kz.gamma.cms
Class CMSSignedDataParser

java.lang.Object
  kz.gamma.cms.CMSContentInfoParser
      kz.gamma.cms.CMSSignedDataParser

public class CMSSignedDataParser
extends CMSContentInfoParser

Parsing class for an CMS Signed Data object from an input stream.

Note: that because we are in a streaming mode only one signer can be tried and it is important that the methods on the parser are called in the appropriate order.

A simple example of usage for an encapsulated signature.

Two notes: first, in the example below the validity of the certificate isn't verified, just the fact that one of the certs matches the given signer, and, second, because we are in a streaming mode the order of the operations is important.

      CMSSignedDataParser     sp = new CMSSignedDataParser(encapSigData);

      sp.getSignedContent().drain();

      CertStore               certs = sp.getCertificatesAndCRLs("Collection", GammaTechProvider.PROVIDER_NAME);
      SignerInformationStore  signers = sp.getSignerInfos();
      
      Collection              c = signers.getSigners();
      Iterator                it = c.iterator();

      while (it.hasNext())
      {
          SignerInformation   signer = (SignerInformation)it.next();
          Collection          certCollection = certs.getCertificates(signer.getSID());

          Iterator        certIt = certCollection.iterator();
          X509Certificate cert = (X509Certificate)certIt.next();

          System.out.println("verify returns: " + signer.verify(cert, GammaTechProvider.PROVIDER_NAME));
      }
 

Note also: this class does not introduce buffering - if you are processing large files you should create the parser with:

          CMSSignedDataParser     ep = new CMSSignedDataParser(new BufferedInputStream(encapSigData, bufSize));
  

where bufSize is a suitably large buffer size.

Field Summary

private X509Store	_attributeStore
private X509Store	_certificateStore
private ASN1Set	_certSet
private java.security.cert.CertStore	_certStore
private ASN1Set	_crlSet
private X509Store	_crlStore
private java.util.Map	_digests
private boolean	_isCertCrlParsed
private CMSTypedStream	_signedContent
private SignedDataParser	_signedData
private SignerInformationStore	_signerInfoStore
private static CMSSignedHelper	HELPER

Fields inherited from class kz.gamma.cms.CMSContentInfoParser

_contentInfo, _data

Constructor Summary

CMSSignedDataParser(byte[] sigBlock)

CMSSignedDataParser(CMSTypedStream signedContent, byte[] sigBlock)

CMSSignedDataParser(CMSTypedStream signedContent, java.io.InputStream sigData)
base constructor

CMSSignedDataParser(java.io.InputStream sigData)
base constructor - with encapsulated content

Method Summary

X509Store	getAttributeCertificates(java.lang.String type, java.lang.String provider) return a X509Store containing the attribute certificates, if any, contained in this message.
X509Store	getCertificates(java.lang.String type, java.lang.String provider) return a X509Store containing the public key certificates, if any, contained in this message.
java.security.cert.CertStore	getCertificatesAndCRLs(java.lang.String type, java.lang.String provider) return a CertStore containing the certificates and CRLs associated with this message.
X509Store	getCRLs(java.lang.String type, java.lang.String provider) return a X509Store containing CRLs, if any, contained in this message.
CMSTypedStream	getSignedContent()
SignerInformationStore	getSignerInfos() return the collection of signers that are associated with the signatures for the message.
int	getVersion() Return the version number for the SignedData object
private static AlgorithmIdentifier	makeAlgId(java.lang.String oid, byte[] params)
private static DERObject	makeObj(byte[] encoding)
private void	populateCertCrlSets()
static java.io.OutputStream	replaceCertificatesAndCRLs(java.io.InputStream original, java.security.cert.CertStore certsAndCrls, java.io.OutputStream out) Replace the certificate and CRL information associated with this CMSSignedData object with the new one passed in.
static java.io.OutputStream	replaceSigners(java.io.InputStream original, SignerInformationStore signerInformationStore, java.io.OutputStream out) Replace the signerinformation store associated with the passed in message contained in the stream original with the new one passed in.

Methods inherited from class kz.gamma.cms.CMSContentInfoParser

close

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

HELPER

private static CMSSignedHelper HELPER

_signedData

private SignedDataParser _signedData

_signedContent

private CMSTypedStream _signedContent

_digests

private java.util.Map _digests

_certStore

private java.security.cert.CertStore _certStore

_signerInfoStore

private SignerInformationStore _signerInfoStore

_attributeStore

private X509Store _attributeStore

_certSet

private ASN1Set _certSet

_crlSet

private ASN1Set _crlSet

_isCertCrlParsed

private boolean _isCertCrlParsed

_certificateStore

private X509Store _certificateStore

_crlStore

private X509Store _crlStore

Constructor Detail

CMSSignedDataParser

public CMSSignedDataParser(byte[] sigBlock)
                    throws CMSException

Throws:

CMSException

CMSSignedDataParser

public CMSSignedDataParser(CMSTypedStream signedContent,
                           byte[] sigBlock)
                    throws CMSException

Throws:

CMSException

CMSSignedDataParser

public CMSSignedDataParser(java.io.InputStream sigData)
                    throws CMSException

base constructor - with encapsulated content

Throws:

CMSException

CMSSignedDataParser

public CMSSignedDataParser(CMSTypedStream signedContent,
                           java.io.InputStream sigData)
                    throws CMSException

base constructor

Parameters:

signedContent - the content that was signed.

sigData - the signature object stream.

Throws:

CMSException

Method Detail

getVersion

public int getVersion()

Return the version number for the SignedData object

Returns:

the version number

getSignerInfos

public SignerInformationStore getSignerInfos()
                                      throws CMSException

return the collection of signers that are associated with the signatures for the message.

Throws:

CMSException

getAttributeCertificates

public X509Store getAttributeCertificates(java.lang.String type,
                                          java.lang.String provider)
                                   throws NoSuchStoreException,
                                          java.security.NoSuchProviderException,
                                          CMSException

return a X509Store containing the attribute certificates, if any, contained in this message.

Parameters:

type - type of store to create

provider - provider to use

Returns:

a store of attribute certificates

Throws:

java.security.NoSuchProviderException - if the provider requested isn't available.

NoSuchStoreException - if the store type isn't available.

CMSException - if a general exception prevents creation of the X509Store

getCertificates

public X509Store getCertificates(java.lang.String type,
                                 java.lang.String provider)
                          throws NoSuchStoreException,
                                 java.security.NoSuchProviderException,
                                 CMSException

return a X509Store containing the public key certificates, if any, contained in this message.

Parameters:

type - type of store to create

provider - provider to use

Returns:

a store of public key certificates

Throws:

java.security.NoSuchProviderException - if the provider requested isn't available.

NoSuchStoreException - if the store type isn't available.

CMSException - if a general exception prevents creation of the X509Store

getCRLs

public X509Store getCRLs(java.lang.String type,
                         java.lang.String provider)
                  throws NoSuchStoreException,
                         java.security.NoSuchProviderException,
                         CMSException

return a X509Store containing CRLs, if any, contained in this message.

Parameters:

type - type of store to create

provider - provider to use

Returns:

a store of CRLs

Throws:

java.security.NoSuchProviderException - if the provider requested isn't available.

NoSuchStoreException - if the store type isn't available.

CMSException - if a general exception prevents creation of the X509Store

getCertificatesAndCRLs

public java.security.cert.CertStore getCertificatesAndCRLs(java.lang.String type,
                                                           java.lang.String provider)
                                                    throws java.security.NoSuchAlgorithmException,
                                                           java.security.NoSuchProviderException,
                                                           CMSException

return a CertStore containing the certificates and CRLs associated with this message.

Throws:

java.security.NoSuchProviderException - if the provider requested isn't available.

java.security.NoSuchAlgorithmException - if the cert store isn't available.

CMSException - if a general exception prevents creation of the CertStore

populateCertCrlSets

private void populateCertCrlSets()
                          throws CMSException

Throws:

CMSException

getSignedContent

public CMSTypedStream getSignedContent()

replaceSigners

public static java.io.OutputStream replaceSigners(java.io.InputStream original,
                                                  SignerInformationStore signerInformationStore,
                                                  java.io.OutputStream out)
                                           throws CMSException,
                                                  java.io.IOException

Replace the signerinformation store associated with the passed in message contained in the stream original with the new one passed in. You would probably only want to do this if you wanted to change the unsigned attributes associated with a signer, or perhaps delete one.

The output stream is returned unclosed.

Parameters:

original - the signed data stream to be used as a base.

signerInformationStore - the new signer information store to use.

out - the stream to write the new signed data object to.

Returns:

out.

Throws:

CMSException

java.io.IOException

replaceCertificatesAndCRLs

public static java.io.OutputStream replaceCertificatesAndCRLs(java.io.InputStream original,
                                                              java.security.cert.CertStore certsAndCrls,
                                                              java.io.OutputStream out)
                                                       throws CMSException,
                                                              java.io.IOException

Replace the certificate and CRL information associated with this CMSSignedData object with the new one passed in.

The output stream is returned unclosed.

Parameters:

original - the signed data stream to be used as a base.

certsAndCrls - the new certificates and CRLs to be used.

out - the stream to write the new signed data object to.

Returns:

out.

Throws:

CMSException - if there is an error processing the CertStore

java.io.IOException

makeObj

private static DERObject makeObj(byte[] encoding)
                          throws java.io.IOException

Throws:

java.io.IOException

makeAlgId

private static AlgorithmIdentifier makeAlgId(java.lang.String oid,
                                             byte[] params)
                                      throws java.io.IOException

Throws:

java.io.IOException