org.bouncycastle.cms
Class CMSSignedDataParser
public class CMSSignedDataParser
Parsing class for an CMS Signed Data object from an input stream.
Note: that because we are in a streaming mode only one signer can be tried and it is important
that the methods on the parser are called in the appropriate order.
A simple example of usage for an encapsulated signature.
Two notes: first, in the example below the validity of
the certificate isn't verified, just the fact that one of the certs
matches the given signer, and, second, because we are in a streaming
mode the order of the operations is important.
CMSSignedDataParser sp = new CMSSignedDataParser(encapSigData);
sp.getSignedContent().drain();
CertStore certs = sp.getCertificatesAndCRLs("Collection", "BC");
SignerInformationStore signers = sp.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
while (it.hasNext())
{
SignerInformation signer = (SignerInformation)it.next();
Collection certCollection = certs.getCertificates(signer.getSID());
Iterator certIt = certCollection.iterator();
X509Certificate cert = (X509Certificate)certIt.next();
System.out.println("verify returns: " + signer.verify(cert, "BC"));
}
Note also: this class does not introduce buffering - if you are processing large files you should create
the parser with:
CMSSignedDataParser ep = new CMSSignedDataParser(new BufferedInputStream(encapSigData, bufSize));
where bufSize is a suitably large buffer size.
X509Store | getAttributeCertificates(String type, String provider) - return a X509Store containing the attribute certificates, if any, contained
in this message.
|
X509Store | getCRLs(String type, String provider) - return a X509Store containing CRLs, if any, contained
in this message.
|
X509Store | getCertificates(String type, String provider) - return a X509Store containing the public key certificates, if any, contained
in this message.
|
CertStore | getCertificatesAndCRLs(String type, String provider) - return a CertStore containing the certificates and CRLs associated with
this message.
|
CMSTypedStream | getSignedContent()
|
SignerInformationStore | getSignerInfos() - return the collection of signers that are associated with the
signatures for the message.
|
int | getVersion() - Return the version number for the SignedData object
|
static OutputStream | replaceCertificatesAndCRLs(InputStream original, CertStore certsAndCrls, OutputStream out) - Replace the certificate and CRL information associated with this
CMSSignedData object with the new one passed in.
|
static OutputStream | replaceSigners(InputStream original, SignerInformationStore signerInformationStore, OutputStream out) - Replace the signerinformation store associated with the passed
in message contained in the stream original with the new one passed in.
|
CMSSignedDataParser
public CMSSignedDataParser(InputStream sigData)
throws CMSException
base constructor - with encapsulated content
CMSSignedDataParser
public CMSSignedDataParser(byte[] sigBlock)
throws CMSException
CMSSignedDataParser
public CMSSignedDataParser(CMSTypedStream signedContent,
InputStream sigData)
throws CMSException
base constructor
signedContent
- the content that was signed.sigData
- the signature object stream.
getAttributeCertificates
public X509Store getAttributeCertificates(String type,
String provider)
throws NoSuchStoreException,
NoSuchProviderException,
CMSException
return a X509Store containing the attribute certificates, if any, contained
in this message.
type
- type of store to createprovider
- provider to use
- a store of attribute certificates
CMSException
- if a general exception prevents creation of the X509Store
getCRLs
public X509Store getCRLs(String type,
String provider)
throws NoSuchStoreException,
NoSuchProviderException,
CMSException
return a X509Store containing CRLs, if any, contained
in this message.
type
- type of store to createprovider
- provider to use
CMSException
- if a general exception prevents creation of the X509Store
getCertificates
public X509Store getCertificates(String type,
String provider)
throws NoSuchStoreException,
NoSuchProviderException,
CMSException
return a X509Store containing the public key certificates, if any, contained
in this message.
type
- type of store to createprovider
- provider to use
- a store of public key certificates
CMSException
- if a general exception prevents creation of the X509Store
getCertificatesAndCRLs
public CertStore getCertificatesAndCRLs(String type,
String provider)
throws NoSuchAlgorithmException,
NoSuchProviderException,
CMSException
return a CertStore containing the certificates and CRLs associated with
this message.
CMSException
- if a general exception prevents creation of the CertStore
getSignerInfos
public SignerInformationStore getSignerInfos()
throws CMSException
return the collection of signers that are associated with the
signatures for the message.
getVersion
public int getVersion()
Return the version number for the SignedData object
replaceCertificatesAndCRLs
public static OutputStream replaceCertificatesAndCRLs(InputStream original,
CertStore certsAndCrls,
OutputStream out)
throws CMSException,
IOException
Replace the certificate and CRL information associated with this
CMSSignedData object with the new one passed in.
The output stream is returned unclosed.
original
- the signed data stream to be used as a base.certsAndCrls
- the new certificates and CRLs to be used.out
- the stream to write the new signed data object to.
CMSException
- if there is an error processing the CertStore
replaceSigners
public static OutputStream replaceSigners(InputStream original,
SignerInformationStore signerInformationStore,
OutputStream out)
throws CMSException,
IOException
Replace the signerinformation store associated with the passed
in message contained in the stream original with the new one passed in.
You would probably only want to do this if you wanted to change the unsigned
attributes associated with a signer, or perhaps delete one.
The output stream is returned unclosed.
original
- the signed data stream to be used as a base.signerInformationStore
- the new signer information store to use.out
- the stream to write the new signed data object to.