Integration Server 10.3 | Built-In Services Reference Guide | SMIME Folder | Summary of Elements in this Folder | pub.smime:processSignedData
 
pub.smime:processSignedData
WmPublic. Verifies the signature from a signed S/MIME entity and extracts the message from it.
Input Parameters
SMimeEnvStream
java.io.InputStream Signed MIME entity (for example, the output produced by pub.smime:createSignedData).
signerCertChain
byte[ ][ ] Optional. Certificate chain of the party that signed the message, where each byte[ ] represents a single certificate in the chain. Certificates must appear in hierarchical order, starting with the signer's certificate in element 0. The following shows how the elements of a complete chain would appear for a certificate that was issued through two intermediate CAs:
Element
Contents
0
Signer's certificate.
1
Intermediary CA Certificate.
2
Intermediary CA Certificate.
3
Root CA Certificate.
Note:
If the signer included the certificate chain with the digital signature, you do not need to supply signerCertChain.
Output Parameters
mimeData
Document MIME object containing the extracted MIME entity.
contentDigest
String Message digest (base64-encoded) that was recalculated by processSignedData.
signerCert
java.security.cert.X509Certificate Signer's X.509 certificate.
encrypted
String Conditional. Flag indicating whether the extracted MIME entity is encrypted. A value of:
*true indicates that the MIME entity is encrypted.
*false indicates that the MIME entity is not encrypted.
signed
String Conditional. Flag indicating whether the extracted MIME entity is signed. A value of:
*true indicates that the MIME entity is signed.
*false indicates that the MIME entity is not signed.
certsOnly
String Conditional. Flag indicating whether the extracted MIME entity is a certs-only entity. A value of:
*true indicates that the MIME entity is a certs-only entity.
*false indicates that the MIME entity is not a certs-only entity.
stream
java.io.InputStream Conditional. Extracted MIME entity.
verify
String Flag indicating whether the signature was successfully processed. Success indicates that the signature was successfully verified with the supplied public key. A value of:
*true indicates that signature processing was successful.
*false indicates that signature processing failed. The signature could not be verified because an errorCode 1, 2, 3, or 4 occurred.
trusted
String Flag indicating whether the signer certificate is trusted or not. A value of:
*true indicates that the signer certificate is trusted.
*false indicates that the signer certificate is not trusted.
errorCode
String Conditional. Number indicating the kind of error that occurred while processing the signature. See errorMessage for possible values.
If no error occurred, errorCode will not be returned.
errorMessage
String Conditional. Textual error message indicating what kind of error occurred while processing the signature. Error codes and messages are as follows:
errorCode
errorMessage
1
Invalid signer certificate file information.
2
Certificate at index 'i' is not in recognizable format.
3
Invalid certificate input at index 'i'.
4
Signature cannot be verified.
5
Expired certificate chain.
6
Error in certificate chain.
7
Untrusted certificate.
Usage Notes
If verify is false, the errorCode and errorMessage values will indicate the error that caused the failure. Note that errorCode values 5 through 7 do not represent signature-validation failures and, therefore, do not cause the verify flag to be set to false.
If the extracted entity is signed or encrypted, mimeData will be empty, and the extracted entity will reside in stream. You can check the state of the signed and encrypted output variables to determine whether the extracted entity requires additional processing, and pass stream to the pub.smime:processEncryptedData service as necessary.
Important:
You can examine the contents of mimeData during testing and debugging. However, because the internal structure of mimeData is subject to change without notice, do not explicitly set or map data to/from these elements in your service. To manipulate or access the contents of mimeData, use only the MIME services that Integration Server provides.
See Also
pub.smime:processEncryptedData
pub.smime:createSignedData