MLADemo (6.1 Demo API Documentation)

Overview

Package

Class

Tree

Deprecated

Index

Help

IAIK CMS/SMIME Toolkit Demo API Documentation
Version 6.1

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

demo.smime.ess
Class MLADemo

java.lang.Object
  demo.smime.ess.MLADemo

public class MLADemo
extends java.lang.Object
extends java.lang.Object

A ESS mailing list agent (MLA) demo. Demonstrates the usage of the MLA utility by means of the examples given in RFC2634, section 4.2.1:

 4.2.1 Examples of Rule Processing

 The following examples help explain the rules above:

 1) A message (S1(Original Content)) (where S = SignedData) is sent to
    the MLA in which the signedData layer does not include an
    MLExpansionHistory attribute. The MLA verifies and fully processes
    the signedAttributes in S1.  The MLA decides that there is not an
    original, received "outer" signedData layer since it finds the
    original content, but never finds an envelopedData and never finds
    an mlExpansionHistory attribute. The MLA calculates a new
    signedData layer, S2, resulting in the following message sent to
    the ML recipients: (S2(S1(Original Content))). The MLA includes an
    mlExpansionHistory attribute in S2.

 2) A message (S3(S2(S1(Original Content)))) is sent to the MLA in
    which none of the signedData layers includes an MLExpansionHistory
    attribute. The MLA verifies and fully processes the
    signedAttributes in S3, S2 and S1. The MLA decides that there is
    not an original, received "outer" signedData layer since it finds
    the original content, but never finds an envelopedData and never
    finds an mlExpansionHistory attribute. The MLA calculates a new
    signedData layer, S4, resulting in the following
    message sent to the ML recipients:
    (S4(S3(S2(S1(Original Content))))). The MLA includes an
    mlExpansionHistory attribute in S4.

 3) A message (E1(S1(Original Content))) (where E = envelopedData) is
    sent to the MLA in which S1 does not include an MLExpansionHistory
    attribute.  The MLA decides that there is not an original,
    received "outer" signedData layer since it finds the E1 as the
    outer layer.  The MLA expands the recipientInformation in E1. The
    MLA calculates a new signedData layer, S2, resulting in the
    following message sent to the ML recipients:
    (S2(E1(S1(Original Content)))). The MLA includes an
    mlExpansionHistory attribute in S2.

 4) A message (S2(E1(S1(Original Content)))) is sent to the MLA in
    which S2 includes an MLExpansionHistory attribute. The MLA verifies
    the signature and fully processes the signedAttributes in S2. The
    MLA finds the mlExpansionHistory attribute in S2, so it decides
    that S2 is the "outer" signedData. The MLA remembers the
    signedAttributes included in S2 for later inclusion in the new
    outer signedData that it applies to the message. The MLA strips off
    S2. The MLA then expands the recipientInformation in E1 (this
    invalidates the signature in S2 which is why it was stripped). The
    nMLA calculates a new signedData layer, S3, resulting in the
    following message sent to the ML recipients: (S3(E1(S1(Original
    Content)))). The MLA includes in S3 the attributes from S2 (unless
    it specifically replaces an attribute value) including an updated
    mlExpansionHistory attribute.

 5) A message (S3(S2(E1(S1(Original Content))))) is sent to the MLA in
    which none of the signedData layers include an MLExpansionHistory
    attribute. The MLA verifies the signature and fully processes the
    signedAttributes in S3 and S2. When the MLA encounters E1, then it
    decides that S2 is the "outer" signedData since S2 encapsulates E1.
    The MLA remembers the signedAttributes included in S2 for later
    inclusion in the new outer signedData that it applies to the
    message.  The MLA strips off S3 and S2. The MLA then expands the
    recipientInformation in E1 (this invalidates the signatures in S3
    and S2 which is why they were stripped). The MLA calculates a new
    signedData layer, S4, resulting in the following message sent to
    the ML recipients: (S4(E1(S1(Original Content)))). The MLA
    includes in S4 the attributes from S2 (unless it specifically
    replaces an attribute value) and includes a new
    mlExpansionHistory attribute.

 6) A message (S3(S2(E1(S1(Original Content))))) is sent to the MLA in
    which S3 includes an MLExpansionHistory attribute. In this case,
    the MLA verifies the signature and fully processes the
    signedAttributes in S3. The MLA finds the mlExpansionHistory in S3,
    so it decides that S3 is the "outer" signedData. The MLA remembers
    the signedAttributes included in S3 for later inclusion in the new
    outer signedData that it applies to the message. The MLA keeps on
    parsing encapsulated layers because it must determine if there are
    any eSSSecurityLabel attributes contained within. The MLA verifies
    the signature and fully processes the signedAttributes in S2. When
    the MLA encounters E1, then it strips off S3 and S2. The MLA then
    expands the recipientInformation in E1 (this invalidates the
    signatures in S3 and S2 which is why they were stripped). The MLA
    calculates a new signedData layer, S4, resulting in the following
    message sent to the ML recipients: (S4(E1(S1(Original Content)))).
    The MLA includes in S4 the attributes from S3 (unless it
    specifically replaces an attribute value) including an updated
    mlExpansionHistory attribute.

To run this demo the following packages are required:

iaik_cms.jar
iaik_jce(_full).jar (IAIK-JCE Core Crypto Library).
mail.jar (JavaMail API).
activation.jar (Java Activation Framework; required for JDK versions < 1.6).

See Also:: MLExpansionHistory, MLData, MLReceiptPolicy, MLA

Constructor Summary
`MLADemo()` Empty default constructor.

Method Summary
`iaik.smime.EncryptedContent`	create_E1_S1_O(java.lang.Object content, java.lang.String contentType, boolean implicitS1, iaik.x509.X509Certificate[] signerCertificatesS1, java.security.PrivateKey signerPrivateKeyS1, iaik.asn1.structures.AlgorithmID digestAlgS1, iaik.asn1.structures.AlgorithmID signatureAlgS1, iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS1, iaik.x509.X509Certificate recipientCertificate, iaik.asn1.structures.AlgorithmID cekEncrAlg, iaik.asn1.structures.AlgorithmID contentEncrAlg, int cekLength) Encrypts and signs the given content.
`iaik.smime.SignedContent`	`create_S1_O(java.lang.Object content, java.lang.String contentType, boolean implicitS1, iaik.x509.X509Certificate[] signerCertificatesS1, java.security.PrivateKey signerPrivateKeyS1, iaik.asn1.structures.AlgorithmID digestAlgS1, iaik.asn1.structures.AlgorithmID signatureAlgS1, iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS1)` Signs the given content.
`iaik.smime.SignedContent`	create_S2_E1_S1_0(java.lang.Object content, java.lang.String contentType, boolean implicitS1, iaik.x509.X509Certificate[] signerCertificatesS1, java.security.PrivateKey signerPrivateKeyS1, iaik.asn1.structures.AlgorithmID digestAlgS1, iaik.asn1.structures.AlgorithmID signatureAlgS1, iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS1, iaik.x509.X509Certificate recipientCertificate, iaik.asn1.structures.AlgorithmID cekEncrAlg, iaik.asn1.structures.AlgorithmID contentEncrAlg, int cekLength, boolean implicitS2, iaik.x509.X509Certificate[] signerCertificatesS2, java.security.PrivateKey signerPrivateKeyS2, iaik.asn1.structures.AlgorithmID digestAlgS2, iaik.asn1.structures.AlgorithmID signatureAlgS2, iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS2) Signs and encrypts and signs the given content.
`iaik.smime.SignedContent`	create_S3_S2_E1_S1_0(java.lang.Object content, java.lang.String contentType, boolean implicitS1, iaik.x509.X509Certificate[] signerCertificatesS1, java.security.PrivateKey signerPrivateKeyS1, iaik.asn1.structures.AlgorithmID digestAlgS1, iaik.asn1.structures.AlgorithmID signatureAlgS1, iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS1, iaik.x509.X509Certificate recipientCertificate, iaik.asn1.structures.AlgorithmID cekEncrAlg, iaik.asn1.structures.AlgorithmID contentEncrAlg, int cekLength, boolean implicitS2, iaik.x509.X509Certificate[] signerCertificatesS2, java.security.PrivateKey signerPrivateKeyS2, iaik.asn1.structures.AlgorithmID digestAlgS2, iaik.asn1.structures.AlgorithmID signatureAlgS2, iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS2, boolean implicitS3, iaik.x509.X509Certificate[] signerCertificatesS3, java.security.PrivateKey signerPrivateKeyS3, iaik.asn1.structures.AlgorithmID digestAlgS3, iaik.asn1.structures.AlgorithmID signatureAlgS3, iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS3) Signs and encrypts and double-signs the given content.
`iaik.smime.SignedContent`	create_S3_S2_S1_O(java.lang.Object content, java.lang.String contentType, boolean implicitS1, iaik.x509.X509Certificate[] signerCertificatesS1, java.security.PrivateKey signerPrivateKeyS1, iaik.asn1.structures.AlgorithmID digestAlgS1, iaik.asn1.structures.AlgorithmID signatureAlgS1, iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS1, boolean implicitS2, iaik.x509.X509Certificate[] signerCertificatesS2, java.security.PrivateKey signerPrivateKeyS2, iaik.asn1.structures.AlgorithmID digestAlgS2, iaik.asn1.structures.AlgorithmID signatureAlgS2, iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS2, boolean implicitS3, iaik.x509.X509Certificate[] signerCertificatesS3, java.security.PrivateKey signerPrivateKeyS3, iaik.asn1.structures.AlgorithmID digestAlgS3, iaik.asn1.structures.AlgorithmID signatureAlgS3, iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS3) Triple-signs the given content.
`iaik.smime.EncryptedContent`	`createEncryptedContent(java.lang.Object content, java.lang.String contentType, iaik.x509.X509Certificate recipientCertificate, iaik.asn1.structures.AlgorithmID cekEncrAlg, iaik.asn1.structures.AlgorithmID contentEncrAlg, int cekLength)` Creates an EncryptedContent.
`javax.mail.Message`	`createMessage(javax.mail.Session session, java.lang.String from, java.lang.String to)` Creates a new MimeMessage without content and sets the From:, To:, and Date: headers.
`static iaik.smime.ess.MLExpansionHistory`	`createMLExpansionHistory(iaik.x509.X509Certificate mlaCertificate, java.util.Date expansionTime, iaik.smime.ess.MLReceiptPolicy mlReceiptPolicy)` Creates a MLExpansionHistory containing only one MLData for the given MLA with given expansion time and MLReceiptPolicy.
`iaik.smime.SignedContent`	`createSignedContent(java.lang.Object content, java.lang.String contentType, boolean implicit, iaik.x509.X509Certificate[] signerCertificates, java.security.PrivateKey signerPrivateKey, iaik.asn1.structures.AlgorithmID digestAlg, iaik.asn1.structures.AlgorithmID signatureAlg, iaik.smime.ess.MLExpansionHistory mlExpansionHistory)` Creates a SignedContent.
`javax.activation.DataHandler`	`decrypt(iaik.smime.EncryptedContent ec, java.security.PrivateKey privateKey, iaik.x509.X509Certificate certificate)` Decrypts the encrypted content with the given key of the identified recipient.
`void`	`dumpContent(javax.activation.DataHandler dh)` Dumps the content of the original multipart message.
`static void`	`main(java.lang.String[] argv)` Main method.
`iaik.smime.SignedContent`	`processMessageForMLA(javax.mail.Message msg, boolean implicit, java.lang.String debugID)`
`static void`	`readMLExpansionHistory(iaik.smime.SignedContent signedContent, int count)` Reads the MLExpansionHistory attribute from the given signed data and dumps the included MLData structures.
`void`	`start()` Runs the demo samples.
`void`	`test_E1_S1_O(javax.mail.Session session, javax.mail.Multipart mp, byte[] dsBytes, boolean implicit)` Tests the MLA behaviour for a encrypted and signed signed message according to sample 4.2.1,3) of RFC2634: A message (E1(S1(Original Content))) (where E = envelopedData) is sent to the MLA in which S1 does not include an MLExpansionHistory attribute.
`void`	`test_S1_O(javax.mail.Session session, javax.mail.Multipart mp, byte[] dsBytes, boolean implicit)` Tests the MLA behaviour for a simple signed message according to sample 4.2.1,1) of RFC2634: A message (S1(Original Content)) (where S = SignedData) is sent to the MLA in which the signedData layer does not include an MLExpansionHistory attribute.
`void`	`test_S2_E1_S1_O(javax.mail.Session session, javax.mail.Multipart mp, byte[] dsBytes, boolean implicit)` Tests the MLA behaviour for signed encrypted and signed signed message according to sample 4.2.1,4) of RFC2634: A message (S2(E1(S1(Original Content)))) is sent to the MLA in which S2 includes an MLExpansionHistory attribute.
`void`	`test_S3_S2_E1_S1_O(javax.mail.Session session, javax.mail.Multipart mp, byte[] dsBytes, boolean implicit, boolean includeMLExpansionHistoryInS3)` Tests the MLA behaviour for double signed encrypted and signed signed message according to sample 4.2.1,5) of RFC2634: A message (S3(S2(E1(S1(Original Content))))) is sent to the MLA in which none of the signedData layers include an MLExpansionHistory attribute.
`void`	`test_S3_S2_S1_O(javax.mail.Session session, javax.mail.Multipart mp, byte[] dsBytes, boolean implicit)` Tests the MLA behaviour for a triple signed message according to sample 4.2.1,2) of RFC2634: A message (S3(S2(S1(Original Content)))) is sent to the MLA in which none of the signedData layers includes an MLExpansionHistory attribute.
`javax.activation.DataHandler`	`verify(iaik.smime.SignedContent sc, iaik.x509.X509Certificate signerCert)` Verifies the signature of the given SignedContent and returns the inherent content data.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

MLADemo

public MLADemo()

Empty default constructor. Reads all required keys and certificates from the demo keystore (created by running @link demo.keystore.SetupCMSKeySrore) stored at "cms.keystore" in your current working directoy. Inits the ML agent.

Method Detail

start

public void start()

Runs the demo samples.

test_S1_O

public void test_S1_O(javax.mail.Session session,
                      javax.mail.Multipart mp,
                      byte[] dsBytes,
                      boolean implicit)
               throws java.lang.Exception

Tests the MLA behaviour for a simple signed message according to sample 4.2.1,1) of RFC2634:

 A message (S1(Original Content)) (where S = SignedData) is sent to
 the MLA in which the signedData layer does not include an
 MLExpansionHistory attribute. The MLA verifies and fully processes
 the signedAttributes in S1.  The MLA decides that there is not an
 original, received "outer" signedData layer since it finds the
 original content, but never finds an envelopedData and never finds
 an mlExpansionHistory attribute. The MLA calculates a new
 signedData layer, S2, resulting in the following message sent to
 the ML recipients: (S2(S1(Original Content))). The MLA includes an
 mlExpansionHistory attribute in S2.

Parameters:: session - the current mail session; mp - the multipart content; dsBytes - the original content dataSorce bytes for comparison; implicit - whether implicit (content included) or explicit signing shall be used
Throws:: java.lang.Exception - if an error coours

test_S3_S2_S1_O

public void test_S3_S2_S1_O(javax.mail.Session session,
                            javax.mail.Multipart mp,
                            byte[] dsBytes,
                            boolean implicit)
                     throws java.lang.Exception

Tests the MLA behaviour for a triple signed message according to sample 4.2.1,2) of RFC2634:

 A message (S3(S2(S1(Original Content)))) is sent to the MLA in
 which none of the signedData layers includes an MLExpansionHistory
 attribute. The MLA verifies and fully processes the
 signedAttributes in S3, S2 and S1. The MLA decides that there is
 not an original, received "outer" signedData layer since it finds
 the original content, but never finds an envelopedData and never
 finds an mlExpansionHistory attribute. The MLA calculates a new
 signedData layer, S4, resulting in the following message sent to
 the ML recipients: (S4(S3(S2(S1(Original Content))))). The MLA 
 includes an mlExpansionHistory attribute in S4.

Parameters:: session - the current mail session; mp - the multipart content; dsBytes - the original content dataSorce bytes for comparison; implicit - whether implicit (content included) or explicit signing shall be used
Throws:: java.lang.Exception - if an error coours

test_E1_S1_O

public void test_E1_S1_O(javax.mail.Session session,
                         javax.mail.Multipart mp,
                         byte[] dsBytes,
                         boolean implicit)
                  throws java.lang.Exception

Tests the MLA behaviour for a encrypted and signed signed message according to sample 4.2.1,3) of RFC2634:

 A message (E1(S1(Original Content))) (where E = envelopedData) is
 sent to the MLA in which S1 does not include an MLExpansionHistory
 attribute.  The MLA decides that there is not an original,
 received "outer" signedData layer since it finds the E1 as the
 outer layer.  The MLA expands the recipientInformation in E1. The
 MLA calculates a new signedData layer, S2, resulting in the
 following message sent to the ML recipients:
 (S2(E1(S1(Original Content)))). The MLA includes an
 mlExpansionHistory attribute in S2.

Parameters:: session - the current mail session; mp - the multipart content; dsBytes - the original content dataSorce bytes for comparison; implicit - whether implicit (content included) or explicit signing shall be used
Throws:: java.lang.Exception - if an error coours

test_S2_E1_S1_O

public void test_S2_E1_S1_O(javax.mail.Session session,
                            javax.mail.Multipart mp,
                            byte[] dsBytes,
                            boolean implicit)
                     throws java.lang.Exception

Tests the MLA behaviour for signed encrypted and signed signed message according to sample 4.2.1,4) of RFC2634:

 A message (S2(E1(S1(Original Content)))) is sent to the MLA in
 which S2 includes an MLExpansionHistory attribute. The MLA verifies
 the signature and fully processes the signedAttributes in S2. The
 MLA finds the mlExpansionHistory attribute in S2, so it decides
 that S2 is the "outer" signedData. The MLA remembers the
 signedAttributes included in S2 for later inclusion in the new
 outer signedData that it applies to the message. The MLA strips off
 S2. The MLA then expands the recipientInformation in E1 (this
 invalidates the signature in S2 which is why it was stripped). The
 nMLA calculates a new signedData layer, S3, resulting in the
 following message sent to the ML recipients: (S3(E1(S1(Original
 Content)))). The MLA includes in S3 the attributes from S2 (unless
 it specifically replaces an attribute value) including an updated
 mlExpansionHistory attribute.

Parameters:: session - the current mail session; mp - the multipart content; dsBytes - the original content dataSorce bytes for comparison; implicit - whether implicit (content included) or explicit signing shall be used
Throws:: java.lang.Exception - if an error coours

test_S3_S2_E1_S1_O

public void test_S3_S2_E1_S1_O(javax.mail.Session session,
                               javax.mail.Multipart mp,
                               byte[] dsBytes,
                               boolean implicit,
                               boolean includeMLExpansionHistoryInS3)
                        throws java.lang.Exception

Tests the MLA behaviour for double signed encrypted and signed signed message according to sample 4.2.1,5) of RFC2634:

 A message (S3(S2(E1(S1(Original Content))))) is sent to the MLA in
 which none of the signedData layers include an MLExpansionHistory
 attribute. The MLA verifies the signature and fully processes the
 signedAttributes in S3 and S2. When the MLA encounters E1, then it
 decides that S2 is the "outer" signedData since S2 encapsulates E1.
 The MLA remembers the signedAttributes included in S2 for later
 inclusion in the new outer signedData that it applies to the
 message.  The MLA strips off S3 and S2. The MLA then expands the
 recipientInformation in E1 (this invalidates the signatures in S3
 and S2 which is why they were stripped). The MLA calculates a new
 signedData layer, S4, resulting in the following message sent to
 the ML recipients: (S4(E1(S1(Original Content)))). The MLA
 includes in S4 the attributes from S2 (unless it specifically
 replaces an attribute value) and includes a new
 mlExpansionHistory attribute.

Parameters:: session - the current mail session; mp - the multipart content; dsBytes - the original content dataSorce bytes for comparison; implicit - whether implicit (content included) or explicit signing shall be used; includeMLExpansionHistoryInS3 - whether to include an MLExpansionHistory in the the outermost signed layer (S3) of the original message
Throws:: java.lang.Exception - if an error coours

createMessage

public javax.mail.Message createMessage(javax.mail.Session session,
                                        java.lang.String from,
                                        java.lang.String to)
                                 throws javax.mail.MessagingException

Creates a new MimeMessage without content and sets the From:, To:, and Date: headers.

Parameters:: session - the current mail session; from - the address of the sender of the message; to - the address of the indented message recipient
Returns:: the new created MimeMessage
Throws:: javax.mail.MessagingException - if an error occurs when setting the message headers

createSignedContent

public iaik.smime.SignedContent createSignedContent(java.lang.Object content,
                                                    java.lang.String contentType,
                                                    boolean implicit,
                                                    iaik.x509.X509Certificate[] signerCertificates,
                                                    java.security.PrivateKey signerPrivateKey,
                                                    iaik.asn1.structures.AlgorithmID digestAlg,
                                                    iaik.asn1.structures.AlgorithmID signatureAlg,
                                                    iaik.smime.ess.MLExpansionHistory mlExpansionHistory)
                                             throws javax.mail.MessagingException

Creates a SignedContent.

Parameters:: content - the content to be signed; contentType - the MIME type of the content; implicit - whether to create an implicit (application/pkcs7-mime) or explicit (multipart/signed) message; signerCertificates - the certificate chain of the signer; signerPrivateKey - the private key to be used for signing the content; digestAlg - the algorithm to be used for digest calculation; signatureAlg - the algorithm to be used for signature calculation; mlExpansionHistory - MLExpansionHistory attribute to be added; maybe null
Returns:: the SignedContent
Throws:: javax.mail.MessagingException - if a problem occurs when creating the SignedContent

createEncryptedContent

public iaik.smime.EncryptedContent createEncryptedContent(java.lang.Object content,
                                                          java.lang.String contentType,
                                                          iaik.x509.X509Certificate recipientCertificate,
                                                          iaik.asn1.structures.AlgorithmID cekEncrAlg,
                                                          iaik.asn1.structures.AlgorithmID contentEncrAlg,
                                                          int cekLength)
                                                   throws javax.mail.MessagingException

Creates an EncryptedContent.

Parameters:: content - the content to be encrypted; contentType - the MIME type of the content; recipientCertificate - the encryption certificate of the recipient; cekEncrAlg - the algorithm to be used for encrypting the symmetric content encryption key (e.g. AlgorithmID.rsaEncryption); contentEncrAlg - the symmetric key to be used for encrypting the content, e.g. AlgorithmID.aes256_CBC; cekLength - the length of the temporary content encryption key to be generated (e.g. 256)
Returns:: the EncryptedContent
Throws:: javax.mail.MessagingException - if a problem occurs when creating the EncryptedContent

create_S1_O

public iaik.smime.SignedContent create_S1_O(java.lang.Object content,
                                            java.lang.String contentType,
                                            boolean implicitS1,
                                            iaik.x509.X509Certificate[] signerCertificatesS1,
                                            java.security.PrivateKey signerPrivateKeyS1,
                                            iaik.asn1.structures.AlgorithmID digestAlgS1,
                                            iaik.asn1.structures.AlgorithmID signatureAlgS1,
                                            iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS1)
                                     throws javax.mail.MessagingException

Signs the given content.

Parameters:: content - the content to be signed; contentType - the MIME type of the content; implicitS1 - whether to create an implicit (application/pkcs7-mime) or explicit (multipart/signed) message; signerCertificatesS1 - the certificate chain of the signer; signerPrivateKeyS1 - the private key to be used for signing the content; digestAlgS1 - the algorithm to be used for digest calculation; signatureAlgS1 - the algorithm to be used for signature calculation; mlExpansionHistoryS1 - MLExpansionHistory attribute to be added; maybe null
Returns:: the SignedContent
Throws:: javax.mail.MessagingException - if a problem occurs when creating the SignedContent

create_S3_S2_S1_O

public iaik.smime.SignedContent create_S3_S2_S1_O(java.lang.Object content,
                                                  java.lang.String contentType,
                                                  boolean implicitS1,
                                                  iaik.x509.X509Certificate[] signerCertificatesS1,
                                                  java.security.PrivateKey signerPrivateKeyS1,
                                                  iaik.asn1.structures.AlgorithmID digestAlgS1,
                                                  iaik.asn1.structures.AlgorithmID signatureAlgS1,
                                                  iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS1,
                                                  boolean implicitS2,
                                                  iaik.x509.X509Certificate[] signerCertificatesS2,
                                                  java.security.PrivateKey signerPrivateKeyS2,
                                                  iaik.asn1.structures.AlgorithmID digestAlgS2,
                                                  iaik.asn1.structures.AlgorithmID signatureAlgS2,
                                                  iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS2,
                                                  boolean implicitS3,
                                                  iaik.x509.X509Certificate[] signerCertificatesS3,
                                                  java.security.PrivateKey signerPrivateKeyS3,
                                                  iaik.asn1.structures.AlgorithmID digestAlgS3,
                                                  iaik.asn1.structures.AlgorithmID signatureAlgS3,
                                                  iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS3)
                                           throws javax.mail.MessagingException

Triple-signs the given content.

Parameters:: content - the content to be signed; contentType - the MIME type of the content; implicitS1 - if the first signature shall be implicit (application/pkcs7-mime) or explicit (multipart/signed); signerCertificatesS1 - the certificate chain of the first signer; signerPrivateKeyS1 - the private key of the first signer; digestAlgS1 - the digest algorithm to be used for digest calculation by the innermost SignedContent; signatureAlgS1 - the algorithm to be used for signature calculation by the innermost SignedContent; mlExpansionHistoryS1 - MLExpansionHistory attribute to be added to the innermost SignedContent; maybe null; implicitS2 - if the second signature shall be implicit (application/pkcs7-mime) or explicit (multipart/signed); signerCertificatesS2 - the certificate chain of the second signer; signerPrivateKeyS2 - the private key of the second signer; digestAlgS2 - the digest algorithm to be used for digest calculation by the middle SignedContent; signatureAlgS2 - the algorithm to be used for signature calculation by the middle SignedContent; mlExpansionHistoryS2 - MLExpansionHistory attribute to be added to the middle SignedContent; maybe null; implicitS3 - if the first signature shall be implicit (application/pkcs7-mime) or explicit (multipart/signed); signerCertificatesS3 - the certificate chain of the third signer; signerPrivateKeyS3 - the private key of the third signer; digestAlgS3 - the digest algorithm to be used for digest calculation by the outermost SignedContent; signatureAlgS3 - the algorithm to be used for signature calculation by the outermost SignedContent; mlExpansionHistoryS3 - MLExpansionHistory attribute to be added for the outermost SignedContent; maybe null
Returns:: the SignedContent
Throws:: javax.mail.MessagingException - if a problem occurs when creating the SignedContent

create_E1_S1_O

public iaik.smime.EncryptedContent create_E1_S1_O(java.lang.Object content,
                                                  java.lang.String contentType,
                                                  boolean implicitS1,
                                                  iaik.x509.X509Certificate[] signerCertificatesS1,
                                                  java.security.PrivateKey signerPrivateKeyS1,
                                                  iaik.asn1.structures.AlgorithmID digestAlgS1,
                                                  iaik.asn1.structures.AlgorithmID signatureAlgS1,
                                                  iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS1,
                                                  iaik.x509.X509Certificate recipientCertificate,
                                                  iaik.asn1.structures.AlgorithmID cekEncrAlg,
                                                  iaik.asn1.structures.AlgorithmID contentEncrAlg,
                                                  int cekLength)
                                           throws javax.mail.MessagingException

Encrypts and signs the given content.

Parameters:: content - the content to be signed; contentType - the MIME type of the content; implicitS1 - whether to create an implicit (application/pkcs7-mime) or explicit (multipart/signed) message; signerCertificatesS1 - the certificate chain of the signer; signerPrivateKeyS1 - the private key to be used for signing the content; digestAlgS1 - the algorithm to be used for digest calculation; signatureAlgS1 - the algorithm to be used for signature calculation; mlExpansionHistoryS1 - MLExpansionHistory attribute to be added; maybe null; recipientCertificate - the encryption certificate of the recipient; cekEncrAlg - the algorithm to be used for encrypting the symmetric content encryption key (e.g. AlgorithmID.rsaEncryption); contentEncrAlg - the symmetric key to be used for encrypting the content, e.g. AlgorithmID.aes256_CBC; cekLength - the length of the temporary content encryption key to be generated (e.g. 256)
Returns:: the signed and encrypted message
Throws:: javax.mail.MessagingException - if a problem occurs when creating the SignedContent or EncryptedContent

create_S2_E1_S1_0

public iaik.smime.SignedContent create_S2_E1_S1_0(java.lang.Object content,
                                                  java.lang.String contentType,
                                                  boolean implicitS1,
                                                  iaik.x509.X509Certificate[] signerCertificatesS1,
                                                  java.security.PrivateKey signerPrivateKeyS1,
                                                  iaik.asn1.structures.AlgorithmID digestAlgS1,
                                                  iaik.asn1.structures.AlgorithmID signatureAlgS1,
                                                  iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS1,
                                                  iaik.x509.X509Certificate recipientCertificate,
                                                  iaik.asn1.structures.AlgorithmID cekEncrAlg,
                                                  iaik.asn1.structures.AlgorithmID contentEncrAlg,
                                                  int cekLength,
                                                  boolean implicitS2,
                                                  iaik.x509.X509Certificate[] signerCertificatesS2,
                                                  java.security.PrivateKey signerPrivateKeyS2,
                                                  iaik.asn1.structures.AlgorithmID digestAlgS2,
                                                  iaik.asn1.structures.AlgorithmID signatureAlgS2,
                                                  iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS2)
                                           throws javax.mail.MessagingException

Signs and encrypts and signs the given content.

Parameters:: content - the content to be signed; contentType - the MIME type of the content; implicitS1 - if the first signature shall be implicit (application/pkcs7-mime) or explicit (multipart/signed); signerCertificatesS1 - the certificate chain of the first signer; signerPrivateKeyS1 - the private key of the first signer; digestAlgS1 - the digest algorithm to be used for digest calculation by the innermost SignedContent; signatureAlgS1 - the algorithm to be used for signature calculation by the innermost SignedContent; mlExpansionHistoryS1 - MLExpansionHistory attribute to be added to the innermost SignedContent; maybe null; recipientCertificate - the encryption certificate of the recipient; cekEncrAlg - the algorithm to be used for encrypting the symmetric content encryption key (e.g. AlgorithmID.rsaEncryption); contentEncrAlg - the symmetric key to be used for encrypting the content, e.g. AlgorithmID.aes256_CBC; cekLength - the length of the temporary content encryption key to be generated (e.g. 256); implicitS2 - if the second signature shall be implicit (application/pkcs7-mime) or explicit (multipart/signed); signerCertificatesS2 - the certificate chain of the second signer; signerPrivateKeyS2 - the private key of the second signer; digestAlgS2 - the digest algorithm to be used for digest calculation by the outer SignedContent; signatureAlgS2 - the algorithm to be used for signature calculation by the outer SignedContent; mlExpansionHistoryS2 - MLExpansionHistory attribute to be added to the outer SignedContent; maybe null
Returns:: the signed and encrypted and signed message
Throws:: javax.mail.MessagingException - if a problem occurs when creating a SignedContent or EncryptedContent

create_S3_S2_E1_S1_0

public iaik.smime.SignedContent create_S3_S2_E1_S1_0(java.lang.Object content,
                                                     java.lang.String contentType,
                                                     boolean implicitS1,
                                                     iaik.x509.X509Certificate[] signerCertificatesS1,
                                                     java.security.PrivateKey signerPrivateKeyS1,
                                                     iaik.asn1.structures.AlgorithmID digestAlgS1,
                                                     iaik.asn1.structures.AlgorithmID signatureAlgS1,
                                                     iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS1,
                                                     iaik.x509.X509Certificate recipientCertificate,
                                                     iaik.asn1.structures.AlgorithmID cekEncrAlg,
                                                     iaik.asn1.structures.AlgorithmID contentEncrAlg,
                                                     int cekLength,
                                                     boolean implicitS2,
                                                     iaik.x509.X509Certificate[] signerCertificatesS2,
                                                     java.security.PrivateKey signerPrivateKeyS2,
                                                     iaik.asn1.structures.AlgorithmID digestAlgS2,
                                                     iaik.asn1.structures.AlgorithmID signatureAlgS2,
                                                     iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS2,
                                                     boolean implicitS3,
                                                     iaik.x509.X509Certificate[] signerCertificatesS3,
                                                     java.security.PrivateKey signerPrivateKeyS3,
                                                     iaik.asn1.structures.AlgorithmID digestAlgS3,
                                                     iaik.asn1.structures.AlgorithmID signatureAlgS3,
                                                     iaik.smime.ess.MLExpansionHistory mlExpansionHistoryS3)
                                              throws javax.mail.MessagingException

Signs and encrypts and double-signs the given content.

Parameters:: content - the content to be signed; contentType - the MIME type of the content; implicitS1 - if the first signature shall be implicit (application/pkcs7-mime) or explicit (multipart/signed); signerCertificatesS1 - the certificate chain of the first signer; signerPrivateKeyS1 - the private key of the first signer; digestAlgS1 - the digest algorithm to be used for digest calculation by the innermost SignedContent; signatureAlgS1 - the algorithm to be used for signature calculation by the innermost SignedContent; mlExpansionHistoryS1 - MLExpansionHistory attribute to be added to the innermost SignedContent; maybe null; recipientCertificate - the encryption certificate of the recipient; cekEncrAlg - the algorithm to be used for encrypting the symmetric content encryption key (e.g. AlgorithmID.rsaEncryption); contentEncrAlg - the symmetric key to be used for encrypting the content, e.g. AlgorithmID.aes256_CBC; cekLength - the length of the temporary content encryption key to be generated (e.g. 256); implicitS2 - if the second signature shall be implicit (application/pkcs7-mime) or explicit (multipart/signed); signerCertificatesS2 - the certificate chain of the second signer; signerPrivateKeyS2 - the private key of the second signer; digestAlgS2 - the digest algorithm to be used for digest calculation by the middle SignedContent; signatureAlgS2 - the algorithm to be used for signature calculation by the middle SignedContent; mlExpansionHistoryS2 - MLExpansionHistory attribute to be added to the middle SignedContent; maybe null; implicitS3 - if the first signature shall be implicit (application/pkcs7-mime) or explicit (multipart/signed); signerCertificatesS3 - the certificate chain of the third signer; signerPrivateKeyS3 - the private key of the third signer; digestAlgS3 - the digest algorithm to be used for digest calculation by the outermost SignedContent; signatureAlgS3 - the algorithm to be used for signature calculation by the outermost SignedContent; mlExpansionHistoryS3 - MLExpansionHistory attribute to be added for the outermost SignedContent; maybe null
Returns:: the signed and encrypted and double-signed message
Throws:: javax.mail.MessagingException - if a problem occurs when creating a SignedContent or EncryptedContent

decrypt

public javax.activation.DataHandler decrypt(iaik.smime.EncryptedContent ec,
                                            java.security.PrivateKey privateKey,
                                            iaik.x509.X509Certificate certificate)
                                     throws iaik.smime.SMimeException

Decrypts the encrypted content with the given key of the identified recipient.

Parameters:: ec - the EncryptedContent to be decrypted; privateKey - the private key to be used to decrypt the encrypted content; certificate - the certificate identifying the recipient for which to decrypt the encrypted content
Returns:: the DataHandler holding the recovered (decrypted) content
Throws:: iaik.smime.SMimeException - if an error occurs while decrypting the content

verify

public javax.activation.DataHandler verify(iaik.smime.SignedContent sc,
                                           iaik.x509.X509Certificate signerCert)
                                    throws iaik.cms.CMSSignatureException,
                                           javax.mail.MessagingException,
                                           iaik.smime.ess.ESSException

Verifies the signature of the given SignedContent and returns the inherent content data.

Parameters:: sc - the SignedContent to be verified; signerCert - the certificate of the signer (to check if the message has been signed by the expected entity)
Returns:: the inherent content data
Throws:: iaik.cms.CMSSignatureException - if the signature is invalid; iaik.smime.ess.ESSException - if an error occurs when accessing the inherent content or the message has been signed by an unexpected entity; javax.mail.MessagingException - if an error occurs when accessing the content

dumpContent

public void dumpContent(javax.activation.DataHandler dh)
                 throws java.io.IOException,
                        javax.mail.MessagingException

Dumps the content of the original multipart message.

Parameters:: dh - the dataHandler supplying the content of the original message
Throws:: java.io.IOException - if an I/O error occurs while dumping the content; javax.mail.MessagingException - if an error occurs while reading the body parts of the message

processMessageForMLA

public iaik.smime.SignedContent processMessageForMLA(javax.mail.Message msg,
                                                     boolean implicit,
                                                     java.lang.String debugID)
                                              throws iaik.smime.ess.utils.ESSLayerException,
                                                     iaik.smime.ess.ESSException

Throws:: iaik.smime.ess.utils.ESSLayerException; iaik.smime.ess.ESSException

createMLExpansionHistory

public static iaik.smime.ess.MLExpansionHistory createMLExpansionHistory(iaik.x509.X509Certificate mlaCertificate,
                                                                         java.util.Date expansionTime,
                                                                         iaik.smime.ess.MLReceiptPolicy mlReceiptPolicy)

Creates a MLExpansionHistory containing only one MLData for the given MLA with given expansion time and MLReceiptPolicy.

Parameters:: mlaCertificate - the certificate of the MLA from which to create the MLData EntityIdentiifier of type IssuerAndSerialNumber; expansionTime - the expansion time; mlReceiptPolicy - the MLReceiptPolicy; may be null
Returns:: the newly created MLExpansionHistory

readMLExpansionHistory

public static void readMLExpansionHistory(iaik.smime.SignedContent signedContent,
                                          int count)
                                   throws java.lang.Exception

Reads the MLExpansionHistory attribute from the given signed data and dumps the included MLData structures.

Parameters:: signedContent - the (MLA created) SignedContent to be parsed for the MLExpansionHistory attribute; count - the (expected) number of MLData entries included in the MLExpansionHistory attribute
Throws:: java.lang.Exception - if an error occurs when parsing the MLExpansionHistory attribute, or if no MLExpansionHistory attribute is inlcuded or if the MLExpansionHistory does contain an unexpected number of MLData entries

main

public static void main(java.lang.String[] argv)
                 throws java.lang.Exception

Main method.

Throws:: java.lang.Exception