com.ibm.security.pkcs7
Class ContentInfo

java.lang.Object
  |
  +--com.ibm.security.pkcsutil.PKCSDerObject
        |
        +--com.ibm.security.pkcs7.ContentInfo

public final class ContentInfo
extends PKCSDerObject
implements Cloneable

Implements the ASN.1 ContentInfo type.

ContentInfo ::= SEQUENCE { contentType ContentType, content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }

ContentInfo objects are not immutable; they can be changed once created. ContentInfo may contain an instance of a Content object that is mutable.

See Also:
Data, SignedData, EnvelopedData, SignedAndEnvelopedData, DigestedData, EncryptedData, AuthenticatedData

Fields inherited from class com.ibm.security.pkcsutil.PKCSDerObject
provider
 
Constructor Summary
ContentInfo(byte[] der)
          Create a ContentInfo object with a DER-encoded byte array.
ContentInfo(byte[] der, String provider)
          Create a ContentInfo object with a DER-encoded byte array.
ContentInfo(Content content)
          Create a ContentInfo object with a preconstructed Content object.
ContentInfo(Content content, String provider)
          Create a ContentInfo object with a preconstructed Content object.
ContentInfo(ObjectIdentifier contentType, byte[] bytes)
          Create a ContentInfo object with an ObjectIdenfitier for the contentType and a DER byte array without the leading tag or length for the content.
ContentInfo(ObjectIdentifier contentType, byte[] bytes, String provider)
          Create a ContentInfo object with an ObjectIdenfitier for the contentType and a DER byte array without the leading tag or length for the content.
ContentInfo(String filename, boolean base64)
          Create a ContentInfo with the filename of the DER-encoded or BASE64-encoded object.
ContentInfo(String filename, boolean base64, String provider)
          Create a ContentInfo with the filename of the DER-encoded or BASE64-encoded object.
 
Method Summary
 Object clone()
          Creates a clone of this ContentInfo object.
protected  void decode(com.ibm.security.pkcs7.DerValue encoding)
          Initializes a ContentInfo object from a DerValue.
 ContentInfo decrypt(PrivateKey recipientPrivateKey, Certificate recipientCert)
          Decrypts the ContentInfo stored in the ContentInfo object.
 void encode(OutputStream os)
          Encodes this object to an OutputStream.
 ContentInfo encrypt(Certificate[] recipientCerts, String encryptionAlgorithm, int keySize)
          Encrypts a copy of this ContentInfo with the recipient's certificate(s).
 boolean equals(Object other)
          Determines if this ContentInfo object is equivalent to the input object.
 Content getContent()
          Returns a copy of the Content of this ContentInfo object.
 ObjectIdentifier getContentType()
          Returns a reference to the ObjectIdentifer for the ContentInfo object.
 String getContentTypeString()
          Returns the string representation of the content type of this ContentInfo object.
 boolean isData()
          Determines if this ContentInfo object has a ContentType of Data.
 boolean isDigestedData()
          Determines if this ContentInfo object has a ContentType of DigestedData.
 boolean isEncryptedData()
          Determines if this ContentInfo object has a ContentType of EncryptedData.
 boolean isEnvelopedData()
          Determines if this ContentInfo object has a ContentType of EnvelopedData.
 boolean isSignedAndEnvelopedData()
          Determines if this ContentInfo object has a ContentType of SignedAndEnvelopedData.
 boolean isSignedData()
          Determines if this ContentInfo object has a ContentType of SignedData.
protected  void readBASE64(String filename)
          Read the BASE64 encoding of a DER-encode object from the input file and decode the contents into the current object.
 ContentInfo seal(Certificate[] recipientCerts, String encryptionAlgorithm, int keySize, Certificate signerCert, String digestSignatureAlgorithm, PrivateKey privateKey, boolean signatureOnly)
          Signs and encrypts a copy of this ContentInfo.
 ContentInfo sign(Certificate signerCert, String digestSignatureAlgorithm, PrivateKey privateKey, boolean signatureOnly)
          Signs a copy of this ContentInfo with the specified certificate and private key.
 String toString()
          Returns a string representation of this ContentInfo object.
 ContentInfo unseal(Certificate recipientCert, Certificate signerCert, PrivateKey recipientPrivateKey)
          Performs the opposite of the seal operation and returns the decrypted ContentInfo.
 boolean verify(Certificate signerCert)
          Verifies the SignedData content for this ContentInfo object.
 
Methods inherited from class com.ibm.security.pkcsutil.PKCSDerObject
decode, decode, encode, getObjectIdentifier, hashCode, read, write, write, writeBASE64
 
Methods inherited from class java.lang.Object
finalize, getClass, notify, notifyAll, wait, wait, wait
 

Constructor Detail

ContentInfo

public ContentInfo(byte[] der)
            throws IOException
Create a ContentInfo object with a DER-encoded byte array.
Parameters:
der - a DER-encoded byte array of a ContentInfo object.
Throws:
IOException - on decoding errors.

ContentInfo

public ContentInfo(byte[] der,
                   String provider)
            throws IOException
Create a ContentInfo object with a DER-encoded byte array.
Parameters:
der - a DER-encoded byte array of a ContentInfo object.
provname - the name of the java.security provider to use
Throws:
IOException - on decoding errors.

ContentInfo

public ContentInfo(ObjectIdentifier contentType,
                   byte[] bytes)
            throws IOException
Create a ContentInfo object with an ObjectIdenfitier for the contentType and a DER byte array without the leading tag or length for the content. This constructor is used to help transform an object, such as an EncapsulatedContentInfo, into a ContentInfo object.
Parameters:
contentType - ObjectIdentifier of the Content. The OID value must be Data, SignedData, EnvelopedData, SignedAndEnvelopedData, DigestedData, or EncryptedData
bytes - DER byte array of the content that matches the contentType without the leading tag or length.
Throws:
IllegalArgumentException - on unsupported contentType

ContentInfo

public ContentInfo(ObjectIdentifier contentType,
                   byte[] bytes,
                   String provider)
            throws IOException
Create a ContentInfo object with an ObjectIdenfitier for the contentType and a DER byte array without the leading tag or length for the content. This constructor is used to help transform an object, such as an EncapsulatedContentInfo, into a ContentInfo object.
Parameters:
contentType - ObjectIdentifier of the Content. The OID value must be Data, SignedData, EnvelopedData, SignedAndEnvelopedData, DigestedData, or EncryptedData
bytes - DER byte array of the content that matches the contentType without the leading tag or length.
provname - the name of the java.security provider to use
Throws:
IllegalArgumentException - on unsupported contentType

ContentInfo

public ContentInfo(Content content)
Create a ContentInfo object with a preconstructed Content object. The ObjectIdenifier for the ContentType is derived from the Content object subclass.
Parameters:
content - Content object

ContentInfo

public ContentInfo(Content content,
                   String provider)
Create a ContentInfo object with a preconstructed Content object. The ObjectIdenifier for the ContentType is derived from the Content object subclass.
Parameters:
content - Content object
provname - the name of the java.security provider the caller is using

ContentInfo

public ContentInfo(String filename,
                   boolean base64)
            throws IOException
Create a ContentInfo with the filename of the DER-encoded or BASE64-encoded object.
Parameters:
filename - name of the DER-encoded or base64-encoded object
base64 - true if BASE64-encoded, false if DER-encoded
Throws:
IOException - on decoding errors.

ContentInfo

public ContentInfo(String filename,
                   boolean base64,
                   String provider)
            throws IOException
Create a ContentInfo with the filename of the DER-encoded or BASE64-encoded object.
Parameters:
filename - name of the DER-encoded or base64-encoded object
base64 - true if BASE64-encoded, false if DER-encoded
provname - the name of the java.security provider to use
Throws:
IOException - on decoding errors.
Method Detail

clone

public Object clone()
Creates a clone of this ContentInfo object.
Overrides:
clone in class Object
Returns:
clone of this ContentInfo object.

equals

public boolean equals(Object other)
Determines if this ContentInfo object is equivalent to the input object.
Overrides:
equals in class PKCSDerObject
Parameters:
other - the object to compare this one to.
Returns:
true, if the two objects are equivalent, false otherwise.

encode

public void encode(OutputStream os)
            throws IOException
Encodes this object to an OutputStream.
Overrides:
encode in class PKCSDerObject
Parameters:
os - the OutputStream to write the encoded data to.
Throws:
IOException - on encoding errors.

decode

protected void decode(com.ibm.security.pkcs7.DerValue encoding)
               throws IOException
Initializes a ContentInfo object from a DerValue. The DER encoding must be in the format specified by the ContentInfo ASN.1 notation.
Parameters:
encoding - a DER-encoded ContentInfo object.
Throws:
IOException - on parsing error.

getContentType

public ObjectIdentifier getContentType()
Returns a reference to the ObjectIdentifer for the ContentInfo object.
Returns:
an ObjectIdentifer for the ContentInfo object.

getContent

public Content getContent()
Returns a copy of the Content of this ContentInfo object.
Returns:
the Content of this ContentInfo object.

isData

public boolean isData()
Determines if this ContentInfo object has a ContentType of Data.
Returns:
true if the ContentType is Data, false otherwise

isSignedData

public boolean isSignedData()
Determines if this ContentInfo object has a ContentType of SignedData.
Returns:
true if the ContentType is SignedData, false otherwise

isEnvelopedData

public boolean isEnvelopedData()
Determines if this ContentInfo object has a ContentType of EnvelopedData.
Returns:
true if the ContentType is EnvelopedData, false otherwise

isSignedAndEnvelopedData

public boolean isSignedAndEnvelopedData()
Determines if this ContentInfo object has a ContentType of SignedAndEnvelopedData.
Returns:
true if the ContentType is SignedAndEnvelopedData, false otherwise

isDigestedData

public boolean isDigestedData()
Determines if this ContentInfo object has a ContentType of DigestedData.
Returns:
true if the ContentType is DigestedData, false otherwise

isEncryptedData

public boolean isEncryptedData()
Determines if this ContentInfo object has a ContentType of EncryptedData.
Returns:
true if the ContentType is EncryptedData, false otherwise

getContentTypeString

public String getContentTypeString()
Returns the string representation of the content type of this ContentInfo object. If a recognized PKCS #7 type, this method will return one of the following:
Returns:
the string representation of the content type

toString

public String toString()
Returns a string representation of this ContentInfo object.
Overrides:
toString in class PKCSDerObject
Returns:
a string representation of this object.

encrypt

public ContentInfo encrypt(Certificate[] recipientCerts,
                           String encryptionAlgorithm,
                           int keySize)
                    throws IOException,
                           PKCSException
Encrypts a copy of this ContentInfo with the recipient's certificate(s). This method is a helper method that calls the EnvelopedData constructor.
Parameters:
recipientCerts - array of certificates identifying the recipients
encryptionAlgorithm - encryption algorithm
keySize - length of the encryption key
Returns:
ContentInfo wrapping an EnvelopedData contained the encrypted ContentInfo object.
Throws:
IOException - on encryption error.
PKCSException - key encryption error.

decrypt

public ContentInfo decrypt(PrivateKey recipientPrivateKey,
                           Certificate recipientCert)
                    throws IOException,
                           PKCSException
Decrypts the ContentInfo stored in the ContentInfo object. The content must be of the EnvelopedData type or the method will throw an IllegalArgumentException.
Parameters:
recipientPrivateKey - private key of the recipient
recipientCert - certificate of the recipient
Returns:
ContentInfo decrypted from the EnvelopedData object.
Throws:
IOException - on decryption error.
PKCSException - key decryption error.
IllegalArgumentException - if the ContentType is not EnvelopedData.

sign

public ContentInfo sign(Certificate signerCert,
                        String digestSignatureAlgorithm,
                        PrivateKey privateKey,
                        boolean signatureOnly)
                 throws PKCSException,
                        IOException,
                        NoSuchAlgorithmException
Signs a copy of this ContentInfo with the specified certificate and private key. This method is a helper method that calls the SignedData constructor.
Parameters:
signerCert - certificate of the signer
digestSignatureAlgorithm - signature algorithm (e.g., MD5withRSA)
privateKey - private key of the signing certificate
signatureOnly - indicate if the default signed attributes should be included.
Returns:
ContentInfo wrapping a SignedData containing the signed ContentInfo object.
Throws:
PKCSException - on signing error.
IOException - on signing error.
NoSuchAlgorithmException - on signing error.

verify

public boolean verify(Certificate signerCert)
               throws PKCSException,
                      IOException,
                      NoSuchAlgorithmException
Verifies the SignedData content for this ContentInfo object. The content must be of the SignedData type or the method will throw an IllegalArgumentException.
Parameters:
signerCert - certificate of the signer
Returns:
true, if the content is verfied, false otherwise.
Throws:
PKCSException - on verification error.
IOException - on verification error.
NoSuchAlgorithmException - on invalid algorithm errors.
IllegalArgumentException - if the ContentType is not SignedData.

seal

public ContentInfo seal(Certificate[] recipientCerts,
                        String encryptionAlgorithm,
                        int keySize,
                        Certificate signerCert,
                        String digestSignatureAlgorithm,
                        PrivateKey privateKey,
                        boolean signatureOnly)
                 throws PKCSException,
                        IOException,
                        NoSuchAlgorithmException
Signs and encrypts a copy of this ContentInfo.
  1. Signs the ContentInfo with the private key.
  2. Encrypts the signed Content for delivery to the recipient certificates.

Parameters:
recipientCerts - array of recipient certificates
encryptionAlgorithm - encryption algorithm
keySize - size of the encryption key
signerCert - certificate of the signer
digestSignatureAlgorithm - signature algorithm (e.g., MD5withRSA)
privateKey - private key of the signer
signatureOnly - indicate if the default signed attributes should be included.
Returns:
ContentInfo wrapping an EnvelopedData object containing the signed and encrypted ContentInfo.
Throws:
PKCSException - key signing or encryption error.
IOException - on encryption or signing error.
NoSuchAlgorithmException - on encryption error.

unseal

public ContentInfo unseal(Certificate recipientCert,
                          Certificate signerCert,
                          PrivateKey recipientPrivateKey)
                   throws PKCSException,
                          IOException,
                          NoSuchAlgorithmException
Performs the opposite of the seal operation and returns the decrypted ContentInfo.
  1. Decrypts the encrypted Content with the recipient certificate.
  2. Verifies the Content with the signer's public key.

The content must be of SignedData or EnvelopedData type or the method will throw an IllegalArgumentException.

  1. If ContentInfo is EnvelopedData only, unseal only will decrypt the data.
  2. If ContentInfo is SignedData only, unseal only will verify the data. If verification fails, this method will throw a PKCSException.
  3. If ContentInfo is EnvelopedData that contains SignedData, unseal will decrypt and verify the data. If verification fails, this method will throw a PKCSException.
Parameters:
recipientCert - certificate of the recipient
signerCert - certificate of the signer
recipientPrivateKey - private key of the recipient
Returns:
ContentInfo decrypted from the EnvelopedData object or the SignedData object.
Throws:
PKCSException - key decryption or verification error.
IOException - verification error.
NoSuchAlgorithmException - on decryption error.

readBASE64

protected void readBASE64(String filename)
                   throws IOException
Read the BASE64 encoding of a DER-encode object from the input file and decode the contents into the current object. If the ContentInfo object wraps a SignedData object that only has certificates, such as in cases where it was created by a certificate authority to issue certificates, this method expects the file to be in the following format, beginning with: -----BEGIN CERTIFICATE----- containing the BASE64 DER-encoded SignedData object and ending with the following footer: -----END CERTIFICATE-----

If the file does not contain the header and footer, this method will attempt to decode the entire file.

Overrides:
readBASE64 in class PKCSDerObject
Parameters:
filename - the BASE64 file to read an object's DER encoding from.
Throws:
IOException - if the file cannot be created or read from.