issrg.security
Class Security

java.lang.Object
  extended by issrg.security.Security
All Implemented Interfaces:
Signer, Verifier

public abstract class Security
extends java.lang.Object
implements Signer, Verifier

Abstract class containing all required PKI operations. All applications which are required to implement signing or encryption, require an implementation of this class linked to their security vendor.

The encryption-decryption functionality has been introduced for another project and may be deprecated in future.

Version:
1.0

Field Summary
static java.lang.String X509_CERTIFICATE_FACTORY
          This is how the X.509 Certificate Factory is called: "X.509".
 
Constructor Summary
Security()
           
 
Method Summary
abstract  byte[] decrypt(byte[] bytes)
          Provides PKI decryption operation: takes a byte array containing the object requiring decryption and decrypts for the current user; must provide the same output, as the input to the encrypt method was.
abstract  byte[] encrypt(byte[] bytes, java.security.cert.X509Certificate[] x509CertificateStore)
          Provides PKI encryption operation: takes a byte array containing the object requiring encryption and encrypts for the given x509 recipients
abstract  boolean isARecipient(byte[] bytes)
          Checks whether the logged in user is within the recipient list of an encrypted pkcs7 stream
static java.security.cert.X509Certificate toX509Certificate(byte[] ber)
          This is a utility method for creating X.509 certificates out of a byte array.
 boolean verify(byte[] bytes, byte[] signatureValue, java.lang.String algorithmID, TokenLocator signer)
          This method lets the caller verify the given signature of the data byte array.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface issrg.security.Signer
getSigningAlgorithmID, getVerificationCertificate, sign
 
Methods inherited from interface issrg.security.Verifier
getPKCRepository, getRootCAs, getVerificationCertificates, verify
 

Field Detail

X509_CERTIFICATE_FACTORY

public static final java.lang.String X509_CERTIFICATE_FACTORY
This is how the X.509 Certificate Factory is called: "X.509".

See Also:
Constant Field Values
Constructor Detail

Security

public Security()
Method Detail

verify

public boolean verify(byte[] bytes,
                      byte[] signatureValue,
                      java.lang.String algorithmID,
                      TokenLocator signer)
               throws SecurityException
This method lets the caller verify the given signature of the data byte array.

The caller simply supplies the name of the signer. The certificate chain is then automatically retrieved and verified.

It is up to the Verifier to ensure the certificates are not revoked.

Parameters:
bytes - is the byte array of the signed data
signatureValue - is the byte array of the signature
algorithmID - a string representation of the algorithm Identifier
signer - is the TokenLocator of the signer
Returns:
true, if the signature verifies and the certification path can be established
Throws:
SecurityException - if a definite decision cannot be derived

encrypt

public abstract byte[] encrypt(byte[] bytes,
                               java.security.cert.X509Certificate[] x509CertificateStore)
                        throws SecurityException
Provides PKI encryption operation: takes a byte array containing the object requiring encryption and encrypts for the given x509 recipients

Parameters:
bytes - a byte array containing the object requiring encryption
x509CertificateStore - contains the x509 certificates containing the public keys of the encrypted recipients
Returns:
a byte array containing the encrypted object
Throws:
throws - a SecurityException if the encryption operation fails for any reason
SecurityException

toX509Certificate

public static java.security.cert.X509Certificate toX509Certificate(byte[] ber)
                                                            throws SecurityException
This is a utility method for creating X.509 certificates out of a byte array. Note that the X509_CERTIFICATE_FACTORY certificate factory must be implemented by the registered Security Provider.

Parameters:
ber - is the byte array containing an encoded X.509 certificate
Returns:
the X509Certificate object corresponding to the given encoding
Throws:
SecurityException

decrypt

public abstract byte[] decrypt(byte[] bytes)
                        throws SecurityException
Provides PKI decryption operation: takes a byte array containing the object requiring decryption and decrypts for the current user; must provide the same output, as the input to the encrypt method was.

Parameters:
bytes - a byte array containing the object requiring decryption
Returns:
a byte array containing the decrypted object
Throws:
throws - a SecurityException if the encryption operation fails for any reason
SecurityException

isARecipient

public abstract boolean isARecipient(byte[] bytes)
                              throws SecurityException
Checks whether the logged in user is within the recipient list of an encrypted pkcs7 stream

Parameters:
bytes - a byte array containing the encrypted data stream
Returns:
boolean true if a recipient;false if not in recipient list
Throws:
throws - SecurityException if check fails
SecurityException