public class CMSSignedDataParser extends CMSContentInfoParser
Note: that because we are in a streaming mode only one signer can be tried and it is important that the methods on the parser are called in the appropriate order.
A simple example of usage for an encapsulated signature.
Two notes: first, in the example below the validity of the certificate isn't verified, just the fact that one of the certs matches the given signer, and, second, because we are in a streaming mode the order of the operations is important.
CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), encapSigData); sp.getSignedContent().drain(); Store certStore = sp.getCertificates(); SignerInformationStore signers = sp.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation)it.next(); Collection certCollection = certStore.getMatches(signer.getSID()); Iterator certIt = certCollection.iterator(); X509CertificateHolder cert = (X509CertificateHolder)certIt.next(); System.out.println("verify returns: " + signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))); }Note also: this class does not introduce buffering - if you are processing large files you should create the parser with:
CMSSignedDataParser ep = new CMSSignedDataParser(new BufferedInputStream(encapSigData, bufSize));where bufSize is a suitably large buffer size.
_contentInfo, _data
Constructor and Description |
---|
CMSSignedDataParser(byte[] sigBlock)
Deprecated.
use method taking a DigestCalculatorProvider
|
CMSSignedDataParser(CMSTypedStream signedContent,
byte[] sigBlock)
Deprecated.
use method taking digest calculator provider.
|
CMSSignedDataParser(CMSTypedStream signedContent,
java.io.InputStream sigData)
Deprecated.
use method taking a DigestCalculatorProvider
|
CMSSignedDataParser(DigestCalculatorProvider digestCalculatorProvider,
byte[] sigBlock) |
CMSSignedDataParser(DigestCalculatorProvider digestCalculatorProvider,
CMSTypedStream signedContent,
byte[] sigBlock) |
CMSSignedDataParser(DigestCalculatorProvider digestCalculatorProvider,
CMSTypedStream signedContent,
java.io.InputStream sigData)
base constructor
|
CMSSignedDataParser(DigestCalculatorProvider digestCalculatorProvider,
java.io.InputStream sigData)
base constructor - with encapsulated content
|
CMSSignedDataParser(java.io.InputStream sigData)
Deprecated.
use method taking a DigestCalculatorProvider
|
Modifier and Type | Method and Description |
---|---|
org.bouncycastle.util.Store |
getAttributeCertificates()
Return any X.509 attribute certificate objects in this SignedData structure as a Store of X509AttributeCertificateHolder objects.
|
org.bouncycastle.x509.X509Store |
getAttributeCertificates(java.lang.String type,
java.security.Provider provider)
Deprecated.
use getAttributeCertificates()
|
org.bouncycastle.x509.X509Store |
getAttributeCertificates(java.lang.String type,
java.lang.String provider)
Deprecated.
use getAttributeCertificates()
|
org.bouncycastle.util.Store |
getCertificates()
Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects.
|
org.bouncycastle.x509.X509Store |
getCertificates(java.lang.String type,
java.security.Provider provider)
Deprecated.
use getCertificates()
|
org.bouncycastle.x509.X509Store |
getCertificates(java.lang.String type,
java.lang.String provider)
Deprecated.
use getCertificates()
|
java.security.cert.CertStore |
getCertificatesAndCRLs(java.lang.String type,
java.security.Provider provider)
Deprecated.
use getCertificates() and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder
|
java.security.cert.CertStore |
getCertificatesAndCRLs(java.lang.String type,
java.lang.String provider)
Deprecated.
use getCertificates() and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder
|
org.bouncycastle.util.Store |
getCRLs()
Return any X.509 CRL objects in this SignedData structure as a Store of X509CRLHolder objects.
|
org.bouncycastle.x509.X509Store |
getCRLs(java.lang.String type,
java.security.Provider provider)
Deprecated.
use getCRLs()
|
org.bouncycastle.x509.X509Store |
getCRLs(java.lang.String type,
java.lang.String provider)
Deprecated.
use getCRLs()
|
org.bouncycastle.util.Store |
getOtherRevocationInfo(org.bouncycastle.asn1.ASN1ObjectIdentifier otherRevocationInfoFormat)
Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in
this SignedData structure.
|
CMSTypedStream |
getSignedContent() |
java.lang.String |
getSignedContentTypeOID()
Return the a string representation of the OID associated with the
encapsulated content info structure carried in the signed data.
|
SignerInformationStore |
getSignerInfos()
return the collection of signers that are associated with the
signatures for the message.
|
int |
getVersion()
Return the version number for the SignedData object
|
static java.io.OutputStream |
replaceCertificatesAndCRLs(java.io.InputStream original,
java.security.cert.CertStore certsAndCrls,
java.io.OutputStream out)
Deprecated.
use method that takes Store objects.
|
static java.io.OutputStream |
replaceCertificatesAndCRLs(java.io.InputStream original,
org.bouncycastle.util.Store certs,
org.bouncycastle.util.Store crls,
org.bouncycastle.util.Store attrCerts,
java.io.OutputStream out)
Replace the certificate and CRL information associated with this
CMSSignedData object with the new one passed in.
|
static java.io.OutputStream |
replaceSigners(java.io.InputStream original,
SignerInformationStore signerInformationStore,
java.io.OutputStream out)
Replace the signerinformation store associated with the passed
in message contained in the stream original with the new one passed in.
|
close
public CMSSignedDataParser(byte[] sigBlock) throws CMSException
CMSException
public CMSSignedDataParser(DigestCalculatorProvider digestCalculatorProvider, byte[] sigBlock) throws CMSException
CMSException
public CMSSignedDataParser(CMSTypedStream signedContent, byte[] sigBlock) throws CMSException
signedContent
- sigBlock
- CMSException
public CMSSignedDataParser(DigestCalculatorProvider digestCalculatorProvider, CMSTypedStream signedContent, byte[] sigBlock) throws CMSException
CMSException
public CMSSignedDataParser(java.io.InputStream sigData) throws CMSException
CMSException
public CMSSignedDataParser(DigestCalculatorProvider digestCalculatorProvider, java.io.InputStream sigData) throws CMSException
CMSException
public CMSSignedDataParser(CMSTypedStream signedContent, java.io.InputStream sigData) throws CMSException
signedContent
- the content that was signed.sigData
- the signature object stream.
*CMSException
public CMSSignedDataParser(DigestCalculatorProvider digestCalculatorProvider, CMSTypedStream signedContent, java.io.InputStream sigData) throws CMSException
digestCalculatorProvider
- for generating accumulating digestssignedContent
- the content that was signed.sigData
- the signature object stream.CMSException
public int getVersion()
public SignerInformationStore getSignerInfos() throws CMSException
CMSException
public org.bouncycastle.x509.X509Store getAttributeCertificates(java.lang.String type, java.lang.String provider) throws org.bouncycastle.x509.NoSuchStoreException, java.security.NoSuchProviderException, CMSException
type
- type of store to createprovider
- name of provider to usejava.security.NoSuchProviderException
- if the provider requested isn't available.org.bouncycastle.x509.NoSuchStoreException
- if the store type isn't available.CMSException
- if a general exception prevents creation of the X509Storepublic org.bouncycastle.x509.X509Store getAttributeCertificates(java.lang.String type, java.security.Provider provider) throws org.bouncycastle.x509.NoSuchStoreException, CMSException
type
- type of store to createprovider
- provider to useorg.bouncycastle.x509.NoSuchStoreException
- if the store type isn't available.CMSException
- if a general exception prevents creation of the X509Storepublic org.bouncycastle.x509.X509Store getCertificates(java.lang.String type, java.lang.String provider) throws org.bouncycastle.x509.NoSuchStoreException, java.security.NoSuchProviderException, CMSException
type
- type of store to createprovider
- provider to usejava.security.NoSuchProviderException
- if the provider requested isn't available.org.bouncycastle.x509.NoSuchStoreException
- if the store type isn't available.CMSException
- if a general exception prevents creation of the X509Storepublic org.bouncycastle.x509.X509Store getCertificates(java.lang.String type, java.security.Provider provider) throws org.bouncycastle.x509.NoSuchStoreException, CMSException
type
- type of store to createprovider
- provider to useorg.bouncycastle.x509.NoSuchStoreException
- if the store type isn't available.CMSException
- if a general exception prevents creation of the X509Storepublic org.bouncycastle.x509.X509Store getCRLs(java.lang.String type, java.lang.String provider) throws org.bouncycastle.x509.NoSuchStoreException, java.security.NoSuchProviderException, CMSException
type
- type of store to createprovider
- name of provider to usejava.security.NoSuchProviderException
- if the provider requested isn't available.org.bouncycastle.x509.NoSuchStoreException
- if the store type isn't available.CMSException
- if a general exception prevents creation of the X509Storepublic org.bouncycastle.x509.X509Store getCRLs(java.lang.String type, java.security.Provider provider) throws org.bouncycastle.x509.NoSuchStoreException, CMSException
type
- type of store to createprovider
- provider to useorg.bouncycastle.x509.NoSuchStoreException
- if the store type isn't available.CMSException
- if a general exception prevents creation of the X509Storepublic java.security.cert.CertStore getCertificatesAndCRLs(java.lang.String type, java.lang.String provider) throws java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException, CMSException
java.security.NoSuchProviderException
- if the provider requested isn't available.java.security.NoSuchAlgorithmException
- if the cert store isn't available.CMSException
- if a general exception prevents creation of the CertStorepublic java.security.cert.CertStore getCertificatesAndCRLs(java.lang.String type, java.security.Provider provider) throws java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException, CMSException
java.security.NoSuchProviderException
- if the provider requested isn't available.java.security.NoSuchAlgorithmException
- if the cert store isn't available.CMSException
- if a general exception prevents creation of the CertStorepublic org.bouncycastle.util.Store getCertificates() throws CMSException
CMSException
public org.bouncycastle.util.Store getCRLs() throws CMSException
CMSException
public org.bouncycastle.util.Store getAttributeCertificates() throws CMSException
CMSException
public org.bouncycastle.util.Store getOtherRevocationInfo(org.bouncycastle.asn1.ASN1ObjectIdentifier otherRevocationInfoFormat) throws CMSException
otherRevocationInfoFormat
- OID of the format type been looked for.CMSException
public java.lang.String getSignedContentTypeOID()
public CMSTypedStream getSignedContent()
public static java.io.OutputStream replaceSigners(java.io.InputStream original, SignerInformationStore signerInformationStore, java.io.OutputStream out) throws CMSException, java.io.IOException
The output stream is returned unclosed.
original
- the signed data stream to be used as a base.signerInformationStore
- the new signer information store to use.out
- the stream to write the new signed data object to.CMSException
java.io.IOException
public static java.io.OutputStream replaceCertificatesAndCRLs(java.io.InputStream original, java.security.cert.CertStore certsAndCrls, java.io.OutputStream out) throws CMSException, java.io.IOException
The output stream is returned unclosed.
original
- the signed data stream to be used as a base.certsAndCrls
- the new certificates and CRLs to be used.out
- the stream to write the new signed data object to.CMSException
- if there is an error processing the CertStorejava.io.IOException
public static java.io.OutputStream replaceCertificatesAndCRLs(java.io.InputStream original, org.bouncycastle.util.Store certs, org.bouncycastle.util.Store crls, org.bouncycastle.util.Store attrCerts, java.io.OutputStream out) throws CMSException, java.io.IOException
The output stream is returned unclosed.
original
- the signed data stream to be used as a base.certs
- new certificates to be used, if any.crls
- new CRLs to be used, if any.attrCerts
- new attribute certificates to be used, if any.out
- the stream to write the new signed data object to.CMSException
- if there is an error processing the CertStorejava.io.IOException