|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object issrg.security.Security
public abstract class Security
Abstract class containing all required PKI operations. All applications which are required to implement signing or encryption, require an implementation of this class linked to their security vendor.
The encryption-decryption functionality has been introduced for another project and may be deprecated in future.
Field Summary | |
---|---|
static java.lang.String |
X509_CERTIFICATE_FACTORY
This is how the X.509 Certificate Factory is called: "X.509". |
Constructor Summary | |
---|---|
Security()
|
Method Summary | |
---|---|
abstract byte[] |
decrypt(byte[] bytes)
Provides PKI decryption operation: takes a byte array containing the object requiring decryption and decrypts for the current user; must provide the same output, as the input to the encrypt method was. |
abstract byte[] |
encrypt(byte[] bytes,
java.security.cert.X509Certificate[] x509CertificateStore)
Provides PKI encryption operation: takes a byte array containing the object requiring encryption and encrypts for the given x509 recipients |
abstract boolean |
isARecipient(byte[] bytes)
Checks whether the logged in user is within the recipient list of an encrypted pkcs7 stream |
static java.security.cert.X509Certificate |
toX509Certificate(byte[] ber)
This is a utility method for creating X.509 certificates out of a byte array. |
boolean |
verify(byte[] bytes,
byte[] signatureValue,
java.lang.String algorithmID,
TokenLocator signer)
This method lets the caller verify the given signature of the data byte array. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface issrg.security.Signer |
---|
getSigningAlgorithmID, getVerificationCertificate, sign |
Methods inherited from interface issrg.security.Verifier |
---|
getPKCRepository, getRootCAs, getVerificationCertificates, verify |
Field Detail |
---|
public static final java.lang.String X509_CERTIFICATE_FACTORY
Constructor Detail |
---|
public Security()
Method Detail |
---|
public boolean verify(byte[] bytes, byte[] signatureValue, java.lang.String algorithmID, TokenLocator signer) throws SecurityException
The caller simply supplies the name of the signer. The certificate chain is then automatically retrieved and verified.
It is up to the Verifier to ensure the certificates are not revoked.
bytes
- is the byte array of the signed datasignatureValue
- is the byte array of the signaturealgorithmID
- a string representation of the algorithm Identifiersigner
- is the TokenLocator of the signer
SecurityException
- if a definite decision cannot be derivedpublic abstract byte[] encrypt(byte[] bytes, java.security.cert.X509Certificate[] x509CertificateStore) throws SecurityException
bytes
- a byte array containing the object requiring encryptionx509CertificateStore
- contains the x509 certificates containing the
public keys of the encrypted recipients
throws
- a SecurityException if the encryption operation fails
for any reason
SecurityException
public static java.security.cert.X509Certificate toX509Certificate(byte[] ber) throws SecurityException
ber
- is the byte array containing an encoded X.509 certificate
SecurityException
public abstract byte[] decrypt(byte[] bytes) throws SecurityException
bytes
- a byte array containing the object requiring decryption
throws
- a SecurityException if the encryption operation fails for
any reason
SecurityException
public abstract boolean isARecipient(byte[] bytes) throws SecurityException
bytes
- a byte array containing the encrypted data stream
throws
- SecurityException if check fails
SecurityException
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |