Skip navigation links

Package   Class  Tree  Deprecated  Index  Help 
Oracle Security Developer Tools CMS Java API Reference
11g (11.1.1)
E10667-02
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

oracle.security.crypto.cms
Class CMSSignerInfo

java.lang.Object
  extended by oracle.security.crypto.cms.CMSSignerInfo

All Implemented Interfaces:
oracle.security.crypto.asn1.ASN1Object, oracle.security.crypto.util.Streamable
public final class CMSSignerInfo
extends java.lang.Object
implements oracle.security.crypto.asn1.ASN1Object

The CMSSignerInfo represents one signature.

CMSSignerInfo objects are signed at the time they are instantiated. Once created, the only modification that can be made is to add unsigned attributes (which includes countersignatures).

Constructor Summary
CMSSignerInfo(CMSContentInfo contentInfo, oracle.security.crypto.cert.AttributeSet authenticatedAttributes, java.security.PrivateKey signerKey, java.security.cert.X509Certificate signerCert, oracle.security.crypto.core.AlgorithmIdentifier digestAlgID, oracle.security.crypto.core.AlgorithmIdentifier digestEncryptionAlgID, oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes)
          Creates a CMSSignerInfo object by the computing a signature on the given CMS object together with its attributes.
CMSSignerInfo(CMSContentInfo contentInfo, oracle.security.crypto.cert.AttributeSet authenticatedAttributes, java.security.PrivateKey signerKey, java.security.cert.X509Certificate signerCert, oracle.security.crypto.core.AlgorithmIdentifier digestAlgID, oracle.security.crypto.core.AlgorithmIdentifier digestEncryptionAlgID, oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes, boolean use64BitSPKI)
          Creates a CMSSignerInfo using the Subject Key Identifier as the signer identifier.
CMSSignerInfo(java.io.InputStream is)
          Creates a CMSSignerInfo by reading from the specified input stream.
CMSSignerInfo(oracle.security.crypto.cert.X500Name issuer, java.math.BigInteger serialNo, oracle.security.crypto.core.AlgorithmIdentifier digestAlgID, oracle.security.crypto.core.AlgorithmIdentifier digestEncryptionAlgID, oracle.security.crypto.cert.AttributeSet authenticatedAttributes, oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes, byte[] encryptedDigest)
          Creates a CMSSignerInfo using an already computed signature.
CMSSignerInfo(java.security.cert.X509Certificate cert, oracle.security.crypto.core.AlgorithmIdentifier digestAlgID, oracle.security.crypto.core.AlgorithmIdentifier digestEncryptionAlgID, oracle.security.crypto.cert.AttributeSet authenticatedAttributes, oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes, byte[] encryptedDigest)
          Creates a CMSSignerInfo using an already computed signature.

 

Method Summary
 void addUnsignedAttribute(oracle.security.crypto.cert.Attribute attr)
          Add a unsigned attribute.
 boolean equals(java.lang.Object obj)
          Indicates whether some other object is "equal to" this one.
 oracle.security.crypto.cert.AttributeSet getAuthenticatedAttributes()
          Deprecated. As of Phaos CMS 2.0.1, replaced by getSignedAttributes()
 oracle.security.crypto.core.AlgorithmIdentifier getDigestAlgID()
          Returns the digest algorithm.
 oracle.security.crypto.core.AlgorithmIdentifier getDigestEncryptionAlgID()
          Returns the signature algorithm.
 byte[] getEncryptedDigest()
          Returns the encrypted digest.
 oracle.security.crypto.cert.X500Name getIssuer()
          Returns the distinguished name of the CA which issued the signer's certificate.
 java.math.BigInteger getSerialNo()
          Returns the serial number of the signer's certificate.
 oracle.security.crypto.cert.AttributeSet getSignedAttributes()
          Returns the set of signed attributes.
 oracle.security.crypto.cert.AttributeSet getUnauthenticatedAttributes()
          Deprecated. As of Phaos CMS 2.0.1, replaced by getUnsignedAttributes()
 oracle.security.crypto.cert.AttributeSet getUnsignedAttributes()
          Returns set of the unsigned attributes.
 oracle.security.crypto.asn1.ASN1Integer getVersion()
          Deprecated. As of Phaos CMS 2.0.1, replaced by getVersionNumber()
 java.math.BigInteger getVersionNumber()
          Returns the version number.
 int hashCode()
          Returns a hash code value for this object.
 void input(java.io.InputStream is)
          Initializes this object by reading the BER encoding of a CMS signed-data structure from the specified input stream.
 boolean isSPKI()
          Checks if the subject key identifier (SPKI) is being used as the signer identifier.
 int length()
          Returns the length of this object's encoding.
 void output(java.io.OutputStream os)
          Output this object's encoding to the specified output stream.
 java.lang.String toString()
          Print some information about this object.
 void verifySignature(CMSContentInfo contentInfo, java.security.PublicKey publicKey)
          Verifies that this signature matches the given document.

 

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

 

Constructor Detail

CMSSignerInfo

public CMSSignerInfo(CMSContentInfo contentInfo,
                     oracle.security.crypto.cert.AttributeSet authenticatedAttributes,
                     java.security.PrivateKey signerKey,
                     java.security.cert.X509Certificate signerCert,
                     oracle.security.crypto.core.AlgorithmIdentifier digestAlgID,
                     oracle.security.crypto.core.AlgorithmIdentifier digestEncryptionAlgID,
                     oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes)
              throws java.security.InvalidKeyException,
                     java.security.SignatureException,
                     java.security.NoSuchAlgorithmException,
                     java.security.cert.CertificateEncodingException,
                     java.io.IOException
Creates a CMSSignerInfo object by the computing a signature on the given CMS object together with its attributes.

The authenticatedAttributes must not contain the messageDigest or contentType attributes as these will be generated automatically.

Note the changes in the Method signature

Previouslypublic CMSSignerInfo (CMSContentInfo , AttributeSet , oracle.security.crypto.core.PrivateKey , X509, AlgorithmIdentifier ,AlgorithmIdentifier , AttributeSet )

Nowpublic CMSSignerInfo (CMSContentInfo , AttributeSet , java.security.PrivateKey , X509Certificate, AlgorithmIdentifier ,AlgorithmIdentifier , AttributeSet )

Note the changes in the exceptions

Exceptions not thrown -- AlgorithmIdentifierException

Exceptions included -- NoSuchAlgorithmException ,CertificateEncodingException, IOException

Parameters:
contentInfo - The document to be signed.
authenticatedAttributes - The set of authenticated attributes.
signerKey - The private key to sign with.
signerCert - The signer's X.509 certificate.
digestAlgID - The message digest algorithm.
digestEncryptAlgID - The cipher algorithm.
unauthenticatedAttributes - The set of unauthenticated attributes.
Throws:
java.security.InvalidKeyException - The signing key is invalid.
java.security.SignatureException - An error occurred while generating the signature.
java.security.cert.CertificateEncodingException - Error while encoding the certificate
java.security.NoSuchAlgorithmException - Algorithm not supported
java.io.IOException - IO error when creating a certificate from the input stream

CMSSignerInfo

public CMSSignerInfo(oracle.security.crypto.cert.X500Name issuer,
                     java.math.BigInteger serialNo,
                     oracle.security.crypto.core.AlgorithmIdentifier digestAlgID,
                     oracle.security.crypto.core.AlgorithmIdentifier digestEncryptionAlgID,
                     oracle.security.crypto.cert.AttributeSet authenticatedAttributes,
                     oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes,
                     byte[] encryptedDigest)
Creates a CMSSignerInfo using an already computed signature.
Parameters:
issuer - The X500Name of the issuer of the signing certificate.
serialNo - The serial number of the signing certificate.
digestAlgID - The message digest algorithm.
digestEncryptAlgID - The cipher algorithm.
authenticatedAttributes - The set of authenticated attributes.
unauthenticatedAttributes - The set of unauthenticated attributes.
encryptedDigest - The signature.

CMSSignerInfo

public CMSSignerInfo(java.security.cert.X509Certificate cert,
                     oracle.security.crypto.core.AlgorithmIdentifier digestAlgID,
                     oracle.security.crypto.core.AlgorithmIdentifier digestEncryptionAlgID,
                     oracle.security.crypto.cert.AttributeSet authenticatedAttributes,
                     oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes,
                     byte[] encryptedDigest)
              throws java.security.cert.CertificateEncodingException,
                     java.io.IOException
Creates a CMSSignerInfo using an already computed signature.

Note the changes in the Method signature

Previouslypublic CMSSignerInfo (X509, AlgorithmIdentifier , AlgorithmIdentifier , AttributeSet , AttributeSet, byte[] )

Nowpublic CMSSignerInfo (X509Certificate, AlgorithmIdentifier , AlgorithmIdentifier , AttributeSet , AttributeSet, byte[] )

Note the changes in the exceptions

Exceptions included -- CertificateEncodingException, IOException

Parameters:
cert - The signing certificate.
digestAlgID - The message digest algorithm.
digestEncryptAlgID - The cipher algorithm.
authenticatedAttributes - The set of authenticated attributes.
unauthenticatedAttributes - The set of unauthenticated attributes.
encryptedDigest - The signature.
Throws:
java.security.cert.CertificateEncodingException - Error while encoding the certificate
java.io.IOException - IO error when creating a certificate from the input stream

CMSSignerInfo

public CMSSignerInfo(java.io.InputStream is)
              throws java.io.IOException
Creates a CMSSignerInfo by reading from the specified input stream.
Parameters:
is - The input stream.
Throws:
java.io.IOException - If the input is not correctly formatted or an I/O exception occurs.

CMSSignerInfo

public CMSSignerInfo(CMSContentInfo contentInfo,
                     oracle.security.crypto.cert.AttributeSet authenticatedAttributes,
                     java.security.PrivateKey signerKey,
                     java.security.cert.X509Certificate signerCert,
                     oracle.security.crypto.core.AlgorithmIdentifier digestAlgID,
                     oracle.security.crypto.core.AlgorithmIdentifier digestEncryptionAlgID,
                     oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes,
                     boolean use64BitSPKI)
              throws java.security.InvalidKeyException,
                     java.security.SignatureException,
                     java.security.NoSuchAlgorithmException
Creates a CMSSignerInfo using the Subject Key Identifier as the signer identifier.

Note the changes in the Method signature

Previouslypublic CMSSignerInfo (CMSContentInfo , AttributeSet,oracle.security.crypto.core.PrivateKey , X509 , AlgorithmIdentifier , AlgorithmIdentifier , AttributeSet ,boolean)

Now(CMSContentInfo , AttributeSet,java.security.PrivateKey , X509Certificate , AlgorithmIdentifier , AlgorithmIdentifier , AttributeSet ,boolean)

Note the changes in the exceptions

Exception no longer throwns -- AlgorithmIdentifierException

Exceptions included -- NoSuchAlgorithmException

Parameters:
contentInfo -
authenticatedAttributes - Set of Attributes that are not signed.
signerKey - X509 Signing Certificate.
signerCert - Signer's Private Key.
digestAlgID - Digest Algorithm to use.
digestEncryptionAlgID - Signature Algorithm to use.
unauthenticatedAttributes - Set of Attributes that are not signed.
use64BitSPKI - If true the 64 bit Identifier will be used; If false the 160 bit Identifier will be used.
Throws:
java.security.InvalidKeyException - The private key is not valid.
java.security.SignatureException - The signature could not be verified.
java.security.NoSuchAlgorithmException - The digest or signature algorithm is not supported.

Method Detail

getIssuer

public oracle.security.crypto.cert.X500Name getIssuer()
Returns the distinguished name of the CA which issued the signer's certificate.
Returns:
The signing certificate issuer's DN.

getSerialNo

public java.math.BigInteger getSerialNo()
Returns the serial number of the signer's certificate.
Returns:
The serial number of the signing certificate.

getSignedAttributes

public oracle.security.crypto.cert.AttributeSet getSignedAttributes()
Returns the set of signed attributes.
Returns:
The signed attributes if present or null otherwise.

getUnsignedAttributes

public oracle.security.crypto.cert.AttributeSet getUnsignedAttributes()
Returns set of the unsigned attributes.
Returns:
The unsigned attributes if present or null otherwise.

getAuthenticatedAttributes

public oracle.security.crypto.cert.AttributeSet getAuthenticatedAttributes()
Deprecated. As of Phaos CMS 2.0.1, replaced by getSignedAttributes()
Returns the set of signed attributes.
Returns:
The signed attributes if present or null otherwise.

getUnauthenticatedAttributes

public oracle.security.crypto.cert.AttributeSet getUnauthenticatedAttributes()
Deprecated. As of Phaos CMS 2.0.1, replaced by getUnsignedAttributes()
Returns set of the unsigned attributes.
Returns:
The unsigned attributes if present or null otherwise.

addUnsignedAttribute

public void addUnsignedAttribute(oracle.security.crypto.cert.Attribute attr)
Add a unsigned attribute.
Parameters:
attr - The unsigned attribute.
Since:
2.0.1

getDigestAlgID

public oracle.security.crypto.core.AlgorithmIdentifier getDigestAlgID()
Returns the digest algorithm.
Returns:
The digest algorithm Identifier.

getDigestEncryptionAlgID

public oracle.security.crypto.core.AlgorithmIdentifier getDigestEncryptionAlgID()
Returns the signature algorithm.
Returns:
The signature algorithm identifier.

getEncryptedDigest

public byte[] getEncryptedDigest()
Returns the encrypted digest.
Returns:
A byte array containing the encrypted digest.

isSPKI

public boolean isSPKI()
Checks if the subject key identifier (SPKI) is being used as the signer identifier.
Returns:
true if SPKI is being used; false if IASN is being used.

getVersionNumber

public java.math.BigInteger getVersionNumber()
Returns the version number.
Returns:
The version number.

getVersion

public oracle.security.crypto.asn1.ASN1Integer getVersion()
Deprecated. As of Phaos CMS 2.0.1, replaced by getVersionNumber()
Returns the version number.
Returns:
The version number.

toString

public java.lang.String toString()
Print some information about this object.
Overrides:
toString in class java.lang.Object
Returns:
A string description of this Object.

hashCode

public int hashCode()
Returns a hash code value for this object.
Overrides:
hashCode in class java.lang.Object
Returns:
The hash code value.

equals

public boolean equals(java.lang.Object obj)
Indicates whether some other object is "equal to" this one.
Overrides:
equals in class java.lang.Object
Returns:
true if this object is the same as the obj argument; false otherwise.

verifySignature

public void verifySignature(CMSContentInfo contentInfo,
                            java.security.PublicKey publicKey)
                     throws oracle.security.crypto.core.AuthenticationException,
                            java.security.SignatureException
Verifies that this signature matches the given document.

This method will return only if the signature is valid.

Note the changes in the Method signature

Previouslypublic void verifySignature (CMSContentInfo , oracle.security.crypto.core.PublicKey )

Nowpublic void verifySignature (CMSContentInfo , java.security.PublicKey )

Note the changes in the exceptions

Exceptions included -- SignatureException

Parameters:
contentInfo - The document (a CMS object) to verify.
publicKey - Public key with which to verify signature.
Throws:
oracle.security.crypto.core.AuthenticationException - If the signature is not valid, or could not be verified for some reason (e.g., the algorithm identifier is unrecognized)
java.security.SignatureException - Signature algorithm not supported

input

public void input(java.io.InputStream is)
           throws java.io.IOException
Initializes this object by reading the BER encoding of a CMS signed-data structure from the specified input stream.
Specified by:
input in interface oracle.security.crypto.util.Streamable
Parameters:
is - The input stream.
Throws:
java.io.IOException - If the input is not correctly formatted or an I/O error occurs.

output

public void output(java.io.OutputStream os)
            throws java.io.IOException
Output this object's encoding to the specified output stream.
Specified by:
output in interface oracle.security.crypto.util.Streamable
Parameters:
output - The specified output stream.
Throws:
java.io.IOException - If an I/O error occurs.

length

public int length()
Returns the length of this object's encoding.
Specified by:
length in interface oracle.security.crypto.util.Streamable
Returns:
The length in bytes.

Skip navigation links

Package   Class  Tree  Deprecated  Index  Help 
Oracle Security Developer Tools CMS Java API Reference
11g (11.1.1)
E10667-02
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

Copyright © 2005, 2009, Oracle. All rights reserved.