SecurityServiceInterface

This interface provides utility methods for the following security features:

You can obtain an instance of the implementation of this interface as follows:

SecurityServiceInterface securityService =
com.ibm.bcg.bcgdk.workflow.BusinessProcessUtil.getSecurityService();

Method

encryptBytes

Method description

This method encrypts the given data by using the given algorithm that uses the currently valid certificate of the to-partner specified in the business document. Encryption is done in accordance with the PKCS #7 standard described in PKCS #7: Cryptographic Message Syntax, section 10.

The method has two forms. One takes input as a byte array. The other takes input as an InputStream object.

Syntax

Byte array input

public byte[]
encryptBytes(BusinessDocumentInterface businessDocument,
                     byte[] inBuf,
                     String encryptionAlg)
                     throws BCGSecurityException

InputStream input

public InputStream
encryptBytes(BusinessDocumentInterface businessDocument,
                     InputStream inStream,
                     String encryptionAlg)
                     throws BCGSecurityException

Parameters

Byte array input

businessDocument
contains the participant's business ID in the BCG_PKG_TOBUSINESSID or BCG_TOBUSINESSID attributes. The participant's business ID is used to obtain the participant's encryption certificates.
inBuf
The data to be encrypted.
encryptionAlg
The encryption algorithm to use. The encryption algorithm must be one of the algorithm names defined in this class. The key length used for RC2 is 128.

InputStream input

businessDocument
contains the participant's business ID in the BCG_PKG_TOBUSINESSID or BCG_TOBUSINESSID attributes.
inStream
The InputStream from which to read the data to be encrypted.
encryptionAlg
The encryption algorithm to use. The encryption algorithm must be one of the algorithm names defined in this class. The key length used for RC2 is 128.

Returns

Byte array input

Encrypted data that is PKCS7 EnvelopedData in encoded form.

InputStream input

InputStream for the encrypted data. The encrypted data is PKCS7 EnvelopedData in encoded form.

Throws

com.ibm.bcg.bcgdk.services.BCGSecurityException - if any exception occurs.

Method

decryptBytes

Method description

This method decrypts the given encrypted data. It expects the encrypted data to be in an encoded form of PKCS #7 EnvelopedData. So encryption must be done in accordance with the PKCS #7 standard described in PKCS #7: Cryptographic Message Syntax, section 10.

The method has two forms. One takes input as a byte array. The other takes input as an InputStream object.

Syntax

Byte array input

public byte[]
decryptBytes(BusinessDocumentInterface businessDocument,
                     byte[] inBuf,
                     String algName)
                     throws BCGSecurityException

InputStream input

public InputStream
decryptBytes(BusinessDocumentInterface businessDocument,
                     InputStream inStream,
                     String algName)
                     throws BCGSecurityException

Parameters

Byte array input

businessDocument
The business document.
inBuf
The data to be decrypted as an encoded form of PKCS #7 EnvelopedData.
algName
The encryption algorithm that is expected to be used for decryption. This algorithm must match one contained in the EnvelopedData object.

InputStream input

businessDocument
The business document.
inStream
The InputStream from where the data to be decrypted is read. Encode data to be decrypted in the form of PKCS #7 EnvelopedData.
algName
The encryption algorithm that is expected to be used for decryption. This algorithm must match one contained in the EnvelopedData object.

Returns

Decrypted data.

Throws

com.ibm.bcg.bcgdk.services.BCGSecurityException - if any exception occurs.

Method

signMessage

Method description

This method generates a signature for the given data. The signature is in the form of an encoded PKCS #7 ContentInfo object that contains a PKCS #7 SignedData object.

The method has two forms. One takes input as a byte array. The other takes input as an InputStream object.

Syntax

Byte array input

public SignInfo
signMessage(BusinessDocumentInterface businessDocument,
                     byte[] data,
                     String micAlg)
                     throws BCGSecurityException

InputStream input

public SignInfo
signMessage(BusinessDocumentInterface businessDocument,
                     InputStream inStream,
                     String micAlg)
                     throws BCGSecurityException

Parameters

Byte array input

businessDocument
The business document.
data
The data to be signed.
micAlg
The digest algorithm to be used: SHA1 or MD5.

InputStream input

businessDocument
The business document.
InputStream
The InputStream from which to read the data to be signed.
micAlg
The digest algorithm to be used: SHA1 or MD5.

Returns

SignInfo or null if an error occurs. Signature is in the form of encoded PKCS #7 ContentInfo object that contains a PKCS #7 SignedData object.

Throws

com.ibm.bcg.bcgdk.services.BCGSecurityException - if any exception occurs.

Method

verifySignature

Method description

This method verifies the signature for the given message. The signature is verified by using the signature verification certificate of the sender participant.

The method has two forms. One takes input as a byte array. The other takes input as an InputStream object.

Syntax

Byte array input

public SignInfo
verifySignature(BusinessDocumentInterface businessDocument,
                     byte[] signature,
                     byte[] messageContent,
                     String senderId,
                     String signatureAlgo)
                     throws BCGSecurityException

InputStream input

public SignInfo
verifySignature(BusinessDocumentInterface businessDocument,
                     byte[] signature,
                     InputStream messageStream,
                     String senderId,
                     String signatureAlgo)
                     throws BCGSecurityException

Parameters

Byte array input

businessDocument
The business document.
signature
The signature bytes expected to be encoded in the PKCS #7 SignedData object.
messageContent
The message to verify against.
senderId
The business ID of the trading partner that the content is from.
signatureAlgo
The signature algorithm to use.

InputStream input

businessDocument
The business document.
signature
The signature bytes expected to be encoded in the PKCS #7 SignedData object.
messageStream
The InputStream from which to read the message to verify against.
senderId
The business ID of the trading partner that the content is from.
signatureAlgo
The signature algorithm to use.

Returns

SignInfo or null if an error occurs. Signature is in the form of encoded PKCS #7 ContentInfo object that contains a PKCS #7 SignedData object.

Throws

com.ibm.bcg.bcgdk.services.BCGSecurityException - if any exception occurs.

Method

generateDigest

Method description

This method calculates a digest of a specified message by using a specified algorithm.

The method has two forms. One takes input as a byte array. The other takes input as an InputStream object.

Syntax

Byte array input

public byte[] generateDigest(byte[] data,
                     String alg)
                     throws BCGSecurityException

InputStream input

public byte[] generateDigest(java.io.InputStream inStream,
                     String alg)
                     throws BCGSecurityException

Parameters

Byte array input

data
The data whose digest you want to be calculated.
alg
The digest algorithm to be used: SHA1 or MD5.

InputStream input

inStream
The InputStream from which data whose digest is to be calculated can be obtained.
alg
The digest algorithm to be used: SHA1 or MD5.

Returns

Digest as a byte array.

Throws

com.ibm.bcg.bcgdk.services.BCGSecurityException - if any exception occurs.

Constants

These constants define encryption and signature types:

public final String BCG_ENC_ALG_DES="3des"
public final String BCG_ENC_ALG_RC2 = "RC2"
public final String BCG_ENCRYPT_ALG_DESEDE = "DESede"
public final String BCG_SIGN_ALG_SHA1 = "sha1"
public final String BCG_SIGN_ALG_MD5 = "md5"

Fields

The following fields are used by SecurityServiceInterface methods:

BCG_ENCRYPT_ALG_DES
public static final java.lang.String BCG_ENCRYPT_ALG_DES
Encryption algorithm DES
BCG_ENCRYPT_ALG_DESEDE
public static final java.lang.String BCG_ENCRYPT_ALG_DESEDE
Encryption algorithm DESede
BCG_ENCRYPT_ALG_RC2
public static final java.lang.String BCG_ENCRYPT_ALG_RC2
Encryption algorithm RC2
BCG_ENCRYPT_ALG_AES
public static final java.lang.String BCG_ENCRYPT_ALG_AES
Encryption algorithm AES
BCG_ENCRYPT_ALG_3DES
public static final java.lang.String BCG_ENCRYPT_ALG_3DES
Encryption algorithm 3DES, same as DESede
BCG_SIGN_ALG_SHA1
public static final java.lang.String BCG_SIGN_ALG_SHA1
SHA1 algorithm used for generating digest and signing
BCG_SIGN_ALG_MD5
public static final java.lang.String BCG_SIGN_ALG_MD5
MD5 algorithm used for generating digest and signing

Copyright IBM Corp. 2003, 2005