org.bouncycastle.mail.smime.validator

Class SignedMailValidator

java.lang.Object

org.bouncycastle.mail.smime.validator.SignedMailValidator

public class SignedMailValidator
extends java.lang.Object

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	SignedMailValidator.ValidationResult

Constructor Summary

Constructors

Constructor and Description
SignedMailValidator(javax.mail.internet.MimeMessage message, java.security.cert.PKIXParameters param) Validates the signed MimeMessage message.
SignedMailValidator(javax.mail.internet.MimeMessage message, java.security.cert.PKIXParameters param, java.lang.Class certPathReviewerClass) Validates the signed MimeMessage message.

Method Summary

Modifier and Type	Method and Description
protected void	checkSignerCert(java.security.cert.X509Certificate cert, java.util.List errors, java.util.List notifications)
static java.security.cert.CertPath	createCertPath(java.security.cert.X509Certificate signerCert, java.util.Set trustanchors, java.util.List certStores)
static java.lang.Object[]	createCertPath(java.security.cert.X509Certificate signerCert, java.util.Set trustAnchors, java.util.List systemCertStores, java.util.List userCertStores) Returns an Object array containing a CertPath and a List of Booleans.
java.security.cert.CertStore	getCertsAndCRLs()
static java.util.Set	getEmailAddresses(java.security.cert.X509Certificate cert)
static java.util.Date	getSignatureTime(org.bouncycastle.cms.SignerInformation signer)
org.bouncycastle.cms.SignerInformationStore	getSignerInformationStore()
SignedMailValidator.ValidationResult	getValidationResult(org.bouncycastle.cms.SignerInformation signer)
protected void	validateSignatures(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder signerInfoVerifierBuilder, java.security.cert.PKIXParameters pkixParam)
protected void	validateSignatures(java.security.cert.PKIXParameters pkixParam)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SignedMailValidator

public SignedMailValidator(javax.mail.internet.MimeMessage message,
                           java.security.cert.PKIXParameters param)
                    throws SignedMailValidatorException

Validates the signed MimeMessage message. The PKIXParameters from param are used for the certificate path validation. The actual PKIXParameters used for the certificate path validation are a copy of param with the following changes:
- The validation date is changed to the signature time.
- A CertStore with certificates and CRLs from the mail message is added to the CertStores.

In param it's also possible to add additional CertStores with intermediate certificates and/or CRLs which then are also used for the validation.

Parameters:

message - the signed MimeMessage.

param - the parameters for the certificate path validation.

Throws:

SignedMailValidatorException - if the message is not a signed message or if an exception occurs reading the message.

SignedMailValidator

public SignedMailValidator(javax.mail.internet.MimeMessage message,
                           java.security.cert.PKIXParameters param,
                           java.lang.Class certPathReviewerClass)
                    throws SignedMailValidatorException

Validates the signed MimeMessage message. The PKIXParameters from param are used for the certificate path validation. The actual PKIXParameters used for the certificate path validation are a copy of param with the following changes:
- The validation date is changed to the signature time.
- A CertStore with certificates and CRLs from the mail message is added to the CertStores.

In param it's also possible to add additional CertStores with intermediate certificates and/or CRLs which then are also used for the validation.

Parameters:

message - the signed MimeMessage.

param - the parameters for the certificate path validation.

certPathReviewerClass - a subclass of PKIXCertPathReviewer. The SignedMailValidator uses objects of this type for the cert path vailidation. The class must have an empty constructor.

Throws:

SignedMailValidatorException - if the message is not a signed message or if an exception occurs reading the message.

java.lang.IllegalArgumentException - if the certPathReviewerClass is not a subclass of PKIXCertPathReviewer or objects of certPathReviewerClass can not be instantiated.

Method Detail

validateSignatures

protected void validateSignatures(java.security.cert.PKIXParameters pkixParam)

validateSignatures

protected void validateSignatures(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder signerInfoVerifierBuilder,
                                  java.security.cert.PKIXParameters pkixParam)

getEmailAddresses

public static java.util.Set getEmailAddresses(java.security.cert.X509Certificate cert)
                                       throws java.io.IOException,
                                              java.security.cert.CertificateEncodingException

Throws:

java.io.IOException

java.security.cert.CertificateEncodingException

checkSignerCert

protected void checkSignerCert(java.security.cert.X509Certificate cert,
                               java.util.List errors,
                               java.util.List notifications)

getSignatureTime

public static java.util.Date getSignatureTime(org.bouncycastle.cms.SignerInformation signer)

createCertPath

public static java.security.cert.CertPath createCertPath(java.security.cert.X509Certificate signerCert,
                                                         java.util.Set trustanchors,
                                                         java.util.List certStores)
                                                  throws java.security.GeneralSecurityException

Parameters:

signerCert - the end of the path

trustanchors - trust anchors for the path

certStores -

Returns:

the resulting certificate path.

Throws:

java.security.GeneralSecurityException

createCertPath

public static java.lang.Object[] createCertPath(java.security.cert.X509Certificate signerCert,
                                                java.util.Set trustAnchors,
                                                java.util.List systemCertStores,
                                                java.util.List userCertStores)
                                         throws java.security.GeneralSecurityException

Returns an Object array containing a CertPath and a List of Booleans. The list contains the value true if the corresponding certificate in the CertPath was taken from the user provided CertStores.

Parameters:

signerCert - the end of the path

trustAnchors - trust anchors for the path

systemCertStores - list of CertStore provided by the system

userCertStores - list of CertStore provided by the user

Returns:

a CertPath and a List of booleans.

Throws:

java.security.GeneralSecurityException

getCertsAndCRLs

public java.security.cert.CertStore getCertsAndCRLs()

getSignerInformationStore

public org.bouncycastle.cms.SignerInformationStore getSignerInformationStore()

getValidationResult

public SignedMailValidator.ValidationResult getValidationResult(org.bouncycastle.cms.SignerInformation signer)
                                                         throws SignedMailValidatorException

Throws:

SignedMailValidatorException