Oracle Security Developer Tools CMS Java API Reference
10g (10.1.4.0.1)

B28170-01


oracle.security.crypto.cms
Class CMSSignedDataContentInfo

java.lang.Object
  extended byoracle.security.crypto.cms.CMSContentInfo
      extended byoracle.security.crypto.cms.CMSSignedDataContentInfo

All Implemented Interfaces:
oracle.security.crypto.asn1.ASN1Object, oracle.security.crypto.util.Streamable

public class CMSSignedDataContentInfo
extends CMSContentInfo

This class encapsulates a CMS object of content type signed-data.


Constructor Summary
CMSSignedDataContentInfo()
          Creates an empty CMSSignedDataContentInfo.
CMSSignedDataContentInfo(CMSContentInfo contentInfo)
          Creates a CMSSignedDataContentInfo.
CMSSignedDataContentInfo(java.io.InputStream is)
          Creates a CMSSignedDataContentInfo object, by reading a BER encoding from the specified input stream.

 

Method Summary
 void addCertificate(oracle.security.crypto.cert.X509 cert)
          Appends the given certificate to the list of certificates which will be included with this signed data object.
 void addCertificates(java.util.Vector certs)
          Appends all of the given certificates to the list of certificates which will be included with this signed data object.
 void addCRL(oracle.security.crypto.cert.CRL crl)
          Appends the given CRL to the list of CRLs which will be included with this signed data object.
 void addCRLs(java.util.Vector crls)
          Appends all of the given CRLs to the list of CRLs which will be included with this signed data object.
 void addSignature(oracle.security.crypto.cert.AttributeSet authenticatedAttributes, oracle.security.crypto.core.PrivateKey signerKey, oracle.security.crypto.cert.X509 signerCert, oracle.security.crypto.core.AlgorithmIdentifier digestAlgID, oracle.security.crypto.core.AlgorithmIdentifier digestEncryptionAlgID, oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes)
          Add a Signer using the IssuerAndSerialNumber as the SignerIdentifier i.e a Version1 CMSSignerInfo.
 void addSignature(oracle.security.crypto.cert.AttributeSet authenticatedAttributes, oracle.security.crypto.core.PrivateKey signerKey, oracle.security.crypto.cert.X509 signerCert, oracle.security.crypto.core.AlgorithmIdentifier digestAlgID, oracle.security.crypto.core.AlgorithmIdentifier digestEncryptionAlgID, oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes, boolean useSPKI64)
          Add a Signer using the SubjectPublicKeyIdentifier as the SignerIdentifier i.e a Version3 CMSSignerInfo.
 void addSignerInfo(oracle.security.crypto.cert.X509 signerCert, CMSSignerInfo signerInfo)
          Add a CMSSignerInfo to the list of Signers.
 boolean equals(java.lang.Object obj)
          Indicates whether some other object is "equal to" this one.
 java.util.Vector getCertificates()
          Returns the list of certificates included with this signed data object.
 java.util.Vector getCRLs()
          Returns the list of CRLs included with this signed data object.
 CMSContentInfo getEnclosed()
          Returns the document which was signed.
 oracle.security.crypto.asn1.ASN1ObjectID getEnclosedContentType()
          Returns the content type of the document which was signed.
protected  byte[] getExposedContent()
          Returns the contents octets of the DER encoding of the content field of this CMS object.
 CMSSignerInfo getSignerInfo(oracle.security.crypto.cert.X509 signerCert)
          Returns the CMSSignerInfo corresponding to the Certificate.
 oracle.security.crypto.asn1.ASN1Integer getVersion()
          Deprecated. As of Phaos CMS 2.0.1, replaced by getVersionNumber()
 java.math.BigInteger getVersionNumber()
          Returns the version number.
 int hashCode()
          Returns a hash code value for this object.
protected  void inputContent(java.io.InputStream is)
          Initializes this object by reading the Content field of the CMS ContentInfo structure i.e.
 boolean isDegenerate()
          Indicates if this object has any signers i.e.
 boolean isDetached()
          Indicates if this is a detached CMS object.
 boolean isExternalSignature()
          Checks for the presence of external signatures.
 void setEnclosed(CMSContentInfo content)
          Sets the content which was signed.
protected  void setExposedContent(byte[] expContent)
          Returns the contents octets of the DER encoding of the content field of this CMS object.
 java.util.Enumeration signers()
          Return the signatures on this signed data object, in the form of an enumeration, each element of which is an instance of CMSSignerInfo.
 java.lang.String toString()
          Returns a brief text description of this object.
protected  void update()
          Clears the internal output cache.
 void verify(oracle.security.crypto.cert.CertificateTrustPolicy trustPolicy)
          Returns normally if this CMS signed data object contains at least one valid signature, according to the given trust policy; otherwise throws an AuthenticationException.
 void verify(oracle.security.crypto.cert.CertificateTrustPolicy trustPolicy, CMSContentInfo contentInfo)
          Returns normally if this CMS signed data object contains at least one valid signature, according to the given trust policy; otherwise throws an AuthenticationException.
 void verifySignature(oracle.security.crypto.cert.X509 signerCert)
          Returns successfully if this CMS signed data object contains a signature which is validated by the given certificate; otherwise throws an AuthenticationException.
 void verifySignature(oracle.security.crypto.cert.X509 signerCert, CMSContentInfo contentInfo)
          Returns successfully if this CMS signed data object contains a signature which is validated by the given certificate and data; otherwise throws an AuthenticationException.
 void writeExternalSignature(boolean createExternalSignature)
          Indicates if an external signature must be created.

 

Methods inherited from class oracle.security.crypto.cms.CMSContentInfo
computeDigest, contentTypeName, getContentType, input, inputInstance, length, output

 

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

 

Constructor Detail

CMSSignedDataContentInfo

public CMSSignedDataContentInfo()
Creates an empty CMSSignedDataContentInfo.

CMSSignedDataContentInfo

public CMSSignedDataContentInfo(CMSContentInfo contentInfo)
Creates a CMSSignedDataContentInfo.
Parameters:
contentInfo - The content that is to be signed.

CMSSignedDataContentInfo

public CMSSignedDataContentInfo(java.io.InputStream is)
                         throws java.io.IOException
Creates a CMSSignedDataContentInfo object, by reading a BER encoding from the specified input stream.
Parameters:
is - The input stream.
Throws:
java.io.IOException - If the input is not correctly encoded or an I/O error occurs.

Method Detail

setExposedContent

protected void setExposedContent(byte[] expContent)
Description copied from class: CMSContentInfo
Returns the contents octets of the DER encoding of the content field of this CMS object. The value returned is suitable for input to the "message-digesting" and "content-encryption" process of RFC-2630.
Specified by:
setExposedContent in class CMSContentInfo
Returns:
The contents octets or null for a detached CMS object.
See Also:
CMSContentInfo.isDetached()

getExposedContent

protected byte[] getExposedContent()
Description copied from class: CMSContentInfo
Returns the contents octets of the DER encoding of the content field of this CMS object. The value returned is suitable for input to the "message-digesting" and "content-encryption" process of RFC-2630.
Specified by:
getExposedContent in class CMSContentInfo
Returns:
The contents octets or null for a detached CMS object.
See Also:
CMSContentInfo.isDetached()

isDegenerate

public boolean isDegenerate()
Indicates if this object has any signers i.e. checks for the absence of any SignerInfo structures.

CMS (RFC-2630) defines a degenerate object as one which has no signers.

Overrides:
isDegenerate in class CMSContentInfo
Returns:
true if this object has no signers; false otherwise.

isExternalSignature

public boolean isExternalSignature()
Checks for the presence of external signatures.

CMS (RFC-2630) defines a external signature as a signed-data object in which the encapsulated content is missing.

Returns:
true if external signatures are present; false otherwise.

writeExternalSignature

public void writeExternalSignature(boolean createExternalSignature)
Indicates if an external signature must be created.
Parameters:
createExternalSignature - If true external signatures will be created; false otherwise.

isDetached

public boolean isDetached()
Indicates if this is a detached CMS object.
Specified by:
isDetached in class CMSContentInfo
Returns:
true if detached; false otherwise.

setEnclosed

public void setEnclosed(CMSContentInfo content)
Sets the content which was signed.

This is necessary only if external signatures are present.

See Also:
isExternalSignature()

getEnclosed

public CMSContentInfo getEnclosed()
Returns the document which was signed. If the content is not attached, the CMS object which is returned will be degenerate.
Returns:
CMSContentInfo The encapsulated CMS Object.

getEnclosedContentType

public oracle.security.crypto.asn1.ASN1ObjectID getEnclosedContentType()
Returns the content type of the document which was signed.
Returns:
The content type identifier.

getVersionNumber

public java.math.BigInteger getVersionNumber()
Returns the version number.
Returns:
The version number.

getVersion

public oracle.security.crypto.asn1.ASN1Integer getVersion()
Deprecated. As of Phaos CMS 2.0.1, replaced by getVersionNumber()
Returns the version number.
Returns:
The version number.

signers

public java.util.Enumeration signers()
Return the signatures on this signed data object, in the form of an enumeration, each element of which is an instance of CMSSignerInfo.
Returns:
Enumeration of CMSSignerInfo's if present.
See Also:
CMSSignerInfo

toString

public java.lang.String toString()
Returns a brief text description of this object.
Returns:
A string description of this object

getCertificates

public java.util.Vector getCertificates()
Returns the list of certificates included with this signed data object.
Returns:
Vector containing X509 objects or null if no list of Certificates is present.

getCRLs

public java.util.Vector getCRLs()
Returns the list of CRLs included with this signed data object.
Returns:
Vector containing CRL objects or null if no list of CRLs is present.

getSignerInfo

public CMSSignerInfo getSignerInfo(oracle.security.crypto.cert.X509 signerCert)
                            throws oracle.security.crypto.core.AlgorithmIdentifierException,
                                   UnknownSignerException
Returns the CMSSignerInfo corresponding to the Certificate.
Parameters:
signerCert - The signer's X509 certificate.
Returns:
The CMSSignerInfo matching the signing certificate.
Throws:
UnknownSignerException - Could not find a SignerInfo matching the specified certificate.
oracle.security.crypto.core.AlgorithmIdentifierException

hashCode

public int hashCode()
Returns a hash code value for this object.
Returns:
The hash code value.

equals

public boolean equals(java.lang.Object obj)
Indicates whether some other object is "equal to" this one.
Returns:
true if this object is the same as the obj argument; false otherwise.

addCertificate

public void addCertificate(oracle.security.crypto.cert.X509 cert)
Appends the given certificate to the list of certificates which will be included with this signed data object.
Parameters:
cert - The certificate to add.

addCRL

public void addCRL(oracle.security.crypto.cert.CRL crl)
Appends the given CRL to the list of CRLs which will be included with this signed data object.
Parameters:
crl - The CRL to add.

addCertificates

public void addCertificates(java.util.Vector certs)
Appends all of the given certificates to the list of certificates which will be included with this signed data object.
Parameters:
certs - List of X509 instances to add.

addCRLs

public void addCRLs(java.util.Vector crls)
Appends all of the given CRLs to the list of CRLs which will be included with this signed data object.
Parameters:
crls - List of CRL instances to add.

addSignature

public void addSignature(oracle.security.crypto.cert.AttributeSet authenticatedAttributes,
                         oracle.security.crypto.core.PrivateKey signerKey,
                         oracle.security.crypto.cert.X509 signerCert,
                         oracle.security.crypto.core.AlgorithmIdentifier digestAlgID,
                         oracle.security.crypto.core.AlgorithmIdentifier digestEncryptionAlgID,
                         oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes)
                  throws oracle.security.crypto.core.InvalidKeyException,
                         oracle.security.crypto.core.SignatureException,
                         oracle.security.crypto.core.AlgorithmIdentifierException
Add a Signer using the IssuerAndSerialNumber as the SignerIdentifier i.e a Version1 CMSSignerInfo.
Parameters:
authenticatedAttributes - The set of signed attributes.
signerKey - Private Key of the signer.
signerCert - X509 certificate of the signer.
digestAlgID - The digest algorithm.
digestEncryptionAlgID - The signature algorithm.
unauthenticatedAttributes - The set of unsigned attributes.
Throws:
oracle.security.crypto.core.AlgorithmIdentifierException - Digest algorithm is not supported.
oracle.security.crypto.core.InvalidKeyException - Private Key of the signer is not valid.
oracle.security.crypto.core.SignatureException - Signature algorithm is not supported.

addSignature

public void addSignature(oracle.security.crypto.cert.AttributeSet authenticatedAttributes,
                         oracle.security.crypto.core.PrivateKey signerKey,
                         oracle.security.crypto.cert.X509 signerCert,
                         oracle.security.crypto.core.AlgorithmIdentifier digestAlgID,
                         oracle.security.crypto.core.AlgorithmIdentifier digestEncryptionAlgID,
                         oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes,
                         boolean useSPKI64)
                  throws oracle.security.crypto.core.InvalidKeyException,
                         oracle.security.crypto.core.SignatureException,
                         oracle.security.crypto.core.AlgorithmIdentifierException
Add a Signer using the SubjectPublicKeyIdentifier as the SignerIdentifier i.e a Version3 CMSSignerInfo.

Do not use this method if PKCS#7 v1.5 interoperability is required.

Parameters:
authenticatedAttributes - The set of signed attributes.
signerKey - Private Key of the signer.
signerCert - X509 certificate of the signer.
digestAlgID - The digest algorithm.
digestEncryptionAlgID - The signature algorithm.
unauthenticatedAttributes - The set of unsigned attributes.
useSPKI64 - true uses a 64 bit SPKI; false uses a 160 nit SPKI.
Throws:
oracle.security.crypto.core.AlgorithmIdentifierException - Digest algorithm is not supported.
oracle.security.crypto.core.InvalidKeyException - Private Key of the signer is not valid.
oracle.security.crypto.core.SignatureException - Signature algorithm is not supported.

addSignerInfo

public void addSignerInfo(oracle.security.crypto.cert.X509 signerCert,
                          CMSSignerInfo signerInfo)
                   throws oracle.security.crypto.core.AlgorithmIdentifierException
Add a CMSSignerInfo to the list of Signers.
Parameters:
signerCert - X509 certificate of the signer.
signerInfo - The SignerInfo object.
Throws:
oracle.security.crypto.core.AlgorithmIdentifierException - Digest algorithm is not supported.

verifySignature

public void verifySignature(oracle.security.crypto.cert.X509 signerCert)
                     throws oracle.security.crypto.core.AuthenticationException,
                            oracle.security.crypto.core.AlgorithmIdentifierException,
                            UnknownSignerException
Returns successfully if this CMS signed data object contains a signature which is validated by the given certificate; otherwise throws an AuthenticationException.

This method verifies the specified signature directly and ignores any certificates or CRLs which may be contained in this CMS object. A more complex verification process, which does make use of attached certificates and CRLs, is provided by the verify method.

Throws:
UnknownSignerException - If no signature corresponding to the given certificate exists.
oracle.security.crypto.core.AuthenticationException - If the signature is not valid, or could not be verified for some reason (e.g., the algorithm identifier is unrecognized).
oracle.security.crypto.core.AlgorithmIdentifierException

verifySignature

public void verifySignature(oracle.security.crypto.cert.X509 signerCert,
                            CMSContentInfo contentInfo)
                     throws oracle.security.crypto.core.AuthenticationException,
                            oracle.security.crypto.core.AlgorithmIdentifierException,
                            UnknownSignerException
Returns successfully if this CMS signed data object contains a signature which is validated by the given certificate and data; otherwise throws an AuthenticationException.

This method verifies the specified signature directly and ignores any certificates or CRLs which may be contained in this CMS object. A more complex verification process, which does make use of attached certificates and CRLs, is provided by the verify method.

Throws:
UnknownSignerException - If no signature corresponding to the given certificate exists.
oracle.security.crypto.core.AuthenticationException - If the signature is not valid, or could not be verified for some reason (e.g., the algorithm identifier is unrecognized).
oracle.security.crypto.core.AlgorithmIdentifierException

verify

public void verify(oracle.security.crypto.cert.CertificateTrustPolicy trustPolicy)
            throws oracle.security.crypto.core.AuthenticationException
Returns normally if this CMS signed data object contains at least one valid signature, according to the given trust policy; otherwise throws an AuthenticationException.

In order to be considered valid, there must be at least one signature on this CMS message which is validated by one of the certificates included with it; furthermore, the validating certificate must itself be valid according to the given certificate trust policy. This latter validation process may involve examining the other certificates or CRLs included with this object, if called for by the trust policy.

If a signature is encountered for which a certification path can be found, but is invalid, an AuthenticationException will be created, but will not be thrown until all other signatures have been checked. If another signature is found which is valid, then the method simply returns and no exception at all is thrown.

Do not use this method if any Version 3 CMSSignerInfo's are present.

Throws:
oracle.security.crypto.core.AuthenticationException - If there is no valid signature.

verify

public void verify(oracle.security.crypto.cert.CertificateTrustPolicy trustPolicy,
                   CMSContentInfo contentInfo)
            throws oracle.security.crypto.core.AuthenticationException
Returns normally if this CMS signed data object contains at least one valid signature, according to the given trust policy; otherwise throws an AuthenticationException.

In order to be considered valid, there must be at least one signature on this CMS message which is validated by one of the certificates included with it; furthermore, the validating certificate must itself be valid according to the given certificate trust policy. This latter validation process may involve examining the other certificates or CRLs included with this object, if called for by the trust policy.

If a signature is encountered for which a certification path can be found, but is invalid, an AuthenticationException will be created, but will not be thrown until all other signatures have been checked. If another signature is found which is valid, then the method simply returns and no exception at all is thrown.

Do not use this method if any Version 3 CMSSignerInfo's are present.

Throws:
oracle.security.crypto.core.AuthenticationException - If there is no valid signature.

inputContent

protected void inputContent(java.io.InputStream is)
                     throws java.io.IOException
Description copied from class: CMSContentInfo
Initializes this object by reading the Content field of the CMS ContentInfo structure i.e. the input stream must be positioned at the value octets of the Content field i.e. after the explicit [0] tag.

This method must be implemented by subclasses. It is unlikely that package users will ever need to call it directly.

Specified by:
inputContent in class CMSContentInfo
Throws:
java.io.IOException

update

protected void update()
Clears the internal output cache. This method is called automatically if the object ever changes, so API users need not be concerned with it. Implementors of subclasses, however, do need to ensure that it gets called when appropriate.
Overrides:
update in class CMSContentInfo

Oracle Security Developer Tools CMS Java API Reference
10g (10.1.4.0.1)

B28170-01


Copyright © 2005 ,2006 , Oracle. All rights reserved.