|
IAIK High-Level API version 1.1 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object iaik.hlapi.DecrypterVerifier
public abstract class DecrypterVerifier
Objects of this class decrypt encrypted data and/or verify signatures.
First, the application instantiates a DecrypterVerifier and registers a decryption key or multiple of them.
DecrypterVerifier decrypterVerifier = new CMSDecrypterVerifier(); decrypterVerifier.registerDecryptionKey(decryptionKey);Second, the application processes the encrypted and/or signed data. Either as a single byte array using
byte[] data = decrypterVerifier.process(encEnvData_);or via an InputStream
InputStream encryptedAndSignedData = ... InputStream dataStream = decrypterVerifier.process(encryptedAndSignedData); // ... read the dataStreamPlease note that the application should fully read the data stream before verifying the signature. Otherwise, the object may need to buffer large amounts of data internally.
After reading the data, the application can finally verify the signature and get the signing time
CertValidator certValidator = new PkixCertValidator(); certValidator.addTrustedCertificate(trustedRootCert1); certValidator.addTrustedCertificate(trustedRootCert2); X509Certificate[] signerCertChain = decrypterVerifier.verify(certValidator); Date signingTime = decrypterVerifier.getSigningTime();
Method Summary | |
---|---|
abstract void |
dropDecryptionKeys()
Release all references to any previously set decryption keys. |
abstract Date |
getSigningTime()
Get the signing time which was encoded as a signed property in the signature object. |
byte[] |
process(byte[] data)
Decrypt and/or verify the given data. |
abstract InputStream |
process(InputStream data)
Decrypt and/or verify the given data. |
abstract void |
registerDecryptionKey(KeyAndCertificate decryptionKey)
Register a key to be a decryption key for the associated certificate. |
X509Certificate[] |
verify(CertValidator validator)
Verify the signature value of the signed data that was recently parsed using process(byte[]) or process(InputStream) . |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Method Detail |
---|
public abstract void registerDecryptionKey(KeyAndCertificate decryptionKey) throws HlApiException
The certificate in the decryptionKey
may be null
.
In this case, the decryption method will try to use this key for
decrypting the data. However, it is recommended to provide the
certificate that belongs to the private key.
decryptionKey
- The decryption key and the certificate.
HlApiException
- If handling the certificate fails.public abstract void dropDecryptionKeys()
public byte[] process(byte[] data) throws NoKeyException, HlApiException
If the data is encrypted, a suitable decryption keys must have been registered
before using registerDecryptionKey(KeyAndCertificate)
.
data
- The encrypted and/or signed data.
NoKeyException
- If there is no suitable key available for decryption.
HlApiException
- If decryption or verification fails.public abstract InputStream process(InputStream data) throws IOException, NoKeyException, HlApiException
If the data is encrypted, a suitable decryption keys must have been registered
before using registerDecryptionKey(KeyAndCertificate)
.
data
- The stream that provides the encrypted and/or signed data.
IOException
- If reading from the given stream fails.
NoKeyException
- If there is no suitable key available for decryption.
HlApiException
- If decryption or verification fails.public X509Certificate[] verify(CertValidator validator) throws SignatureVerificationException, CertificateValidationException, HlApiException
process(byte[])
or process(InputStream)
.
This method cryptographically verifies of the signature value and validates
the signer certificate using the given validator
. If the
application does not specify a certificate validator, this method only
performs a cryptographic verification but returns the certificate without
any validation.
validator
- The certificate validator.
null
, if there is no signature
in the data structure or if no signed data has been parsed before.
SignatureVerificationException
- If the cryptographic signature
verification fails.
CertificateValidationException
- If the validation of the signing
certificate fails.
HlApiException
- If the verification fails for some other reason.public abstract Date getSigningTime() throws HlApiException
null
if there was no signing time
encoded in the signed data or if there was no signature.
HlApiException
- If parsing the signing time out of the signature
structure fails.
|
IAIK High-Level API version 1.1 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Copyright © 2007,
IAIK, Graz University of Technology Copyright © 2007, Stiftung SIC |