|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.ibm.security.pkcsutil.PKCSDerObject | +--com.ibm.security.pkcs7.Content | +--com.ibm.security.pkcs7.EnvelopedData
Implements the ASN.1 EnvelopedData type.
This class in mainly used as a container for encrypted data. It encapsulates the encrypted content and information specific to the recipients of the content. The combination of the encrypted content and the content encryption key -- which was encrypted in the recipient's public key -- is a "digital envelope" for that recipient.
A recipient opens the enveloped data by first opening its digital envelope using its private key, thus extracting the content-encryption key. The content-encryption key is then used to decrypt the encrypted content.
This definition reflects PKCS #7 version 1.5 specifications with selected enhancements from the Cryptographic Message Syntax (CMS) RFC 2630 specifications.
Only X509Certificate objects are supported for recipient certificates.
OriginatorInfo
,
RecipientInfo
,
EncryptedContentInfo
Fields inherited from class com.ibm.security.pkcsutil.PKCSDerObject |
provider |
Constructor Summary | |
EnvelopedData(byte[] der)
Create an EnvelopedData object with a DER-encoded byte array. |
|
EnvelopedData(byte[] der,
String provider)
Create an EnvelopedData object with a DER-encoded byte array. |
|
EnvelopedData(Certificate[] certs,
ContentInfo contentInfo,
String encryptionAlgorithm,
int keySize,
PKCSAttributes unprotectedAttrs)
Create an EnvelopedData object with the specified values. |
|
EnvelopedData(Certificate[] certs,
ContentInfo contentInfo,
String encryptionAlgorithm,
int keySize,
PKCSAttributes unprotectedAttrs,
String provider)
Create an EnvelopedData object with the specified values. |
|
EnvelopedData(OriginatorInfo originatorInfo,
RecipientInfo[] recipientInfos,
EncryptedContentInfo encryptedContentInfo,
PKCSAttributes unprotectedAttrs)
Create an EnvelopedData object with the specified values. |
|
EnvelopedData(OriginatorInfo originatorInfo,
RecipientInfo[] recipientInfos,
EncryptedContentInfo encryptedContentInfo,
PKCSAttributes unprotectedAttrs,
String provider)
Create an EnvelopedData object with the specified values. |
|
EnvelopedData(String filename,
boolean base64)
Create an EnvelopedData with the filename of the DER-encoded or BASE64-encoded object. |
|
EnvelopedData(String filename,
boolean base64,
String provider)
Create an EnvelopedData with the filename of the DER-encoded or BASE64-encoded object. |
Method Summary | |
void |
addRecipient(Certificate[] certs)
Adds a group of recipients, as identified by their certificates, to the EnvelopedData object. |
Object |
clone()
Creates a clone of this EnvelopedData object. |
protected void |
decode(com.ibm.security.pkcs7.DerValue encoding)
Initializes an EnvelopedData object from a DerValue. |
ContentInfo |
decrypt(PrivateKey key,
Certificate cert)
Decrypts the object's encrypted content. |
void |
encode(OutputStream os)
Encodes this object to an OutputStream. |
boolean |
equals(Object other)
Determines if this EnvelopedData object is equivalent to the input object. |
protected void |
finalize()
Ensure that the contentEncryptionKey bytes are nulled out when there are no more references to this object. |
EncryptedContentInfo |
getEncryptedContentInfo()
Returns a copy of the encryptedContentInfo for this object, or null if the encryptedContentInfo has not been set. |
ObjectIdentifier |
getObjectIdentifier()
Returns a reference to the Object Identifier for this object. |
OriginatorInfo |
getOriginator()
Returns a copy of the OriginatorInfo for this object, or null if the OriginatorInfo has not been set. |
RecipientInfo |
getRecipientInfo(Certificate cert)
Returns a copy of the matching recipientInfo contained in this object for the specified certificate, or null if the recipientInfo objects have not been set. |
RecipientInfo[] |
getRecipientInfos()
Returns a copy of the recipientInfo objects for this object, or null if the matching recipientInfo object could not be found. |
PKCSAttribute |
getUnprotectedAttribute(ObjectIdentifier oid)
Returns a reference to an unprotected attribute from the unprotected attribute set based on an ObjectIdentifier. |
PKCSAttributes |
getUnprotectedAttributes()
Returns a reference to the set unprotected attributes. |
BigInteger |
getVersion()
Returns a reference to the version for this object. |
boolean |
hasRecipientInfo(Certificate cert)
Checks if a matching recipientInfo contained in this object exists for the specified certificate. |
String |
toString()
Returns a string representation of this EnvelopedData object. |
Methods inherited from class com.ibm.security.pkcsutil.PKCSDerObject |
decode,
decode,
encode,
hashCode,
read,
readBASE64,
write,
write,
writeBASE64 |
Methods inherited from class java.lang.Object |
getClass,
notify,
notifyAll,
wait,
wait,
wait |
Constructor Detail |
public EnvelopedData(byte[] der) throws IOException
der
- a DER-encoded byte array of an EnvelopedData object.public EnvelopedData(byte[] der, String provider) throws IOException
der
- a DER-encoded byte array of an EnvelopedData object.provider
- the name of the java security provider to usepublic EnvelopedData(OriginatorInfo originatorInfo, RecipientInfo[] recipientInfos, EncryptedContentInfo encryptedContentInfo, PKCSAttributes unprotectedAttrs)
orignatorInfo
- the originator of this enveloped data.
This argument may be null.recipientInfos
- an array of all the recipients of this enveloped
data.encryptedContentInfo
- the encrypted content contained
in an EncryptedContentInfo object.unprotectedAttrs
- PKCSAttributes collection of unprotected
attributes. This argument may be null.public EnvelopedData(OriginatorInfo originatorInfo, RecipientInfo[] recipientInfos, EncryptedContentInfo encryptedContentInfo, PKCSAttributes unprotectedAttrs, String provider)
orignatorInfo
- the originator of this enveloped data.
This argument may be null.recipientInfos
- an array of all the recipients of this enveloped
data.encryptedContentInfo
- the encrypted content contained
in an EncryptedContentInfo object.unprotectedAttrs
- PKCSAttributes collection of unprotectedpublic EnvelopedData(Certificate[] certs, ContentInfo contentInfo, String encryptionAlgorithm, int keySize, PKCSAttributes unprotectedAttrs) throws PKCSException, IOException
certs
- Recipient certificate arraycontentInfo
- ContentInfo to encryptencryptionAlgorithm
- Encryption algorithm stringkeysize
- Size of the secret keyunprotectedAttrs
- PKCSAttributes collection of unprotected
attributes. This argument may be null.public EnvelopedData(Certificate[] certs, ContentInfo contentInfo, String encryptionAlgorithm, int keySize, PKCSAttributes unprotectedAttrs, String provider) throws PKCSException, IOException
certs
- Recipient certificate arraycontentInfo
- ContentInfo to encryptencryptionAlgorithm
- Encryption algorithm stringkeysize
- Size of the secret keyunprotectedAttrs
- PKCSAttributes collection of unprotectedpublic EnvelopedData(String filename, boolean base64) throws IOException
filename
- name of the DER-encoded or base64-encoded objectbase64
- true if BASE64-encoded, false if DER-encodedpublic EnvelopedData(String filename, boolean base64, String provider) throws IOException
filename
- name of the DER-encoded or base64-encoded objectbase64
- true if BASE64-encoded, false if DER-encodedMethod Detail |
public Object clone()
public void encode(OutputStream os) throws IOException
os
- the OutputStream to write the encoded data to.protected void decode(com.ibm.security.pkcs7.DerValue encoding) throws IOException
encoding
- a DER-encoded EnvelopedData object.public boolean equals(Object other)
other
- the object to compare this one to.public void addRecipient(Certificate[] certs) throws PKCSException, IOException
certs
- the X509Certificates representing the recipients to add.public OriginatorInfo getOriginator()
public BigInteger getVersion()
public RecipientInfo[] getRecipientInfos()
public EncryptedContentInfo getEncryptedContentInfo()
public RecipientInfo getRecipientInfo(Certificate cert) throws IOException
public boolean hasRecipientInfo(Certificate cert)
public PKCSAttribute getUnprotectedAttribute(ObjectIdentifier oid)
oid
- ObjectIdentifier to matchpublic PKCSAttributes getUnprotectedAttributes()
public ContentInfo decrypt(PrivateKey key, Certificate cert) throws PKCSException, IOException
The private key must be part of a matching key pair with the public key within the certificate.
key
- a recipient's private key used for decryption.cert
- a certificate containing a recipient's identity.public ObjectIdentifier getObjectIdentifier()
public String toString()
protected void finalize()
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |