public class CMSSignedDataParser extends CMSContentInfoParser
Note: that because we are in a streaming mode only one signer can be tried and it is important that the methods on the parser are called in the appropriate order.
A simple example of usage for an encapsulated signature.
Two notes: first, in the example below the validity of the certificate isn't verified, just the fact that one of the certs matches the given signer, and, second, because we are in a streaming mode the order of the operations is important.
CMSSignedDataParser sp = new CMSSignedDataParser(encapSigData); sp.getSignedContent().drain(); CertStore certs = sp.getCertificatesAndCRLs("Collection", GammaTechProvider.PROVIDER_NAME); SignerInformationStore signers = sp.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation)it.next(); Collection certCollection = certs.getCertificates(signer.getSID()); Iterator certIt = certCollection.iterator(); X509Certificate cert = (X509Certificate)certIt.next(); System.out.println("verify returns: " + signer.verify(cert, GammaTechProvider.PROVIDER_NAME)); }Note also: this class does not introduce buffering - if you are processing large files you should create the parser with:
CMSSignedDataParser ep = new CMSSignedDataParser(new BufferedInputStream(encapSigData, bufSize));where bufSize is a suitably large buffer size.
Modifier and Type | Field and Description |
---|---|
private X509Store |
_attributeStore |
private X509Store |
_certificateStore |
private ASN1Set |
_certSet |
private java.security.cert.CertStore |
_certStore |
private ASN1Set |
_crlSet |
private X509Store |
_crlStore |
private java.util.Map |
_digests |
private boolean |
_isCertCrlParsed |
private CMSTypedStream |
_signedContent |
private SignedDataParser |
_signedData |
private SignerInformationStore |
_signerInfoStore |
private static CMSSignedHelper |
HELPER |
_contentInfo, _data
Constructor and Description |
---|
CMSSignedDataParser(byte[] sigBlock) |
CMSSignedDataParser(CMSTypedStream signedContent,
byte[] sigBlock) |
CMSSignedDataParser(CMSTypedStream signedContent,
java.io.InputStream sigData)
base constructor
|
CMSSignedDataParser(java.io.InputStream sigData)
base constructor - with encapsulated content
|
Modifier and Type | Method and Description |
---|---|
X509Store |
getAttributeCertificates(java.lang.String type,
java.lang.String provider)
return a X509Store containing the attribute certificates, if any, contained
in this message.
|
X509Store |
getCertificates(java.lang.String type,
java.lang.String provider)
return a X509Store containing the public key certificates, if any, contained
in this message.
|
java.security.cert.CertStore |
getCertificatesAndCRLs(java.lang.String type,
java.lang.String provider)
return a CertStore containing the certificates and CRLs associated with
this message.
|
X509Store |
getCRLs(java.lang.String type,
java.lang.String provider)
return a X509Store containing CRLs, if any, contained
in this message.
|
CMSTypedStream |
getSignedContent() |
SignerInformationStore |
getSignerInfos()
return the collection of signers that are associated with the
signatures for the message.
|
int |
getVersion()
Return the version number for the SignedData object
|
private static AlgorithmIdentifier |
makeAlgId(java.lang.String oid,
byte[] params) |
private static DERObject |
makeObj(byte[] encoding) |
private void |
populateCertCrlSets() |
static java.io.OutputStream |
replaceCertificatesAndCRLs(java.io.InputStream original,
java.security.cert.CertStore certsAndCrls,
java.io.OutputStream out)
Replace the certificate and CRL information associated with this
CMSSignedData object with the new one passed in.
|
static java.io.OutputStream |
replaceSigners(java.io.InputStream original,
SignerInformationStore signerInformationStore,
java.io.OutputStream out)
Replace the signerinformation store associated with the passed
in message contained in the stream original with the new one passed in.
|
close
private static CMSSignedHelper HELPER
private SignedDataParser _signedData
private CMSTypedStream _signedContent
private java.util.Map _digests
private java.security.cert.CertStore _certStore
private SignerInformationStore _signerInfoStore
private X509Store _attributeStore
private ASN1Set _certSet
private ASN1Set _crlSet
private boolean _isCertCrlParsed
private X509Store _certificateStore
private X509Store _crlStore
public CMSSignedDataParser(byte[] sigBlock) throws CMSException
CMSException
public CMSSignedDataParser(CMSTypedStream signedContent, byte[] sigBlock) throws CMSException
CMSException
public CMSSignedDataParser(java.io.InputStream sigData) throws CMSException
CMSException
public CMSSignedDataParser(CMSTypedStream signedContent, java.io.InputStream sigData) throws CMSException
signedContent
- the content that was signed.sigData
- the signature object stream.CMSException
public int getVersion()
public SignerInformationStore getSignerInfos() throws CMSException
CMSException
public X509Store getAttributeCertificates(java.lang.String type, java.lang.String provider) throws NoSuchStoreException, java.security.NoSuchProviderException, CMSException
type
- type of store to createprovider
- provider to usejava.security.NoSuchProviderException
- if the provider requested isn't available.NoSuchStoreException
- if the store type isn't available.CMSException
- if a general exception prevents creation of the X509Storepublic X509Store getCertificates(java.lang.String type, java.lang.String provider) throws NoSuchStoreException, java.security.NoSuchProviderException, CMSException
type
- type of store to createprovider
- provider to usejava.security.NoSuchProviderException
- if the provider requested isn't available.NoSuchStoreException
- if the store type isn't available.CMSException
- if a general exception prevents creation of the X509Storepublic X509Store getCRLs(java.lang.String type, java.lang.String provider) throws NoSuchStoreException, java.security.NoSuchProviderException, CMSException
type
- type of store to createprovider
- provider to usejava.security.NoSuchProviderException
- if the provider requested isn't available.NoSuchStoreException
- if the store type isn't available.CMSException
- if a general exception prevents creation of the X509Storepublic java.security.cert.CertStore getCertificatesAndCRLs(java.lang.String type, java.lang.String provider) throws java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException, CMSException
java.security.NoSuchProviderException
- if the provider requested isn't available.java.security.NoSuchAlgorithmException
- if the cert store isn't available.CMSException
- if a general exception prevents creation of the CertStoreprivate void populateCertCrlSets() throws CMSException
CMSException
public CMSTypedStream getSignedContent()
public static java.io.OutputStream replaceSigners(java.io.InputStream original, SignerInformationStore signerInformationStore, java.io.OutputStream out) throws CMSException, java.io.IOException
The output stream is returned unclosed.
original
- the signed data stream to be used as a base.signerInformationStore
- the new signer information store to use.out
- the stream to write the new signed data object to.CMSException
java.io.IOException
public static java.io.OutputStream replaceCertificatesAndCRLs(java.io.InputStream original, java.security.cert.CertStore certsAndCrls, java.io.OutputStream out) throws CMSException, java.io.IOException
The output stream is returned unclosed.
original
- the signed data stream to be used as a base.certsAndCrls
- the new certificates and CRLs to be used.out
- the stream to write the new signed data object to.CMSException
- if there is an error processing the CertStorejava.io.IOException
private static DERObject makeObj(byte[] encoding) throws java.io.IOException
java.io.IOException
private static AlgorithmIdentifier makeAlgId(java.lang.String oid, byte[] params) throws java.io.IOException
java.io.IOException
Copyright © 1998-2014 Gamma Technologies. All Rights Reserved.