iaik.smime.ess.utils
Class MLA

java.lang.Object
  iaik.smime.ess.utils.MLA

public class MLA
extends java.lang.Object

Mail list agent Handler. It may be used to resolve an S/MIME message into its several layers and subsequently create a new signed message according to section 4 (Mail List Management) of (RFC 2634) (ESS):

 In all cases, the MLA MUST sign the message to be sent to the ML
 members in a new "outer" signedData layer. The MLA MUST add or update
 an mlExpansionHistory attribute in the "outer" signedData that it
 creates to document MLA processing. If there was an "outer"
 signedData layer included in the original message received by the
 MLA, then the MLA-created "outer" signedData layer MUST include each
 signed attribute present in the original "outer" signedData layer,
 unless the MLA explicitly replaces an attribute (such as signingTime
 or mlExpansionHistory) with a new value.

 When an S/MIME message is received by the MLA, the MLA MUST first
 determine which received signedData layer, if any, is the "outer"
 signedData layer.  To identify the received "outer" signedData layer,
 the MLA MUST verify the signature and fully process the
 signedAttributes in each of the outer signedData layers (working from
 the outside in) to determine if any of them either include an
 mlExpansionHistory attribute or encapsulate an envelopedData object.

 The MLA search for the "outer" signedData layer is completed when
 it finds one of the following:

  - the "outer" signedData layer that includes an mlExpansionHistory
    attribute or encapsulates an envelopedData object
  - an envelopedData layer
  - the original content (that is, a layer that is neither
    envelopedData nor signedData).

 If the MLA finds an "outer" signedData layer, then the MLA MUST
 perform the following steps:

 1. Strip off all of the signedData layers that encapsulated the
    "outer" signedData layer

 2. Strip off the "outer" signedData layer itself (after remembering
    the included signedAttributes)

 3. Expand the envelopedData (if present)

 4. Sign the message to be sent to the ML members in a new "outer"
    signedData layer that includes the signedAttributes (unless
    explicitly replaced) from the original, received "outer" signedData
    layer.

 If the MLA finds an "outer" signedData layer that includes an
 mlExpansionHistory attribute AND the MLA subsequently finds an
 envelopedData layer buried deeper with the layers of the received
 message, then the MLA MUST strip off all of the signedData layers
 down to the envelopedData layer (including stripping off the original
 "outer" signedData layer) and MUST sign the expanded envelopedData in
 a new "outer" signedData layer that includes the signedAttributes
 (unless explicitly replaced) from the original, received "outer"
 signedData layer.

 If the MLA does not find an "outer" signedData layer AND does not
 find an envelopedData layer, then the MLA MUST sign the original,
 received message in a new "outer" signedData layer. If the MLA does
 not find an "outer" signedData AND does find an envelopedData layer
 then it MUST expand the envelopedData layer, if present, and sign it
 in a new "outer" signedData layer.
 

When creating a new MLA, a mail list identifier should be supplied to uniquely identify the MLA, e.g.:

 // signing certificate of the MLA
 X509Certificate signingCertOfMLA = ...;
 EntityIdentifier mlaID = new IssuerAndSerialNumber(signingCertOfMLA);
 MLA mla = new MLA(mlaID);
 

During message resolving the MLA ID is required to check for an expansion loop. When creating a new signed message the MLA ID is used for adding a MLData object to the MLExpansionHistory attribute.

Since a message may contain encrypted layers, a decryption key of the MLA is required to be able to decrypt an encrypted layer when resolving the input message into its layers. Decryption keys of the MLA maybe supplied when setting a KeyStoreDatabase:

 KeyStoreDatabase keyStoreDatabase = ...;
 mla.setKeyDatabase(keyStoreDatabase);
 

When creating a new message signed by the MLA it might be necessary to expand an encrypted layer for the MLA recipient list. Encryption info for the final recipients may be set via method setEncryptionInfo, e.g.:

 // information about the originator; if required:
 OriginatorInfo originatorInfo = ...;
 // the recipient list:
 RecipientInfo[] recipients = ...;
 // the content encryption algorithm to be used:
 AlgorithmID contentEA = ...;
 // the length of the content encryption key:
 int cekLength = ...;
 mla.setEncryptionInfo(originatorInfo, recipients, contentEA, cekLength); 
 

After having resolved a message into its layers, a proper createSignedContent method may be called to create a new message signed by the MLA:

 // the message to process:
 MimeMessage msg = ...;
 // resolve the message into its layers:
 ESSLayers layers = mla.resolve(msg);
 // MLA creates a new signed content:
 SignerInfo mlaSignerInfo = ...;
 X509Certificate[] mlaCerts = ...;
 boolean implicit = ...;
 SignedContent sc = mla.createSignedContent(mlaSignerInfo, mlaCerts, implicit, layers);
 

Summing up, the following sample shows how this MLA utility may be used to operate as ML agent according to (RFC 2634) (ESS):

 // Create a new MLA
 X509Certificate signingCertOfMLA = ...;
 EntityIdentifier mlaID = new IssuerAndSerialNumber(signingCertOfMLA);
 MLA mla = new MLA(mlaID);
 // a key database holds the MLA decryption keys:
 KeyStoreDatabase keyStoreDatabase = ...;
 mla.setKeyDatabase(keyStoreDatabase);
 // encryption information for the MLA recipient list:
 RecipientInfo[] recipients = ...;
 // the content encryption algorithm to be used:
 AlgorithmID contentEA = ...;
 // the length of the content encryption key:
 int cekLength = ...;
 mla.setEncryptionInfo(null, recipients, contentEA, cekLength); 
 // the message to process:
 MimeMessage msg = ...;
 // resolve the message into its layers:
 ESSLayers layers = mla.resolve(msg);
 // MLA creates a new signed content:
 SMimeSignerInfo mlaSignerInfo = ...;
 X509Certificate[] mlaCerts = ...;
 boolean implicit = ...;
 SignedContent sc = mla.createSignedContent(mlaSignerInfo, mlaCerts, implicit, layers);
 // now the MLA may send the new signed message to its recipients:
 MimeMessage mlaMsg = ...;
 mlaMsg.setContent(sc, sc.getContentType());
 sc.setHeaders(mlaMsg);
 Transport.send(mlaMsg);
 

See Also:

SignerInfo, EncryptedContent, SignedContent, SMimeSignerInfo, EntityIdentifier, MLExpansionHistory, MLData, MLReceiptPolicy, CertificateDatabase, EnvelopedESSLayer, ESSLayer, ESSLayers, KeyDatabase, KeyStoreDatabase, SignedESSLayer

Field Summary

protected java.lang.String	debugID_ An id to may be printed in front of debug messages, if set.
protected java.io.PrintWriter	debugWriter_ Writer to which debug information may be written.

Constructor Summary

MLA()
Empty default constructor.

MLA(EntityIdentifier mailListIdentifier)
Creates an MLA object for the given MailListIdentifier.

Method Summary

protected Attribute[]	createSignedAttributes(SignedESSLayer outerLayer, java.util.Date signingTime, MLReceiptPolicy receiptPolicy, X509Certificate encryptionCertificate, boolean includeEncryptionCertIDForMSOE, java.lang.String debugID) Creates a set of attributes to be added when creating a new signed outer layer.
SignedContent	createSignedContent(java.security.PrivateKey privateKey, java.util.Date signingTime, X509Certificate signerCertificate, X509Certificate[] certificates, AlgorithmID digestAlgorithm, AlgorithmID signatureAlgorithm, X509Certificate encryptionCertificate, boolean includeEncryptionCertIDForMSOE, boolean implicit, ESSLayers essLayers) Creates a new SignedData layer for the private signing key of this MLA.
SignedContent	createSignedContent(SignerInfo signerInfo, X509Certificate[] certificates, boolean implicit, ESSLayers essLayers) Creates a new SignedData layer for the private signing key of this MLA.
CertificateDatabase	getCertificateDatabase() Get the certificate database, if set.
KeyDatabase	getKeyDatabase() Get the KeyDatabase, if set.
MLReceiptPolicy	getMLReceiptPolicy() Gets the MLReceiptPolicy of this MLA.
SecurityLabelHandler	getSecurityLabelHandler() Gets the SecurityLabelHandler, if set.
boolean	getStopOnInvalidSignature() Gets whether to stop resolving a message when a signed layer is detected where some of the signatures cannot be verified successfully.
protected MLReceiptPolicy	mergeMLReceiptPolicies(MLReceiptPolicy mlAPolicy, MLReceiptPolicy mlBPolicy, java.lang.String debugID) Merges two MLReceiptPolicies belonging to two MLAs where one MLA (B) is member of the mailing list owned by the other MLA (A).
ESSLayers	resolve(javax.mail.Part part) Resolves the given part into its layers.
ESSLayers	resolve(javax.mail.Part part, java.lang.String debugID) Resolves the given part into its layers.
void	setCertificateDatabase(CertificateDatabase certDatabase) Sets the certificate database.
void	setDebugStream(java.lang.String debugID, java.io.OutputStream out) Sets the stream to which debug information shall be printed.
void	setEncryptionInfo(OriginatorInfo originatorInfo, RecipientInfo[] recipients, AlgorithmID contentEA, int cekLength) Sets any information that maybe required when it is necessary to encrypt an expanded enveloped layer before creating and signing a new message.
void	setKeyDatabase(KeyDatabase keyDatabase) Sets the KeyDatabase.
void	setMLReceiptPolicy(MLReceiptPolicy mlReceiptPolicy) Sets the MLReceiptPolicy of this MLA.
void	setSecurityLabelHandler(SecurityLabelHandler securityLabelHandler) Sets the SecurityLabelHandler.
void	setStopOnInvalidSignature(boolean stop) Sets whether to stop resolving a message when a signed layer is detected where some of the signatures cannot be verified successfully.
java.lang.String	toString() Returns a String representation of this MLA.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

debugWriter_

protected java.io.PrintWriter debugWriter_

Writer to which debug information may be written.

debugID_

protected java.lang.String debugID_

An id to may be printed in front of debug messages, if set.

Constructor Detail

MLA

public MLA()

Empty default constructor. May be used when only intending to resolve a message into its layers.

MLA

public MLA(EntityIdentifier mailListIdentifier)

Creates an MLA object for the given MailListIdentifier.

Parameters:

mailListIdentifier - the ID of the MLA that processes the MimeMessage to resolve it into its several layers

Method Detail

setKeyDatabase

public void setKeyDatabase(KeyDatabase keyDatabase)

Sets the KeyDatabase. A KeyDatabase maybe set to supply private keys if required for decrypting any included EnvelopedData layer.

Parameters:

keyDatabase - the KeyDatabase supplying private keys for EnvelopedData layer decryption

getKeyDatabase

public KeyDatabase getKeyDatabase()

Get the KeyDatabase, if set. A KeyDatabase maybe set to supply private keys if required for decrypting any included EnvelopedData layer.

Returns:

the KeyDatabase, if set

setCertificateDatabase

public void setCertificateDatabase(CertificateDatabase certDatabase)

Sets the certificate database. A CertificateDatabase maybe set to supply certificates that may be required to verify some SignedData layer that does not contain the signer certificates. No trust verifying is performed by this MLA utility.

Parameters:

certDatabase - the CertificateDatabase supplying certificates if required for verifying the signature(s) of a SignedData layer that does not contain the signer certificates

getCertificateDatabase

public CertificateDatabase getCertificateDatabase()

Get the certificate database, if set. A CertificateDatabase maybe set to supply certificates that may be required to verify some SignedData layer that does not contain the signer certificates. No trust verifying is performed by this MLA utility.

Returns:

the CertificateDatabase, if set

setSecurityLabelHandler

public void setSecurityLabelHandler(SecurityLabelHandler securityLabelHandler)

Sets the SecurityLabelHandler. A SecurityLabelHandler maybe set to decide how to process ESSSecurityLabel/EquivalentLabels attributes if included in some SignedData layer.

Parameters:

securityLabelHandler - the SecurityLabelHandler processing ESSSecurityLabel/EquivalentLabels attributes

getSecurityLabelHandler

public SecurityLabelHandler getSecurityLabelHandler()

Gets the SecurityLabelHandler, if set. A SecurityLabelHandler maybe set to decide how to process ESSSecurityLabel/EquivalentLabels attributes if included in some SignedData layer.

Returns:

the SecurityLabelHandler for processing ESSSecurityLabel/EquivalentLabels attributes, or null if no SecurityLabelHandler is set

setStopOnInvalidSignature

public void setStopOnInvalidSignature(boolean stop)

Sets whether to stop resolving a message when a signed layer is detected where some of the signatures cannot be verified successfully. If set to false the message is resolving is continued and the signature verification result is kept for later inspection.

Parameters:

stop - whether to stop message resolving if an invalid signature is detected in a signed layer or not

getStopOnInvalidSignature

public boolean getStopOnInvalidSignature()

Gets whether to stop resolving a message when a signed layer is detected where some of the signatures cannot be verified successfully. If set to false the message is resolving is continued and the signature verification rsult is kept for later inspection.

Returns:

whether to stop message resolving if an invalid signature is detected in a signed layer or not

setMLReceiptPolicy

public void setMLReceiptPolicy(MLReceiptPolicy mlReceiptPolicy)

Sets the MLReceiptPolicy of this MLA.

Parameters:

mlReceiptPolicy - the MLReceiptPolicy of this MLA.

getMLReceiptPolicy

public MLReceiptPolicy getMLReceiptPolicy()

Gets the MLReceiptPolicy of this MLA.

Returns:

the MLReceiptPolicy of this MLA, or null if no MLReceiptPolicy is set

setEncryptionInfo

public void setEncryptionInfo(OriginatorInfo originatorInfo,
                              RecipientInfo[] recipients,
                              AlgorithmID contentEA,
                              int cekLength)

Sets any information that maybe required when it is necessary to encrypt an expanded enveloped layer before creating and signing a new message.

Parameters:

originatorInfo - any originator information (certificates/crls) to be set for the expanded encrypted layer, if required

recipients - the list of recipients for which to expand an enveloped layer

contentEA - the content encryption algorithm to be used to encrypt an expanded enveloped layer

cekLength - the length of the content encryption key to be used

resolve

public ESSLayers resolve(javax.mail.Part part)
                  throws ESSLayerException

Resolves the given part into its layers. The layers are searched for signed outer and inner layer according to section 4 (Mail List Management) of (RFC 2634) (ESS):

 When an S/MIME message is received by the MLA, the MLA MUST first
 determine which received signedData layer, if any, is the "outer"
 signedData layer.  To identify the received "outer" signedData layer,
 the MLA MUST verify the signature and fully process the
 signedAttributes in each of the outer signedData layers (working from
 the outside in) to determine if any of them either include an
 mlExpansionHistory attribute or encapsulate an envelopedData object.

 The MLA search for the "outer" signedData layer is completed when
 it finds one of the following:

  - the "outer" signedData layer that includes an mlExpansionHistory
    attribute or encapsulates an envelopedData object
  - an envelopedData layer
  - the original content (that is, a layer that is neither
    envelopedData nor signedData).

 

Parameters:

part - the MIME part to be processed

Returns:

an array holding all the layers of te MIME part (the outermost layer is located at index 0, the innermost layer at index n-1)

Throws:

ESSLayerException - if an error occurs when parsing/decomposing the message

resolve

public ESSLayers resolve(javax.mail.Part part,
                         java.lang.String debugID)
                  throws ESSLayerException

Resolves the given part into its layers. The layers are searched for signed outer and inner layer according to section 4 (Mail List Management) of (RFC 2634) (ESS):

 When an S/MIME message is received by the MLA, the MLA MUST first
 determine which received signedData layer, if any, is the "outer"
 signedData layer.  To identify the received "outer" signedData layer,
 the MLA MUST verify the signature and fully process the
 signedAttributes in each of the outer signedData layers (working from
 the outside in) to determine if any of them either include an
 mlExpansionHistory attribute or encapsulate an envelopedData object.

 The MLA search for the "outer" signedData layer is completed when
 it finds one of the following:

  - the "outer" signedData layer that includes an mlExpansionHistory
    attribute or encapsulates an envelopedData object
  - an envelopedData layer
  - the original content (that is, a layer that is neither
    envelopedData nor signedData).

 

Parameters:

part - the MIME part to be processed

debugID - an ID to may be printed in front of debug messages; may be null

Returns:

an array holding all the layers of te MIME part (the outermost layer is located at index 0, the innermost layer at index n-1)

Throws:

ESSLayerException - if an error occurs when parsing/decomposing the message

createSignedContent

public SignedContent createSignedContent(SignerInfo signerInfo,
                                         X509Certificate[] certificates,
                                         boolean implicit,
                                         ESSLayers essLayers)
                                  throws java.security.NoSuchAlgorithmException,
                                         java.security.SignatureException,
                                         javax.mail.MessagingException,
                                         CodingException,
                                         ESSException

Creates a new SignedData layer for the private signing key of this MLA.

This method first searches the layers of the original message to find the outermost layer to be signed. Any attributes to be included already have to be set for the supplied SignerInfo. If the the new message will have to sign an previously encrypted content the corresponding encrypted layer will be expanded about (replaced by) the recipient list that belongs to this MLA according to section 4 (Mail List Management) of (RFC 2634) (ESS):

 In all cases, the MLA MUST sign the message to be sent to the ML
 members in a new "outer" signedData layer. The MLA MUST add or update
 an mlExpansionHistory attribute in the "outer" signedData that it
 creates to document MLA processing. If there was an "outer"
 signedData layer included in the original message received by the
 MLA, then the MLA-created "outer" signedData layer MUST include each
 signed attribute present in the original "outer" signedData layer,
 unless the MLA explicitly replaces an attribute (such as signingTime
 or mlExpansionHistory) with a new value.

 ...

 If the MLA finds an "outer" signedData layer, then the MLA MUST
 perform the following steps:

 1. Strip off all of the signedData layers that encapsulated the
    "outer" signedData layer

 2. Strip off the "outer" signedData layer itself (after remembering
    the included signedAttributes)

 3. Expand the envelopedData (if present)

 4. Sign the message to be sent to the ML members in a new "outer"
    signedData layer that includes the signedAttributes (unless
    explicitly replaced) from the original, received "outer" signedData
    layer.

 If the MLA finds an "outer" signedData layer that includes an
 mlExpansionHistory attribute AND the MLA subsequently finds an
 envelopedData layer buried deeper with the layers of the received
 message, then the MLA MUST strip off all of the signedData layers
 down to the envelopedData layer (including stripping off the original
 "outer" signedData layer) and MUST sign the expanded envelopedData in
 a new "outer" signedData layer that includes the signedAttributes
 (unless explicitly replaced) from the original, received "outer"
 signedData layer.

 If the MLA does not find an "outer" signedData layer AND does not
 find an envelopedData layer, then the MLA MUST sign the original,
 received message in a new "outer" signedData layer. If the MLA does
 not find an "outer" signedData AND does find an envelopedData layer
 then it MUST expand the envelopedData layer, if present, and sign it
 in a new "outer" signedData layer.
 

Parameters:

signerInfo - the signer information (maybe null to let this method create the required SignerInfo

certificates - any certificate to be included in the SignedData

implicit - whether to create an implicit signed (application/pkcs7-mime) or an explicit signed (multipart/signed) message

Returns:

the new created signed layer

Throws:

java.security.NoSuchAlgorithmException - if the requested digestor signature algorithm is not supported

java.security.SignatureException - if a signed outer layer is present where not all signatures can be successfully verified

javax.mail.MessagingException - if a messaging error occurs while creating the signed content

CodingException - if an error occurs during attribute parsing

ESSException - if the SignedContent cannot be created because the content to be signed cannot be resolved

createSignedContent

public SignedContent createSignedContent(java.security.PrivateKey privateKey,
                                         java.util.Date signingTime,
                                         X509Certificate signerCertificate,
                                         X509Certificate[] certificates,
                                         AlgorithmID digestAlgorithm,
                                         AlgorithmID signatureAlgorithm,
                                         X509Certificate encryptionCertificate,
                                         boolean includeEncryptionCertIDForMSOE,
                                         boolean implicit,
                                         ESSLayers essLayers)
                                  throws java.security.NoSuchAlgorithmException,
                                         java.security.SignatureException,
                                         javax.mail.MessagingException,
                                         CodingException,
                                         ESSException

Creates a new SignedData layer for the private signing key of this MLA.

This method first searches the layers of the original message to find the outermost layer to be signed. If an outer signed layer is present, any of its signed attributes are included in the new SignedData layer, except for those (e.g. signingTime, MLExpansionHistory,...) that have to be explicitly replaced/updated and are calculated by this method. If the the new message will have to sign an previously encrypted content the corresponding encrypted layer will be expanded about (replaced by) the recipient list that belongs to this MLA according to section 4 (Mail List Management) of (RFC 2634) (ESS):

 In all cases, the MLA MUST sign the message to be sent to the ML
 members in a new "outer" signedData layer. The MLA MUST add or update
 an mlExpansionHistory attribute in the "outer" signedData that it
 creates to document MLA processing. If there was an "outer"
 signedData layer included in the original message received by the
 MLA, then the MLA-created "outer" signedData layer MUST include each
 signed attribute present in the original "outer" signedData layer,
 unless the MLA explicitly replaces an attribute (such as signingTime
 or mlExpansionHistory) with a new value.

 ...

 If the MLA finds an "outer" signedData layer, then the MLA MUST
 perform the following steps:

 1. Strip off all of the signedData layers that encapsulated the
    "outer" signedData layer

 2. Strip off the "outer" signedData layer itself (after remembering
    the included signedAttributes)

 3. Expand the envelopedData (if present)

 4. Sign the message to be sent to the ML members in a new "outer"
    signedData layer that includes the signedAttributes (unless
    explicitly replaced) from the original, received "outer" signedData
    layer.

 If the MLA finds an "outer" signedData layer that includes an
 mlExpansionHistory attribute AND the MLA subsequently finds an
 envelopedData layer buried deeper with the layers of the received
 message, then the MLA MUST strip off all of the signedData layers
 down to the envelopedData layer (including stripping off the original
 "outer" signedData layer) and MUST sign the expanded envelopedData in
 a new "outer" signedData layer that includes the signedAttributes
 (unless explicitly replaced) from the original, received "outer"
 signedData layer.

 If the MLA does not find an "outer" signedData layer AND does not
 find an envelopedData layer, then the MLA MUST sign the original,
 received message in a new "outer" signedData layer. If the MLA does
 not find an "outer" signedData AND does find an envelopedData layer
 then it MUST expand the envelopedData layer, if present, and sign it
 in a new "outer" signedData layer.
 

Parameters:

privateKey - the private key of the signer

signingTime - data and time of signing

certificates - any certificate to be included in the SignedData

digestAlgorithm - the digest algorithm to be used

signatureAlgorithm - the signature algorithm to be used

encryptionCertificate - the encryption certificate of the signer (or null if signing and encryption cert are the same or no encryption certificate shall be indicated)

includeEncryptionCertIDForMSOE - if true, a private MS attribute will be included allowing MSOE to recognize the encryption cert of the signer if using different certs for signing/encryption

implicit - whether to create an implicit signed (application/pkcs7-mime) or an explicit signed (multipart/signed) message

Returns:

the new created signed layer

Throws:

java.security.NoSuchAlgorithmException - if the requested digestor signature algorithm is not supported

java.security.SignatureException - if a signed outer layer is present where not all signatures can be successfully verified

javax.mail.MessagingException - if a messaging error occurs while creating the signed content

CodingException - if an error occurs during attribute parsing

ESSException - if the SignedContent cannot be created because the content to be signed cannot be resolved

mergeMLReceiptPolicies

protected MLReceiptPolicy mergeMLReceiptPolicies(MLReceiptPolicy mlAPolicy,
                                                 MLReceiptPolicy mlBPolicy,
                                                 java.lang.String debugID)

Merges two MLReceiptPolicies belonging to two MLAs where one MLA (B) is member of the mailing list owned by the other MLA (A). The merging is done according to the section 4.3 (Mail List Agent Signed Receipt Policy Processing) of RFC 2634 (Enhanced Security Services for S/MIME:

              |                    B's policy
 A's policy   | none   insteadOf        inAdditionTo      missing
 -----------------------------------------------------------------------
 none         | none   none             none              none
 insteadOf    | none   insteadOf(B)     *1                insteadOf(A)
 inAdditionTo | none   insteadOf(B)     *2                inAdditionTo(A)
 missing      | none   insteadOf(B)     inAdditionTo(B)   missing

  *1 = insteadOf(insteadOf(A) + inAdditionTo(B))
  *2 = inAdditionTo(inAdditionTo(A) + inAdditionTo(B))

 

Parameters:

mlAPolicy - the MLReceiptPolicy of the first MLA (A)

mlBPolicy - the MLReceiptPolicy of the second MLA (B) being a member of the mailing list owned by A

Returns:

the new (merged) MLReceiptPolicy of MLA B

createSignedAttributes

protected Attribute[] createSignedAttributes(SignedESSLayer outerLayer,
                                             java.util.Date signingTime,
                                             MLReceiptPolicy receiptPolicy,
                                             X509Certificate encryptionCertificate,
                                             boolean includeEncryptionCertIDForMSOE,
                                             java.lang.String debugID)
                                      throws ESSException,
                                             CodingException

Creates a set of attributes to be added when creating a new signed outer layer.

Parameters:

outerLayer - the current signed outer layer from which attribute to be copied, maybe null if no signed outer layer was present

signingTime - the time where the new message is signed; if null the current time is taken for the signingTime attribute and the MLData expansion time

receiptPolicy - the receiptPolicy of this MLA, maybe null

encryptionCertificate - the encryption certificate of the MLA (or null if signing and encryption cert is the same or no encryption certificate shall be indicated)

includeEncryptionCertIDForMSOE - if true, a private MS attribute will be included allowing MSOE to recognize the encryption cert of the signer if using different certs for signing/encryption

Returns:

the new created set of attributes to be signed

Throws:

ESSException

CodingException

setDebugStream

public void setDebugStream(java.lang.String debugID,
                           java.io.OutputStream out)

Sets the stream to which debug information shall be printed.

Parameters:

debugID - an ID to may be printed in front of debug messages; may be null

out - the stream to which debug information shall be written; maybe null for disabling debug output

toString

public java.lang.String toString()

Returns a String representation of this MLA.

Overrides:

toString in class java.lang.Object

Returns:

a string representation of the MLA