org.bouncycastle.cms.RecipientId Java Examples

The following examples show how to use org.bouncycastle.cms.RecipientId. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: GetMailMessageService.java    From cs-actions with Apache License 2.0 6 votes vote down vote up 
private MimeBodyPart decryptPart(MimeBodyPart part) throws Exception {

        SMIMEEnveloped smimeEnveloped = new SMIMEEnveloped(part);
        RecipientInformationStore recipients = smimeEnveloped.getRecipientInfos();
        RecipientInformation recipient = recipients.get(recId);

        if (null == recipient) {
            StringBuilder errorMessage = new StringBuilder();
            errorMessage.append("This email wasn't encrypted with \"" + recId.toString() + "\".\n");
            errorMessage.append(SecurityConstants.ENCRYPT_RECID);

            for (Object rec : recipients.getRecipients()) {
                if (rec instanceof RecipientInformation) {
                    RecipientId recipientId = ((RecipientInformation) rec).getRID();
                    errorMessage.append("\"" + recipientId.toString() + "\"\n");
                }
            }
            throw new Exception(errorMessage.toString());
        }

        return toMimeBodyPart(recipient.getContent(
                ks.getKey(input.getDecryptionKeyAlias(), null),
                SecurityConstants.BOUNCY_CASTLE_PROVIDER));
    }
Example #2
Source File: SecurityUtils.java    From cs-actions with Apache License 2.0 5 votes vote down vote up 
public static void addDecryptionSettings(KeyStore ks, RecipientId recId, DecryptableMailInput input) throws Exception {
    char[] smimePw = input.getDecryptionKeystorePassword().toCharArray();

    java.security.Security.addProvider(new BouncyCastleProvider());

    try (InputStream decryptionStream = new URL(input.getDecryptionKeystore()).openStream()) {
        ks.load(decryptionStream, smimePw);
    }

    if (StringUtils.EMPTY.equals(input.getDecryptionKeyAlias())) {
        Enumeration aliases = ks.aliases();
        while (aliases.hasMoreElements()) {
            String alias = (String) aliases.nextElement();

            if (ks.isKeyEntry(alias)) {
                input.setDecryptionKeyAlias(alias);
            }
        }

        if (StringUtils.EMPTY.equals(input.getDecryptionKeyAlias())) {
            throw new Exception(ExceptionMsgs.PRIVATE_KEY_ERROR_MESSAGE);
        }
    }

    // find the certificate for the private key and generate a
    // suitable recipient identifier.
    X509Certificate cert = (X509Certificate) ks.getCertificate(input.getDecryptionKeyAlias());
    if (null == cert) {
        throw new Exception("Can't find a key pair with alias \"" + input.getDecryptionKeyAlias() +
                "\" in the given keystore");
    }
    if (input.isVerifyCertificate()) {
        cert.checkValidity();
    }

    recId.setSerialNumber(cert.getSerialNumber());
    recId.setIssuer(cert.getIssuerX500Principal().getEncoded());
}
Example #3
Source File: EnvelopedDataDecryptor.java    From xipki with Apache License 2.0 4 votes vote down vote up 
public RecipientId getRecipientId() {
  return recipientId;
}