// Copyright (C) 2002 IAIK
// https://sic.tech/
//
// Copyright (C) 2003 - 2025 Stiftung Secure Information and 
//                           Communication Technologies SIC
// https://sic.tech/
//
// All rights reserved.
//
// This source is provided for inspection purposes and recompilation only,
// unless specified differently in a contract with IAIK. This source has to
// be kept in strict confidence and must not be disclosed to any third party
// under any circumstances. Redistribution in source and binary forms, with
// or without modification, are <not> permitted in any case!
//
// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
// ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
// SUCH DAMAGE.
//
// $Header: /IAIK-CMS/current/src/demo/smime/ecc/SimpleSMimeV4EcDemo.java 5     12.02.25 17:59 Dbratko $
// $Revision: 5 $
//

package demo.smime.ecc;

import java.security.PrivateKey;

import jakarta.activation.DataHandler;
import jakarta.mail.Session;

import demo.DemoSMimeUtil;
import demo.DemoUtil;
import demo.cms.ecc.ECCDemoUtil;
import demo.cms.ecc.keystore.CMSEccKeyStore;
import iaik.asn1.structures.AlgorithmID;
import iaik.cms.CMSAlgorithmID;
import iaik.utils.KeyAndCertificate;
import iaik.x509.X509Certificate;

/**
 * This class demonstrates the usage of the IAIK S/MIME implementation. It shows how to create
 * signed and/or (authenticated) encrypted S/MIMEv4 messages using EC keys and how to parse them
 * and verify the signatures and decrypt the content, respectively.
 * <p>
 * This demo uses one set of cryptographic algorithms. A demo that uses several combinations of algorithms
 * is shown in {@link SMimeV4EccDemo SMimeV4EccDemo}.
 * <p>
 * Additionally to <code>iaik_cms.jar</code> you also must have 
 * <code>iaik_jce_(full).jar</code> (IAIK-JCE, <a href =
 * "https://sic.tech/products/core-crypto-toolkits/jca-jce/" target="_blank">
 * https://sic.tech/products/core-crypto-toolkits/jca-jce/</a>),
 * and <code>iaik_eccelarate.jar</code> (IAIK-ECCelerate<sup><small>TM</small></sup>, <a href =
 * "https://sic.tech/products/core-crypto-toolkits/eccelerate/" target="_blank">
 * https://sic.tech/products/core-crypto-toolkits/eccelerate/</a>)
 * in your classpath.
 * <p>
 * To run this demo the following packages are required:
 * <ul>
 *    <li>
 *       <code>iaik_cms.jar</code> (IAIK-CMS/SMIME)
 *    </li>
 *    <li>
 *       <code>iaik_jce(_full).jar</code> (<a href="https://sic.tech/products/core-crypto-toolkits/jca-jce/" target="_blank">IAIK-JCE Core Crypto Library</a>).
 *    </li>
 *    <li>
 *       <code>iaik_eccelerate.jar</code> (<a href="https://sic.tech/products/core-crypto-toolkits/eccelerate/" target="_blank">IAIK ECC Library</a>).
 *    </li>
 *    <li>
 *       <a href="https://jakarta.ee/specifications/mail/" target="_blank">Jakarta</a>/<a href="https://eclipse-ee4j.github.io/angus-mail/" target="_blank">Angus</a> Mail
 *    </li>   
 *    <li>
 *       <a href="https://jakarta.ee/specifications/activation/" target="_blank">Jakarta Activation Framework</a>
 *    </li> 
 * </ul>
 */
public class SimpleSMimeV4EcDemo extends SMimeV4EccDemo {
 
  /**
   * Default constructor. 
   */
  public SimpleSMimeV4EcDemo() {
    
    System.out.println();
    System.out.println("********************************************************************************************");
    System.out.println("*                                SimpleSMimeV4EcDemo demo                                  *");
    System.out.println("* (shows how to create and parse (verify, decrypt) signed and encrypted S/MIMEv4 messages) *");
    System.out.println("********************************************************************************************");
    System.out.println();

  }
  
   
  /**
   * Starts the demo.
   *
   * @throws Exception if an error occurs
   */
  public void start() throws Exception {
    
    // get the default Session
    Session session = DemoSMimeUtil.getSession();

    // Create a demo Multipart
    DataHandler multipart = createMultipart();
    
    // get signer key and certs
    KeyAndCertificate signerKeyAndCert = getSignerKeyAndCert();
    PrivateKey signerKey = signerKeyAndCert.getPrivateKey();
    X509Certificate[] signerCerts = signerKeyAndCert.getCertificateChain();
     
    // the digest and signature algorithms to be used
    AlgorithmID digestAlg = getDigestAlgorithm();
    AlgorithmID signatureAlg = getSignatureAlgorithm();
   
    /**************************************************************************/
    /*                                                                        */
    /*                               Signing Demo                             */
    /*                                                                        */
    /**************************************************************************/
    
    System.out.println("Running signing demo for " + signatureAlg.getName());
    startSigningDemo(session, 
                     multipart, 
                     digestAlg, 
                     signatureAlg, 
                     signerKey,
                     signerCerts);
     
    // (authenticated) encryption demos
    
    // get recipient certs
    X509Certificate[] recipientCerts = getRecipientCerts();
     
    //  the key encryption algorithms to be used
    AlgorithmID keyEA = AlgorithmID.dhSinglePass_stdDH_sha256kdf_scheme;
    // key wrap algorithms
    AlgorithmID keyWrapAlg = CMSAlgorithmID.cms_aes256_wrap;
    int kekLength = 256;
    int keyLength = 256;
    
    // whether to encrypt or authenticated encrypt
    boolean[] doAuthEncrypt = { false, true };
    for (int h = 0; h < doAuthEncrypt.length; h++) {
      boolean authEncrypt = doAuthEncrypt[h]; 
      AlgorithmID contentEA = authEncrypt ? AlgorithmID.aes256_GCM : AlgorithmID.aes256_CBC;
      
      /**************************************************************************/
      /*                                                                        */
      /*                  (Authenticated) Encryption Demo                       */
      /*                                                                        */
      /**************************************************************************/
      
      System.out.println("Running " + (authEncrypt ? "authenticated" : "") + "encryption demo for " + 
                        keyEA.getName() + " with " + keyWrapAlg.getName() +" and " + contentEA.getName());
      startEncryptionDemo(session,
                          contentEA, 
                          keyLength, 
                          keyEA,
                          keyWrapAlg,
                          kekLength,
                          authEncrypt, 
                          recipientCerts);
      
      /**************************************************************************/
      /*                                                                        */
      /*             Signing and (Authenticated) Encryption Demo                */
      /*                                                                        */
      /**************************************************************************/
            
      startSigningAndEncryptionDemo(session,
                                    multipart,
                                    digestAlg,
                                    signatureAlg,
                                    contentEA, 
                                    keyLength, 
                                    keyEA,
                                    keyWrapAlg,
                                    kekLength,
                                    authEncrypt,  
                                    signerKey, 
                                    signerCerts,
                                    recipientCerts);
    }
    
  } 
  
  /**
   * Gets signing key and certificate.
   * 
   * @return signing key and certificate
   */
  protected KeyAndCertificate getSignerKeyAndCert() {
    return new KeyAndCertificate(
        CMSEccKeyStore.getPrivateKey(CMSEccKeyStore.ECDSA,
            CMSEccKeyStore.SZ_256_SIGN),
        CMSEccKeyStore.getCertificateChain(CMSEccKeyStore.ECDSA,
            CMSEccKeyStore.SZ_256_SIGN));
  }
  
  /**
   * Gets the digest algorithm used for signing.
   * 
   * @return the digest algorithm
   */
  protected AlgorithmID getDigestAlgorithm() {
    return AlgorithmID.sha256;
  }
  
  /**
   * Gets the signature algorithm.
   * 
   * @return the signature algorithm
   */
  protected AlgorithmID getSignatureAlgorithm() {
    return AlgorithmID.ecdsa_With_SHA256;
  }
  
  /**
   * Gets the recipient certificates.
   * 
   * @return the certificates of the recipients
   */
  protected X509Certificate[] getRecipientCerts() {
    X509Certificate[] recipientCerts = {
        CMSEccKeyStore.getCertificateChain(CMSEccKeyStore.ECDH,
                CMSEccKeyStore.SZ_256_CRYPT_1)[0],
        CMSEccKeyStore.getCertificateChain(CMSEccKeyStore.ECDH,
                CMSEccKeyStore.SZ_256_CRYPT_2)[0],
    };
    return recipientCerts;
  }
  
 
  /**
   * The main method.
   */
  public static void main(String[] argv) throws Exception {
     
    DemoSMimeUtil.initDemos();
    //  add ECC provider    
    ECCDemoUtil.installIaikEccProvider();
    
        (new SimpleSMimeV4EcDemo()).start();
    System.out.println("\nReady!");
    DemoUtil.waitKey();
  }
}