|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.ibm.security.pkcsutil.PKCSDerObject | +--com.ibm.security.pkcs7.Content | +--com.ibm.security.pkcs7.SignedData
Implements the ASN.1 SignedData type. It encapsulates signed data and related methods. Each signer's information is included in the signerInfos field. The sign and verify methods can be used to sign the ContentInfo and verify the ContentInfo against a signature (encrypted message digest) in a SignerInfo object.
Currently, SignedData only supports X509Certificates for certificates and X509CRLs for crls.
This definition reflects PKCS #7 version 1.5 specifications with selected enhancements from the Cryptographic Message Syntax (CMS) RFC 2630 specifications.
Only X509Certificate objects are supported for recipient certificates.
SignedData objects are not immutable; they can be changed once created. After construction of the SignedData object, users can add additional recipients of the object, add certificates and CRLs, as well as remove the contents of this object.
Field Summary | |
protected static String |
BEGIN_CERTIFICATE
BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----" |
protected static String |
END_CERTIFICATE
END_CERTIFICATE = "-----END CERTIFICATE-----" |
Fields inherited from class com.ibm.security.pkcsutil.PKCSDerObject |
provider |
Constructor Summary | |
SignedData(AlgorithmId[] digestAlgorithms,
EncapsulatedContentInfo eci,
Certificate[] certsIn,
CRL[] crlsIn,
SignerInfo[] signersIn)
Create a SignedData object with specified values. |
|
SignedData(AlgorithmId[] digestAlgorithms,
EncapsulatedContentInfo eci,
Certificate[] certsIn,
CRL[] crlsIn,
SignerInfo[] signersIn,
String provider)
Create a SignedData object with specified values. |
|
SignedData(byte[] der)
Create a SignedData object with a DER-encoded byte array. |
|
SignedData(byte[] der,
String provider)
Create a SignedData object with a DER-encoded byte array. |
|
SignedData(Certificate[] certs,
CRL[] crls)
Create a SignedData object with the specified certificate and CRL arrays. |
|
SignedData(Certificate[] certs,
CRL[] crls,
ContentInfo contentInfo,
String digestSignatureAlgorithm,
PrivateKey[] privateKeys,
PKCSAttributes signedAttribs,
PKCSAttributes unsignedAttribs,
boolean signatureOnly)
Create a SignedData object with the specified certificate array, contentInfo, message digest and signature algorithm, and private key array and derive a signature for each certificate in the signing certificate array. |
|
SignedData(Certificate[] certs,
CRL[] crls,
ContentInfo contentInfo,
String digestSignatureAlgorithm,
PrivateKey[] privateKeys,
PKCSAttributes signedAttribs,
PKCSAttributes unsignedAttribs,
boolean signatureOnly,
String provider)
Create a SignedData object with the specified certificate array, contentInfo, message digest and signature algorithm, and private key array and derive a signature for each certificate in the signing certificate array. |
|
SignedData(Certificate[] certs,
CRL[] crls,
String provider)
Create a SignedData object with the specified certificate and CRL arrays. |
|
SignedData(Certificate cert,
ContentInfo contentInfo,
String digestSignatureAlgorithm,
PrivateKey privateKey,
boolean signatureOnly)
Create a SignedData object with the specified certificate, contentInfo, message digest and signature algorithm, and private key and derive a signature for the specified signing certificate. |
|
SignedData(Certificate cert,
ContentInfo contentInfo,
String digestSignatureAlgorithm,
PrivateKey privateKey,
boolean signatureOnly,
String provider)
Create a SignedData object with the specified certificate, contentInfo, message digest and signature algorithm, and private key and derive a signature for the specified signing certificate. |
|
SignedData(String filename,
boolean base64)
Create a SignedData with the filename of the DER-encoded or BASE64-encoded object. |
|
SignedData(String filename,
boolean base64,
String provider)
Create a SignedData with the filename of the DER-encoded or BASE64-encoded object. |
Method Summary | |
void |
addCertificate(Certificate[] certs)
Add a certificate array to the certificate array for this SignedData object. |
void |
addCRL(CRL[] crls)
Add a CRL array to the CRL array for this SignedData object. |
void |
addSigner(Certificate cert,
PrivateKey privateKey,
String digestSignatureAlgorithm,
PKCSAttributes signedAttribs,
PKCSAttributes unsignedAttribs)
Add a SignerInfo entry to this SignedData object. |
void |
addSignerSignatureOnly(Certificate cert,
PrivateKey privateKey,
String digestSignatureAlgorithm)
Add a SignerInfo entry to this SignedData object without any default or specified signed attributes. |
Object |
clone()
Creates a clone of this SignedData object. |
protected void |
decode(com.ibm.security.pkcs7.DerValue encoding)
Initializes a SignedData object from a DerValue. |
void |
encode(OutputStream os)
DER encode this object to an OutputStream. |
boolean |
equals(Object other)
Determines if this SignedData object is equivalent to the input object. |
Certificate |
getCertificate(IssuerAndSerialNumber issuer)
Retrieve a copy of the Certificate object that matches the specified IssuerAndSerialNumber. |
Certificate[] |
getCertificates()
Returns a copy of the set of signing certificates in an array of certificates. |
CRL[] |
getCRLs()
Returns a copy of the set of CRLs in an array of CRLs. |
AlgorithmId[] |
getDigestAlgorithms()
Returns a copy of the array of message digest algorithms. |
EncapsulatedContentInfo |
getEncapsulatedContentInfo()
Returns a copy of the EncapsulatedContentInfo. |
ObjectIdentifier |
getObjectIdentifier()
Returns a reference to the ObjectIdentifer for the SignedData object. |
SignerInfo |
getSignerInfo(Certificate cert)
Retrieve a copy of the SignerInfo object that matches the specified certificate. |
SignerInfo[] |
getSignerInfos()
Returns a copy of the array of SignerInfo objects. |
BigInteger |
getVersion()
Returns a reference to the version for this object. |
boolean |
hasCertificate(Certificate cert)
Determine if this SignedData object has the specified certificate. |
boolean |
hasCertificates()
Determines whether or not this SignedData object has Certificate objects. |
boolean |
hasCertificatesOnly()
Determine if this SignedData object contains certificate objects and does not contain SignerInfo objects. |
boolean |
hasContent()
Returns whether or not this SignedData object contains content in its EncapsulatedContentInfo object. |
boolean |
hasCRL(CRL crl)
Determine if this SignedData object has the specified CRL. |
boolean |
hasCRLs()
Determines whether or not this SignedData object has CRL objects. |
boolean |
hasSignerInfos()
Returns whether or not this SignedData object has SignerInfo objects. |
void |
removeContent()
Removes the content from the EncapsulatedContentInfo contained within this SignedData object. |
String |
toString()
Returns a string representation of this SignedData object. |
boolean |
verify(Certificate cert)
Verify the message digest stored in the SignerInfo object within this SignedData object with the public key contained in the specified certificate. |
boolean |
verify(Certificate cert,
byte[] msg)
Verify the message digest stored in the SignerInfo object within this SignedData object with the public key contained in the specified certificate. |
void |
writeBASE64(String filename)
DER-encode the object and write the encoded bytes to the output file in BASE64 format. |
Methods inherited from class com.ibm.security.pkcsutil.PKCSDerObject |
decode,
decode,
encode,
hashCode,
read,
readBASE64,
write,
write |
Methods inherited from class java.lang.Object |
finalize,
getClass,
notify,
notifyAll,
wait,
wait,
wait |
Field Detail |
protected static final String BEGIN_CERTIFICATE
protected static final String END_CERTIFICATE
Constructor Detail |
public SignedData(byte[] der) throws IOException
der
- a DER-encoded byte array of a SignedData object.public SignedData(byte[] der, String provider) throws IOException
der
- a DER-encoded byte array of a SignedData object.provider
- the name of the java security provider to usepublic SignedData(Certificate[] certs, CRL[] crls) throws IOException
certs
- Certificate arraycrls
- Certificate Revocation List arraypublic SignedData(Certificate[] certs, CRL[] crls, String provider) throws IOException
certs
- Certificate arraycrls
- Certificate Revocation List arrayprovider
- the name of the java security provider to usepublic SignedData(AlgorithmId[] digestAlgorithms, EncapsulatedContentInfo eci, Certificate[] certsIn, CRL[] crlsIn, SignerInfo[] signersIn)
digestAlgorithms
- message digest algorithm arrayeci
- EncapsulatedContentInfo objectcertsIn
- Certificate arraycrlsIn
- Certificate Revocation List arraysignersIn
- SignerInfo arraypublic SignedData(AlgorithmId[] digestAlgorithms, EncapsulatedContentInfo eci, Certificate[] certsIn, CRL[] crlsIn, SignerInfo[] signersIn, String provider)
digestAlgorithms
- message digest algorithm arrayeci
- EncapsulatedContentInfo objectcertsIn
- Certificate arraycrlsIn
- Certificate Revocation List arraysignersIn
- SignerInfo arrayprovider
- the name of the java security provider to usepublic SignedData(Certificate cert, ContentInfo contentInfo, String digestSignatureAlgorithm, PrivateKey privateKey, boolean signatureOnly) throws PKCSException, IOException, NoSuchAlgorithmException
cert
- signing certificatecontentInfo
- ContentInfo object to signdigestSignatureAlgorithm
- message digest and signature algorithm,
such as "SHA1withDSA"privateKey
- signer's private keysignatureOnly
- indicate if the default signed attributes should be included.public SignedData(Certificate cert, ContentInfo contentInfo, String digestSignatureAlgorithm, PrivateKey privateKey, boolean signatureOnly, String provider) throws PKCSException, IOException, NoSuchAlgorithmException
cert
- signing certificatecontentInfo
- ContentInfo object to signdigestSignatureAlgorithm
- message digest and signature algorithm,
such as "SHA1withDSA"privateKey
- signer's private keysignatureOnly
- indicate if the default signed attributes should be included.public SignedData(Certificate[] certs, CRL[] crls, ContentInfo contentInfo, String digestSignatureAlgorithm, PrivateKey[] privateKeys, PKCSAttributes signedAttribs, PKCSAttributes unsignedAttribs, boolean signatureOnly) throws PKCSException, IOException, NoSuchAlgorithmException
certs[]
- array of signing certificatescrls[]
- array of CRLscontentInfo
- ContentInfo object to signdigestSignatureAlgorithm
- message digest and signature algorithm,
such as "SHA1withRSA"privateKeys[]
- array of private keys corresponding to each signing
certificate.signatureOnly
- indicate if the default signed attributes should be included.public SignedData(Certificate[] certs, CRL[] crls, ContentInfo contentInfo, String digestSignatureAlgorithm, PrivateKey[] privateKeys, PKCSAttributes signedAttribs, PKCSAttributes unsignedAttribs, boolean signatureOnly, String provider) throws PKCSException, IOException, NoSuchAlgorithmException
certs[]
- array of signing certificatescrls[]
- array of CRLscontentInfo
- ContentInfo object to signdigestSignatureAlgorithm
- message digest and signature algorithm,
such as "SHA1withRSA"privateKeys[]
- array of private keys corresponding to each signing
certificate.signatureOnly
- indicate if the default signed attributes should be included.public SignedData(String filename, boolean base64) throws IOException
filename
- name of the DER-encoded or base64-encoded objectbase64
- true if BASE64-encoded, false if DER-encodedpublic SignedData(String filename, boolean base64, String provider) throws IOException
filename
- name of the DER-encoded or base64-encoded objectbase64
- true if BASE64-encoded, false if DER-encodedprovider
- the name of the java security provider to useMethod Detail |
public Object clone()
public ObjectIdentifier getObjectIdentifier()
public BigInteger getVersion()
public AlgorithmId[] getDigestAlgorithms()
public EncapsulatedContentInfo getEncapsulatedContentInfo()
public void removeContent() throws IOException
public boolean hasContent()
public boolean hasCertificates()
public boolean hasCRLs()
public Certificate[] getCertificates()
public CRL[] getCRLs()
public SignerInfo[] getSignerInfos()
public boolean hasSignerInfos()
public SignerInfo getSignerInfo(Certificate cert) throws IOException
cert
- signer certificate to matchpublic Certificate getCertificate(IssuerAndSerialNumber issuer) throws IOException
issuer
- IssuerAndSerialNumber to matchpublic boolean hasCertificate(Certificate cert)
cert
- signer certificate for which to searchpublic boolean hasCRL(CRL crl)
crl
- CRL for which to searchpublic boolean hasCertificatesOnly()
public boolean verify(Certificate cert) throws PKCSException, IOException, NoSuchAlgorithmException
cert
- signer certificate for which to verifypublic boolean verify(Certificate cert, byte[] msg) throws PKCSException, IOException, NoSuchAlgorithmException
This method allows callers to verify a detached signature, where the contents is not part of the SignedData object.
cert
- signer certificate for which to verifymsg
- byte array to compute the message digest comparision.
If not specified, this method will use the content stored
in the EncapsulatedContentInfo to independently compute
the message digest.public void addSigner(Certificate cert, PrivateKey privateKey, String digestSignatureAlgorithm, PKCSAttributes signedAttribs, PKCSAttributes unsignedAttribs) throws PKCSException, IOException, NoSuchAlgorithmException
cert
- signer certificateprivateKey
- signer private keydigestAlgorithm
- message digest algorithmsignatureAlgorithm
- signature algorithmsignedAttribs
- signed PKCSAttributesunsignedAttribs
- unsigned PKCSAttributespublic void addSignerSignatureOnly(Certificate cert, PrivateKey privateKey, String digestSignatureAlgorithm) throws PKCSException, IOException, NoSuchAlgorithmException
cert
- signer certificateprivateKey
- signer private keydigestAlgorithm
- message digest algorithmsignatureAlgorithm
- signature algorithmpublic void addCertificate(Certificate[] certs)
certs
- Certificate array to addpublic void addCRL(CRL[] crls)
crls
- CRL array to addpublic void encode(OutputStream os) throws IOException
os
- the OutputStream to write the encoded data to.protected void decode(com.ibm.security.pkcs7.DerValue encoding) throws IOException
encoding
- a DER-encoded SignedData object.public boolean equals(Object other)
other
- the object to compare this one to.public void writeBASE64(String filename) throws IOException
filename
- the file to write the BASE64 DER-encoded object to.public String toString()
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |