public abstract class CRSMessage
extends java.lang.Object
implements oracle.security.crypto.util.Streamable
Modifier and Type | Field and Description |
---|---|
protected java.util.Vector |
certs
The certificates included with the CRS message.
|
protected java.util.Vector |
crls
The CRLs included with the CRS message.
|
protected EnvelopingParameters |
envParams
The EnvelopingParameters object associated with this CRS message.
|
protected SigningParameters |
sigParams
The SigningParameters object associated with this CRS message.
|
Modifier | Constructor and Description |
---|---|
protected |
CRSMessage(int version, int messageType, SigningParameters sigParams, EnvelopingParameters envParams)
Constructor invoked by child classes.
|
Modifier and Type | Method and Description |
---|---|
protected java.lang.String |
attributesToString()
Returns a string representation of the authenticated attributes of this CRS message.
|
boolean |
containsEnvelope()
Returns true if the CRS message is enveloped.
|
AttributeSet |
getAuthenticatedAttributes()
Returns the authenticated attributes for this message.
|
java.util.Vector |
getCertificates()
Returns the list of certificates included with this signed data object.
|
java.util.Vector |
getCRLs()
Returns the list of CRLs included with this signed data object.
|
X509ExtensionSet |
getExtensionReq()
Returns the extensionReq Service Indicator.
|
java.lang.Integer |
getFailInfo()
Returns the failInfo Service Indicator.
|
protected abstract byte[] |
getMessageContents()
Creates the raw ASN.1 encoding of the contents of this message.
|
java.lang.Integer |
getMessageType()
Returns the messageType Service Indicator.
|
java.lang.Integer |
getPkiStatus()
Returns the pkiStatus Service Indicator.
|
byte[] |
getRecipientNonce()
Returns the recipientNonce Service Indicator.
|
byte[] |
getSenderNonce()
Returns the senderNonce Service Indicator.
|
byte[] |
getTransactionId()
Returns the transactionID Service Indicator.
|
java.lang.Integer |
getVersion()
Returns the version Service Indicator.
|
void |
input(java.io.InputStream is)
Inputs this object from the specified input stream.
|
static CRSMessage |
inputInstance(java.io.InputStream is)
Creates a
CRSMessage by reading a BER encoding from the given input stream. |
boolean |
isEncrypted()
Returns true if the CRS message is enveloped and the contents have not yet been decrypted using the removeEnclosed() method.
|
int |
length()
Returns the length of the CRS message.
|
void |
output(java.io.OutputStream os)
Outputs this message object to the specified output stream
|
protected abstract void |
parseMessage(byte[] data)
Initializes message object from raw ASN.1 encoding of the CRS message contents.
|
void |
removeEnclosed(java.security.PrivateKey recipientKey, java.security.cert.X509Certificate recipientCert)
Parses the enveloped data in the CRS message.
|
void |
setCertificates(java.util.Vector certs)
Sets the list of certificates included with this signed data object
|
void |
setCRLs(java.util.Vector crls)
Sets the list of certificates included with this signed data object
|
void |
setEnvelopingParameters(EnvelopingParameters envParams)
Sets the parameters for enveloping the CRS message.
|
void |
setExtensionReq(X509ExtensionSet set)
Sets the extensionReq Service Indicator.
|
void |
setFailInfo(java.lang.Integer failInfo)
Sets the failInfo Service Indicator.
|
protected void |
setMessageType(java.lang.Integer messageType)
Sets the messageType Service Indicator.
|
void |
setPkiStatus(java.lang.Integer pkiStatus)
Sets the pkiStatus Service Indicator.
|
void |
setRecipientNonce(byte[] recipientNonce)
Sets the recipientNonce Service Indicator.
|
void |
setSenderNonce(byte[] senderNonce)
Sets the senderNonce Service Indicator.
|
void |
setSigningParameters(SigningParameters sigParams)
Sets the parameters for signing this CRS message.
|
void |
setTransactionId(byte[] transactionId)
Sets the transactionID Service Indicator.
|
protected void |
setVersion(java.lang.Integer version)
Sets the version Service Indicator.
|
protected void |
updateEncapsulatedContents()
Clears the cache of the CMS enveloped data object that encapsulates this message, forcing it to rebuilt if the output() method is called.
|
protected void |
updateSignedContents()
Clears the cache of the CMS signed data object that encapsulates this message, forcing it to rebuilt if the output() method is called.
|
void |
verify(CertificateTrustPolicy trustPolicy)
Returns normally if this CMS signed data object that encapsulates this CRS message contains at least one valid signature, according to the given trust policy; otherwise throws an
AuthenticationException . |
void |
verifySignature(java.security.cert.X509Certificate signerCert)
Returns successfully if this CMS signed data object that encapsulates this CRS message contains a signature which is validated by the given certificate; otherwise throws an
AuthenticationException . |
protected java.util.Vector certs
protected java.util.Vector crls
protected SigningParameters sigParams
protected EnvelopingParameters envParams
protected CRSMessage(int version, int messageType, SigningParameters sigParams, EnvelopingParameters envParams)
messageType
- The messageType Service Indicator.version
- The version Service Indicator.sigParams
- The SignatureParameters
.envParams
- The EnvelopingParameters
.protected void setVersion(java.lang.Integer version)
public java.lang.Integer getVersion()
protected void setMessageType(java.lang.Integer messageType)
public java.lang.Integer getMessageType()
public void setPkiStatus(java.lang.Integer pkiStatus)
public java.lang.Integer getPkiStatus()
public void setFailInfo(java.lang.Integer failInfo)
public java.lang.Integer getFailInfo()
public void setTransactionId(byte[] transactionId)
public byte[] getTransactionId()
public void setSenderNonce(byte[] senderNonce)
public byte[] getSenderNonce()
public void setRecipientNonce(byte[] recipientNonce)
public byte[] getRecipientNonce()
public void setExtensionReq(X509ExtensionSet set)
public X509ExtensionSet getExtensionReq()
public AttributeSet getAuthenticatedAttributes()
public void setCertificates(java.util.Vector certs)
public java.util.Vector getCertificates()
public void setCRLs(java.util.Vector crls)
public java.util.Vector getCRLs()
public void setSigningParameters(SigningParameters sigParams)
sigParams
- The SigningParameters
.public void setEnvelopingParameters(EnvelopingParameters envParams)
envParams
- The EnvelopingParameters
.protected void updateSignedContents()
protected void updateEncapsulatedContents()
public boolean containsEnvelope()
public boolean isEncrypted()
protected abstract byte[] getMessageContents() throws java.io.IOException
java.io.IOException
protected abstract void parseMessage(byte[] data) throws java.io.IOException
data
- The raw ASN.1 encoding.java.io.IOException
public void removeEnclosed(java.security.PrivateKey recipientKey, java.security.cert.X509Certificate recipientCert) throws java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, UnknownRecipientException, oracle.security.crypto.util.InvalidInputException, java.security.cert.CertificateEncodingException, java.io.IOException, javax.crypto.NoSuchPaddingException, javax.crypto.IllegalBlockSizeException, javax.crypto.BadPaddingException
recipientKey
- The recipient's private key.recipientCert
- The recipient's certificate.java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
UnknownRecipientException
oracle.security.crypto.util.InvalidInputException
java.security.cert.CertificateEncodingException
java.io.IOException
javax.crypto.NoSuchPaddingException
javax.crypto.IllegalBlockSizeException
javax.crypto.BadPaddingException
public int length()
length
in interface oracle.security.crypto.util.Streamable
public void input(java.io.InputStream is) throws java.io.IOException
input
in interface oracle.security.crypto.util.Streamable
java.io.IOException
public void output(java.io.OutputStream os) throws java.io.IOException
output
in interface oracle.security.crypto.util.Streamable
java.io.IOException
public static CRSMessage inputInstance(java.io.InputStream is) throws java.io.IOException
CRSMessage
by reading a BER encoding from the given input stream.is
- The input stream from which to read the BER encoding.java.io.IOException
- Thrown if the format is incorrect, or if the message type attribute is not found or not supported.public void verifySignature(java.security.cert.X509Certificate signerCert) throws oracle.security.crypto.core.AuthenticationException, java.security.NoSuchAlgorithmException, java.security.cert.CertificateEncodingException, java.io.IOException, java.security.SignatureException
AuthenticationException
.
This method verifies the specified signature directly and ignores any certificates or CRLs which may be contained in this CMS object. A more complex verification process, which does make use of attached certificates and CRLs, is provided by the verify
method.
UnknownSignerException
- If no signature corresponding to the given certificate exists.oracle.security.crypto.core.AuthenticationException
- If the signature is not valid, or could not be verified for some reason (e.g., the algorithm identifier is unrecognized).java.security.NoSuchAlgorithmException
java.security.cert.CertificateEncodingException
java.io.IOException
java.security.SignatureException
public void verify(CertificateTrustPolicy trustPolicy) throws oracle.security.crypto.core.AuthenticationException
AuthenticationException
.
In order to be considered valid, there must be at least one signature on this CMS message which is validated by one of the certificates included with it; furthermore, the validating certificate must itself be valid according to the given certificate trust policy. This latter validation process may involve examining the other certificates or CRLs included with this object, if called for by the trust policy.
If a signature is encountered for which a certification path can be found, but is invalid, an AuthenticationException
will be created, but will not be thrown until all other signatures have been checked. If another signature is found which is valid, then the method simply returns and no exception at all is thrown.
oracle.security.crypto.core.AuthenticationException
- If there is no valid signature.protected java.lang.String attributesToString()