|
IP*Works! S/MIME V9 | |||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectipworkssmime.Smime
public class Smime
The SMIME bean implements the S/MIME standard for encryption and decryption with public key cryptography and X.509 digital certificates.
The SMIME bean implements the S/MIME V3 standard for encryption and decryption using Public Key Cryptography Standards (PKCS). In addition the bean can be used to both generate and verify RSA digital signatures. Using this bean for decrypting or signing requires a valid digital certificate with a private key.
To sign the current data included in Message
with a
certificate, the Certificate
property must be set to a valid Certificate
object for the signing certificate.
The IncludeCertificate
and DetachedSignature
properties allow you to specify additional details about the
signing process. By setting IncludeCertificate
to true, digital certificates can be encoded and included in message
signature when signing the document. Including a certificate
is the preferred method of building signed messages. In addition
the SMIME bean can also generate PKCS #7 formatted
detached digital signatures and envelopes by specifying DetachedSignature
.
To encrypt a message with the bean in a PCKS envelope,
you must first specify the Certificate
for each recipient
in the RecipientCerts
collection
to encrypt the message with.
You can easily add these with the AddRecipientCert
method. Once you have done this you can call the Encrypt
method
to encrypt the message with the recipient certificates.
In addition, the bean allows you to sign and encrypt
simultaneously with the SignAndEncrypt
method.
You must set all of the properties needed for both Sign
and Encrypt
The result of the encrypted or signed data will be replaced in
the Message
property and the MessageHeaders
property will
be filled with the appropriate mime headers if applicable.
In addition the SMIME bean can be used to verify signatures
included in signed messages or documents. The Message
property
is used to specify the signed message envelope. VerifySignature
can then be used to verify the signature. If
the message does not have a certificate attached more then likely an
exception will be thrown and the bean will not be able to verify the
signature. If VerifySignature
is successful, the SignerCert
and SignerCertChain
properties will be filled with the certificate
information of the message signer. This information can be used to
verify the signing certificates.
Decrypting PKCS envelopes is handled with the Decrypt
method. When
this method is called, the bean will attempt to find an appropriate
certificate in the Certificate
property that matches the encrypting
certificate. If it cannot find an appropriate certificate an exception
will be thrown and the message will not be decrypted.
Similar to SignAndEncrypt
, DecryptAndVerifySignature
can be used
to both decrypt and verify the message in Message
.
Constructor Summary | |
---|---|
Smime()
Creates an instance of Smime Bean. |
|
Smime(java.lang.String runtimeLicense)
Creates an instance of Smime Bean with specified run-time license. |
Method Summary | |
---|---|
void |
addRecipientCert(byte[] certEncoded)
Used to add recipient certificates used to encrypt messages. |
void |
addSmimeEventListener(SmimeEventListener l)
|
java.lang.String |
config(java.lang.String configurationString)
Sets or retrieves a configuration setting. |
void |
decrypt()
Decrypts the current Message . |
void |
decryptAndVerifySignature()
Decrypts and verifies the signature of the current Message . |
void |
decryptFile(java.lang.String inputFile,
java.lang.String outputFile)
Decrypts the contents of a file. |
void |
encrypt()
Encrypts the current Message . |
void |
encryptFile(java.lang.String inputFile,
java.lang.String outputFile)
Encrypts the contents of a file. |
Certificate |
getCertificate()
The current selected certificate. |
java.lang.String |
getEncryptingAlgorithm()
Textual description of the encrypting algorithm. |
java.lang.String |
getInternalHeaders()
The headers of the MIME entity inside the encrypted or signed message. |
byte[] |
getMessage()
The fully encoded or decoded S/MIME message. |
HeaderList |
getMessageHeaders()
Collection of headers from the SMIME message. |
java.lang.String |
getMessageHeadersString()
String version of headers from the SMIME message. |
CertificateList |
getRecipientCerts()
The collection of recipient certificates of the message. |
void |
getRecipientInfo()
Gets the recipient infos for an encrypted message. |
Certificate |
getSignerCert()
Contains the certificate of the message signer. |
CertificateList |
getSignerCertChain()
The certificate chain of the signing certificate. |
java.lang.String |
getSigningAlgorithm()
Textual description of the signature hash algorithm. |
boolean |
isDetachedSignature()
Specifies whether to include a detached signature when signing a message. |
boolean |
isIncludeCertificate()
Specifies whether to include the signer's certificate with the signed message. |
boolean |
isIncludeChain()
Specifies whether to include the signer's certificate chain with the signed message. |
boolean |
isMessageEncrypted()
Whether or not the current message is encrypted. |
boolean |
isMessageSigned()
Whether or not the current message is signed. |
void |
removeSmimeEventListener(SmimeEventListener l)
|
void |
reset()
Resets the bean properties. |
void |
setCertificate(Certificate certificate)
The current selected certificate. |
void |
setDetachedSignature(boolean detachedSignature)
Specifies whether to include a detached signature when signing a message. |
void |
setEncryptingAlgorithm(java.lang.String encryptingAlgorithm)
Textual description of the encrypting algorithm. |
void |
setIncludeCertificate(boolean includeCertificate)
Specifies whether to include the signer's certificate with the signed message. |
void |
setIncludeChain(boolean includeChain)
Specifies whether to include the signer's certificate chain with the signed message. |
void |
setInputStream(java.io.InputStream inputStream)
Sets the stream from which the bean will read data to encode or decode. |
void |
setInternalHeaders(java.lang.String internalHeaders)
The headers of the MIME entity inside the encrypted or signed message. |
void |
setMessage(byte[] message)
The fully encoded or decoded S/MIME message. |
void |
setMessageHeadersString(java.lang.String messageHeadersString)
String version of headers from the SMIME message. |
void |
setOutputStream(java.io.OutputStream outputStream)
The stream to which the bean will write the fully encoded or decoded S/MIME data. |
void |
setSignerCert(Certificate signerCert)
Contains the certificate of the message signer. |
void |
setSigningAlgorithm(java.lang.String signingAlgorithm)
Textual description of the signature hash algorithm. |
void |
sign()
Signs the current Message . |
void |
signAndEncrypt()
Signs and encrypts the current Message . |
void |
verifySignature()
Verifies the signature of the current Message . |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public Smime()
public Smime(java.lang.String runtimeLicense)
Method Detail |
---|
public Certificate getCertificate()
This property is populated when a specified certificate
is found or loaded by the bean. This property is
used for specifying private keys. Set this property to a
valid Certificate
object to perform different operations
such as Sign
, Decrypt
, SignAndEncrypt
, or DecryptAndVerifySignature
. To set a certificate, you may
set the Encoded
field to the encoded certificate.
To select a certificate, use the Store
and Subject
fields.
public void setCertificate(Certificate certificate) throws IPWorksSMIMEException
This property is populated when a specified certificate
is found or loaded by the bean. This property is
used for specifying private keys. Set this property to a
valid Certificate
object to perform different operations
such as Sign
, Decrypt
, SignAndEncrypt
, or DecryptAndVerifySignature
. To set a certificate, you may
set the Encoded
field to the encoded certificate.
To select a certificate, use the Store
and Subject
fields.
IPWorksSMIMEException
public boolean isDetachedSignature()
This property specifies whether to include a detached signature when signing a message. If the value of this property is True, Message
will be encoded as a
multipart/signed mime message with a detached signature when calling Sign
.
This will create a message with two mime parts, one with the contents of Message
, and another with the detached signature.
If this property is False, the current contents of Message
will be PKCS
encoded and included with the signature in Message
. This will create a
single part message with no MIME boundaries.
public void setDetachedSignature(boolean detachedSignature) throws IPWorksSMIMEException
This property specifies whether to include a detached signature when signing a message. If the value of this property is True, Message
will be encoded as a
multipart/signed mime message with a detached signature when calling Sign
.
This will create a message with two mime parts, one with the contents of Message
, and another with the detached signature.
If this property is False, the current contents of Message
will be PKCS
encoded and included with the signature in Message
. This will create a
single part message with no MIME boundaries.
IPWorksSMIMEException
public java.lang.String getEncryptingAlgorithm()
This property contains either the name of the algorithm (such as "RC2", "3DES", "DES", or "AES"), or an object identifier (OID) string representing the algorithm.
In the case of "RC2" ("RC2CBC") the key bit length is specified after the name. The following algorithm names are supported for RC2: "RC2CBC40", "RC2CBC64", and "RC2CBC128", with the default being 128 bit ("RC2CBC128").
RC2 is not supported in the Java edition.
In the case of "AES" ("AESCBC") the key bit length is specified after the name. The following algorithm names are supported for AES: "AESCBC128", "AESCBC192", and "AESCBC256", with the default being 128 bit ("AESCBC128").
When read, the value of the property always contains the OID of the algorithm, or an empty string if the algorithm is unknown.
public void setEncryptingAlgorithm(java.lang.String encryptingAlgorithm) throws IPWorksSMIMEException
This property contains either the name of the algorithm (such as "RC2", "3DES", "DES", or "AES"), or an object identifier (OID) string representing the algorithm.
In the case of "RC2" ("RC2CBC") the key bit length is specified after the name. The following algorithm names are supported for RC2: "RC2CBC40", "RC2CBC64", and "RC2CBC128", with the default being 128 bit ("RC2CBC128").
RC2 is not supported in the Java edition.
In the case of "AES" ("AESCBC") the key bit length is specified after the name. The following algorithm names are supported for AES: "AESCBC128", "AESCBC192", and "AESCBC256", with the default being 128 bit ("AESCBC128").
When read, the value of the property always contains the OID of the algorithm, or an empty string if the algorithm is unknown.
IPWorksSMIMEException
public boolean isIncludeCertificate()
If this property is set to True, the certificate used to
sign the message will be encoded and included in message signature
when calling Sign
or SignAndEncrypt
.
Including a certificate is the preferred method of building signed messages. If you do not include a certificate, the message recipient may not be able to verify the sender's signature.
public void setIncludeCertificate(boolean includeCertificate) throws IPWorksSMIMEException
If this property is set to True, the certificate used to
sign the message will be encoded and included in message signature
when calling Sign
or SignAndEncrypt
.
Including a certificate is the preferred method of building signed messages. If you do not include a certificate, the message recipient may not be able to verify the sender's signature.
IPWorksSMIMEException
public boolean isIncludeChain()
If this property is set to True, the entire certificate's chain that
was used to sign the message will be encoded and included in
the message signature when calling Sign
or SignAndEncrypt
.
NOTE: To include the chain, the IncludeCertificate
property
must also be set to true.
public void setIncludeChain(boolean includeChain) throws IPWorksSMIMEException
If this property is set to True, the entire certificate's chain that
was used to sign the message will be encoded and included in
the message signature when calling Sign
or SignAndEncrypt
.
NOTE: To include the chain, the IncludeCertificate
property
must also be set to true.
IPWorksSMIMEException
public java.lang.String getInternalHeaders()
After an encryption, decryption, signing, or verification operation is completed, this property shows the headers of the encrypted or signed message part.
public void setInternalHeaders(java.lang.String internalHeaders) throws IPWorksSMIMEException
After an encryption, decryption, signing, or verification operation is completed, this property shows the headers of the encrypted or signed message part.
IPWorksSMIMEException
public byte[] getMessage()
This property contains the fully encoded or decoded S/MIME message. Messages are encoded and decoded on the same property with the SMIME bean
To sign and/or encrypt a text message, first set the this property
to the text message you would like to sign and/or encrypt. Then
call Sign
, Encrypt
, SignAndEncrypt
to sign and/or encrypt the message.
The appropriate MIME headers will be generated in MessageHeaders
.
If you would like to decrypt a message or verify it's signature
you should set this property to the signed and/or
encrypted message you would like to verify or decrypt. Then
call VerifySignature
, Decrypt
, DecryptAndVerifySignature
,
to verify and/or decrypt the message.
public void setMessage(byte[] message) throws IPWorksSMIMEException
This property contains the fully encoded or decoded S/MIME message. Messages are encoded and decoded on the same property with the SMIME bean
To sign and/or encrypt a text message, first set the this property
to the text message you would like to sign and/or encrypt. Then
call Sign
, Encrypt
, SignAndEncrypt
to sign and/or encrypt the message.
The appropriate MIME headers will be generated in MessageHeaders
.
If you would like to decrypt a message or verify it's signature
you should set this property to the signed and/or
encrypted message you would like to verify or decrypt. Then
call VerifySignature
, Decrypt
, DecryptAndVerifySignature
,
to verify and/or decrypt the message.
IPWorksSMIMEException
public boolean isMessageEncrypted()
This property indicates whether or not the current message is encrypted. This property will return true if the current message appears to be encrypted,
according to the value of MessageHeaders
.
public HeaderList getMessageHeaders()
This property contains a collection of headers from the SMIME message. The bean fills out this property upon signing and/or encrypting.
The user should use these additional headers when emailing or
sending the Message
. This can be done by including these headers in
the OtherHeaders property of the bean that you wish to send the
message with.
During decryption or signature verification, this property must contain the headers of the incoming message.
After the decryption or verification, this property contains the headers of the verified or decrypted message.
public java.lang.String getMessageHeadersString()
This property contains the string version of headers from the SMIME message. The bean fills out this property upon signing and/or encrypting.
The user should use these additional headers when emailing or
sending the Message
. This can be done by including these headers in
the OtherHeaders property of the bean that you wish to send the
message with.
During decryption or signature verification, this property must contain the headers of the incoming message.
After the decryption or verification, this property contains the headers of the verified or decrypted message.
public void setMessageHeadersString(java.lang.String messageHeadersString) throws IPWorksSMIMEException
This property contains the string version of headers from the SMIME message. The bean fills out this property upon signing and/or encrypting.
The user should use these additional headers when emailing or
sending the Message
. This can be done by including these headers in
the OtherHeaders property of the bean that you wish to send the
message with.
During decryption or signature verification, this property must contain the headers of the incoming message.
After the decryption or verification, this property contains the headers of the verified or decrypted message.
IPWorksSMIMEException
public boolean isMessageSigned()
This property indicates whether or not the current message is signed. This property will return true if the current message appears to be signed,
according to the value of MessageHeaders
.
Note that a message that is both signed and encrypted will not appear to be signed until after it is decrypted.
public CertificateList getRecipientCerts()
This property is used to specify the certificates of the intended
recipients of the encrypted message. This property must be set prior
to calling Encrypt
or SignAndEncrypt
methods.
This property's collection must be filled out with valid public
key Certificate
type objects. To set a certificate, you may
set the Encoded
field to the encoded certificate.
To select a certificate, use the Store
and Subject
fields.
This collection is indexed from 0 to size - 1.
public Certificate getSignerCert()
This property contains the certificate of the message signer. When calling VerifySignature
or DecryptAndVerifySignature
this
property will contain the certificate of the sender if attached.
To verify messages without an attached certificate, set this
property before calling VerifySignature
or DecryptAndVerifySignature
.
public void setSignerCert(Certificate signerCert) throws IPWorksSMIMEException
This property contains the certificate of the message signer. When calling VerifySignature
or DecryptAndVerifySignature
this
property will contain the certificate of the sender if attached.
To verify messages without an attached certificate, set this
property before calling VerifySignature
or DecryptAndVerifySignature
.
IPWorksSMIMEException
public CertificateList getSignerCertChain()
This property contains the certificate chain of the signing certificate. When calling VerifySignature
or DecryptAndVerifySignature
, this
property will be populated with the certificate chain of the sender if
attached.
NOTE: The SignerCert
property will contain the signing certificate.
The certificates in the signing certificate's chain will be placed
in this property's collection.
public java.lang.String getSigningAlgorithm()
This property specifies the hash algorithm used to prepare the message digest for signature.
This property must contain either the name of the algorithm (such as "MD5" or "SHA1"), or an object id (OID) string representing the hash algorithm.
When read, the value of the property always contains the OID of the algorithm, or an empty string if the algorithm is unknown.
public void setSigningAlgorithm(java.lang.String signingAlgorithm) throws IPWorksSMIMEException
This property specifies the hash algorithm used to prepare the message digest for signature.
This property must contain either the name of the algorithm (such as "MD5" or "SHA1"), or an object id (OID) string representing the hash algorithm.
When read, the value of the property always contains the OID of the algorithm, or an empty string if the algorithm is unknown.
IPWorksSMIMEException
public void addRecipientCert(byte[] certEncoded) throws IPWorksSMIMEException
This method is used to add recipient certificates to the internal MessageRecipients
collection
used to encrypt the Message
.
The recipient certificate must be a valid PKCS encoded certificate.
If the certificate provided is Base64 encoded it will be decoded first
by the object.
The CertMgr bean may be used to retrieve the appropriate certificate from the system.
IPWorksSMIMEException
public java.lang.String config(java.lang.String configurationString) throws IPWorksSMIMEException
Config
is a generic method available in every bean.
It is used to set and retrieve configuration settings
for the
bean.
Configuration settings are similar in functionality to properties,
but they are rarely used. In order to avoid "polluting" the property
namespace of the bean, access to these internal properties is provided through the Config
method.
To set a configuration setting named PROPERTY , you must call Config("PROPERTY=VALUE") , where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).
To read (query) the value of a configuration setting, you must call Config("PROPERTY") . The value will be returned as a string.
The bean accepts one or more of the following configuration settings .
Configuration settings are similar in functionality to properties,
but they are rarely used. In order to avoid "polluting" the property
namespace of the bean, access to these internal properties is provided through the Config
method.
UseCryptoAPI
is true.
Sign
, Encrypt
,
or SignAndEncrypt
are called. If false, only the message will be
encoded.The default value for IncludeHeaders
is false.
Decrypt
,
or DecryptAndVerifySignature
are called. These headers will be placed in the InternalHeaders
property. If false, the entire message will be decoded.The default value for ParseInternalHeaders
is true.
IPWorksSMIMEException
public void decrypt() throws IPWorksSMIMEException
Message
.
This method takes the Message
property and attempts to decrypt the encrypted
PKCS envelope using the certificate in Certificate
. If the bean
is able to decrypt it will replace Message
and MessageHeaders
with the decrypted text.
IPWorksSMIMEException
public void decryptAndVerifySignature() throws IPWorksSMIMEException
Message
.
This method attempts to both decrypt and verify the signature of the message data included
in Message
. All of the properties affected by calling the Decrypt
and VerifySignature
methods are affected in the same manner.
NOTE: This function does not attempt to check the validity of the signing certificate itself.
IPWorksSMIMEException
public void decryptFile(java.lang.String inputFile, java.lang.String outputFile) throws IPWorksSMIMEException
This method decrypts the contents of a file. InputFile is decrypted using the certificate specified by
the Certificate
property, and the result is placed in OutputFile .
IPWorksSMIMEException
public void encrypt() throws IPWorksSMIMEException
Message
.
This method encrypts the current data in Message
in a PKCS encoded envelope
with all of the recipient certificates specified in the MessageRecipients
collection
.
The result of the encrypted data will be replaced in the Message
property and the MessageHeaders
property will be filled with
the required S/MIME headers.
Please note that the message headers, including the Sender, Recipient(s), and Subject, are not encrypted. If this is sensitive information, consider including these headers in the message body as a MIME entity, and providing other headers for the S/MIME wrapper.
IPWorksSMIMEException
public void encryptFile(java.lang.String inputFile, java.lang.String outputFile) throws IPWorksSMIMEException
This method encrypts the contents of a file. InputFile is encrypted using the certificate specified by
the Certificate
property, and the result is placed in OutputFile .
IPWorksSMIMEException
public void getRecipientInfo() throws IPWorksSMIMEException
This method will fire a RecipientInfo
event for every recipient certificate for which the Message
has been encrypted. The event will contain information about the Issuer and the SerialNumber for each recipient of the message.
IPWorksSMIMEException
public void reset() throws IPWorksSMIMEException
This method resets the values of all message and certificate properties. It is an easy way to reset the bean properties before starting to populate with new values.
IPWorksSMIMEException
public void setInputStream(java.io.InputStream inputStream) throws IPWorksSMIMEException
This method sets the stream from which the bean will read data to encode or decode. If an input stream is set before the bean attempts to encode
or decode an S/MIME message, the data is read from the input stream
instead of from the Message
property.
To sign and/or encrypt a stream, first set the input stream by calling
this method, specifying the stream that you would like
to sign and/or encrypt. Then call Sign
, Encrypt
, or SignAndEncrypt
to sign and/or encrypt the message. The appropriate
MIME headers will be generated in MessageHeaders
.
If you would like to decrypt a stream or verify it's signature
you should call this method to specify a valid input
stream which contains the signed and/or encrypted data you would
like to verify or decrypt. Then call VerifySignature
, Decrypt
,
or DecryptAndVerifySignature
to verify and/or decrypt the message.
The content of the stream will be read from the current position all the way to the end and no bytes will be skipped.
IPWorksSMIMEException
public void setOutputStream(java.io.OutputStream outputStream) throws IPWorksSMIMEException
This method contains the stream to which the bean will write the fully encoded or decoded S/MIME data. If an output stream is set before the bean attempts to encode
or decode an S/MIME message, the bean will write the data to
the output stream instead of populating the Message
property.
To sign and/or encrypt a message to an output stream, you must first
populate the Message
property with the data you would like to sign
and/or encrypt. Next, this method must be called with a valid
output stream for which the bean may write the signed or encrypted
data. Then call Sign
, Encrypt
, or SignAndEncrypt
to sign and/or
encrypt the message. The appropriate MIME headers will be generated
in MessageHeaders
.
If you would like to decrypt a message or verify it's signature, and
write the resulting message to an output stream, you should set the Message
property to the signed and/or encrypted message you would
like to verify or decrypt. You must next call this method
to specify a valid stream for the component to write the data to. Then
call VerifySignature
, Decrypt
, or DecryptAndVerifySignature
to verify and/or decrypt the message.
IPWorksSMIMEException
public void sign() throws IPWorksSMIMEException
Message
.
This method digitally signs the current data included in Message
with the
the certificate provided. Certificates are provided by specifying the Certificate
property. The IncludeCertificate
and DetachedSignature
properties allow you to specify addition details about what to include when
signing the message.
The result of the signed data will be replaced in
the Message
property and the MessageHeaders
property will be filled
with the required S/MIME headers.
IPWorksSMIMEException
public void signAndEncrypt() throws IPWorksSMIMEException
Message
.
This method both signs and encrypts the message data included in Message
into a
single PKCS encoded envelope. The value in DetachedSignature
is
ignored: the bean will always generate an attached signature when
calling this method. All other properties used by calling the Sign
and Encrypt
methods are used in the same manner.
The result of the encrypted data will be replaced in the Message
property and the MessageHeaders
property will be filled with the
required S/MIME headers.
Please note that the message headers, including the Sender, Recipient(s), and Subject, are not encrypted. If this is sensitive information, consider including these headers in the message body as a MIME entity, and providing other headers for the S/MIME wrapper.
IPWorksSMIMEException
public void verifySignature() throws IPWorksSMIMEException
Message
.
This method attempts to verify the signature contained in Message
. If the
message does not have a certificate attached, the bean will attempt
to verify the signature using the certificate supplied in SignerCert
(if any). If no certificate is found, the bean
throws an exception.
If this method is successful, the SignerCert
property will
contain the certificate information of the message signer.
NOTE: This function does not attempt to check the validity of the signing certificate itself.
IPWorksSMIMEException
public void addSmimeEventListener(SmimeEventListener l) throws java.util.TooManyListenersException
java.util.TooManyListenersException
public void removeSmimeEventListener(SmimeEventListener l)
|
IP*Works! S/MIME V9 | |||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |