org.bouncycastle.cms

Class CMSSignedData

java.lang.Object

org.bouncycastle.cms.CMSSignedData

All Implemented Interfaces:

org.bouncycastle.util.Encodable

public class CMSSignedData
extends java.lang.Object
implements org.bouncycastle.util.Encodable

general class for handling a pkcs7-signature message.

A simple example of usage - note, in the example below the validity of the certificate isn't verified, just the fact that one of the certs matches the given signer...

  Store                   certStore = s.getCertificates();
  SignerInformationStore  signers = s.getSignerInfos();
  Collection              c = signers.getSigners();
  Iterator                it = c.iterator();

  while (it.hasNext())
  {
      SignerInformation   signer = (SignerInformation)it.next();
      Collection          certCollection = certStore.getMatches(signer.getSID());

      Iterator              certIt = certCollection.iterator();
      X509CertificateHolder cert = (X509CertificateHolder)certIt.next();

      if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)))
      {
          verified++;
      }
  }
 

Constructor Summary

Constructors

Constructor and Description
CMSSignedData(byte[] sigBlock)
CMSSignedData(CMSProcessable signedContent, byte[] sigBlock)
CMSSignedData(CMSProcessable signedContent, org.bouncycastle.asn1.cms.ContentInfo sigData)
CMSSignedData(CMSProcessable signedContent, java.io.InputStream sigData) base constructor - content with detached signature.
CMSSignedData(org.bouncycastle.asn1.cms.ContentInfo sigData)
CMSSignedData(java.io.InputStream sigData) base constructor - with encapsulated content
CMSSignedData(java.util.Map hashes, byte[] sigBlock) Content with detached signature, digests precomputed
CMSSignedData(java.util.Map hashes, org.bouncycastle.asn1.cms.ContentInfo sigData)

Method Summary

Modifier and Type	Method and Description
static CMSSignedData	addDigestAlgorithm(CMSSignedData signedData, org.bouncycastle.asn1.x509.AlgorithmIdentifier digestAlgorithm) Return a new CMSSignedData which guarantees to have the passed in digestAlgorithm in it.
static CMSSignedData	addDigestAlgorithm(CMSSignedData signedData, org.bouncycastle.asn1.x509.AlgorithmIdentifier digestAlgorithm, DigestAlgorithmIdentifierFinder digestAlgIdFinder) Return a new CMSSignedData which guarantees to have the passed in digestAlgorithm in it.
org.bouncycastle.util.Store<X509AttributeCertificateHolder>	getAttributeCertificates() Return any X.509 attribute certificate objects in this SignedData structure as a Store of X509AttributeCertificateHolder objects.
org.bouncycastle.util.Store<X509CertificateHolder>	getCertificates() Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects.
org.bouncycastle.util.Store<X509CRLHolder>	getCRLs() Return any X.509 CRL objects in this SignedData structure as a Store of X509CRLHolder objects.
java.util.Set<org.bouncycastle.asn1.x509.AlgorithmIdentifier>	getDigestAlgorithmIDs() Return the digest algorithm identifiers for the SignedData object
byte[]	getEncoded() return the ASN.1 encoded representation of this object.
byte[]	getEncoded(java.lang.String encoding) return the ASN.1 encoded representation of this object using the specified encoding.
org.bouncycastle.util.Store	getOtherRevocationInfo(org.bouncycastle.asn1.ASN1ObjectIdentifier otherRevocationInfoFormat) Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in this SignedData structure.
CMSTypedData	getSignedContent()
java.lang.String	getSignedContentTypeOID() Return the a string representation of the OID associated with the encapsulated content info structure carried in the signed data.
SignerInformationStore	getSignerInfos() return the collection of signers that are associated with the signatures for the message.
int	getVersion() Return the version number for this object
boolean	isCertificateManagementMessage() Return if this is object represents a certificate management message.
boolean	isDetachedSignature() Return if this is object represents a detached signature.
static CMSSignedData	replaceCertificatesAndCRLs(CMSSignedData signedData, org.bouncycastle.util.Store certificates, org.bouncycastle.util.Store attrCerts, org.bouncycastle.util.Store revocations) Replace the certificate and CRL information associated with this CMSSignedData object with the new one passed in.
static CMSSignedData	replaceSigners(CMSSignedData signedData, SignerInformationStore signerInformationStore) Replace the SignerInformation store associated with this CMSSignedData object with the new one passed in using the current DigestAlgorithmIdentifierFinder for creating the digest sets.
static CMSSignedData	replaceSigners(CMSSignedData signedData, SignerInformationStore signerInformationStore, DigestAlgorithmIdentifierFinder digestAlgIdFinder) Replace the SignerInformation store associated with this CMSSignedData object with the new one passed in using the passed in DigestAlgorithmIdentifierFinder for creating the digest sets.
org.bouncycastle.asn1.cms.ContentInfo	toASN1Structure() return the ContentInfo
boolean	verifySignatures(SignerInformationVerifierProvider verifierProvider) Verify all the SignerInformation objects and their associated counter signatures attached to this CMS SignedData object.
boolean	verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures) Verify all the SignerInformation objects and optionally their associated counter signatures attached to this CMS SignedData object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CMSSignedData

public CMSSignedData(byte[] sigBlock)
              throws CMSException

Throws:

CMSException

CMSSignedData

public CMSSignedData(CMSProcessable signedContent,
                     byte[] sigBlock)
              throws CMSException

Throws:

CMSException

CMSSignedData

public CMSSignedData(java.util.Map hashes,
                     byte[] sigBlock)
              throws CMSException

Content with detached signature, digests precomputed

Parameters:

hashes - a map of precomputed digests for content indexed by name of hash.

sigBlock - the signature object.

Throws:

CMSException

CMSSignedData

public CMSSignedData(CMSProcessable signedContent,
                     java.io.InputStream sigData)
              throws CMSException

base constructor - content with detached signature.

Parameters:

signedContent - the content that was signed.

sigData - the signature object.

Throws:

CMSException

CMSSignedData

public CMSSignedData(java.io.InputStream sigData)
              throws CMSException

base constructor - with encapsulated content

Throws:

CMSException

CMSSignedData

public CMSSignedData(CMSProcessable signedContent,
                     org.bouncycastle.asn1.cms.ContentInfo sigData)
              throws CMSException

Throws:

CMSException

CMSSignedData

public CMSSignedData(java.util.Map hashes,
                     org.bouncycastle.asn1.cms.ContentInfo sigData)
              throws CMSException

Throws:

CMSException

CMSSignedData

public CMSSignedData(org.bouncycastle.asn1.cms.ContentInfo sigData)
              throws CMSException

Throws:

CMSException

Method Detail

getVersion

public int getVersion()

Return the version number for this object

getSignerInfos

public SignerInformationStore getSignerInfos()

return the collection of signers that are associated with the signatures for the message.

isDetachedSignature

public boolean isDetachedSignature()

Return if this is object represents a detached signature.

Returns:

true if this message represents a detached signature, false otherwise.

isCertificateManagementMessage

public boolean isCertificateManagementMessage()

Return if this is object represents a certificate management message.

Returns:

true if the message has no signers or content, false otherwise.

getCertificates

public org.bouncycastle.util.Store<X509CertificateHolder> getCertificates()

Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects.

Returns:

a Store of X509CertificateHolder objects.

getCRLs

public org.bouncycastle.util.Store<X509CRLHolder> getCRLs()

Return any X.509 CRL objects in this SignedData structure as a Store of X509CRLHolder objects.

Returns:

a Store of X509CRLHolder objects.

getAttributeCertificates

public org.bouncycastle.util.Store<X509AttributeCertificateHolder> getAttributeCertificates()

Return any X.509 attribute certificate objects in this SignedData structure as a Store of X509AttributeCertificateHolder objects.

Returns:

a Store of X509AttributeCertificateHolder objects.

getOtherRevocationInfo

public org.bouncycastle.util.Store getOtherRevocationInfo(org.bouncycastle.asn1.ASN1ObjectIdentifier otherRevocationInfoFormat)

Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in this SignedData structure.

Parameters:

otherRevocationInfoFormat - OID of the format type been looked for.

Returns:

a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found.

getDigestAlgorithmIDs

public java.util.Set<org.bouncycastle.asn1.x509.AlgorithmIdentifier> getDigestAlgorithmIDs()

Return the digest algorithm identifiers for the SignedData object

Returns:

the set of digest algorithm identifiers

getSignedContentTypeOID

public java.lang.String getSignedContentTypeOID()

Return the a string representation of the OID associated with the encapsulated content info structure carried in the signed data.

Returns:

the OID for the content type.

getSignedContent

public CMSTypedData getSignedContent()

toASN1Structure

public org.bouncycastle.asn1.cms.ContentInfo toASN1Structure()

return the ContentInfo

getEncoded

public byte[] getEncoded()
                  throws java.io.IOException

return the ASN.1 encoded representation of this object.

Specified by:

getEncoded in interface org.bouncycastle.util.Encodable

Throws:

java.io.IOException

getEncoded

public byte[] getEncoded(java.lang.String encoding)
                  throws java.io.IOException

return the ASN.1 encoded representation of this object using the specified encoding.

Parameters:

encoding - the ASN.1 encoding format to use ("BER", "DL", or "DER").

Throws:

java.io.IOException

verifySignatures

public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider)
                         throws CMSException

Verify all the SignerInformation objects and their associated counter signatures attached to this CMS SignedData object.

Parameters:

verifierProvider - a provider of SignerInformationVerifier objects.

Returns:

true if all verify, false otherwise.

Throws:

CMSException - if an exception occurs during the verification process.

verifySignatures

public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider,
                                boolean ignoreCounterSignatures)
                         throws CMSException

Verify all the SignerInformation objects and optionally their associated counter signatures attached to this CMS SignedData object.

Parameters:

verifierProvider - a provider of SignerInformationVerifier objects.

ignoreCounterSignatures - if true don't check counter signatures. If false check counter signatures as well.

Returns:

true if all verify, false otherwise.

Throws:

CMSException - if an exception occurs during the verification process.

addDigestAlgorithm

public static CMSSignedData addDigestAlgorithm(CMSSignedData signedData,
                                               org.bouncycastle.asn1.x509.AlgorithmIdentifier digestAlgorithm)

Return a new CMSSignedData which guarantees to have the passed in digestAlgorithm in it. Uses the current DigestAlgorithmIdentifierFinder for creating the digest sets.

Parameters:

signedData - the signed data object to be used as a base.

digestAlgorithm - the digest algorithm to be added to the signed data.

Returns:

a new signed data object.

addDigestAlgorithm

public static CMSSignedData addDigestAlgorithm(CMSSignedData signedData,
                                               org.bouncycastle.asn1.x509.AlgorithmIdentifier digestAlgorithm,
                                               DigestAlgorithmIdentifierFinder digestAlgIdFinder)

Return a new CMSSignedData which guarantees to have the passed in digestAlgorithm in it. Uses the passed in DigestAlgorithmIdentifierFinder for creating the digest sets.

Parameters:

signedData - the signed data object to be used as a base.

digestAlgorithm - the digest algorithm to be added to the signed data.

digestAlgIdFinder - the digest algorithmID map to generate the digest set with.

Returns:

a new signed data object.

replaceSigners

public static CMSSignedData replaceSigners(CMSSignedData signedData,
                                           SignerInformationStore signerInformationStore)

Replace the SignerInformation store associated with this CMSSignedData object with the new one passed in using the current DigestAlgorithmIdentifierFinder for creating the digest sets. You would probably only want to do this if you wanted to change the unsigned attributes associated with a signer, or perhaps delete one.

Parameters:

signedData - the signed data object to be used as a base.

signerInformationStore - the new signer information store to use.

Returns:

a new signed data object.

replaceSigners

public static CMSSignedData replaceSigners(CMSSignedData signedData,
                                           SignerInformationStore signerInformationStore,
                                           DigestAlgorithmIdentifierFinder digestAlgIdFinder)

Replace the SignerInformation store associated with this CMSSignedData object with the new one passed in using the passed in DigestAlgorithmIdentifierFinder for creating the digest sets. You would probably only want to do this if you wanted to change the unsigned attributes associated with a signer, or perhaps delete one.

Parameters:

signedData - the signed data object to be used as a base.

signerInformationStore - the new signer information store to use.

digestAlgIdFinder - the digest algorithmID map to generate the digest set with.

Returns:

a new signed data object.

replaceCertificatesAndCRLs

public static CMSSignedData replaceCertificatesAndCRLs(CMSSignedData signedData,
                                                       org.bouncycastle.util.Store certificates,
                                                       org.bouncycastle.util.Store attrCerts,
                                                       org.bouncycastle.util.Store revocations)
                                                throws CMSException

Replace the certificate and CRL information associated with this CMSSignedData object with the new one passed in.

Parameters:

signedData - the signed data object to be used as a base.

certificates - the new certificates to be used.

attrCerts - the new attribute certificates to be used.

revocations - the new CRLs to be used - a collection of X509CRLHolder objects, OtherRevocationInfoFormat, or both.

Returns:

a new signed data object.

Throws:

CMSException - if there is an error processing the CertStore