File Doc Category Size Date Package
SMIMESignedGenerator.java API Doc Bouncy Castle Crypto API 1.41 (Java 1.5) 26626 Wed Oct 01 10:55:28 BST 2008 org.bouncycastle.mail.smime

SMIMESignedGenerator

java.lang.Object
- SMIMEGenerator

public class SMIMESignedGenerator extends SMIMEGenerator

general class for generating a pkcs7-signature message.

A simple example of usage.

CertStore certs...
SMIMESignedGenerator fact = new SMIMESignedGenerator();

fact.addSigner(privKey, cert, SMIMESignedGenerator.DIGEST_SHA1);
fact.addCertificatesAndCRLs(certs);

MimeMultipart smime = fact.generate(content, "BC");

Note: if you are using this class with AS2 or some other protocol that does not use "7bit" as the default content transfer encoding you will need to use the constructor that allows you to specify the default content transfer encoding, such as "binary".

Fields Summary
public static final String
DIGEST_SHA1
public static final String
DIGEST_MD5
public static final String
DIGEST_SHA224
public static final String
DIGEST_SHA256
public static final String
DIGEST_SHA384
public static final String
DIGEST_SHA512
public static final String
DIGEST_GOST3411
public static final String
DIGEST_RIPEMD128
public static final String
DIGEST_RIPEMD160
public static final String
DIGEST_RIPEMD256
public static final String
ENCRYPTION_RSA
public static final String
ENCRYPTION_DSA
public static final String
ENCRYPTION_ECDSA
public static final String
ENCRYPTION_RSA_PSS
public static final String
ENCRYPTION_GOST3410
public static final String
ENCRYPTION_ECGOST3410
private static final String
CERTIFICATE_MANAGEMENT_CONTENT
private static final String
DETACHED_SIGNATURE_TYPE
private static final String
ENCAPSULATED_SIGNED_CONTENT_TYPE
private final String
_defaultContentTransferEncoding
private List
_certStores
private List
_signers
private List
_oldSigners
private List
_attributeCerts
private Map
_digests
Constructors Summary
public SMIMESignedGenerator()
base constructor - default content transfer encoding 7bit
MailcapCommandMap mc = (MailcapCommandMap)CommandMap.getDefaultCommandMap(); mc.addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature"); mc.addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime"); mc.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature"); mc.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime"); mc.addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed"); CommandMap.setDefaultCommandMap(mc); _defaultContentTransferEncoding = "7bit";
public SMIMESignedGenerator(String defaultContentTransferEncoding)
base constructor - default content transfer encoding explicitly set
param
defaultContentTransferEncoding new default to use.
_defaultContentTransferEncoding = defaultContentTransferEncoding;
Methods Summary
public void addAttributeCertificates(org.bouncycastle.x509.X509Store store)
Add the attribute certificates contained in the passed in store to the generator.
param
store a store of Version 2 attribute certificates
throws
CMSException if an error occurse processing the store.
_attributeCerts.add(store);
public void addCertificatesAndCRLs(java.security.cert.CertStore certStore)
add the certificates and CRLs contained in the given CertStore to the pool that will be included in the encoded signature block.
Note: this assumes the CertStore will support null in the get methods.
param
certStore CertStore containing the certificates and CRLs to be added.
_certStores.add(certStore);
private void addHashHeader(java.lang.StringBuffer header, java.util.List signers)
int count = 0; // // build the hash header // Iterator it = signers.iterator(); Set micAlgs = new HashSet(); while (it.hasNext()) { Signer signer = (Signer)it.next(); if (signer.getDigestOID().equals(DIGEST_SHA1)) { micAlgs.add("sha1"); } else if (signer.getDigestOID().equals(DIGEST_MD5)) { micAlgs.add("md5"); } else if (signer.getDigestOID().equals(DIGEST_SHA224)) { micAlgs.add("sha224"); } else if (signer.getDigestOID().equals(DIGEST_SHA256)) { micAlgs.add("sha256"); } else if (signer.getDigestOID().equals(DIGEST_SHA384)) { micAlgs.add("sha384"); } else if (signer.getDigestOID().equals(DIGEST_SHA512)) { micAlgs.add("sha512"); } else if (signer.getDigestOID().equals(DIGEST_GOST3411)) { micAlgs.add("gostr3411-94"); } else { micAlgs.add("unknown"); } } it = micAlgs.iterator(); while (it.hasNext()) { String alg = (String)it.next(); if (count == 0) { if (micAlgs.size() != 1) { header.append("; micalg=\""); } else { header.append("; micalg="); } } else { header.append(',"); } header.append(alg); count++; } if (count != 0) { if (micAlgs.size() != 1) { header.append('\""); } }
public void addSigner(java.security.PrivateKey key, java.security.cert.X509Certificate cert, java.lang.String digestOID)
add a signer - no attributes other than the default ones will be provided here.
param
key key to use to generate the signature
param
cert the public key certificate associated with the signer's key.
param
digestOID object ID of the digest algorithm to use.
exception
IllegalArgumentException any of the arguments are inappropriate
_signers.add(new Signer(key, cert, digestOID, null, null));
public void addSigner(java.security.PrivateKey key, java.security.cert.X509Certificate cert, java.lang.String digestOID, org.bouncycastle.asn1.cms.AttributeTable signedAttr, org.bouncycastle.asn1.cms.AttributeTable unsignedAttr)
Add a signer with extra signed/unsigned attributes or overrides for the standard attributes. For example this method can be used to explictly set default attributes such as the signing time.
param
key key to use to generate the signature
param
cert the public key certificate associated with the signer's key.
param
digestOID object ID of the digest algorithm to use.
param
signedAttr signed attributes to be included in the signature.
param
unsignedAttr unsigned attribitues to be included.
exception
IllegalArgumentException any of the arguments are inappropriate
_signers.add(new Signer(key, cert, digestOID, signedAttr, unsignedAttr));
public void addSigners(org.bouncycastle.cms.SignerInformationStore signerStore)
Add a store of precalculated signers to the generator.
param
signerStore store of signers
Iterator it = signerStore.getSigners().iterator(); while (it.hasNext()) { _oldSigners.add(it.next()); }
public javax.mail.internet.MimeMultipart generate(javax.mail.internet.MimeBodyPart content, java.lang.String sigProvider)
generate a signed object that contains an SMIME Signed Multipart object using the given provider.
param
content the MimeBodyPart to be signed.
param
sigProvider the provider to be used for the signature.
return
a Multipart containing the content and signature.
throws
NoSuchAlgorithmException if the required algorithms for the signature cannot be found.
throws
NoSuchProviderException if no provider can be found.
throws
SMIMEException if an exception occurs in processing the signature.
return make(makeContentBodyPart(content), SMIMEUtil.getProvider(sigProvider));
public javax.mail.internet.MimeMultipart generate(javax.mail.internet.MimeBodyPart content, java.security.Provider sigProvider)
generate a signed object that contains an SMIME Signed Multipart object using the given provider.
param
content the MimeBodyPart to be signed.
param
sigProvider the provider to be used for the signature.
return
a Multipart containing the content and signature.
throws
NoSuchAlgorithmException if the required algorithms for the signature cannot be found.
throws
SMIMEException if an exception occurs in processing the signature.
return make(makeContentBodyPart(content), sigProvider);
public javax.mail.internet.MimeMultipart generate(javax.mail.internet.MimeMessage message, java.lang.String sigProvider)
generate a signed object that contains an SMIME Signed Multipart object using the given provider from the given MimeMessage
throws
NoSuchAlgorithmException if the required algorithms for the signature cannot be found.
throws
NoSuchProviderException if no provider can be found.
throws
SMIMEException if an exception occurs in processing the signature.
return generate(message, SMIMEUtil.getProvider(sigProvider));
public javax.mail.internet.MimeMultipart generate(javax.mail.internet.MimeMessage message, java.security.Provider sigProvider)
generate a signed object that contains an SMIME Signed Multipart object using the given provider from the given MimeMessage
throws
NoSuchAlgorithmException if the required algorithms for the signature cannot be found.
throws
NoSuchProviderException if no provider can be found.
throws
SMIMEException if an exception occurs in processing the signature.
try { message.saveChanges(); // make sure we're up to date. } catch (MessagingException e) { throw new SMIMEException("unable to save message", e); } return make(makeContentBodyPart(message), sigProvider);
public javax.mail.internet.MimeBodyPart generateCertificateManagement(java.lang.String provider)
Creates a certificate management message which is like a signed message with no content or signers but that still carries certificates and CRLs.
return
a MimeBodyPart containing the certs and CRLs.
return generateCertificateManagement(SMIMEUtil.getProvider(provider));
public javax.mail.internet.MimeBodyPart generateCertificateManagement(java.security.Provider provider)
Creates a certificate management message which is like a signed message with no content or signers but that still carries certificates and CRLs.
return
a MimeBodyPart containing the certs and CRLs.
try { MimeBodyPart sig = new MimeBodyPart(); sig.setContent(new ContentSigner(null, true, provider), CERTIFICATE_MANAGEMENT_CONTENT); sig.addHeader("Content-Type", CERTIFICATE_MANAGEMENT_CONTENT); sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7c\""); sig.addHeader("Content-Description", "S/MIME Certificate Management Message"); sig.addHeader("Content-Transfer-Encoding", encoding); return sig; } catch (MessagingException e) { throw new SMIMEException("exception putting body part together.", e); }
public javax.mail.internet.MimeBodyPart generateEncapsulated(javax.mail.internet.MimeBodyPart content, java.lang.String sigProvider)
generate a signed message with encapsulated content
Note: doing this is strongly not recommended as it means a recipient of the message will have to be able to read the signature to read the message.
return makeEncapsulated(makeContentBodyPart(content), SMIMEUtil.getProvider(sigProvider));
public javax.mail.internet.MimeBodyPart generateEncapsulated(javax.mail.internet.MimeBodyPart content, java.security.Provider sigProvider)
generate a signed message with encapsulated content
Note: doing this is strongly not recommended as it means a recipient of the message will have to be able to read the signature to read the message.
return makeEncapsulated(makeContentBodyPart(content), sigProvider);
public javax.mail.internet.MimeBodyPart generateEncapsulated(javax.mail.internet.MimeMessage message, java.lang.String sigProvider)
generate a signed object that contains an SMIME Signed Multipart object using the given provider from the given MimeMessage.
Note: doing this is strongly not recommended as it means a recipient of the message will have to be able to read the signature to read the message.
return generateEncapsulated(message, SMIMEUtil.getProvider(sigProvider));
public javax.mail.internet.MimeBodyPart generateEncapsulated(javax.mail.internet.MimeMessage message, java.security.Provider sigProvider)
generate a signed object that contains an SMIME Signed Multipart object using the given provider from the given MimeMessage.
Note: doing this is strongly not recommended as it means a recipient of the message will have to be able to read the signature to read the message.
try { message.saveChanges(); // make sure we're up to date. } catch (MessagingException e) { throw new SMIMEException("unable to save message", e); } return makeEncapsulated(makeContentBodyPart(message), sigProvider);
public java.util.Map getGeneratedDigests()
Return a map of oids and byte arrays representing the digests calculated on the content during the last generate.
return
a map of oids (as String objects) and byte[] representing digests.
return new HashMap(_digests);
private javax.mail.internet.MimeMultipart make(javax.mail.internet.MimeBodyPart content, java.security.Provider sigProvider)
try { MimeBodyPart sig = new MimeBodyPart(); sig.setContent(new ContentSigner(content, false, sigProvider), DETACHED_SIGNATURE_TYPE); sig.addHeader("Content-Type", DETACHED_SIGNATURE_TYPE); sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7s\""); sig.addHeader("Content-Description", "S/MIME Cryptographic Signature"); sig.addHeader("Content-Transfer-Encoding", encoding); // // build the multipart header // StringBuffer header = new StringBuffer( "signed; protocol=\"application/pkcs7-signature\""); addHashHeader(header, _signers); MimeMultipart mm = new MimeMultipart(header.toString()); mm.addBodyPart(content); mm.addBodyPart(sig); return mm; } catch (MessagingException e) { throw new SMIMEException("exception putting multi-part together.", e); }
private javax.mail.internet.MimeBodyPart makeEncapsulated(javax.mail.internet.MimeBodyPart content, java.security.Provider sigProvider)
try { MimeBodyPart sig = new MimeBodyPart(); sig.setContent(new ContentSigner(content, true, sigProvider), ENCAPSULATED_SIGNED_CONTENT_TYPE); sig.addHeader("Content-Type", ENCAPSULATED_SIGNED_CONTENT_TYPE); sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7m\""); sig.addHeader("Content-Description", "S/MIME Cryptographic Signed Data"); sig.addHeader("Content-Transfer-Encoding", encoding); return sig; } catch (MessagingException e) { throw new SMIMEException("exception putting body part together.", e); }