|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
org.mozilla.jss.pkix.cms
Class SignerInfo
java.lang.Object org.mozilla.jss.pkix.cms.SignerInfo
- All Implemented Interfaces:
- ASN1Value
public class SignerInfo
- extends java.lang.Object
- implements ASN1Value
- extends java.lang.Object
A CMS SignerInfo.
Nested Class Summary | |
---|---|
static class |
SignerInfo.Template
A template for decoding a SignerInfo blob |
Constructor Summary | |
---|---|
SignerInfo(SignerIdentifier signerIdentifier,
SET signedAttributes,
SET unsignedAttributes,
OBJECT_IDENTIFIER contentType,
byte[] messageDigest,
SignatureAlgorithm signingAlg,
PrivateKey signingKey)
A constructor for creating a new SignerInfo from scratch. |
Method Summary | |
---|---|
void |
encode(java.io.OutputStream ostream)
Write this value's DER encoding to an output stream using its own base tag. |
void |
encode(Tag tag,
java.io.OutputStream ostream)
Write this value's DER encoding to an output stream using an implicit tag. |
DigestAlgorithm |
getDigestAlgorithm()
Retrieves the DigestAlgorithm used in this SignerInfo. |
AlgorithmIdentifier |
getDigestAlgorithmIdentifer()
Retrieves the DigestAlgorithmIdentifier used in this SignerInfo. |
SignatureAlgorithm |
getDigestEncryptionAlgorithm()
Returns the raw signature (digest encryption) algorithm used in this SignerInfo. |
AlgorithmIdentifier |
getDigestEncryptionAlgorithmIdentifier()
Returns the DigestEncryptionAlgorithmIdentifier used in this SignerInfo. |
byte[] |
getEncryptedDigest()
Retrieves the encrypted digest. |
SET |
getSignedAttributes()
Retrieves the signed attributes, if they exist. |
SignerIdentifier |
getSignerIdentifier()
Retrieves the SignerIdentifier. |
Tag |
getTag()
Returns the base tag for this type, not counting any tags that may be imposed on it by its context. |
static SignerInfo.Template |
getTemplate()
|
SET |
getUnsignedAttributes()
Retrieves the unsigned attributes, if they exist. |
INTEGER |
getVersion()
Retrieves the version number of this SignerInfo. |
boolean |
hasSignedAttributes()
Returns true if the signedAttributes field is present. |
boolean |
hasUnsignedAttributes()
Returns true if the unsignedAttributes field is present. |
void |
verify(byte[] messageDigest,
OBJECT_IDENTIFIER contentType)
Verifies that this SignerInfo contains a valid signature of the given message digest. |
void |
verify(byte[] messageDigest,
OBJECT_IDENTIFIER contentType,
java.security.PublicKey pubkey)
Verifies that this SignerInfo contains a valid signature of the given message digest. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
SignerInfo
public SignerInfo(SignerIdentifier signerIdentifier, SET signedAttributes, SET unsignedAttributes, OBJECT_IDENTIFIER contentType, byte[] messageDigest, SignatureAlgorithm signingAlg, PrivateKey signingKey) throws java.security.InvalidKeyException, java.security.NoSuchAlgorithmException, CryptoManager.NotInitializedException, java.security.SignatureException, TokenException
- A constructor for creating a new SignerInfo from scratch.
- Parameters:
signerIdentifier
- The signerIdentifier of the certificate from which the public key was extracted to create this SignerInfo.signingAlg
- The algorithm to be used to sign the content. This should be a composite algorithm, such as RSASignatureWithMD5Digest, instead of a raw algorithm, such as RSASignature. Note that the digest portion of this algorithm must be the same algorithm as was used to digest the message content.signedAttributes
- An optional set of Attributes, which will be signed along with the message content. This parameter may be null, or the SET may be empty. DO NOT insert the PKCS #9 content-type or message-digest attributes. They will be added automatically if they are necessary.unsignedAttributes
- An optional set of Attributes, which will be included in the SignerInfo but not signed. This parameter may be null, or the SET may be empty.messageDigest
- The digest of the message contents. The digest must have been created with the digest algorithm specified by the signingAlg parameter.contentType
- The type of the ContentInfo that is being signed. If it is notdata
, then the PKCS #9 attributes content-type and message-digest will be automatically computed and added to the signed attributes.- Throws:
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
CryptoManager.NotInitializedException
java.security.SignatureException
TokenException
Method Detail |
---|
getVersion
public INTEGER getVersion()
- Retrieves the version number of this SignerInfo.
getSignerIdentifier
public SignerIdentifier getSignerIdentifier()
- Retrieves the SignerIdentifier.
getDigestAlgorithm
public DigestAlgorithm getDigestAlgorithm() throws java.security.NoSuchAlgorithmException
- Retrieves the DigestAlgorithm used in this SignerInfo.
- Throws:
NoSuchAlgorithm
- If the algorithm is not recognized by JSS.java.security.NoSuchAlgorithmException
getDigestAlgorithmIdentifer
public AlgorithmIdentifier getDigestAlgorithmIdentifer()
- Retrieves the DigestAlgorithmIdentifier used in this SignerInfo.
getSignedAttributes
public SET getSignedAttributes()
- Retrieves the signed attributes, if they exist.
hasSignedAttributes
public boolean hasSignedAttributes()
- Returns true if the signedAttributes field is present.
getDigestEncryptionAlgorithm
public SignatureAlgorithm getDigestEncryptionAlgorithm() throws java.security.NoSuchAlgorithmException
- Returns the raw signature (digest encryption) algorithm used in this
SignerInfo.
- Throws:
java.security.NoSuchAlgorithmException
- If the algorithm is not recognized by JSS.
getDigestEncryptionAlgorithmIdentifier
public AlgorithmIdentifier getDigestEncryptionAlgorithmIdentifier()
- Returns the DigestEncryptionAlgorithmIdentifier used in this SignerInfo.
getEncryptedDigest
public byte[] getEncryptedDigest()
- Retrieves the encrypted digest.
getUnsignedAttributes
public SET getUnsignedAttributes()
- Retrieves the unsigned attributes, if they exist.
hasUnsignedAttributes
public boolean hasUnsignedAttributes()
- Returns true if the unsignedAttributes field is present.
verify
public void verify(byte[] messageDigest, OBJECT_IDENTIFIER contentType) throws CryptoManager.NotInitializedException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, TokenException, java.security.SignatureException, ObjectNotFoundException
- Verifies that this SignerInfo contains a valid signature of the
given message digest. If any signed attributes are present,
they are also validated. The verification algorithm is as follows:
- If no signed attributes are present, the content type is verified to be data. Then it is verified that the message digest passed in, when encrypted with the given public key, matches the encrypted digest in the SignerInfo.
- If signed attributes are present,
two particular attributes must be present:
- PKCS #9 Content-Type, the type of content that is being signed. This must match the contentType parameter.
- PKCS #9 Message-Digest, the digest of the content that is being signed. This must match the messageDigest parameter.
Note that this does not verify the validity of the the certificate itself, only the signature.
- Parameters:
messageDigest
- The hash of the content that is signed by this SignerInfo.contentType
- The type of the content that is signed by this SignerInfo.- Throws:
NoSuchObjectException
- If no certificate matching the the issuer name and serial number can be found.CryptoManager.NotInitializedException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
TokenException
java.security.SignatureException
ObjectNotFoundException
verify
public void verify(byte[] messageDigest, OBJECT_IDENTIFIER contentType, java.security.PublicKey pubkey) throws CryptoManager.NotInitializedException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, TokenException, java.security.SignatureException
- Verifies that this SignerInfo contains a valid signature of the
given message digest. If any signed attributes are present,
they are also validated. The verification algorithm is as follows:
- If no signed attributes are present, the content type is verified to be data. Then it is verified that the message digest passed in, when encrypted with the given public key, matches the encrypted digest in the SignerInfo.
- If signed attributes are present,
two particular attributes must be present:
- PKCS #9 Content-Type, the type of content that is being signed. This must match the contentType parameter.
- PKCS #9 Message-Digest, the digest of the content that is being signed. This must match the messageDigest parameter.
- Parameters:
messageDigest
- The hash of the content that is signed by this SignerInfo.contentType
- The type of the content that is signed by this SignerInfo.pubkey
- The public key to use to verify the signature.- Throws:
CryptoManager.NotInitializedException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
TokenException
java.security.SignatureException
getTag
public Tag getTag()
- Description copied from interface:
ASN1Value
- Returns the base tag for this type, not counting any tags
that may be imposed on it by its context.
encode
public void encode(java.io.OutputStream ostream) throws java.io.IOException
- Description copied from interface:
ASN1Value
- Write this value's DER encoding to an output stream using
its own base tag.
- Throws:
java.io.IOException
encode
public void encode(Tag tag, java.io.OutputStream ostream) throws java.io.IOException
- Description copied from interface:
ASN1Value
- Write this value's DER encoding to an output stream using
an implicit tag.
- Throws:
java.io.IOException
getTemplate
public static SignerInfo.Template getTemplate()
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |