com.ibm.security.pkcs7
Class SignerInfo

com.ibm.security.pkcs7.SignerInfo

public final class SignerInfo
implements Cloneable

Implements the ASN.1 SignerInfo type. This class contains the signer's certificate information, for example, the issuer ID and serial number assigned to the certificate issuer, the hash algorithm ID and the signature. It is mainly used in SignedData to encapsulate information for a particular signer.

If SignerInfo is created by the SignedData object without a signature only specification, the SignerInfo object will include the following signed attributes:

SignerInfo ::= SEQUENCE { version CMSVersion, sid SignerIdentifier, digestAlgorithm DigestAlgorithmIdentifier, signedAttributes [0] IMPLICIT SignedAttributes OPTIONAL, signatureAlgorithm SignatureAlgorithmIdentifier, signature SignatureValue, unsignedAttributes [1] IMPLICIT UnsignedAttributes OPTIONAL }

This definition reflects PKCS #7 version 1.5 specifications with selected enhancements from the Cryptographic Message Syntax (CMS) RFC 2630 specifications.

SignerInfo objects are immutable; they cannot be changed once created.


Constructor Summary
SignerInfo(byte[] der)
          Create a SignerInfo object with a DER-encoded byte array.
SignerInfo(byte[] der, String provider)
          Create a SignerInfo object with a DER-encoded byte array.
SignerInfo(Certificate cert, ContentInfo contentInfo, String digestSignatureAlgorithm, PrivateKey privateKey, PKCSAttributes signedAttrs, PKCSAttributes unsignedAttrs)
          Create a SignerInfo object with the specified certificate, contentInfo, message digest algorithm, signature algorithm, and private key and derive a signature value from the contentInfo.
SignerInfo(Certificate cert, ContentInfo contentInfo, String digestSignatureAlgorithm, PrivateKey privateKey, PKCSAttributes signedAttrs, PKCSAttributes unsignedAttrs, String provider)
          Create a SignerInfo object with the specified certificate, contentInfo, message digest algorithm, signature algorithm, and private key and derive a signature value from the contentInfo.
SignerInfo(SignerIdentifier sid, ContentInfo contentInfo, String digestSignatureAlgorithm, PrivateKey privateKey, PKCSAttributes signedAttrs, PKCSAttributes unsignedAttrs)
          Create a SignerInfo object with the specified certificate, contentInfo, message digest algorithm, signature algorithm, and private key and derive a signature value from the contentInfo.
SignerInfo(SignerIdentifier sid, ContentInfo contentInfo, String digestSignatureAlgorithm, PrivateKey privateKey, PKCSAttributes signedAttrs, PKCSAttributes unsignedAttrs, String provider)
          Create a SignerInfo object with the specified certificate, contentInfo, message digest algorithm, signature algorithm, and private key and derive a signature value from the contentInfo.
SignerInfo(String filename, boolean base64)
          Create a SignerInfo with the filename of the DER-encoded or BASE64-encoded object.
SignerInfo(String filename, boolean base64, String provider)
          Create a SignerInfo with the filename of the DER-encoded or BASE64-encoded object.
 
Method Summary
 Object clone()
          Creates a clone of this SignerInfo object.
 boolean compareDigest(byte[] msg)
          Compares the message digest computed from the message byte array with the message digest stored with the SignerInfo object.
protected  void decode(com.ibm.security.pkcs7.DerValue encoding)
          Initializes an SignerInfo object from a DerValue.
 void derEncode(OutputStream out)
          DER encode this object onto an output stream.
 void encode(OutputStream os)
          Encodes this object to an OutputStream.
 boolean equals(Object other)
          Determines if this SignerInfo object is equivalent to the input object.
 AlgorithmId getDigestAlgorithm()
          Returns a copy of the message digest AlgorithmId for this object.
 byte[] getMessageDigest()
          Returns a copy of the message digest byte array stored with the MessageDigest signed attribute.
 byte[] getSignature()
          Returns a copy of the signature byte array for this object.
 AlgorithmId getSignatureAlgorithm()
          Returns a copy of the signature algorithm for this object.
 PKCSAttribute getSignedAttribute(ObjectIdentifier oid)
          Returns a reference to the signed attribute from the signed attribute set based on an ObjectIdentifier.
 PKCSAttributes getSignedAttributes()
          Returns a reference to the PKCSAttributes signed attributes for this object.
 SignerIdentifier getSignerIdentifier()
          Returns a copy of the SignerIdentifier for this object.
 SigningTime getSigningTime()
          Retrieve the SigningTime attribute from the set of signed attributes.
 PKCSAttribute getUnsignedAttribute(ObjectIdentifier oid)
          Returns a reference to the unsigned attribute from the unsigned attribute set based on an ObjectIdentifier.
 PKCSAttributes getUnsignedAttributes()
          Returns a reference to the PKCSAttributes unsigned attributes for this object.
 BigInteger getVersion()
          Returns a reference to the version for this object.
 boolean hasCertificate(Certificate cert)
          Determine if the SignerInfo object contains the specified certificate.
 boolean hasIssuer(IssuerAndSerialNumber issuer)
          Determine if the SignerInfo object contains the specified IssuerAndSerialNumber.
 boolean hasSignedAttribute(ObjectIdentifier oid)
          Determine if SignerInfo has the signed attribute specified by the ObjectIdentifier.
 boolean hasSignedAttributes()
          Check if SignerInfo has any signed attributes.
 boolean hasUnsignedAttributes()
          Check if SignerInfo has any unsigned attributes.
 String toString()
          Returns a string representation of this SignerInfo object.
 boolean verify(Certificate cert, byte[] msg)
          Verify the message digest stored in the SignerInfo object with the specified original byte array and the public key contained in the specified certificate.
 boolean verify(PublicKey publicKey, byte[] msg)
          Verify the message digest stored in the SignerInfo object with the specified original byte array and the public key.
 

Constructor Detail

SignerInfo

public SignerInfo(byte[] der)
           throws IOException
Create a SignerInfo object with a DER-encoded byte array.
Parameters:
der - a DER-encoded byte array of a SignerInfo object.
Throws:
IOException - on decoding errors.

SignerInfo

public SignerInfo(byte[] der,
                  String provider)
           throws IOException
Create a SignerInfo object with a DER-encoded byte array.
Parameters:
der - a DER-encoded byte array of a SignerInfo object.
provider - the name of the java security provider to use
Throws:
IOException - on decoding errors.

SignerInfo

public SignerInfo(SignerIdentifier sid,
                  ContentInfo contentInfo,
                  String digestSignatureAlgorithm,
                  PrivateKey privateKey,
                  PKCSAttributes signedAttrs,
                  PKCSAttributes unsignedAttrs)
           throws PKCSException,
                  IOException,
                  NoSuchAlgorithmException,
                  NoSuchProviderException
Create a SignerInfo object with the specified certificate, contentInfo, message digest algorithm, signature algorithm, and private key and derive a signature value from the contentInfo. The stored signature algorithm will be a combination of the message digest and signature algorithms.
Parameters:
sid - - SignerIdentifier
contentInfo - ContentInfo to sign
digestSignatureAlgorithm - signature algorithm, such as "SHA1withRSA"
privateKey - signer private key
signedAttrs - PKCSAttributes
unsignedAttrs - PKCSAttributes
Throws:
PKCSException - on signing errors.
IOException - on signing errors.
NoSuchAlgorithmException - on invalid algorithm errors.

SignerInfo

public SignerInfo(SignerIdentifier sid,
                  ContentInfo contentInfo,
                  String digestSignatureAlgorithm,
                  PrivateKey privateKey,
                  PKCSAttributes signedAttrs,
                  PKCSAttributes unsignedAttrs,
                  String provider)
           throws PKCSException,
                  IOException,
                  NoSuchAlgorithmException,
                  NoSuchProviderException
Create a SignerInfo object with the specified certificate, contentInfo, message digest algorithm, signature algorithm, and private key and derive a signature value from the contentInfo. The stored signature algorithm will be a combination of the message digest and signature algorithms.
Parameters:
sid - - SignerIdentifier
contentInfo - ContentInfo to sign
digestSignatureAlgorithm - signature algorithm, such as "SHA1withRSA"
privateKey - signer private key
signedAttrs - PKCSAttributes
unsignedAttrs - PKCSAttributes
provider - the name of the java security provider to use
Throws:
PKCSException - on signing errors.
IOException - on signing errors.
NoSuchAlgorithmException - on invalid algorithm errors.

SignerInfo

public SignerInfo(Certificate cert,
                  ContentInfo contentInfo,
                  String digestSignatureAlgorithm,
                  PrivateKey privateKey,
                  PKCSAttributes signedAttrs,
                  PKCSAttributes unsignedAttrs)
           throws PKCSException,
                  IOException,
                  NoSuchAlgorithmException
Create a SignerInfo object with the specified certificate, contentInfo, message digest algorithm, signature algorithm, and private key and derive a signature value from the contentInfo.
Parameters:
cert - signer certificate
contentInfo - ContentInfo to sign
digestSignatureAlgorithm - message digest and signature algorithm, such as "SHA1withDSA"
privateKey - signer private key
Throws:
PKCSException - on signing errors.
IOException - on signing errors.
NoSuchAlgorithmException - on invalid algorithm errors.

SignerInfo

public SignerInfo(Certificate cert,
                  ContentInfo contentInfo,
                  String digestSignatureAlgorithm,
                  PrivateKey privateKey,
                  PKCSAttributes signedAttrs,
                  PKCSAttributes unsignedAttrs,
                  String provider)
           throws PKCSException,
                  IOException,
                  NoSuchAlgorithmException
Create a SignerInfo object with the specified certificate, contentInfo, message digest algorithm, signature algorithm, and private key and derive a signature value from the contentInfo.
Parameters:
cert - signer certificate
contentInfo - ContentInfo to sign
digestSignatureAlgorithm - message digest and signature algorithm, such as "SHA1withDSA"
privateKey - signer private key
provider - the name of the java security provider to use
Throws:
PKCSException - on signing errors.
IOException - on signing errors.
NoSuchAlgorithmException - on invalid algorithm errors.

SignerInfo

public SignerInfo(String filename,
                  boolean base64)
           throws IOException
Create a SignerInfo with the filename of the DER-encoded or BASE64-encoded object.
Parameters:
filename - name of the DER-encoded or base64-encoded object
base64 - true if BASE64-encoded, false if DER-encoded
Throws:
IOException - on decoding errors.

SignerInfo

public SignerInfo(String filename,
                  boolean base64,
                  String provider)
           throws IOException
Create a SignerInfo with the filename of the DER-encoded or BASE64-encoded object.
Parameters:
filename - name of the DER-encoded or base64-encoded object
base64 - true if BASE64-encoded, false if DER-encoded
provider - the name of the java security provider to use
Throws:
IOException - on decoding errors.
Method Detail

clone

public Object clone()
Creates a clone of this SignerInfo object.
Returns:
clone of this SignerInfo object.

getSigningTime

public SigningTime getSigningTime()
Retrieve the SigningTime attribute from the set of signed attributes.
Returns:
SigningTime when the message digest was signed, otherwise null.

verify

public boolean verify(Certificate cert,
                      byte[] msg)
               throws PKCSException,
                      IOException,
                      NoSuchAlgorithmException
Verify the message digest stored in the SignerInfo object with the specified original byte array and the public key contained in the specified certificate.
Parameters:
cert - signer certificate
msg - byte array to compute the message digest comparision
Returns:
true if the signature verifies, false otherwise.
Throws:
PKCSException - on verification errors.
IOException - on verification errors.
NoSuchAlgorithmException - on invalid algorithm errors.

verify

public boolean verify(PublicKey publicKey,
                      byte[] msg)
               throws PKCSException,
                      IOException,
                      NoSuchAlgorithmException
Verify the message digest stored in the SignerInfo object with the specified original byte array and the public key.
Parameters:
public - key signer public key
msg - byte array to compute the message digest comparision
Returns:
true if the signature verifies, false otherwise.
Throws:
PKCSException - on verification errors.
IOException - on verification errors.
NoSuchAlgorithmException - on invalid algorithm errors.

compareDigest

public boolean compareDigest(byte[] msg)
                      throws IOException
Compares the message digest computed from the message byte array with the message digest stored with the SignerInfo object. If available, the message digest value is stored in the MessageDigest attribute in the set of signed attributes.
Parameters:
msg - byte array to compute the message digest comparision
Returns:
true if the computed digest matches or if SignerInfo does not contain a message digest value, false otherwise.
Throws:
IOException - on comparison errors.

getMessageDigest

public byte[] getMessageDigest()
                        throws IOException
Returns a copy of the message digest byte array stored with the MessageDigest signed attribute. If the Message Digest signed attribute is not available, this method will return null.

getSignedAttribute

public PKCSAttribute getSignedAttribute(ObjectIdentifier oid)
Returns a reference to the signed attribute from the signed attribute set based on an ObjectIdentifier.
Parameters:
oid - ObjectIdentifier to match
Returns:
signed attribute matching the oid, null otherwise.

getUnsignedAttribute

public PKCSAttribute getUnsignedAttribute(ObjectIdentifier oid)
Returns a reference to the unsigned attribute from the unsigned attribute set based on an ObjectIdentifier.
Parameters:
oid - ObjectIdentifier to match
Returns:
unsigned attribute matching the oid, null otherwise.

hasSignedAttribute

public boolean hasSignedAttribute(ObjectIdentifier oid)
Determine if SignerInfo has the signed attribute specified by the ObjectIdentifier.
Parameters:
oid - ObjectIdentifier to match
Returns:
true if the oid exists in the signed attribute set, false otherwise.

hasCertificate

public boolean hasCertificate(Certificate cert)
                       throws IOException
Determine if the SignerInfo object contains the specified certificate.

Return true if the certificate X500Name and serial number are equal to the IssuerAndSerialNumber value stored with the SignerIdentifier attribute on this SignerInfo object. Return false, otherwise.

Parameters:
cert - certificate to match
Returns:
true if SignerInfo has the certificate, false otherwise.
Throws:
IOException - matching error

hasIssuer

public boolean hasIssuer(IssuerAndSerialNumber issuer)
                  throws IOException
Determine if the SignerInfo object contains the specified IssuerAndSerialNumber.

Return true if the specified IssuerAndSerialNumber is equal to the IssuerAndSerialNumber value stored with the SignerInfo. Return false, otherwise.

Parameters:
issuer - IssuerAndSerialNumber to match
Returns:
true if SignerInfo has the issuer, false otherwise.
Throws:
IOException - matching error

derEncode

public void derEncode(OutputStream out)
               throws IOException
DER encode this object onto an output stream. Implements the DerEncoder interface.
Parameters:
out - the OutputStream on which to write the DER encoding.
Throws:
IOException - on encoding errors.

encode

public void encode(OutputStream os)
            throws IOException
Encodes this object to an OutputStream.
Parameters:
os - the OutputStream to write the encoded data to.
Throws:
IOException - on encoding errors.

decode

protected void decode(com.ibm.security.pkcs7.DerValue encoding)
               throws IOException
Initializes an SignerInfo object from a DerValue. The DER encoding must be in the format specified by the SignerInfo ASN.1 notation.
Parameters:
encoding - a DER-encoded SignerInfo object.
Throws:
IOException - on parsing error.

equals

public boolean equals(Object other)
Determines if this SignerInfo object is equivalent to the input object.
Parameters:
other - the object to compare this one to.
Returns:
true, if the two objects are equivalent, false otherwise.

toString

public String toString()
Returns a string representation of this SignerInfo object.
Returns:
a string representation of this object.

hasSignedAttributes

public boolean hasSignedAttributes()
Check if SignerInfo has any signed attributes.
Returns:
true if signed attributes exist, false otherwise.

hasUnsignedAttributes

public boolean hasUnsignedAttributes()
Check if SignerInfo has any unsigned attributes.
Returns:
true if unsigned attributes exist, false otherwise.

getVersion

public BigInteger getVersion()
Returns a reference to the version for this object.
Returns:
the version for this object.

getSignerIdentifier

public SignerIdentifier getSignerIdentifier()
Returns a copy of the SignerIdentifier for this object.
Returns:
the sid for this object.

getDigestAlgorithm

public AlgorithmId getDigestAlgorithm()
                               throws IOException
Returns a copy of the message digest AlgorithmId for this object.
Returns:
the message digest algorithm for this object.

getSignedAttributes

public PKCSAttributes getSignedAttributes()
Returns a reference to the PKCSAttributes signed attributes for this object.
Returns:
PKCSAttributes signed attributes

getUnsignedAttributes

public PKCSAttributes getUnsignedAttributes()
Returns a reference to the PKCSAttributes unsigned attributes for this object.
Returns:
PKCSAttributes unsigned attributes

getSignatureAlgorithm

public AlgorithmId getSignatureAlgorithm()
                                  throws IOException
Returns a copy of the signature algorithm for this object.
Returns:
the signature algorithm for this object.

getSignature

public byte[] getSignature()
Returns a copy of the signature byte array for this object.
Returns:
the signature for this object.