| /******************************************************************************* |
| * Copyright (c) 2007, 2008 IBM Corporation and others. |
| * All rights reserved. This program and the accompanying materials |
| * are made available under the terms of the Eclipse Public License v1.0 |
| * which accompanies this distribution, and is available at |
| * http://www.eclipse.org/legal/epl-v10.html |
| * |
| * Contributors: |
| * IBM Corporation - initial API and implementation |
| *******************************************************************************/ |
| package org.eclipse.osgi.signedcontent; |
| |
| import java.security.cert.CertificateExpiredException; |
| import java.security.cert.CertificateNotYetValidException; |
| import java.util.Date; |
| |
| /** |
| * A <code>SignedContent</code> object represents content which may be signed. A |
| * {@link SignedContentFactory} is used to create signed content objects. |
| * <p> |
| * A <code>SignedContent</code> object is intended to provide information about |
| * the signers of the content, and cannot be used to access the actual data of the content. |
| * </p> |
| * <p> |
| * This interface is not intended to be implemented by clients. |
| * </p> |
| * @since 3.4 |
| * @noimplement This interface is not intended to be implemented by clients. |
| */ |
| public interface SignedContent { |
| |
| /** |
| * Returns all entries of the content. The returned entries can be used |
| * to verify the entry content using {@link SignedContentEntry#verify()} and |
| * get signer info for each entry in this content using {@link SignedContentEntry#getSignerInfos()}. |
| * Note that this operation may be expensive because it requires an |
| * exhaustive search for entries over the entire content. |
| * <p> |
| * Unsigned entries are included in the result. Entries for which signer info exists |
| * but no content is found are also returned. For example, when an entry is removed from |
| * a signed jar but the jar is not resigned, the signer thinks the entry should exist |
| * but the content got removed. This would be considered an invalid entry which would fail verification. |
| * </p> |
| * @return all entries of the content |
| */ |
| public SignedContentEntry[] getSignedEntries(); |
| |
| /** |
| * Returns the signed entry for the specified name. |
| * @param name the name of the entry |
| * @return the entry or null if the entry could not be found |
| */ |
| public SignedContentEntry getSignedEntry(String name); |
| |
| /** |
| * Returns all the signer infos for this <code>SignedContent</code>. If the content |
| * is not signed then an empty array is returned. |
| * @return all the signer infos for this <code>SignedContent</code> |
| */ |
| public SignerInfo[] getSignerInfos(); |
| |
| /** |
| * Returns true if the content is signed; false otherwise. This is a convenience method |
| * equivalent to calling <code>{@link #getSignerInfos()}.length > 0</code> |
| * @return true if the content is signed |
| */ |
| public boolean isSigned(); |
| |
| /** |
| * Returns the signing time for the signer info. If no TSA signers exist then null is returned |
| * @param signerInfo the signer info to get the signing time for |
| * @return the signing time |
| */ |
| public Date getSigningTime(SignerInfo signerInfo); |
| |
| /** |
| * Returns the TSA signer info used to authenticate the signer time of a signer info. |
| * @param signerInfo the signer info to get the TSA signer for |
| * @return the TSA signer info |
| */ |
| public SignerInfo getTSASignerInfo(SignerInfo signerInfo); |
| |
| /** |
| * Checks if the certificates are valid for the specified signer. If the signer has a singing time |
| * returned by {@link #getSigningTime(SignerInfo)} then that time is used to check the |
| * validity of the certificates; otherwise the current time is used. |
| * @param signerInfo the signer info to check validity for. |
| * @throws CertificateExpiredException if one of the certificates of this signer is expired |
| * @throws CertificateNotYetValidException if one of the certificates of this signer is not yet valid |
| */ |
| public void checkValidity(SignerInfo signerInfo) throws CertificateExpiredException, CertificateNotYetValidException; |
| } |