diff options
| author | David Hook <dgh@cryptoworkshop.com> | 2014-04-26 09:29:16 +0400 |
|---|---|---|
| committer | David Hook <dgh@cryptoworkshop.com> | 2014-04-26 09:29:16 +0400 |
| commit | 8d66c4ec9eadda0ef37766daeb57e95331f6d13d (patch) | |
| tree | 2a65db2d22ad3363d3e73ae7fd5d21cbbb93e328 /mail | |
| parent | 28ba2d3c368ecc515a54b0c5df1901c3b7d1f859 (diff) | |
BJA-488 fix for lack of null check in SignedMailValidator.
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidator.java | 323 |
1 files changed, 160 insertions, 163 deletions
diff --git a/mail/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidator.java b/mail/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidator.java index 21132852..01c1c514 100644 --- a/mail/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidator.java +++ b/mail/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidator.java @@ -69,19 +69,19 @@ import org.bouncycastle.x509.PKIXCertPathReviewer; public class SignedMailValidator { private static final String RESOURCE_NAME = "org.bouncycastle.mail.smime.validator.SignedMailValidatorMessages"; - + private static final Class DEFAULT_CERT_PATH_REVIEWER = PKIXCertPathReviewer.class; private static final String EXT_KEY_USAGE = X509Extensions.ExtendedKeyUsage - .getId(); + .getId(); private static final String SUBJECT_ALTERNATIVE_NAME = X509Extensions.SubjectAlternativeName - .getId(); + .getId(); private static final int shortKeyLength = 512; - + // (365.25*30)*24*3600*1000 - private static final long THIRTY_YEARS_IN_MILLI_SEC = 21915l*12l*3600l*1000l; + private static final long THIRTY_YEARS_IN_MILLI_SEC = 21915l * 12l * 3600l * 1000l; private static final JcaX509CertSelectorConverter selectorConverter = new JcaX509CertSelectorConverter(); @@ -92,7 +92,7 @@ public class SignedMailValidator private Map results; private String[] fromAddresses; - + private Class certPathReviewerClass; /** @@ -106,21 +106,18 @@ public class SignedMailValidator * In <code>param</code> it's also possible to add additional CertStores * with intermediate Certificates and/or CRLs which then are also used for * the validation. - * - * @param message - * the signed MimeMessage - * @param param - * the parameters for the certificate path validation - * @throws SignedMailValidatorException - * if the message is no signed message or if an exception occurs - * reading the message + * + * @param message the signed MimeMessage + * @param param the parameters for the certificate path validation + * @throws SignedMailValidatorException if the message is no signed message or if an exception occurs + * reading the message */ public SignedMailValidator(MimeMessage message, PKIXParameters param) throws SignedMailValidatorException { this(message, param, DEFAULT_CERT_PATH_REVIEWER); } - + /** * Validates the signed {@link MimeMessage} message. The * {@link PKIXParameters} from param are used for the certificate path @@ -132,28 +129,24 @@ public class SignedMailValidator * In <code>param</code> it's also possible to add additional CertStores * with intermediate Certificates and/or CRLs which then are also used for * the validation. - * - * @param message - * the signed MimeMessage - * @param param - * the parameters for the certificate path validation - * @param certPathReviewerClass - * a subclass of {@link PKIXCertPathReviewer}. The SignedMailValidator - * uses objects of this type for the cert path vailidation. The class must - * have an empty constructor. - * @throws SignedMailValidatorException - * if the message is no signed message or if an exception occurs - * reading the message - * @throws IllegalArgumentException if the certPathReviewerClass is not a - * subclass of {@link PKIXCertPathReviewer} or objects of - * certPathReviewerClass can not be instantiated + * + * @param message the signed MimeMessage + * @param param the parameters for the certificate path validation + * @param certPathReviewerClass a subclass of {@link PKIXCertPathReviewer}. The SignedMailValidator + * uses objects of this type for the cert path vailidation. The class must + * have an empty constructor. + * @throws SignedMailValidatorException if the message is no signed message or if an exception occurs + * reading the message + * @throws IllegalArgumentException if the certPathReviewerClass is not a + * subclass of {@link PKIXCertPathReviewer} or objects of + * certPathReviewerClass can not be instantiated */ public SignedMailValidator(MimeMessage message, PKIXParameters param, Class certPathReviewerClass) - throws SignedMailValidatorException + throws SignedMailValidatorException { this.certPathReviewerClass = certPathReviewerClass; boolean isSubclass = DEFAULT_CERT_PATH_REVIEWER.isAssignableFrom(certPathReviewerClass); - if(!isSubclass) + if (!isSubclass) { throw new IllegalArgumentException("certPathReviewerClass is not a subclass of " + DEFAULT_CERT_PATH_REVIEWER.getName()); } @@ -165,18 +158,18 @@ public class SignedMailValidator // check if message is multipart signed if (message.isMimeType("multipart/signed")) { - MimeMultipart mimemp = (MimeMultipart) message.getContent(); + MimeMultipart mimemp = (MimeMultipart)message.getContent(); s = new SMIMESigned(mimemp); } else if (message.isMimeType("application/pkcs7-mime") - || message.isMimeType("application/x-pkcs7-mime")) + || message.isMimeType("application/x-pkcs7-mime")) { s = new SMIMESigned(message); } else { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.noSignedMessage"); + "SignedMailValidator.noSignedMessage"); throw new SignedMailValidatorException(msg); } @@ -186,28 +179,30 @@ public class SignedMailValidator // save "from" addresses from message Address[] froms = message.getFrom(); - InternetAddress sender = null; - try - { - if(message.getHeader("Sender") != null) + InternetAddress sender = null; + try { - sender = new InternetAddress(message.getHeader("Sender")[0]); + if (message.getHeader("Sender") != null) + { + sender = new InternetAddress(message.getHeader("Sender")[0]); + } + } + catch (MessagingException ex) + { + //ignore garbage in Sender: header + } + + int fromsLength = (froms != null) ? froms.length : 0; + fromAddresses = new String[fromsLength + ((sender != null) ? 1 : 0)]; + for (int i = 0; i < froms.length; i++) + { + InternetAddress inetAddr = (InternetAddress)froms[i]; + fromAddresses[i] = inetAddr.getAddress(); + } + if (sender != null) + { + fromAddresses[froms.length] = sender.getAddress(); } - } - catch (MessagingException ex) - { - //ignore garbage in Sender: header - } - fromAddresses = new String[froms.length + (sender!=null?1:0)]; - for (int i = 0; i < froms.length; i++) - { - InternetAddress inetAddr = (InternetAddress) froms[i]; - fromAddresses[i] = inetAddr.getAddress(); - } - if(sender!=null) - { - fromAddresses[froms.length] = sender.getAddress(); - } // initialize results results = new HashMap(); @@ -216,12 +211,12 @@ public class SignedMailValidator { if (e instanceof SignedMailValidatorException) { - throw (SignedMailValidatorException) e; + throw (SignedMailValidatorException)e; } // exception reading message ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.exceptionReadingMessage", - new Object[] { e.getMessage(), e , e.getClass().getName()}); + "SignedMailValidator.exceptionReadingMessage", + new Object[]{e.getMessage(), e, e.getClass().getName()}); throw new SignedMailValidatorException(msg, e); } @@ -231,7 +226,7 @@ public class SignedMailValidator protected void validateSignatures(PKIXParameters pkixParam) { - PKIXParameters usedParameters = (PKIXParameters) pkixParam.clone(); + PKIXParameters usedParameters = (PKIXParameters)pkixParam.clone(); // add crls and certs from mail usedParameters.addCertStore(certs); @@ -245,26 +240,26 @@ public class SignedMailValidator List errors = new ArrayList(); List notifications = new ArrayList(); - SignerInformation signer = (SignerInformation) it.next(); + SignerInformation signer = (SignerInformation)it.next(); // signer certificate X509Certificate cert = null; try { Collection certCollection = findCerts(usedParameters - .getCertStores(), selectorConverter.getCertSelector(signer.getSID())); + .getCertStores(), selectorConverter.getCertSelector(signer.getSID())); Iterator certIt = certCollection.iterator(); if (certIt.hasNext()) { - cert = (X509Certificate) certIt.next(); + cert = (X509Certificate)certIt.next(); } } catch (CertStoreException cse) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.exceptionRetrievingSignerCert", - new Object[] { cse.getMessage(), cse , cse.getClass().getName()}); + "SignedMailValidator.exceptionRetrievingSignerCert", + new Object[]{cse.getMessage(), cse, cse.getClass().getName()}); errors.add(msg); } @@ -278,15 +273,15 @@ public class SignedMailValidator if (!validSignature) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.signatureNotVerified"); + "SignedMailValidator.signatureNotVerified"); errors.add(msg); } } catch (Exception e) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.exceptionVerifyingSignature", - new Object[] { e.getMessage(), e, e.getClass().getName() }); + "SignedMailValidator.exceptionVerifyingSignature", + new Object[]{e.getMessage(), e, e.getClass().getName()}); errors.add(msg); } @@ -301,7 +296,7 @@ public class SignedMailValidator if (attr != null) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.signedReceiptRequest"); + "SignedMailValidator.signedReceiptRequest"); notifications.add(msg); } } @@ -314,7 +309,7 @@ public class SignedMailValidator if (signTime == null) // no signing time was found { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.noSigningTime"); + "SignedMailValidator.noSigningTime"); errors.add(msg); signTime = new Date(); } @@ -328,15 +323,15 @@ public class SignedMailValidator catch (CertificateExpiredException e) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.certExpired", - new Object[] { new TrustedInput(signTime), new TrustedInput(cert.getNotAfter()) }); + "SignedMailValidator.certExpired", + new Object[]{new TrustedInput(signTime), new TrustedInput(cert.getNotAfter())}); errors.add(msg); } catch (CertificateNotYetValidException e) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.certNotYetValid", - new Object[] { new TrustedInput(signTime), new TrustedInput(cert.getNotBefore()) }); + "SignedMailValidator.certNotYetValid", + new Object[]{new TrustedInput(signTime), new TrustedInput(cert.getNotBefore())}); errors.add(msg); } } @@ -347,12 +342,12 @@ public class SignedMailValidator // construct cert chain CertPath certPath; List userProvidedList; - + List userCertStores = new ArrayList(); userCertStores.add(certs); Object[] cpres = createCertPath(cert, usedParameters.getTrustAnchors(), pkixParam.getCertStores(), userCertStores); - certPath = (CertPath) cpres[0]; - userProvidedList = (List) cpres[1]; + certPath = (CertPath)cpres[0]; + userProvidedList = (List)cpres[1]; // validate cert chain PKIXCertPathReviewer review; @@ -363,54 +358,55 @@ public class SignedMailValidator catch (IllegalAccessException e) { throw new IllegalArgumentException("Cannot instantiate object of type " + - certPathReviewerClass.getName() + ": " + e.getMessage()); + certPathReviewerClass.getName() + ": " + e.getMessage()); } catch (InstantiationException e) { throw new IllegalArgumentException("Cannot instantiate object of type " + - certPathReviewerClass.getName() + ": " + e.getMessage()); + certPathReviewerClass.getName() + ": " + e.getMessage()); } review.init(certPath, usedParameters); if (!review.isValidCertPath()) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.certPathInvalid"); + "SignedMailValidator.certPathInvalid"); errors.add(msg); } results.put(signer, new ValidationResult(review, - validSignature, errors, notifications, userProvidedList)); + validSignature, errors, notifications, userProvidedList)); } catch (GeneralSecurityException gse) { // cannot create cert path ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.exceptionCreateCertPath", - new Object[] { gse.getMessage(), gse, gse.getClass().getName() }); + "SignedMailValidator.exceptionCreateCertPath", + new Object[]{gse.getMessage(), gse, gse.getClass().getName()}); errors.add(msg); results.put(signer, new ValidationResult(null, - validSignature, errors, notifications, null)); + validSignature, errors, notifications, null)); } catch (CertPathReviewerException cpre) { // cannot initialize certpathreviewer - wrong parameters errors.add(cpre.getErrorMessage()); results.put(signer, new ValidationResult(null, - validSignature, errors, notifications, null)); + validSignature, errors, notifications, null)); } } else // no signer certificate found { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.noSignerCert"); + "SignedMailValidator.noSignerCert"); errors.add(msg); results.put(signer, new ValidationResult(null, false, errors, - notifications, null)); + notifications, null)); } } } - public static Set getEmailAddresses(X509Certificate cert) throws IOException, CertificateEncodingException + public static Set getEmailAddresses(X509Certificate cert) + throws IOException, CertificateEncodingException { Set addresses = new HashSet(); @@ -421,7 +417,7 @@ public class SignedMailValidator { if (oids.get(i).equals(X509Principal.EmailAddress)) { - String email = ((String) names.get(i)).toLowerCase(); + String email = ((String)names.get(i)).toLowerCase(); addresses.add(email); break; } @@ -433,13 +429,13 @@ public class SignedMailValidator ASN1Sequence altNames = ASN1Sequence.getInstance(getObject(ext)); for (int j = 0; j < altNames.size(); j++) { - ASN1TaggedObject o = (ASN1TaggedObject) altNames - .getObjectAt(j); + ASN1TaggedObject o = (ASN1TaggedObject)altNames + .getObjectAt(j); if (o.getTagNo() == 1) { String email = DERIA5String.getInstance(o, false) - .getString().toLowerCase(); + .getString().toLowerCase(); addresses.add(email); } } @@ -448,44 +444,45 @@ public class SignedMailValidator return addresses; } - private static ASN1Primitive getObject(byte[] ext) throws IOException + private static ASN1Primitive getObject(byte[] ext) + throws IOException { ASN1InputStream aIn = new ASN1InputStream(ext); - ASN1OctetString octs = (ASN1OctetString) aIn.readObject(); + ASN1OctetString octs = (ASN1OctetString)aIn.readObject(); aIn = new ASN1InputStream(octs.getOctets()); return aIn.readObject(); } protected void checkSignerCert(X509Certificate cert, List errors, - List notifications) + List notifications) { // get key length PublicKey key = cert.getPublicKey(); int keyLenght = -1; if (key instanceof RSAPublicKey) { - keyLenght = ((RSAPublicKey) key).getModulus().bitLength(); + keyLenght = ((RSAPublicKey)key).getModulus().bitLength(); } else if (key instanceof DSAPublicKey) { - keyLenght = ((DSAPublicKey) key).getParams().getP().bitLength(); + keyLenght = ((DSAPublicKey)key).getParams().getP().bitLength(); } if (keyLenght != -1 && keyLenght <= shortKeyLength) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.shortSigningKey", - new Object[]{Integers.valueOf(keyLenght)}); + "SignedMailValidator.shortSigningKey", + new Object[]{Integers.valueOf(keyLenght)}); notifications.add(msg); } - + // warn if certificate has very long validity period long validityPeriod = cert.getNotAfter().getTime() - cert.getNotBefore().getTime(); if (validityPeriod > THIRTY_YEARS_IN_MILLI_SEC) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.longValidity", - new Object[] {new TrustedInput(cert.getNotBefore()), new TrustedInput(cert.getNotAfter())}); + "SignedMailValidator.longValidity", + new Object[]{new TrustedInput(cert.getNotBefore()), new TrustedInput(cert.getNotAfter())}); notifications.add(msg); } @@ -494,7 +491,7 @@ public class SignedMailValidator if (keyUsage != null && !keyUsage[0] && !keyUsage[1]) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.signingNotPermitted"); + "SignedMailValidator.signingNotPermitted"); errors.add(msg); } @@ -505,14 +502,14 @@ public class SignedMailValidator if (ext != null) { ExtendedKeyUsage extKeyUsage = ExtendedKeyUsage - .getInstance(getObject(ext)); + .getInstance(getObject(ext)); if (!extKeyUsage - .hasKeyPurposeId(KeyPurposeId.anyExtendedKeyUsage) - && !extKeyUsage - .hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection)) + .hasKeyPurposeId(KeyPurposeId.anyExtendedKeyUsage) + && !extKeyUsage + .hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection)) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.extKeyUsageNotPermitted"); + "SignedMailValidator.extKeyUsageNotPermitted"); errors.add(msg); } } @@ -520,8 +517,9 @@ public class SignedMailValidator catch (Exception e) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.extKeyUsageError", new Object[] { - e.getMessage(), e, e.getClass().getName() }); + "SignedMailValidator.extKeyUsageError", new Object[]{ + e.getMessage(), e, e.getClass().getName()} + ); errors.add(msg); } @@ -533,7 +531,7 @@ public class SignedMailValidator { // error no email address in signing certificate ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.noEmailInCert"); + "SignedMailValidator.noEmailInCert"); errors.add(msg); } else @@ -552,11 +550,12 @@ public class SignedMailValidator if (!equalsFrom) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.emailFromCertMismatch", - new Object[] { - new UntrustedInput( - addressesToString(fromAddresses)), - new UntrustedInput(certEmails) }); + "SignedMailValidator.emailFromCertMismatch", + new Object[]{ + new UntrustedInput( + addressesToString(fromAddresses)), + new UntrustedInput(certEmails)} + ); errors.add(msg); } } @@ -564,8 +563,9 @@ public class SignedMailValidator catch (Exception e) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.certGetEmailError", new Object[] { - e.getMessage(), e, e.getClass().getName() }); + "SignedMailValidator.certGetEmailError", new Object[]{ + e.getMessage(), e, e.getClass().getName()} + ); errors.add(msg); } } @@ -602,7 +602,7 @@ public class SignedMailValidator if (attr != null) { Time t = Time.getInstance(attr.getAttrValues().getObjectAt(0) - .toASN1Primitive()); + .toASN1Primitive()); result = t.getDate(); } } @@ -610,19 +610,19 @@ public class SignedMailValidator } private static List findCerts(List certStores, X509CertSelector selector) - throws CertStoreException + throws CertStoreException { List result = new ArrayList(); Iterator it = certStores.iterator(); while (it.hasNext()) { - CertStore store = (CertStore) it.next(); + CertStore store = (CertStore)it.next(); Collection coll = store.getCertificates(selector); result.addAll(coll); } return result; } - + private static X509Certificate findNextCert(List certStores, X509CertSelector selector, Set certSet) throws CertStoreException { @@ -632,46 +632,48 @@ public class SignedMailValidator X509Certificate nextCert = null; while (certIt.hasNext()) { - nextCert = (X509Certificate) certIt.next(); + nextCert = (X509Certificate)certIt.next(); if (!certSet.contains(nextCert)) { certFound = true; break; } } - + return certFound ? nextCert : null; } /** - * - * @param signerCert the end of the path + * @param signerCert the end of the path * @param trustanchors trust anchors for the path * @param certStores * @return the resulting certificate path. * @throws GeneralSecurityException */ public static CertPath createCertPath(X509Certificate signerCert, - Set trustanchors, List certStores) throws GeneralSecurityException + Set trustanchors, List certStores) + throws GeneralSecurityException { Object[] results = createCertPath(signerCert, trustanchors, certStores, null); - return (CertPath) results[0]; + return (CertPath)results[0]; } - + /** * Returns an Object array containing a CertPath and a List of Booleans. The list contains the value <code>true</code> * if the corresponding certificate in the CertPath was taken from the user provided CertStores. - * @param signerCert the end of the path - * @param trustanchors trust anchors for the path + * + * @param signerCert the end of the path + * @param trustanchors trust anchors for the path * @param systemCertStores list of {@link CertStore} provided by the system - * @param userCertStores list of {@link CertStore} provided by the user + * @param userCertStores list of {@link CertStore} provided by the user * @return a CertPath and a List of booleans. * @throws GeneralSecurityException */ public static Object[] createCertPath(X509Certificate signerCert, - Set trustanchors, List systemCertStores, List userCertStores) throws GeneralSecurityException + Set trustanchors, List systemCertStores, List userCertStores) + throws GeneralSecurityException { - Set certSet = new LinkedHashSet(); + Set certSet = new LinkedHashSet(); List userProvidedList = new ArrayList(); // add signer certificate @@ -681,7 +683,7 @@ public class SignedMailValidator userProvidedList.add(new Boolean(true)); boolean trustAnchorFound = false; - + X509Certificate taCert = null; // add other certs to the cert path @@ -691,12 +693,12 @@ public class SignedMailValidator Iterator trustIt = trustanchors.iterator(); while (trustIt.hasNext()) { - TrustAnchor anchor = (TrustAnchor) trustIt.next(); + TrustAnchor anchor = (TrustAnchor)trustIt.next(); X509Certificate anchorCert = anchor.getTrustedCert(); if (anchorCert != null) { if (anchorCert.getSubjectX500Principal().equals( - cert.getIssuerX500Principal())) + cert.getIssuerX500Principal())) { try { @@ -714,7 +716,7 @@ public class SignedMailValidator else { if (anchor.getCAName().equals( - cert.getIssuerX500Principal().getName())) + cert.getIssuerX500Principal().getName())) { try { @@ -759,14 +761,14 @@ public class SignedMailValidator } } boolean userProvided = false; - + cert = findNextCert(systemCertStores, select, certSet); if (cert == null && userCertStores != null) { userProvided = true; cert = findNextCert(userCertStores, select, certSet); } - + if (cert != null) { // cert found @@ -798,9 +800,9 @@ public class SignedMailValidator { throw new IllegalStateException(e.toString()); } - + boolean userProvided = false; - + taCert = findNextCert(systemCertStores, select, certSet); if (taCert == null && userCertStores != null) { @@ -822,9 +824,9 @@ public class SignedMailValidator } } } - + CertPath certPath = CertificateFactory.getInstance("X.509", "BC").generateCertPath(new ArrayList(certSet)); - return new Object[] {certPath, userProvidedList}; + return new Object[]{certPath, userProvidedList}; } public CertStore getCertsAndCRLs() @@ -838,19 +840,19 @@ public class SignedMailValidator } public ValidationResult getValidationResult(SignerInformation signer) - throws SignedMailValidatorException + throws SignedMailValidatorException { if (signers.getSigners(signer.getSID()).isEmpty()) { // the signer is not part of the SignerInformationStore // he has not signed the message ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "SignedMailValidator.wrongSigner"); + "SignedMailValidator.wrongSigner"); throw new SignedMailValidatorException(msg); } else { - return (ValidationResult) results.get(signer); + return (ValidationResult)results.get(signer); } } @@ -862,13 +864,13 @@ public class SignedMailValidator private List errors; private List notifications; - + private List userProvidedCerts; private boolean signVerified; ValidationResult(PKIXCertPathReviewer review, boolean verified, - List errors, List notifications, List userProvidedCerts) + List errors, List notifications, List userProvidedCerts) { this.review = review; this.errors = errors; @@ -879,7 +881,7 @@ public class SignedMailValidator /** * Returns a list of error messages of type {@link ErrorBundle}. - * + * * @return List of error messages */ public List getErrors() @@ -889,7 +891,7 @@ public class SignedMailValidator /** * Returns a list of notification messages of type {@link ErrorBundle}. - * + * * @return List of notification messages */ public List getNotifications() @@ -898,27 +900,24 @@ public class SignedMailValidator } /** - * * @return the PKIXCertPathReviewer for the CertPath of this signature - * or null if an Exception occured. + * or null if an Exception occured. */ public PKIXCertPathReviewer getCertPathReview() { return review; } - + /** - * * @return the CertPath for this signature - * or null if an Exception occured. + * or null if an Exception occured. */ public CertPath getCertPath() { return review != null ? review.getCertPath() : null; } - + /** - * * @return a List of Booleans that are true if the corresponding certificate in the CertPath was taken from * the CertStore of the SMIME message */ @@ -928,9 +927,8 @@ public class SignedMailValidator } /** - * * @return true if the signature corresponds to the public key of the - * signer + * signer */ public boolean isVerifiedSignature() { @@ -938,17 +936,16 @@ public class SignedMailValidator } /** - * * @return true if the signature is valid (ie. if it corresponds to the - * public key of the signer and the cert path for the signers - * certificate is also valid) + * public key of the signer and the cert path for the signers + * certificate is also valid) */ public boolean isValidSignature() { if (review != null) { return signVerified && review.isValidCertPath() - && errors.isEmpty(); + && errors.isEmpty(); } else { |