org.bouncycastle.mail.smime

Class SMIMESignedGenerator


public class SMIMESignedGenerator
extends SMIMEGenerator

general class for generating a pkcs7-signature message.

A simple example of usage.

      CertStore           certs...
      SMIMESignedGenerator  fact = new SMIMESignedGenerator();

      fact.addSigner(privKey, cert, SMIMESignedGenerator.DIGEST_SHA1);
      fact.addCertificatesAndCRLs(certs);

      MimeMultipart       smime = fact.generate(content, "BC");
 

Note: if you are using this class with AS2 or some other protocol that does not use "7bit" as the default content transfer encoding you will need to use the constructor that allows you to specify the default content transfer encoding, such as "binary".

Field Summary

static String
DIGEST_GOST3411
static String
DIGEST_MD5
static String
DIGEST_RIPEMD128
static String
DIGEST_RIPEMD160
static String
DIGEST_RIPEMD256
static String
DIGEST_SHA1
static String
DIGEST_SHA224
static String
DIGEST_SHA256
static String
DIGEST_SHA384
static String
DIGEST_SHA512
static String
ENCRYPTION_DSA
static String
ENCRYPTION_ECDSA
static String
ENCRYPTION_ECGOST3410
static String
ENCRYPTION_GOST3410
static String
ENCRYPTION_RSA
static String
ENCRYPTION_RSA_PSS

Fields inherited from class org.bouncycastle.mail.smime.SMIMEGenerator

encoding, useBase64

Constructor Summary

SMIMESignedGenerator()
base constructor - default content transfer encoding 7bit
SMIMESignedGenerator(String defaultContentTransferEncoding)
base constructor - default content transfer encoding explicitly set

Method Summary

void
addAttributeCertificates(X509Store store)
Add the attribute certificates contained in the passed in store to the generator.
void
addCertificatesAndCRLs(CertStore certStore)
add the certificates and CRLs contained in the given CertStore to the pool that will be included in the encoded signature block.
void
addSigner(PrivateKey key, X509Certificate cert, String digestOID)
add a signer - no attributes other than the default ones will be provided here.
void
addSigner(PrivateKey key, X509Certificate cert, String digestOID, AttributeTable signedAttr, AttributeTable unsignedAttr)
Add a signer with extra signed/unsigned attributes or overrides for the standard attributes.
MimeMultipart
generate(MimeBodyPart content, String sigProvider)
generate a signed object that contains an SMIME Signed Multipart object using the given provider.
MimeMultipart
generate(MimeMessage message, String sigProvider)
generate a signed object that contains an SMIME Signed Multipart object using the given provider from the given MimeMessage
MimeBodyPart
generateCertificateManagement(String provider)
Creates a certificate management message which is like a signed message with no content or signers but that still carries certificates and CRLs.
MimeBodyPart
generateEncapsulated(MimeBodyPart content, String sigProvider)
generate a signed message with encapsulated content

Note: doing this is strongly not recommended as it means a recipient of the message will have to be able to read the signature to read the message.

MimeBodyPart
generateEncapsulated(MimeMessage message, String sigProvider)
generate a signed object that contains an SMIME Signed Multipart object using the given provider from the given MimeMessage.

Methods inherited from class org.bouncycastle.mail.smime.SMIMEGenerator

makeContentBodyPart, makeContentBodyPart, setContentTransferEncoding

Field Details

DIGEST_GOST3411

public static final String DIGEST_GOST3411

DIGEST_MD5

public static final String DIGEST_MD5

DIGEST_RIPEMD128

public static final String DIGEST_RIPEMD128

DIGEST_RIPEMD160

public static final String DIGEST_RIPEMD160

DIGEST_RIPEMD256

public static final String DIGEST_RIPEMD256

DIGEST_SHA1

public static final String DIGEST_SHA1

DIGEST_SHA224

public static final String DIGEST_SHA224

DIGEST_SHA256

public static final String DIGEST_SHA256

DIGEST_SHA384

public static final String DIGEST_SHA384

DIGEST_SHA512

public static final String DIGEST_SHA512

ENCRYPTION_DSA

public static final String ENCRYPTION_DSA

ENCRYPTION_ECDSA

public static final String ENCRYPTION_ECDSA

ENCRYPTION_ECGOST3410

public static final String ENCRYPTION_ECGOST3410

ENCRYPTION_GOST3410

public static final String ENCRYPTION_GOST3410

ENCRYPTION_RSA

public static final String ENCRYPTION_RSA

ENCRYPTION_RSA_PSS

public static final String ENCRYPTION_RSA_PSS

Constructor Details

SMIMESignedGenerator

public SMIMESignedGenerator()
base constructor - default content transfer encoding 7bit

SMIMESignedGenerator

public SMIMESignedGenerator(String defaultContentTransferEncoding)
base constructor - default content transfer encoding explicitly set
Parameters:
defaultContentTransferEncoding - new default to use.

Method Details

addAttributeCertificates

public void addAttributeCertificates(X509Store store)
            throws CMSException
Add the attribute certificates contained in the passed in store to the generator.
Parameters:
store - a store of Version 2 attribute certificates
Throws:
CMSException - if an error occurse processing the store.

addCertificatesAndCRLs

public void addCertificatesAndCRLs(CertStore certStore)
            throws CertStoreException,
                   SMIMEException
add the certificates and CRLs contained in the given CertStore to the pool that will be included in the encoded signature block.

Note: this assumes the CertStore will support null in the get methods.

Parameters:
certStore - CertStore containing the certificates and CRLs to be added.

addSigner

public void addSigner(PrivateKey key,
                      X509Certificate cert,
                      String digestOID)
            throws IllegalArgumentException
add a signer - no attributes other than the default ones will be provided here.
Parameters:
key - key to use to generate the signature
cert - the public key certificate associated with the signer's key.
digestOID - object ID of the digest algorithm to use.

addSigner

public void addSigner(PrivateKey key,
                      X509Certificate cert,
                      String digestOID,
                      AttributeTable signedAttr,
                      AttributeTable unsignedAttr)
            throws IllegalArgumentException
Add a signer with extra signed/unsigned attributes or overrides for the standard attributes. For example this method can be used to explictly set default attributes such as the signing time.
Parameters:
key - key to use to generate the signature
cert - the public key certificate associated with the signer's key.
digestOID - object ID of the digest algorithm to use.
signedAttr - signed attributes to be included in the signature.
unsignedAttr - unsigned attribitues to be included.

generate

public MimeMultipart generate(MimeBodyPart content,
                              String sigProvider)
            throws NoSuchAlgorithmException,
                   NoSuchProviderException,
                   SMIMEException
generate a signed object that contains an SMIME Signed Multipart object using the given provider.
Parameters:
content - the MimeBodyPart to be signed.
sigProvider - the provider to be used for the signature.
Returns:
a Multipart containing the content and signature.
Throws:
SMIMEException - if an exception occurs in processing the signature.

generate

public MimeMultipart generate(MimeMessage message,
                              String sigProvider)
            throws NoSuchAlgorithmException,
                   NoSuchProviderException,
                   SMIMEException
generate a signed object that contains an SMIME Signed Multipart object using the given provider from the given MimeMessage

generateCertificateManagement

public MimeBodyPart generateCertificateManagement(String provider)
            throws SMIMEException,
                   NoSuchProviderException
Creates a certificate management message which is like a signed message with no content or signers but that still carries certificates and CRLs.
Returns:
a MimeBodyPart containing the certs and CRLs.

generateEncapsulated

public MimeBodyPart generateEncapsulated(MimeBodyPart content,
                                         String sigProvider)
            throws NoSuchAlgorithmException,
                   NoSuchProviderException,
                   SMIMEException
generate a signed message with encapsulated content

Note: doing this is strongly not recommended as it means a recipient of the message will have to be able to read the signature to read the message.


generateEncapsulated

public MimeBodyPart generateEncapsulated(MimeMessage message,
                                         String sigProvider)
            throws NoSuchAlgorithmException,
                   NoSuchProviderException,
                   SMIMEException
generate a signed object that contains an SMIME Signed Multipart object using the given provider from the given MimeMessage.

Note: doing this is strongly not recommended as it means a recipient of the message will have to be able to read the signature to read the message.