public class CMSSignedData
extends java.lang.Object
implements org.bouncycastle.util.Encodable
A simple example of usage - note, in the example below the validity of the certificate isn't verified, just the fact that one of the certs matches the given signer...
Store certStore = s.getCertificates(); SignerInformationStore signers = s.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation)it.next(); Collection certCollection = certStore.getMatches(signer.getSID()); Iterator certIt = certCollection.iterator(); X509CertificateHolder cert = (X509CertificateHolder)certIt.next(); if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) { verified++; } }
Constructor and Description |
---|
CMSSignedData(byte[] sigBlock) |
CMSSignedData(CMSProcessable signedContent,
byte[] sigBlock) |
CMSSignedData(CMSProcessable signedContent,
org.bouncycastle.asn1.cms.ContentInfo sigData) |
CMSSignedData(CMSProcessable signedContent,
java.io.InputStream sigData)
base constructor - content with detached signature.
|
CMSSignedData(org.bouncycastle.asn1.cms.ContentInfo sigData) |
CMSSignedData(java.io.InputStream sigData)
base constructor - with encapsulated content
|
CMSSignedData(java.util.Map hashes,
byte[] sigBlock)
Content with detached signature, digests precomputed
|
CMSSignedData(java.util.Map hashes,
org.bouncycastle.asn1.cms.ContentInfo sigData) |
Modifier and Type | Method and Description |
---|---|
static CMSSignedData |
addDigestAlgorithm(CMSSignedData signedData,
org.bouncycastle.asn1.x509.AlgorithmIdentifier digestAlgorithm)
Return a new CMSSignedData which guarantees to have the passed in digestAlgorithm
in it.
|
static CMSSignedData |
addDigestAlgorithm(CMSSignedData signedData,
org.bouncycastle.asn1.x509.AlgorithmIdentifier digestAlgorithm,
DigestAlgorithmIdentifierFinder digestAlgIdFinder)
Return a new CMSSignedData which guarantees to have the passed in digestAlgorithm
in it.
|
org.bouncycastle.util.Store<X509AttributeCertificateHolder> |
getAttributeCertificates()
Return any X.509 attribute certificate objects in this SignedData structure as a Store of X509AttributeCertificateHolder objects.
|
org.bouncycastle.util.Store<X509CertificateHolder> |
getCertificates()
Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects.
|
org.bouncycastle.util.Store<X509CRLHolder> |
getCRLs()
Return any X.509 CRL objects in this SignedData structure as a Store of X509CRLHolder objects.
|
java.util.Set<org.bouncycastle.asn1.x509.AlgorithmIdentifier> |
getDigestAlgorithmIDs()
Return the digest algorithm identifiers for the SignedData object
|
byte[] |
getEncoded()
return the ASN.1 encoded representation of this object.
|
byte[] |
getEncoded(java.lang.String encoding)
return the ASN.1 encoded representation of this object using the specified encoding.
|
org.bouncycastle.util.Store |
getOtherRevocationInfo(org.bouncycastle.asn1.ASN1ObjectIdentifier otherRevocationInfoFormat)
Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in
this SignedData structure.
|
CMSTypedData |
getSignedContent() |
java.lang.String |
getSignedContentTypeOID()
Return the a string representation of the OID associated with the
encapsulated content info structure carried in the signed data.
|
SignerInformationStore |
getSignerInfos()
return the collection of signers that are associated with the
signatures for the message.
|
int |
getVersion()
Return the version number for this object
|
boolean |
isCertificateManagementMessage()
Return if this is object represents a certificate management message.
|
boolean |
isDetachedSignature()
Return if this is object represents a detached signature.
|
static CMSSignedData |
replaceCertificatesAndCRLs(CMSSignedData signedData,
org.bouncycastle.util.Store certificates,
org.bouncycastle.util.Store attrCerts,
org.bouncycastle.util.Store revocations)
Replace the certificate and CRL information associated with this
CMSSignedData object with the new one passed in.
|
static CMSSignedData |
replaceSigners(CMSSignedData signedData,
SignerInformationStore signerInformationStore)
Replace the SignerInformation store associated with this
CMSSignedData object with the new one passed in using the current
DigestAlgorithmIdentifierFinder for creating the digest sets.
|
static CMSSignedData |
replaceSigners(CMSSignedData signedData,
SignerInformationStore signerInformationStore,
DigestAlgorithmIdentifierFinder digestAlgIdFinder)
Replace the SignerInformation store associated with this
CMSSignedData object with the new one passed in using the passed in
DigestAlgorithmIdentifierFinder for creating the digest sets.
|
org.bouncycastle.asn1.cms.ContentInfo |
toASN1Structure()
return the ContentInfo
|
boolean |
verifySignatures(SignerInformationVerifierProvider verifierProvider)
Verify all the SignerInformation objects and their associated counter signatures attached
to this CMS SignedData object.
|
boolean |
verifySignatures(SignerInformationVerifierProvider verifierProvider,
boolean ignoreCounterSignatures)
Verify all the SignerInformation objects and optionally their associated counter signatures attached
to this CMS SignedData object.
|
public CMSSignedData(byte[] sigBlock) throws CMSException
CMSException
public CMSSignedData(CMSProcessable signedContent, byte[] sigBlock) throws CMSException
CMSException
public CMSSignedData(java.util.Map hashes, byte[] sigBlock) throws CMSException
hashes
- a map of precomputed digests for content indexed by name of hash.sigBlock
- the signature object.CMSException
public CMSSignedData(CMSProcessable signedContent, java.io.InputStream sigData) throws CMSException
signedContent
- the content that was signed.sigData
- the signature object.CMSException
public CMSSignedData(java.io.InputStream sigData) throws CMSException
CMSException
public CMSSignedData(CMSProcessable signedContent, org.bouncycastle.asn1.cms.ContentInfo sigData) throws CMSException
CMSException
public CMSSignedData(java.util.Map hashes, org.bouncycastle.asn1.cms.ContentInfo sigData) throws CMSException
CMSException
public CMSSignedData(org.bouncycastle.asn1.cms.ContentInfo sigData) throws CMSException
CMSException
public int getVersion()
public SignerInformationStore getSignerInfos()
public boolean isDetachedSignature()
public boolean isCertificateManagementMessage()
public org.bouncycastle.util.Store<X509CertificateHolder> getCertificates()
public org.bouncycastle.util.Store<X509CRLHolder> getCRLs()
public org.bouncycastle.util.Store<X509AttributeCertificateHolder> getAttributeCertificates()
public org.bouncycastle.util.Store getOtherRevocationInfo(org.bouncycastle.asn1.ASN1ObjectIdentifier otherRevocationInfoFormat)
otherRevocationInfoFormat
- OID of the format type been looked for.public java.util.Set<org.bouncycastle.asn1.x509.AlgorithmIdentifier> getDigestAlgorithmIDs()
public java.lang.String getSignedContentTypeOID()
public CMSTypedData getSignedContent()
public org.bouncycastle.asn1.cms.ContentInfo toASN1Structure()
public byte[] getEncoded() throws java.io.IOException
getEncoded
in interface org.bouncycastle.util.Encodable
java.io.IOException
public byte[] getEncoded(java.lang.String encoding) throws java.io.IOException
encoding
- the ASN.1 encoding format to use ("BER", "DL", or "DER").java.io.IOException
public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider) throws CMSException
verifierProvider
- a provider of SignerInformationVerifier objects.CMSException
- if an exception occurs during the verification process.public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures) throws CMSException
verifierProvider
- a provider of SignerInformationVerifier objects.ignoreCounterSignatures
- if true don't check counter signatures. If false check counter signatures as well.CMSException
- if an exception occurs during the verification process.public static CMSSignedData addDigestAlgorithm(CMSSignedData signedData, org.bouncycastle.asn1.x509.AlgorithmIdentifier digestAlgorithm)
signedData
- the signed data object to be used as a base.digestAlgorithm
- the digest algorithm to be added to the signed data.public static CMSSignedData addDigestAlgorithm(CMSSignedData signedData, org.bouncycastle.asn1.x509.AlgorithmIdentifier digestAlgorithm, DigestAlgorithmIdentifierFinder digestAlgIdFinder)
signedData
- the signed data object to be used as a base.digestAlgorithm
- the digest algorithm to be added to the signed data.digestAlgIdFinder
- the digest algorithmID map to generate the digest set with.public static CMSSignedData replaceSigners(CMSSignedData signedData, SignerInformationStore signerInformationStore)
signedData
- the signed data object to be used as a base.signerInformationStore
- the new signer information store to use.public static CMSSignedData replaceSigners(CMSSignedData signedData, SignerInformationStore signerInformationStore, DigestAlgorithmIdentifierFinder digestAlgIdFinder)
signedData
- the signed data object to be used as a base.signerInformationStore
- the new signer information store to use.digestAlgIdFinder
- the digest algorithmID map to generate the digest set with.public static CMSSignedData replaceCertificatesAndCRLs(CMSSignedData signedData, org.bouncycastle.util.Store certificates, org.bouncycastle.util.Store attrCerts, org.bouncycastle.util.Store revocations) throws CMSException
signedData
- the signed data object to be used as a base.certificates
- the new certificates to be used.attrCerts
- the new attribute certificates to be used.revocations
- the new CRLs to be used - a collection of X509CRLHolder objects, OtherRevocationInfoFormat, or both.CMSException
- if there is an error processing the CertStore