be.fgov.ehealth.etee.crypto.decrypt
Interface DataSealChecker

public interface DataSealChecker

Verify if outer signature is according to specified policies (ocsp, signing, encryption).

Method Summary

CryptoResult<UnsealedData>	stamp(byte[] data, byte[] timestamp) Puts a timestamp on sealed data to prove that it existed in that state on a certain moment in time.
CryptoResult<UnsealedData>	stamp(java.io.InputStream data, java.io.OutputStream stampedData, byte[] timestamp) Puts a timestamp on sealed data to prove that it existed in that state on a certain moment in time.
CryptoResult<UnsealedData>	stamp(java.io.InputStream data, java.io.OutputStream stampedData, byte[] timestamp, DataPipe pipe) Puts a timestamp on sealed data to prove that it existed in that state on a certain moment in time. The updated sealed message will be written into the given outputstream.
CryptoResult<UnsealedData>	validate(byte[] data) Verify if the sealed data is acceptable according to specified policies (ocsp, signing, encryption). Different levels of notifications can be added to the result (warning, error, fatal). Additional data from the result can be used for further verifications.
CryptoResult<UnsealedData>	validate(java.io.InputStream data, java.io.OutputStream verifiedData) Verify if the sealed data is acceptable according to specified policies (ocsp, signing, encryption). Different levels of notifications can be added to the result (warning, error, fatal). Additional data from the result can be used for further verifications.
CryptoResult<UnsealedData>	validate(java.io.InputStream data, java.io.OutputStream verifiedData, DataPipe pipe) Verify if the sealed data is acceptable according to specified policies (ocsp, signing, encryption). Different levels of notifications can be added to the result (warning, error, fatal). Additional data from the result can be used for further verifications.

Method Detail

validate

CryptoResult<UnsealedData> validate(byte[] data)

Verify if the sealed data is acceptable according to specified policies (ocsp, signing, encryption).
Different levels of notifications can be added to the result (warning, error, fatal).
Additional data from the result can be used for further verifications. It is possible to configure this service to let it embed an OCSPResponse into the sealed message on verification of the outer signature. See OCSPOption. The updated sealed message will be available in the result object.

Parameters:

data - sealed data

Returns:

result of verification

validate

CryptoResult<UnsealedData> validate(java.io.InputStream data,
                                    java.io.OutputStream verifiedData)

Verify if the sealed data is acceptable according to specified policies (ocsp, signing, encryption).
Different levels of notifications can be added to the result (warning, error, fatal).
Additional data from the result can be used for further verifications. It is possible to configure this service to let it embed an OCSPResponse into the sealed message on verification of the outer signature. See OCSPOption. The updated sealed message will be written into the given outputstream.
Caution
To add an OCSPResponse to an allready sealed message as an unsigned attribute, the sealed inputstream must be read twice:

• Once to load the SignerInfo of the message
• Once as input to update the SignerInfo of the message with the OCSPResponse and write it to the outputstream

This method will use an in memory dataPipe to pass the information from the first to the second inputstream. This may have impact on streaming large messages.

Parameters:

data - sealed data stream

verifiedData - stream to write sealed data after processing

Returns:

result of verification

validate

CryptoResult<UnsealedData> validate(java.io.InputStream data,
                                    java.io.OutputStream verifiedData,
                                    DataPipe pipe)

Verify if the sealed data is acceptable according to specified policies (ocsp, signing, encryption).
Different levels of notifications can be added to the result (warning, error, fatal).
Additional data from the result can be used for further verifications. It is possible to configure this service to let it embed an OCSPResponse into the sealed message on verification of the outer signature. See OCSPOption. The updated sealed message will be written into the given outputstream.
Caution
To add an OCSPResponse to an allready sealed message as an unsigned attribute, the sealed inputstream must be read twice:

• Once to load the SignerInfo of the message
• Once as input to update the SignerInfo of the message with the OCSPResponse and write it to the outputstream

How the data is passed from the first to the second inputstream, depends on the implememtation of the DataPipe, given in the input. This may have impact on streaming large messages.

Parameters:

data - sealed data stream

verifiedData - stream to write sealed data after processing

pipe - used to store the incoming data while loading the signed info of the cms message and to retrieve a stream to update the cms message with revocation information

Returns:

result of verification

stamp

CryptoResult<UnsealedData> stamp(byte[] data,
                                 byte[] timestamp)

Puts a timestamp on sealed data to prove that it existed in that state on a certain moment in time. The updated sealed message will be available in the result object.

Parameters:

data - sealed data

timestamp - timestamp on signature of sealed data

Returns:

status of operation and on success, the sealed data with embedded timestamp

stamp

CryptoResult<UnsealedData> stamp(java.io.InputStream data,
                                 java.io.OutputStream stampedData,
                                 byte[] timestamp)

Puts a timestamp on sealed data to prove that it existed in that state on a certain moment in time.
Caution
The updated sealed message will be written into the given outputstream. To add a timestamp to an allready sealed message as an unsigned attribute, the sealed inputstream must be read twice:

• Once to load the SignerInfo of the message
• Once as input to update the SignerInfo of the message with the given timestamp and write it to the outputstream

This method uses an in memory dataPipe to pass the information from the first to the second inputstream.

Parameters:

data - sealed data

stampedData - on success, the sealed data with embedded timestamp

timestamp - timestamp on signature of sealed data

Returns:

status of operation

stamp

CryptoResult<UnsealedData> stamp(java.io.InputStream data,
                                 java.io.OutputStream stampedData,
                                 byte[] timestamp,
                                 DataPipe pipe)

Puts a timestamp on sealed data to prove that it existed in that state on a certain moment in time.

The updated sealed message will be written into the given outputstream. Caution
To add a timestamp to an allready sealed message as an unsigned attribute, the sealed inputstream must be read twice:

• Once to load the SignerInfo of the message
• Once as input to update the SignerInfo of the message with the given timestamp and write it to the outputstream

How the data is passed from the first to the second inputstream, depends on the implememtation of the DataPipe, given in the input.

Parameters:

data - sealed data

stampedData - on success, the sealed data with embedded timestamp

timestamp - timestamp on signature of sealed data

pipe - used to store the incoming data while loading the signed info of the cms message and to retrieve a stream to update the cms message with a timestamp

Returns:

status of operation