Cryptologist.java

/*******************************************************************************
 * Copyright (c) 2005-2011, G. Weirich and Elexis
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *    G. Weirich - initial implementation
 *    
 *******************************************************************************/

package ch.rgw.crypt;

import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.X509Certificate;

import ch.rgw.tools.Result;
import ch.rgw.tools.TimeTool;

/**
 * A Cryptologist knows how to create keys and certificates, and encrypt, decrypt, sign and verify
 * byte arrays.
 * 
 * @author gerry
 * 
 */
public interface Cryptologist {
	
	/**
	 * encrypt a byte array
	 * 
	 * @param source
	 *            the plain bytes
	 * @param receiverKeyName
	 *            name of the receiver's public key
	 * 
	 * @return the encrypted bytes or null if encryption failed
	 */
	public byte[] encrypt(byte[] source, String receiverKeyName);
	
	public void encrypt(InputStream source, OutputStream dest, String receiverKeyName)
		throws CryptologistException;
	
	/**
	 * Sign a byte array (create and sign a MAC)
	 * 
	 * @param source
	 *            the bytes to sign
	 * @return the signature
	 */
	public byte[] sign(byte[] source);
	
	/**
	 * decrypt a byte array
	 * 
	 * @param encrypted
	 *            the encrypted bytes
	 * @return the plain array or null of decryption failed
	 */
	public Result<byte[]> decrypt(byte[] encrypted);
	
	public void decrypt(InputStream source, OutputStream dest) throws CryptologistException;
	
	public enum VERIFY_RESULT {
		OK, SIGNER_UNKNOWN, BAD_SIGNATURE, INTERNAL_ERROR
	}
	
	/**
	 * Verify a MAC
	 * 
	 * @param data
	 *            the signed data
	 * @param signature
	 *            the signed digest
	 * @param signerKeyName
	 *            name of the signer's public key
	 * @return
	 */
	public VERIFY_RESULT verify(byte[] data, byte[] signature, String signerKeyName);
	
	public boolean hasCertificateOf(String alias);
	
	public boolean hasKeyOf(String alias);
	
	public boolean addCertificate(X509Certificate cert);
	
	public boolean addCertificate(byte[] certEncoded);
	
	public boolean removeCertificate(String alias);
	
	public KeyPair generateKeys(String alias, char[] pwd, TimeTool validFrom, TimeTool validUntil);
	
	public X509Certificate getCertificate(String alias);
	
	public X509Certificate generateCertificate(PublicKey pk, String alias, TimeTool validFrom,
		TimeTool validUntil);
	
	public String getUser();
	
	public boolean isFunctional();
	
	public byte[] getCertificateEncoded(String alias) throws CryptologistException;
}