|
Oracle Security Developer Tools CMS Java API Reference 10g Release 2 (10.1.2.0.2) B15564-01 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
oracle.security.crypto.cms.CMSContentInfo
oracle.security.crypto.cms.CMSSignedDataContentInfo
This class encapsulates a CMS object of content type signed-data
.
Constructor Summary | |
CMSSignedDataContentInfo() Creates an empty CMSSignedDataContentInfo . |
|
CMSSignedDataContentInfo(CMSContentInfo contentInfo) Creates a CMSSignedDataContentInfo . |
|
CMSSignedDataContentInfo(java.io.InputStream is) Creates a CMSSignedDataContentInfo object, by reading a BER encoding from the specified input stream. |
Method Summary | |
void |
addCertificate(oracle.security.crypto.cert.X509 cert) Appends the given certificate to the list of certificates which will be included with this signed data object. |
void |
addCertificates(java.util.Vector certs) Appends all of the given certificates to the list of certificates which will be included with this signed data object. |
void |
addCRL(oracle.security.crypto.cert.CRL crl) Appends the given CRL to the list of CRLs which will be included with this signed data object. |
void |
addCRLs(java.util.Vector crls) Appends all of the given CRLs to the list of CRLs which will be included with this signed data object. |
void |
addSignature(oracle.security.crypto.cert.AttributeSet authenticatedAttributes, PrivateKey signerKey, oracle.security.crypto.cert.X509 signerCert, AlgorithmIdentifier digestAlgID, AlgorithmIdentifier digestEncryptionAlgID, oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes) Add a Signer using the IssuerAndSerialNumber as the SignerIdentifier i.e a Version1 CMSSignerInfo . |
void |
addSignature(oracle.security.crypto.cert.AttributeSet authenticatedAttributes, PrivateKey signerKey, oracle.security.crypto.cert.X509 signerCert, AlgorithmIdentifier digestAlgID, AlgorithmIdentifier digestEncryptionAlgID, oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes, boolean useSPKI64) Add a Signer using the SubjectPublicKeyIdentifier as the SignerIdentifier i.e a Version3 CMSSignerInfo . |
void |
addSignerInfo(oracle.security.crypto.cert.X509 signerCert, CMSSignerInfo signerInfo) Add a CMSSignerInfo to the list of Signers. |
boolean |
equals(java.lang.Object obj) Indicates whether some other object is "equal to" this one. |
java.util.Vector |
getCertificates() Returns the list of certificates included with this signed data object. |
java.util.Vector |
getCRLs() Returns the list of CRLs included with this signed data object. |
CMSContentInfo |
getEnclosed() Returns the document which was signed. |
ASN1ObjectID |
getEnclosedContentType() Returns the content type of the document which was signed. |
protected byte[] |
getExposedContent() Returns the contents octets of the DER encoding of the content field of this CMS object. |
CMSSignerInfo |
getSignerInfo(oracle.security.crypto.cert.X509 signerCert) Returns the CMSSignerInfo corresponding to the Certificate. |
ASN1Integer |
getVersion() Deprecated. As of Phaos CMS 2.0.1, replaced by getVersionNumber() |
java.math.BigInteger |
getVersionNumber() Returns the version number. |
int |
hashCode() Returns a hash code value for this object. |
protected void |
inputContent(java.io.InputStream is) Initializes this object by reading the Content field of the CMS ContentInfo structure i.e. |
boolean |
isDegenerate() Indicates if this object has any signers i.e. |
boolean |
isDetached() Indicates if this is a detached CMS object. |
boolean |
isExternalSignature() Checks for the presence of external signatures. |
void |
setEnclosed(CMSContentInfo content) Sets the content which was signed. |
protected void |
setExposedContent(byte[] expContent) Returns the contents octets of the DER encoding of the content field of this CMS object. |
java.util.Enumeration |
signers() Return the signatures on this signed data object, in the form of an enumeration, each element of which is an instance of CMSSignerInfo . |
java.lang.String |
toString() Returns a brief text description of this object. |
protected void |
update() Clears the internal output cache. |
void |
verify(oracle.security.crypto.cert.CertificateTrustPolicy trustPolicy) Returns normally if this CMS signed data object contains at least one valid signature, according to the given trust policy; otherwise throws an AuthenticationException . |
void |
verify(oracle.security.crypto.cert.CertificateTrustPolicy trustPolicy, CMSContentInfo contentInfo) Returns normally if this CMS signed data object contains at least one valid signature, according to the given trust policy; otherwise throws an AuthenticationException . |
void |
verifySignature(oracle.security.crypto.cert.X509 signerCert) Returns successfully if this CMS signed data object contains a signature which is validated by the given certificate; otherwise throws an AuthenticationException . |
void |
verifySignature(oracle.security.crypto.cert.X509 signerCert, CMSContentInfo contentInfo) Returns successfully if this CMS signed data object contains a signature which is validated by the given certificate and data; otherwise throws an AuthenticationException . |
void |
writeExternalSignature(boolean createExternalSignature) Indicates if an external signature must be created. |
Methods inherited from class oracle.security.crypto.cms.CMSContentInfo |
computeDigest, contentTypeName, getContentType, input, inputInstance, length, output |
Methods inherited from class java.lang.Object |
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Constructor Detail |
public CMSSignedDataContentInfo()
CMSSignedDataContentInfo
.public CMSSignedDataContentInfo(CMSContentInfo contentInfo)
CMSSignedDataContentInfo
.contentInfo
- The content that is to be signed.public CMSSignedDataContentInfo(java.io.InputStream is) throws java.io.IOException
CMSSignedDataContentInfo
object, by reading a BER encoding from the specified input stream.is
- The input stream.java.io.IOException
- If the input is not correctly encoded or an I/O error occurs.Method Detail |
protected void setExposedContent(byte[] expContent)
CMSContentInfo
setExposedContent
in class CMSContentInfo
null
for a detached CMS object.CMSContentInfo.isDetached()
protected byte[] getExposedContent()
CMSContentInfo
getExposedContent
in class CMSContentInfo
null
for a detached CMS object.CMSContentInfo.isDetached()
public boolean isDegenerate()
CMS (RFC-2630) defines a degenerate object as one which has no signers.
isDegenerate
in class CMSContentInfo
true
if this object has no signers; false
otherwise.public boolean isExternalSignature()
CMS (RFC-2630) defines a external signature as a signed-data object in which the encapsulated content is missing.
true
if external signatures are present; false
otherwise.public void writeExternalSignature(boolean createExternalSignature)
createExternalSignature
- If true
external signatures will be created; false
otherwise.public boolean isDetached()
isDetached
in class CMSContentInfo
true
if detached; false
otherwise.public void setEnclosed(CMSContentInfo content)
This is necessary only if external signatures are present.
isExternalSignature()
public CMSContentInfo getEnclosed()
public ASN1ObjectID getEnclosedContentType()
public java.math.BigInteger getVersionNumber()
public ASN1Integer getVersion()
getVersionNumber()
public java.util.Enumeration signers()
CMSSignerInfo
.CMSSignerInfo
's if present.CMSSignerInfo
public java.lang.String toString()
public java.util.Vector getCertificates()
X509
objects or null
if no list of Certificates is present.public java.util.Vector getCRLs()
CRL
objects or null
if no list of CRLs is present.public CMSSignerInfo getSignerInfo(oracle.security.crypto.cert.X509 signerCert) throws AlgorithmIdentifierException, UnknownSignerException
CMSSignerInfo
corresponding to the Certificate.signerCert
- The signer's X509 certificate.CMSSignerInfo
matching the signing certificate.UnknownSignerException
- Could not find a SignerInfo matching the specified certificate.AlgorithmIdentifierException
public int hashCode()
public boolean equals(java.lang.Object obj)
true
if this object is the same as the obj argument; false
otherwise.public void addCertificate(oracle.security.crypto.cert.X509 cert)
cert
- The certificate to add.public void addCRL(oracle.security.crypto.cert.CRL crl)
crl
- The CRL to add.public void addCertificates(java.util.Vector certs)
certs
- List of X509
instances to add.public void addCRLs(java.util.Vector crls)
crls
- List of CRL
instances to add.public void addSignature(oracle.security.crypto.cert.AttributeSet authenticatedAttributes, PrivateKey signerKey, oracle.security.crypto.cert.X509 signerCert, AlgorithmIdentifier digestAlgID, AlgorithmIdentifier digestEncryptionAlgID, oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes) throws InvalidKeyException, SignatureException, AlgorithmIdentifierException
IssuerAndSerialNumber
as the SignerIdentifier i.e a Version1 CMSSignerInfo
.authenticatedAttributes
- The set of signed attributes.signerKey
- Private Key of the signer.signerCert
- X509 certificate of the signer.digestAlgID
- The digest algorithm.digestEncryptionAlgID
- The signature algorithm.unauthenticatedAttributes
- The set of unsigned attributes.AlgorithmIdentifierException
- Digest algorithm is not supported.InvalidKeyException
- Private Key of the signer is not valid.SignatureException
- Signature algorithm is not supported.public void addSignature(oracle.security.crypto.cert.AttributeSet authenticatedAttributes, PrivateKey signerKey, oracle.security.crypto.cert.X509 signerCert, AlgorithmIdentifier digestAlgID, AlgorithmIdentifier digestEncryptionAlgID, oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes, boolean useSPKI64) throws InvalidKeyException, SignatureException, AlgorithmIdentifierException
SubjectPublicKeyIdentifier
as the SignerIdentifier i.e a Version3 CMSSignerInfo
.
Do not use this method if PKCS#7 v1.5 interoperability is required.
authenticatedAttributes
- The set of signed attributes.signerKey
- Private Key of the signer.signerCert
- X509 certificate of the signer.digestAlgID
- The digest algorithm.digestEncryptionAlgID
- The signature algorithm.unauthenticatedAttributes
- The set of unsigned attributes.useSPKI64
- true
uses a 64 bit SPKI; false
uses a 160 nit SPKI.AlgorithmIdentifierException
- Digest algorithm is not supported.InvalidKeyException
- Private Key of the signer is not valid.SignatureException
- Signature algorithm is not supported.public void addSignerInfo(oracle.security.crypto.cert.X509 signerCert, CMSSignerInfo signerInfo) throws AlgorithmIdentifierException
CMSSignerInfo
to the list of Signers.signerCert
- X509 certificate of the signer.signerInfo
- The SignerInfo object.AlgorithmIdentifierException
- Digest algorithm is not supported.public void verifySignature(oracle.security.crypto.cert.X509 signerCert) throws AuthenticationException, AlgorithmIdentifierException, UnknownSignerException
AuthenticationException
.
This method verifies the specified signature directly and ignores any certificates or CRLs which may be contained in this CMS object. A more complex verification process, which does make use of attached certificates and CRLs, is provided by the verify
method.
UnknownSignerException
- If no signature corresponding to the given certificate exists.AuthenticationException
- If the signature is not valid, or could not be verified for some reason (e.g., the algorithm identifier is unrecognized).AlgorithmIdentifierException
public void verifySignature(oracle.security.crypto.cert.X509 signerCert, CMSContentInfo contentInfo) throws AuthenticationException, AlgorithmIdentifierException, UnknownSignerException
AuthenticationException
.
This method verifies the specified signature directly and ignores any certificates or CRLs which may be contained in this CMS object. A more complex verification process, which does make use of attached certificates and CRLs, is provided by the verify
method.
UnknownSignerException
- If no signature corresponding to the given certificate exists.AuthenticationException
- If the signature is not valid, or could not be verified for some reason (e.g., the algorithm identifier is unrecognized).AlgorithmIdentifierException
public void verify(oracle.security.crypto.cert.CertificateTrustPolicy trustPolicy) throws AuthenticationException
AuthenticationException
.
In order to be considered valid, there must be at least one signature on this CMS message which is validated by one of the certificates included with it; furthermore, the validating certificate must itself be valid according to the given certificate trust policy. This latter validation process may involve examining the other certificates or CRLs included with this object, if called for by the trust policy.
If a signature is encountered for which a certification path can be found, but is invalid, an AuthenticationException
will be created, but will not be thrown until all other signatures have been checked. If another signature is found which is valid, then the method simply returns and no exception at all is thrown.
Do not use this method if any Version 3 CMSSignerInfo
's are present.
AuthenticationException
- If there is no valid signature.public void verify(oracle.security.crypto.cert.CertificateTrustPolicy trustPolicy, CMSContentInfo contentInfo) throws AuthenticationException
AuthenticationException
.
In order to be considered valid, there must be at least one signature on this CMS message which is validated by one of the certificates included with it; furthermore, the validating certificate must itself be valid according to the given certificate trust policy. This latter validation process may involve examining the other certificates or CRLs included with this object, if called for by the trust policy.
If a signature is encountered for which a certification path can be found, but is invalid, an AuthenticationException
will be created, but will not be thrown until all other signatures have been checked. If another signature is found which is valid, then the method simply returns and no exception at all is thrown.
Do not use this method if any Version 3 CMSSignerInfo
's are present.
AuthenticationException
- If there is no valid signature.protected void inputContent(java.io.InputStream is) throws java.io.IOException
CMSContentInfo
This method must be implemented by subclasses. It is unlikely that package users will ever need to call it directly.
inputContent
in class CMSContentInfo
java.io.IOException
protected void update()
update
in class CMSContentInfo
|
Oracle Security Developer Tools CMS Java API Reference 10g Release 2 (10.1.2.0.2) B15564-01 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |