Package org.bouncycastle.mail.smime.validator

Class SignedMailValidator

  • public class SignedMailValidator
extends java.lang.Object

    • Constructor Summary

      Constructors 
      Constructor Description
      SignedMailValidator​(javax.mail.internet.MimeMessage message, java.security.cert.PKIXParameters param)
      Validates the signed MimeMessage message.
      SignedMailValidator​(javax.mail.internet.MimeMessage message, java.security.cert.PKIXParameters param, java.lang.Class certPathReviewerClass)
      Validates the signed MimeMessage message.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected void checkSignerCert​(java.security.cert.X509Certificate cert, java.util.List errors, java.util.List notifications)  
      static java.security.cert.CertPath createCertPath​(java.security.cert.X509Certificate signerCert, java.util.Set trustanchors, java.util.List certStores)  
      static java.lang.Object[] createCertPath​(java.security.cert.X509Certificate signerCert, java.util.Set trustanchors, java.util.List systemCertStores, java.util.List userCertStores)
      Returns an Object array containing a CertPath and a List of Booleans.
      java.security.cert.CertStore getCertsAndCRLs()  
      static java.util.Set getEmailAddresses​(java.security.cert.X509Certificate cert)  
      static java.util.Date getSignatureTime​(org.bouncycastle.cms.SignerInformation signer)  
      org.bouncycastle.cms.SignerInformationStore getSignerInformationStore()  
      SignedMailValidator.ValidationResult getValidationResult​(org.bouncycastle.cms.SignerInformation signer)  
      protected void validateSignatures​(java.security.cert.PKIXParameters pkixParam)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • SignedMailValidator

        public SignedMailValidator​(javax.mail.internet.MimeMessage message,
                           java.security.cert.PKIXParameters param)
                    throws SignedMailValidatorException
        Validates the signed MimeMessage message. The PKIXParameters from param are used for the certificate path validation. The actual PKIXParameters used for the certificate path validation is a copy of param with the followin changes:
        - The validation date is changed to the signature time
        - A CertStore with certificates and crls from the mail message is added to the CertStores.

        In param it's also possible to add additional CertStores with intermediate Certificates and/or CRLs which then are also used for the validation.
        Parameters:
        message - the signed MimeMessage
        param - the parameters for the certificate path validation
        Throws:
        SignedMailValidatorException - if the message is no signed message or if an exception occurs reading the message

      • SignedMailValidator

        public SignedMailValidator​(javax.mail.internet.MimeMessage message,
                           java.security.cert.PKIXParameters param,
                           java.lang.Class certPathReviewerClass)
                    throws SignedMailValidatorException
        Validates the signed MimeMessage message. The PKIXParameters from param are used for the certificate path validation. The actual PKIXParameters used for the certificate path validation is a copy of param with the followin changes:
        - The validation date is changed to the signature time
        - A CertStore with certificates and crls from the mail message is added to the CertStores.

        In param it's also possible to add additional CertStores with intermediate Certificates and/or CRLs which then are also used for the validation.
        Parameters:
        message - the signed MimeMessage
        param - the parameters for the certificate path validation
        certPathReviewerClass - a subclass of PKIXCertPathReviewer. The SignedMailValidator uses objects of this type for the cert path vailidation. The class must have an empty constructor.
        Throws:
        SignedMailValidatorException - if the message is no signed message or if an exception occurs reading the message
        java.lang.IllegalArgumentException - if the certPathReviewerClass is not a subclass of PKIXCertPathReviewer or objects of certPathReviewerClass can not be instantiated

    • Method Detail

      • validateSignatures

        protected void validateSignatures​(java.security.cert.PKIXParameters pkixParam)

      • getEmailAddresses

        public static java.util.Set getEmailAddresses​(java.security.cert.X509Certificate cert)
                                       throws java.io.IOException,
                                              java.security.cert.CertificateEncodingException
        Throws:
        java.io.IOException
        java.security.cert.CertificateEncodingException

      • checkSignerCert

        protected void checkSignerCert​(java.security.cert.X509Certificate cert,
                               java.util.List errors,
                               java.util.List notifications)

      • getSignatureTime

        public static java.util.Date getSignatureTime​(org.bouncycastle.cms.SignerInformation signer)

      • createCertPath

        public static java.security.cert.CertPath createCertPath​(java.security.cert.X509Certificate signerCert,
                                                         java.util.Set trustanchors,
                                                         java.util.List certStores)
                                                  throws java.security.GeneralSecurityException
        Parameters:
        signerCert - the end of the path
        trustanchors - trust anchors for the path
        certStores -
        Returns:
        the resulting certificate path.
        Throws:
        java.security.GeneralSecurityException

      • createCertPath

        public static java.lang.Object[] createCertPath​(java.security.cert.X509Certificate signerCert,
                                                java.util.Set trustanchors,
                                                java.util.List systemCertStores,
                                                java.util.List userCertStores)
                                         throws java.security.GeneralSecurityException
        Returns an Object array containing a CertPath and a List of Booleans. The list contains the value true if the corresponding certificate in the CertPath was taken from the user provided CertStores.
        Parameters:
        signerCert - the end of the path
        trustanchors - trust anchors for the path
        systemCertStores - list of CertStore provided by the system
        userCertStores - list of CertStore provided by the user
        Returns:
        a CertPath and a List of booleans.
        Throws:
        java.security.GeneralSecurityException

      • getCertsAndCRLs

        public java.security.cert.CertStore getCertsAndCRLs()

      • getSignerInformationStore

        public org.bouncycastle.cms.SignerInformationStore getSignerInformationStore()