oracle.security.crypto.cms
Class CMSAuthenticatedDataContentInfo

java.lang.Object
oracle.security.crypto.cms.CMSContentInfo
oracle.security.crypto.cms.CMSAuthenticatedDataContentInfo

All Implemented Interfaces:

oracle.security.crypto.asn1.ASN1Object, oracle.security.crypto.util.Streamable

public class CMSAuthenticatedDataContentInfo

extends CMSContentInfo

This class encapsulates a CMS object of content type authenticated-data.

Constructor Summary

CMSAuthenticatedDataContentInfo()
Creates an empty CMSAuthenticatedDataContentInfo.

CMSAuthenticatedDataContentInfo(CMSContentInfo contentInfo, oracle.security.crypto.core.SymmetricKey hmacKey, oracle.security.crypto.core.AlgorithmIdentifier macAlgorithm)
Creates a CMSAuthenticatedDataContentInfo.

CMSAuthenticatedDataContentInfo(CMSContentInfo contentInfo, oracle.security.crypto.core.SymmetricKey hmacKey, oracle.security.crypto.core.AlgorithmIdentifier hmacKeyAlgID, OriginatorInfo originatorInfo, oracle.security.crypto.core.AlgorithmIdentifier macAlgorithm, oracle.security.crypto.core.AlgorithmIdentifier digestAlgorithm, oracle.security.crypto.cert.AttributeSet authenticatedAttributes, oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes)
Creates a CMSAuthenticatedDataContentInfo.

CMSAuthenticatedDataContentInfo(CMSContentInfo contentInfo, oracle.security.crypto.core.SymmetricKey hmacKey, OriginatorInfo originatorInfo, oracle.security.crypto.core.AlgorithmIdentifier macAlgorithm, oracle.security.crypto.core.AlgorithmIdentifier digestAlgorithm, oracle.security.crypto.cert.AttributeSet authenticatedAttributes, oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes)
Creates a CMSAuthenticatedDataContentInfo.

CMSAuthenticatedDataContentInfo(java.io.InputStream is)
Creates a CMSAuthenticatedDataContentInfo by reading a BER encoding from the given input stream.

Method Summary

void	addRecipient(oracle.security.crypto.core.AlgorithmIdentifier keyEncryptionAlgID, oracle.security.crypto.core.SymmetricKey keyEncryptionKey, byte[] keyIdentifier, java.util.Date keyDate, oracle.security.crypto.asn1.ASN1Sequence otherKeyAttribute) Add a recipient.
void	addRecipient(CMSRecipientInfoSpec ris) Add a recipient.
void	addRecipient(oracle.security.crypto.cert.X509 recipientCert, oracle.security.crypto.core.AlgorithmIdentifier keyEncryptionAlgID) Add a recipient.
void	addRecipient(oracle.security.crypto.cert.X509 recipientCert, oracle.security.crypto.core.AlgorithmIdentifier keyEncryptionAlgID, boolean useSPKI64) Add a recipient.
oracle.security.crypto.cert.AttributeSet	getAuthenticatedAttributes() Returns the Authenticated Attributes.
oracle.security.crypto.core.AlgorithmIdentifier	getDigestAlgID() Returns the digest algorithm.
CMSContentInfo	getEnclosed() Returns the authenticated content.
oracle.security.crypto.asn1.ASN1ObjectID	getEnclosedContentType() Returns the content type of the enclosed content.
protected byte[]	getExposedContent() Returns the contents octets of the DER encoding of the content field of this CMS object.
byte[]	getMAC() Returns the message authentication code.
oracle.security.crypto.core.AlgorithmIdentifier	getMACAlgID() Returns the MAC algorithm used for authentication.
OriginatorInfo	getOriginatorInfo() Returns the Originator Info.
oracle.security.crypto.cert.AttributeSet	getUnauthenticatedAttributes() Returns the Unauthenticated Attributes.
oracle.security.crypto.asn1.ASN1Integer	getVersion() Deprecated. As of Phaos CMS 2.0.1, replaced by getVersionNumber()
java.math.BigInteger	getVersionNumber() Returns the version number.
protected void	inputContent(java.io.InputStream is) Initializes this object by reading the Content field of the CMS ContentInfo structure i.e.
boolean	isDetached() Indicates if this object is detached.
java.util.Enumeration	recipients() Returns the list of message recipients.
void	setAuthenticatedAttributes(oracle.security.crypto.cert.AttributeSet authenticatedAttributes, oracle.security.crypto.core.AlgorithmIdentifier digestAlgorithm) Set the Authenticated attributes.
void	setEnclosed(CMSContentInfo content) Sets the authenticated content.
protected void	setExposedContent(byte[] expContent) Returns the contents octets of the DER encoding of the content field of this CMS object.
void	setOriginatorInfo(OriginatorInfo originatorInfo) Set the OriginatorInfo.
void	setUnauthenticatedAttributes(oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes) Set the unauthenticated attributes.
java.lang.String	toString() Returns a brief text description of this object.
protected void	update() Clears the internal output cache.
void	verifyMAC(oracle.security.crypto.core.PrivateKey privateKey, oracle.security.crypto.cert.X509 recipientCert) Returns the enclosed content after decryption.
void	verifyMAC(oracle.security.crypto.core.SymmetricKey symmetricKey, byte[] keyIdentifier) Returns the enclosed content after decryption.
void	verifyMAC(oracle.security.crypto.core.SymmetricKey symmetricKey, byte[] keyIdentifier, java.util.Date keyDate) Returns the enclosed content after decryption.
void	verifyMAC(oracle.security.crypto.core.SymmetricKey symmetricKey, byte[] keyIdentifier, java.util.Date keyDate, oracle.security.crypto.asn1.ASN1Sequence otherKeyAttribute) Returns the enclosed content after decryption.
void	writeDetached(boolean writeDetachedObject) Indicate if the CMS Object that is being authenticated should be omitted while generating this object's encoding.

Methods inherited from class oracle.security.crypto.cms.CMSContentInfo

computeDigest, contentTypeName, getContentType, input, inputInstance, isDegenerate, length, output

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

CMSAuthenticatedDataContentInfo

public CMSAuthenticatedDataContentInfo()

Creates an empty CMSAuthenticatedDataContentInfo.

CMSAuthenticatedDataContentInfo

public CMSAuthenticatedDataContentInfo(CMSContentInfo contentInfo,
                                       oracle.security.crypto.core.SymmetricKey hmacKey,
                                       oracle.security.crypto.core.AlgorithmIdentifier macAlgorithm)
                                throws oracle.security.crypto.util.InvalidInputException,
                                       oracle.security.crypto.core.AlgorithmIdentifierException

Creates a CMSAuthenticatedDataContentInfo.

Parameters:

contentInfo - The document to authenticate.

hmacKey - The key to use for the HMAC operation.

macAlgorithm - The message authentication algorithm.

Throws:

oracle.security.crypto.util.InvalidInputException - Input parameters are incomplete or invalid.

oracle.security.crypto.core.AlgorithmIdentifierException - Algorithm is not supported.

CMSAuthenticatedDataContentInfo

public CMSAuthenticatedDataContentInfo(CMSContentInfo contentInfo,
                                       oracle.security.crypto.core.SymmetricKey hmacKey,
                                       OriginatorInfo originatorInfo,
                                       oracle.security.crypto.core.AlgorithmIdentifier macAlgorithm,
                                       oracle.security.crypto.core.AlgorithmIdentifier digestAlgorithm,
                                       oracle.security.crypto.cert.AttributeSet authenticatedAttributes,
                                       oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes)
                                throws oracle.security.crypto.util.InvalidInputException,
                                       oracle.security.crypto.core.AlgorithmIdentifierException

Creates a CMSAuthenticatedDataContentInfo.

Note that the Authenticated Attributes 'Content Type' and 'Message Digest' are automatically added.

Parameters:

contentInfo - The document to authenticate.

hmacKey - The key to use for the HMAC operation.

originatorInfo - The originator information.

macAlgorithm - The message authentication algorithm.

digestAlgorithm - The message digest algorithm.

authenticatedAttributes - The set of authenticatedAttributes.

unauthenticatedAttributes - The set of unauthenticatedAttributes.

Throws:

oracle.security.crypto.util.InvalidInputException - Input parameters are incomplete or invalid.

oracle.security.crypto.core.AlgorithmIdentifierException - Algorithm is not supported.

CMSAuthenticatedDataContentInfo

public CMSAuthenticatedDataContentInfo(CMSContentInfo contentInfo,
                                       oracle.security.crypto.core.SymmetricKey hmacKey,
                                       oracle.security.crypto.core.AlgorithmIdentifier hmacKeyAlgID,
                                       OriginatorInfo originatorInfo,
                                       oracle.security.crypto.core.AlgorithmIdentifier macAlgorithm,
                                       oracle.security.crypto.core.AlgorithmIdentifier digestAlgorithm,
                                       oracle.security.crypto.cert.AttributeSet authenticatedAttributes,
                                       oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes)
                                throws oracle.security.crypto.util.InvalidInputException,
                                       oracle.security.crypto.core.AlgorithmIdentifierException

Creates a CMSAuthenticatedDataContentInfo.

Note that the Authenticated Attributes 'Content Type' and 'Message Digest' are automatically added.

Parameters:

contentInfo - The document to authenticate.

hmacKey - The key to use for the HMAC operation.

originatorInfo - The originator information.

macAlgorithm - The message authentication algorithm.

digestAlgorithm - The message digest algorithm.

authenticatedAttributes - The set of authenticatedAttributes.

unauthenticatedAttributes - The set of unauthenticatedAttributes.

Throws:

oracle.security.crypto.util.InvalidInputException - Input parameters are incomplete or invalid.

oracle.security.crypto.core.AlgorithmIdentifierException - Algorithm is not supported.

CMSAuthenticatedDataContentInfo

public CMSAuthenticatedDataContentInfo(java.io.InputStream is)
                                throws java.io.IOException

Creates a CMSAuthenticatedDataContentInfo by reading a BER encoding from the given input stream.

Parameters:

is - The input stream.

Throws:

java.io.IOException - If the input is not correctly formatted, has the wrong content type or an I/O exception occurs while reading from the input stream.

Method Detail

isDetached

public boolean isDetached()

Indicates if this object is detached.

Specified by:

isDetached in class CMSContentInfo

Returns:

Returns true if detached; false otherwise.

See Also:

CMSContentInfo.isDetached()

writeDetached

public void writeDetached(boolean writeDetachedObject)

Indicate if the CMS Object that is being authenticated should be omitted while generating this object's encoding.

Parameters:

writeDetachedObject - If true, the CMS Object that is being authenticated is not output; false otherwise.

See Also:

CMSContentInfo.isDetached()

setExposedContent

protected void setExposedContent(byte[] expContent)

Description copied from class: CMSContentInfo

Returns the contents octets of the DER encoding of the content field of this CMS object. The value returned is suitable for input to the "message-digesting" and "content-encryption" process of RFC-2630.

Specified by:

setExposedContent in class CMSContentInfo

Returns:

The contents octets or null for a detached CMS object.

See Also:

CMSContentInfo.isDetached()

getExposedContent

protected byte[] getExposedContent()

Description copied from class: CMSContentInfo

Returns the contents octets of the DER encoding of the content field of this CMS object. The value returned is suitable for input to the "message-digesting" and "content-encryption" process of RFC-2630.

Specified by:

getExposedContent in class CMSContentInfo

Returns:

The contents octets or null for a detached CMS object.

See Also:

CMSContentInfo.isDetached()

getVersionNumber

public java.math.BigInteger getVersionNumber()

Returns the version number.

Returns:

The version number.

getVersion

public oracle.security.crypto.asn1.ASN1Integer getVersion()

Deprecated. As of Phaos CMS 2.0.1, replaced by getVersionNumber()

Returns the version number.

Returns:

The version number as an ASN1Integer.

getOriginatorInfo

public OriginatorInfo getOriginatorInfo()

Returns the Originator Info.

Returns:

The OriginatorInfo if present or null otherwise.

getMACAlgID

public oracle.security.crypto.core.AlgorithmIdentifier getMACAlgID()

Returns the MAC algorithm used for authentication.

Returns:

The algorithm identifier.

getDigestAlgID

public oracle.security.crypto.core.AlgorithmIdentifier getDigestAlgID()

Returns the digest algorithm.

Returns:

The digest identifier if present or null otherwise.

getEnclosedContentType

public oracle.security.crypto.asn1.ASN1ObjectID getEnclosedContentType()

Returns the content type of the enclosed content.

Returns:

The content type object identifier.

getEnclosed

public CMSContentInfo getEnclosed()

Returns the authenticated content.

Returns:

The authenticated CMS object.

setEnclosed

public void setEnclosed(CMSContentInfo content)

Sets the authenticated content.

This is used to set the contents of a detached authenticated-data CMS object.

Parameters:

content - The content object.

getMAC

public byte[] getMAC()

Returns the message authentication code.

Returns:

A byte array containing the MAC.

getAuthenticatedAttributes

public oracle.security.crypto.cert.AttributeSet getAuthenticatedAttributes()

Returns the Authenticated Attributes.

Returns:

The authenticated attributes if present or null otherwise.

getUnauthenticatedAttributes

public oracle.security.crypto.cert.AttributeSet getUnauthenticatedAttributes()

Returns the Unauthenticated Attributes.

Returns:

The unauthenticated attributes if present or null otherwise.

toString

public java.lang.String toString()

Returns a brief text description of this object.

Returns:

A string description of this object.

recipients

public java.util.Enumeration recipients()

Returns the list of message recipients.

Returns:

An enumeration of CMSRecipientInfo objects.

addRecipient

public void addRecipient(oracle.security.crypto.cert.X509 recipientCert,
                         oracle.security.crypto.core.AlgorithmIdentifier keyEncryptionAlgID)
                  throws oracle.security.crypto.core.AlgorithmIdentifierException,
                         oracle.security.crypto.core.CipherException,
                         oracle.security.crypto.core.InvalidKeyException

Add a recipient.

Uses the Key Transport Recipient Information with IssuerAndSerialNo as the Recipient Identifier.

Parameters:

recipientCert - The recipient's public key certificate.

keyEncryptionAlgID - The key encipherment algorithm.

Throws:

oracle.security.crypto.core.AlgorithmIdentifierException - Unrecognized algorithm identifier.

oracle.security.crypto.core.CipherException - An error occurred during encryption.

oracle.security.crypto.core.InvalidKeyException - Invalid content encryption key.

addRecipient

public void addRecipient(oracle.security.crypto.cert.X509 recipientCert,
                         oracle.security.crypto.core.AlgorithmIdentifier keyEncryptionAlgID,
                         boolean useSPKI64)
                  throws oracle.security.crypto.core.AlgorithmIdentifierException,
                         oracle.security.crypto.core.CipherException,
                         oracle.security.crypto.core.InvalidKeyException

Add a recipient.

Uses the Key Transport Recipient Information with Key Identifier as the Recipient Identifier.

Parameters:

recipientCert - The recipient's public key certificate.

keyEncryptionAlgID - The key encipherment algorithm.

useSPKI64 - Uses SPKI as the recipient identifier. If True use 64 bit SPKI; False use 160 bit SPKI.

Throws:

oracle.security.crypto.core.AlgorithmIdentifierException - Unrecognized algorithm identifier.

oracle.security.crypto.core.CipherException - An error occurred during encryption.

oracle.security.crypto.core.InvalidKeyException - Invalid content encryption key.

addRecipient

public void addRecipient(CMSRecipientInfoSpec ris)
                  throws oracle.security.crypto.core.AlgorithmIdentifierException,
                         oracle.security.crypto.core.CipherException,
                         oracle.security.crypto.util.InvalidInputException,
                         oracle.security.crypto.core.InvalidKeyException

Add a recipient.

Parameters:

ris - The recipient's information.

Throws:

oracle.security.crypto.util.InvalidInputException - Unrecognized RecipientInfoSpec.

oracle.security.crypto.core.AlgorithmIdentifierException - Unrecognized algorithm identifier.

oracle.security.crypto.core.CipherException - An error occurred during encryption.

oracle.security.crypto.core.InvalidKeyException - Invalid content encryption key.

addRecipient

public void addRecipient(oracle.security.crypto.core.AlgorithmIdentifier keyEncryptionAlgID,
                         oracle.security.crypto.core.SymmetricKey keyEncryptionKey,
                         byte[] keyIdentifier,
                         java.util.Date keyDate,
                         oracle.security.crypto.asn1.ASN1Sequence otherKeyAttribute)
                  throws oracle.security.crypto.core.AlgorithmIdentifierException,
                         oracle.security.crypto.core.CipherException,
                         oracle.security.crypto.core.InvalidKeyException,
                         oracle.security.crypto.util.InvalidInputException

Add a recipient.

Uses the Key Encryption Key Recipient Information.

Parameters:

keyEncryptionAlgID - The key encrption (wrap) algorithm.

keyEncryptionKey - The key encryption (wrap) key.

keyIdentifier - The key identifier.

keyDate - The key generation date.

otherKeyAttribute - The other key attribute.

Throws:

oracle.security.crypto.core.AlgorithmIdentifierException - Unrecognized algorithm identifier.

oracle.security.crypto.core.CipherException - An error occurred during encryption.

oracle.security.crypto.core.InvalidKeyException - Invalid content encryption key.

oracle.security.crypto.util.InvalidInputException

verifyMAC

public void verifyMAC(oracle.security.crypto.core.PrivateKey privateKey,
                      oracle.security.crypto.cert.X509 recipientCert)
               throws oracle.security.crypto.core.AlgorithmIdentifierException,
                      oracle.security.crypto.core.InvalidKeyException,
                      oracle.security.crypto.core.CipherException,
                      UnknownRecipientException,
                      oracle.security.crypto.util.InvalidInputException,
                      oracle.security.crypto.core.AuthenticationException

Returns the enclosed content after decryption.

Recipient Information uses the Key Transport Mechanism.

Parameters:

privateKey - The recipient's private key.

recipientCert - The recipient's X509 certificate.

Throws:

oracle.security.crypto.core.AlgorithmIdentifierException - Unrecognized algorithm identifier.

oracle.security.crypto.core.CipherException - An error occurred during encryption.

oracle.security.crypto.core.InvalidKeyException - Invalid content encryption key.

UnknownRecipientException - The decryption key does belong to the recipient.

oracle.security.crypto.util.InvalidInputException - If an incorrect encoding or I/O error occurred.

oracle.security.crypto.core.AuthenticationException

verifyMAC

public void verifyMAC(oracle.security.crypto.core.SymmetricKey symmetricKey,
                      byte[] keyIdentifier)
               throws oracle.security.crypto.core.AlgorithmIdentifierException,
                      oracle.security.crypto.core.InvalidKeyException,
                      oracle.security.crypto.core.CipherException,
                      UnknownRecipientException,
                      oracle.security.crypto.util.InvalidInputException,
                      oracle.security.crypto.core.AuthenticationException

Returns the enclosed content after decryption.

Recipient Information uses Key Encryption Key Mechanism.

Parameters:

symmetricKey - The previously distributed symmetric key.

keyIdentifier - The key identifier.

Throws:

oracle.security.crypto.core.AlgorithmIdentifierException - Unrecognized algorithm identifier.

oracle.security.crypto.core.CipherException - An error occurred during encryption.

oracle.security.crypto.core.InvalidKeyException - Invalid content encryption key.

UnknownRecipientException - The decryption key does belong to the recipient.

oracle.security.crypto.util.InvalidInputException - If an incorrect encoding or I/O error occurred.

oracle.security.crypto.core.AuthenticationException

verifyMAC

public void verifyMAC(oracle.security.crypto.core.SymmetricKey symmetricKey,
                      byte[] keyIdentifier,
                      java.util.Date keyDate)
               throws oracle.security.crypto.core.AlgorithmIdentifierException,
                      oracle.security.crypto.core.InvalidKeyException,
                      oracle.security.crypto.core.CipherException,
                      UnknownRecipientException,
                      oracle.security.crypto.util.InvalidInputException,
                      oracle.security.crypto.core.AuthenticationException

Returns the enclosed content after decryption.

Recipient Information uses Key Encryption Key Mechanism.

Parameters:

symmetricKey - The previously distributed symmetric key.

keyIdentifier - Key identifier.

keyDate - Key generation date.

Throws:

oracle.security.crypto.core.AlgorithmIdentifierException - Unrecognized algorithm identifier.

oracle.security.crypto.core.CipherException - An error occurred during encryption.

oracle.security.crypto.core.InvalidKeyException - Invalid content encryption key.

UnknownRecipientException - The decryption key does belong to the recipient.

oracle.security.crypto.util.InvalidInputException - If an incorrect encoding or I/O error occurred.

oracle.security.crypto.core.AuthenticationException

verifyMAC

public void verifyMAC(oracle.security.crypto.core.SymmetricKey symmetricKey,
                      byte[] keyIdentifier,
                      java.util.Date keyDate,
                      oracle.security.crypto.asn1.ASN1Sequence otherKeyAttribute)
               throws oracle.security.crypto.core.AlgorithmIdentifierException,
                      oracle.security.crypto.core.InvalidKeyException,
                      oracle.security.crypto.core.CipherException,
                      UnknownRecipientException,
                      oracle.security.crypto.util.InvalidInputException,
                      oracle.security.crypto.core.AuthenticationException

Returns the enclosed content after decryption.

Recipient Information uses Key Encryption Key Mechanism.

Parameters:

symmetricKey - The previously distributed symmetric key.

keyIdentifier - The key identifier.

keyDate - The key generation date.

otherKeyAttribute - The other key attribute.

Throws:

oracle.security.crypto.core.AlgorithmIdentifierException - Unrecognized algorithm identifier.

oracle.security.crypto.core.CipherException - An error occurred during encryption.

oracle.security.crypto.core.InvalidKeyException - Invalid content encryption key.

UnknownRecipientException - The decryption key does belong to the recipient.

oracle.security.crypto.util.InvalidInputException - If an incorrect encoding or I/O error occurred.

oracle.security.crypto.core.AuthenticationException

inputContent

protected void inputContent(java.io.InputStream is)
                     throws java.io.IOException

Description copied from class: CMSContentInfo

Initializes this object by reading the Content field of the CMS ContentInfo structure i.e. the input stream must be positioned at the value octets of the Content field i.e. after the explicit [0] tag.

This method must be implemented by subclasses. It is unlikely that package users will ever need to call it directly.

Specified by:

inputContent in class CMSContentInfo

Throws:

java.io.IOException

setOriginatorInfo

public void setOriginatorInfo(OriginatorInfo originatorInfo)

Set the OriginatorInfo.

Do not use this method if PKCS#7 v1.5 interoperability is required.

setUnauthenticatedAttributes

public void setUnauthenticatedAttributes(oracle.security.crypto.cert.AttributeSet unauthenticatedAttributes)

Set the unauthenticated attributes.

Parameters:

unauthenticatedAttributes - The unauthenticated attributes.

setAuthenticatedAttributes

public void setAuthenticatedAttributes(oracle.security.crypto.cert.AttributeSet authenticatedAttributes,
                                       oracle.security.crypto.core.AlgorithmIdentifier digestAlgorithm)
                                throws oracle.security.crypto.util.InvalidInputException

Set the Authenticated attributes.

Parameters:

authenticatedAttributes - The authenticated attributes.

digestAlgorithm - The Message Digest Algorithm.

Throws:

oracle.security.crypto.util.InvalidInputException

update

protected void update()

Clears the internal output cache. This method is called automatically if the object ever changes, so API users need not be concerned with it. Implementors of subclasses, however, do need to ensure that it gets called when appropriate.

Overrides:

update in class CMSContentInfo