org.nhindirect.stagent.cryptography

Class SMIMECryptographerImpl

java.lang.Object

org.nhindirect.stagent.cryptography.SMIMECryptographerImpl

All Implemented Interfaces:

Cryptographer

public class SMIMECryptographerImpl
extends Object
implements Cryptographer

Executes the cryptography operations. This include encryption, decryption, and signature generation.

Author:

Greg Meyer, Umesh Madan

Field Summary

Fields

Modifier and Type	Field and Description
static SMIMECryptographerImpl	Default
static org.bouncycastle.asn1.ASN1ObjectIdentifier	x509CertificateObjectsIdent

Constructor Summary

Constructors

Constructor and Description
SMIMECryptographerImpl() Constructs a Cryptographer with a default EncryptionAlgorithm and DigestAlgorithm.
SMIMECryptographerImpl(EncryptionAlgorithm encryptionAlgorithm, DigestAlgorithm digestAlgorithm) Constructs a Cryptographer with an EncryptionAlgorithm and DigestAlgorithm.
SMIMECryptographerImpl(EncryptionAlgorithm encryptionAlgorithm, DigestAlgorithm digestAlgorithm, EncryptionAlgorithm keyEncryptionAlgorithm)
SMIMECryptographerImpl(EncryptionAlgorithm encryptionAlgorithm, DigestAlgorithm digestAlgorithm, EncryptionAlgorithm keyEncryptionAlgorithm, DigestAlgorithm keyEncryptionDigestAlgorithm)

Method Summary

Modifier and Type	Method and Description
void	checkSignature(SignedEntity signedEntity, X509Certificate signerCertificate, Collection<X509Certificate> anchors) Validates that a signed entity has a valid message and signature.
static org.bouncycastle.asn1.cms.AttributeTable	createAttributeTable(org.bouncycastle.asn1.ASN1EncodableVector signedAttrs)
MimeEntity	decrypt(Message message, X509CertificateEx decryptingCertificate) Decrypts a message with the provided certificates private key.
MimeEntity	decrypt(MimeEntity encryptedEntity, Collection<X509CertificateEx> decryptingCertificates) Decrypts an entity with the provided certificates' private key.
MimeEntity	decrypt(MimeEntity encryptedEntity, X509CertificateEx decryptingCertificate) Decrypts an entity with the provided certificate's private key.
org.bouncycastle.cms.CMSSignedData	deserializeEnvelopedSignature(byte[] messageBytes)
org.bouncycastle.cms.CMSSignedData	deserializeEnvelopedSignature(MimeEntity envelopeEntity)
org.bouncycastle.cms.CMSSignedData	deserializeSignatureEnvelope(SignedEntity entity) Extracts the ASN1 encoded signature data from the signed entity.
MimeEntity	encrypt(MimeEntity entity, Collection<X509Certificate> encryptingCertificates) Encrypts an entity using the provided certificates.
MimeEntity	encrypt(MimeEntity entity, X509Certificate encryptingCertificate) Encrypts an entity using the provided certificate.
MimeEntity	encrypt(javax.mail.internet.MimeMultipart mmEntity, Collection<X509Certificate> encryptingCertificates) Encrypts a mulit part MIME entity using the provided certificates.
MimeEntity	encrypt(javax.mail.internet.MimeMultipart entity, X509Certificate encryptingCertificate) Encrypts a mulit part MIME entity using the provided certificate.
DigestAlgorithm	getDigestAlgorithm() Gets the DigestAlgorithm.
EncryptionAlgorithm	getEncryptionAlgorithm() Gets the EncryptionAlgorithm.
EncryptionAlgorithm	getKeyEncryptionAlgorithm() Gets the KeyEncryptionAlgorithm.
DigestAlgorithm	getKeyEncryptionDigestAlgorithm() Gets the KeyEncryptionDigestAlgorithm.
static String	getMaskFunctionGeneratorFromOID(String mfgOID)
boolean	isIncludeMultipartEpilogueInSignature() Indicates if the the Epilogue part of a multipart entity should be used to generate the message signature.
boolean	isLogDigests() Indicates if message digests will be logged when verifying messages.
boolean	isStrongDigestEnforced() Indicate if strong message digests are enforced
boolean	isStrongEncryptionEnforced() Indicate if strong message encryption is enforced
void	setDigestAlgorithm(DigestAlgorithm value) Sets the DigestAlgorithm.
void	setEncryptionAlgorithm(EncryptionAlgorithm value) Sets the EncryptionAlgorithm
void	setIncludeMultipartEpilogueInSignature(boolean value) Sets if the the Epilogue part of a multipart entity should be used to generate the message signature.
void	setKeyEncryptionAlgorithm(EncryptionAlgorithm value) Sets the KeyEncryptionAlgorithm
void	setKeyEncryptionDigestAlgorithm(DigestAlgorithm value) Sets the KeyEncryptionDigestAlgorithm
void	setLogDigests(boolean m_logDigest) Sets if message digests will be looged.
void	setStrongDigestEnforced(Boolean value) Sets the option to enforce strong message digests.
void	setStrongEncryptionEnforced(Boolean value) Sets the option to enforce strong message encryption
SignedEntity	sign(Message message, Collection<X509Certificate> signingCertificates)
SignedEntity	sign(Message message, X509Certificate signingCertificate) Signs a message with the provided certificate.
SignedEntity	sign(MimeEntity entity, Collection<X509Certificate> signingCertificates) Signs an entity with the provided certificates.
SignedEntity	sign(MimeEntity entity, X509Certificate signingCertificate) Signs an entity with the provided certificate.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

x509CertificateObjectsIdent

public static final org.bouncycastle.asn1.ASN1ObjectIdentifier x509CertificateObjectsIdent

Default

public static final SMIMECryptographerImpl Default

Constructor Detail

SMIMECryptographerImpl

public SMIMECryptographerImpl()

Constructs a Cryptographer with a default EncryptionAlgorithm and DigestAlgorithm.

SMIMECryptographerImpl

public SMIMECryptographerImpl(EncryptionAlgorithm encryptionAlgorithm,
                              DigestAlgorithm digestAlgorithm)

Constructs a Cryptographer with an EncryptionAlgorithm and DigestAlgorithm.

Parameters:

encryptionAlgorithm - The encryption algorithm used to encrypt the message.

digestAlgorithm - The digest algorithm used to generate the message digest stored in the message signature.

SMIMECryptographerImpl

public SMIMECryptographerImpl(EncryptionAlgorithm encryptionAlgorithm,
                              DigestAlgorithm digestAlgorithm,
                              EncryptionAlgorithm keyEncryptionAlgorithm)

SMIMECryptographerImpl

public SMIMECryptographerImpl(EncryptionAlgorithm encryptionAlgorithm,
                              DigestAlgorithm digestAlgorithm,
                              EncryptionAlgorithm keyEncryptionAlgorithm,
                              DigestAlgorithm keyEncryptionDigestAlgorithm)

Method Detail

getEncryptionAlgorithm

public EncryptionAlgorithm getEncryptionAlgorithm()

Gets the EncryptionAlgorithm.

Returns:

The EncryptionAlgorithm used to encrypt messages.

getKeyEncryptionAlgorithm

public EncryptionAlgorithm getKeyEncryptionAlgorithm()

Gets the KeyEncryptionAlgorithm.

Returns:

The KeyEncryptionAlgorithm used to encrypt message key.

getKeyEncryptionDigestAlgorithm

public DigestAlgorithm getKeyEncryptionDigestAlgorithm()

Gets the KeyEncryptionDigestAlgorithm.

Returns:

The KeyEncryptionDigestAlgorithm used to encrypt message key.

setEncryptionAlgorithm

public void setEncryptionAlgorithm(EncryptionAlgorithm value)

Sets the EncryptionAlgorithm

Parameters:

value - The EncryptionAlgorithm used to encrypt messages.

setKeyEncryptionAlgorithm

public void setKeyEncryptionAlgorithm(EncryptionAlgorithm value)

Sets the KeyEncryptionAlgorithm

Parameters:

value - The KeyEncryptionAlgorithm used to encrypt message key.

setKeyEncryptionDigestAlgorithm

public void setKeyEncryptionDigestAlgorithm(DigestAlgorithm value)

Sets the KeyEncryptionDigestAlgorithm

Parameters:

value - The KeyEncryptionAlgorithm used to encrypt message key.

getDigestAlgorithm

public DigestAlgorithm getDigestAlgorithm()

Gets the DigestAlgorithm.

Returns:

The DigestAlgorithm used generate the message digest stored in the message signature.

setDigestAlgorithm

public void setDigestAlgorithm(DigestAlgorithm value)

Sets the DigestAlgorithm.

Parameters:

value - The DigestAlgorithm used generate the message digest stored in the message signature.

isLogDigests

public boolean isLogDigests()

Indicates if message digests will be logged when verifying messages.

Returns:

True if the digests will be logged. False otherwise.

setStrongDigestEnforced

public void setStrongDigestEnforced(Boolean value)

Sets the option to enforce strong message digests.

Parameters:

value - True if strong message digests are enforced. False otherwise.

isStrongDigestEnforced

public boolean isStrongDigestEnforced()

Indicate if strong message digests are enforced

Returns:

True if strong message digests are enforced. False otherwise.

setLogDigests

public void setLogDigests(boolean m_logDigest)

Sets if message digests will be looged.

Parameters:

m_logDigest - True if the digests will be logged. False otherwise.

setStrongEncryptionEnforced

public void setStrongEncryptionEnforced(Boolean value)

Sets the option to enforce strong message encryption

Parameters:

value - True if strong encryption is enforced. False otherwise.

isStrongEncryptionEnforced

public boolean isStrongEncryptionEnforced()

Indicate if strong message encryption is enforced

Returns:

True if strong encryption is enforced. False otherwise.

isIncludeMultipartEpilogueInSignature

public boolean isIncludeMultipartEpilogueInSignature()

Indicates if the the Epilogue part of a multipart entity should be used to generate the message signature.

Returns:

True if the the Epilogue part of a multipart entity should be used to generate the message signature. False otherwise.

setIncludeMultipartEpilogueInSignature

public void setIncludeMultipartEpilogueInSignature(boolean value)

Sets if the the Epilogue part of a multipart entity should be used to generate the message signature.

Parameters:

value - True if the the Epilogue part of a multipart entity should be used to generate the message signature. False otherwise.

encrypt

public MimeEntity encrypt(javax.mail.internet.MimeMultipart entity,
                          X509Certificate encryptingCertificate)

Encrypts a mulit part MIME entity using the provided certificate.

Specified by:

encrypt in interface Cryptographer

Parameters:

entity - The entity that will be encrypted.

encryptingCertificate - The public certificates that will be used to encrypt the message.

Returns:

A MimeEntity containing the encrypted part.

encrypt

public MimeEntity encrypt(javax.mail.internet.MimeMultipart mmEntity,
                          Collection<X509Certificate> encryptingCertificates)

Encrypts a mulit part MIME entity using the provided certificates.

Specified by:

encrypt in interface Cryptographer

Parameters:

entity - The entity that will be encrypted.

encryptingCertificates - The public certificates that will be used to encrypt the message.

Returns:

A MimeEntity containing the encrypted part.

encrypt

public MimeEntity encrypt(MimeEntity entity,
                          X509Certificate encryptingCertificate)

Encrypts an entity using the provided certificate.

Specified by:

encrypt in interface Cryptographer

Parameters:

entity - The entity that will be encrypted.

encryptingCertificate - The public certificates that will be used to encrypt the message.

Returns:

A MimeEntity containing the encrypted part.

encrypt

public MimeEntity encrypt(MimeEntity entity,
                          Collection<X509Certificate> encryptingCertificates)

Encrypts an entity using the provided certificates.

Specified by:

encrypt in interface Cryptographer

Parameters:

entity - The entity that will be encrypted.

encryptingCertificate - The public certificates that will be used to encrypt the message.

Returns:

A MimeEntity containing the encrypted part.

decrypt

public MimeEntity decrypt(Message message,
                          X509CertificateEx decryptingCertificate)

Decrypts a message with the provided certificates private key.

Specified by:

decrypt in interface Cryptographer

Parameters:

message - The message that will be decrypted.

decryptingCertificate - The certificate whose private key will be used to decrypt the message.

Returns:

A MimeEntity containing the decrypted part.

decrypt

public MimeEntity decrypt(MimeEntity encryptedEntity,
                          X509CertificateEx decryptingCertificate)

Decrypts an entity with the provided certificate's private key.

Specified by:

decrypt in interface Cryptographer

Parameters:

encryptedEntity - The entity that will be decrypted.

decryptingCertificate - The certificate whose private key will be used to decrypt the message.

Returns:

A MimeEntity containing the decrypted part.

decrypt

public MimeEntity decrypt(MimeEntity encryptedEntity,
                          Collection<X509CertificateEx> decryptingCertificates)

Decrypts an entity with the provided certificates' private key.

Specified by:

decrypt in interface Cryptographer

Parameters:

encryptedEntity - The entity that will be decrypted.

decryptingCertificate - The certificates whose private keys will be used to decrypt the message.

Returns:

A MimeEntity containing the decrypted part.

sign

public SignedEntity sign(Message message,
                         X509Certificate signingCertificate)

Signs a message with the provided certificate.

Specified by:

sign in interface Cryptographer

Parameters:

message - The message that will be signed.

signingCertificate - The certificate used to sign the message.

Returns:

A signed entity that consists of a multipart/signed entity containing the original entity and a message signature.

sign

public SignedEntity sign(Message message,
                         Collection<X509Certificate> signingCertificates)

Specified by:

sign in interface Cryptographer

sign

public SignedEntity sign(MimeEntity entity,
                         X509Certificate signingCertificate)

Signs an entity with the provided certificate.

Specified by:

sign in interface Cryptographer

Parameters:

message - The entity that will be signed.

signingCertificate - The certificate used to sign the message.

Returns:

A signed entity that consists of a multipart/signed entity containing the original entity and a message signature.

sign

public SignedEntity sign(MimeEntity entity,
                         Collection<X509Certificate> signingCertificates)

Signs an entity with the provided certificates.

Specified by:

sign in interface Cryptographer

Parameters:

message - The entity that will be signed.

signingCertificates - The certificates used to sign the message.

Returns:

A signed entity that consists of a multipart/signed entity containing the original entity and a message signature.

createAttributeTable

public static org.bouncycastle.asn1.cms.AttributeTable createAttributeTable(org.bouncycastle.asn1.ASN1EncodableVector signedAttrs)

checkSignature

public void checkSignature(SignedEntity signedEntity,
                           X509Certificate signerCertificate,
                           Collection<X509Certificate> anchors)
                    throws SignatureValidationException

Validates that a signed entity has a valid message and signature. The signer's certificate is validated to ensure authenticity of the message. Message tampering is also checked with the message's digest and the signed digest in the message signature.

Specified by:

checkSignature in interface Cryptographer

Parameters:

signedEntity - The entity containing the original signed part and the message signature.

signerCertificate - The certificate used to sign the message.

anchors - A collection of certificate anchors used to determine if the certificates used in the signature can be validated as trusted certificates.

Throws:

SignatureValidationException

deserializeSignatureEnvelope

public org.bouncycastle.cms.CMSSignedData deserializeSignatureEnvelope(SignedEntity entity)

Extracts the ASN1 encoded signature data from the signed entity.

Specified by:

deserializeSignatureEnvelope in interface Cryptographer

Parameters:

entity - The entity containing the original signed part and the message signature.

Returns:

A CMSSignedData object that contains the ASN1 encoded signature data of the message.

deserializeEnvelopedSignature

public org.bouncycastle.cms.CMSSignedData deserializeEnvelopedSignature(MimeEntity envelopeEntity)

Specified by:

deserializeEnvelopedSignature in interface Cryptographer

deserializeEnvelopedSignature

public org.bouncycastle.cms.CMSSignedData deserializeEnvelopedSignature(byte[] messageBytes)

Specified by:

deserializeEnvelopedSignature in interface Cryptographer

getMaskFunctionGeneratorFromOID

public static String getMaskFunctionGeneratorFromOID(String mfgOID)