws oracle.security.crypto.core.AuthenticationException, java.security.SignatureException
SigningCertificate
Attribute if present or null
.
The signature of the SignerInfo that covers the SigningCertificate is verified.
Note the changes in the method signature
Previously public SigningCertificate getSigningCertificate(X509)
Now public SigningCertificate getSigningCertificate(X509Certificate)
oracle.security.crypto.core.AuthenticationException
java.security.SignatureException
MLExpansionHistory getMLExpansionHistory(java.security.cert.X509Certificate signerCert) throws oracle.security.crypto.core.AuthenticationException, java.security.SignatureException
MLExpansionHistory
Attribute if present or null
.
The signature of the SignerInfo that covers the MLExpansionHistory is first verified. Then, it verifies that all the MLExpansionHistory's in the signed message are identical.
Note the changes in the method signature
Previously public MLExpansionHistory getMLExpansionHistory (X509)
Now public MLExpansionHistory getMLExpansionHistory (X509Certificate)
oracle.security.crypto.core.AuthenticationException
java.security.SignatureException
ReceiptRequest getReceiptRequest(java.security.cert.X509Certificate signerCert) throws oracle.security.crypto.core.AuthenticationException, java.security.SignatureException
ReceiptRequest
Attribute if present or null
.
The signature of the SignerInfo that covers the ReceiptRequest is first verified. Then, it verifies that all the ReceiptRequest's in the signed message are identical.
Note the changes in the method signature
Previouslypublic ReceiptRequest getReceiptRequest (X509)
Now public ReceiptRequest getReceiptRequest (X509Certificate)
oracle.security.crypto.core.AuthenticationException
java.security.SignatureException