Class PKCS7SignedData

  • All Implemented Interfaces:
    PKCSObjectIdentifiers

    public class PKCS7SignedData
    extends java.lang.Object
    implements PKCSObjectIdentifiers
    Represents a PKCS#7 object - specifically the "Signed Data" type.

    How to use it? To verify a signature, do:

     PKCS7SignedData pkcs7 = new PKCS7SignedData(der_bytes);                // Create it
     pkcs7.update(bytes, 0, bytes.length);  // Update checksum
     boolean verified = pkcs7.verify();             // Does it add up?
    
     To sign, do this:
     PKCS7SignedData pkcs7 = new PKCS7SignedData(privKey, certChain, "MD5");
     pkcs7.update(bytes, 0, bytes.length);  // Update checksum
     pkcs7.sign();                          // Create digest
    
     bytes = pkcs7.getEncoded();                    // Write it somewhere
     

    This class is pretty close to obsolete, for a much better (and more complete) implementation of PKCS7 have a look at the org.gudy.bouncycastle.cms package.

    • Field Detail

      • version

        private int version
      • signerversion

        private int signerversion
      • digestalgos

        private java.util.Set digestalgos
      • certs

        private java.util.Collection certs
      • crls

        private java.util.Collection crls
      • signCert

        private java.security.cert.X509Certificate signCert
      • digest

        private byte[] digest
      • digestAlgorithm

        private java.lang.String digestAlgorithm
      • digestEncryptionAlgorithm

        private java.lang.String digestEncryptionAlgorithm
      • sig

        private java.security.Signature sig
      • privKey

        private transient java.security.PrivateKey privKey
      • ID_PKCS7_SIGNED_DATA

        private final java.lang.String ID_PKCS7_SIGNED_DATA
        See Also:
        Constant Field Values
    • Constructor Detail

      • PKCS7SignedData

        public PKCS7SignedData​(byte[] in)
                        throws java.lang.SecurityException,
                               java.security.cert.CRLException,
                               java.security.InvalidKeyException,
                               java.security.cert.CertificateException,
                               java.security.NoSuchProviderException,
                               java.security.NoSuchAlgorithmException
        Read an existing PKCS#7 object from a DER encoded byte array using the BC provider.
        Throws:
        java.lang.SecurityException
        java.security.cert.CRLException
        java.security.InvalidKeyException
        java.security.cert.CertificateException
        java.security.NoSuchProviderException
        java.security.NoSuchAlgorithmException
      • PKCS7SignedData

        public PKCS7SignedData​(byte[] in,
                               java.lang.String provider)
                        throws java.lang.SecurityException,
                               java.security.cert.CRLException,
                               java.security.InvalidKeyException,
                               java.security.cert.CertificateException,
                               java.security.NoSuchProviderException,
                               java.security.NoSuchAlgorithmException
        Read an existing PKCS#7 object from a DER encoded byte array
        Throws:
        java.lang.SecurityException
        java.security.cert.CRLException
        java.security.InvalidKeyException
        java.security.cert.CertificateException
        java.security.NoSuchProviderException
        java.security.NoSuchAlgorithmException
      • PKCS7SignedData

        public PKCS7SignedData​(java.security.PrivateKey privKey,
                               java.security.cert.Certificate[] certChain,
                               java.lang.String hashAlgorithm)
                        throws java.lang.SecurityException,
                               java.security.InvalidKeyException,
                               java.security.NoSuchProviderException,
                               java.security.NoSuchAlgorithmException
        Create a new PKCS#7 object from the specified key using the BC provider.
        Parameters:
        the - private key to be used for signing.
        the - certifiacate chain associated with the private key.
        hashAlgorithm - the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA"
        Throws:
        java.lang.SecurityException
        java.security.InvalidKeyException
        java.security.NoSuchProviderException
        java.security.NoSuchAlgorithmException
      • PKCS7SignedData

        public PKCS7SignedData​(java.security.PrivateKey privKey,
                               java.security.cert.Certificate[] certChain,
                               java.lang.String hashAlgorithm,
                               java.lang.String provider)
                        throws java.lang.SecurityException,
                               java.security.InvalidKeyException,
                               java.security.NoSuchProviderException,
                               java.security.NoSuchAlgorithmException
        Create a new PKCS#7 object from the specified key.
        Parameters:
        privKey - the private key to be used for signing.
        certChain - the certificate chain associated with the private key.
        hashAlgorithm - the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA"
        provider - the provider to use.
        Throws:
        java.lang.SecurityException
        java.security.InvalidKeyException
        java.security.NoSuchProviderException
        java.security.NoSuchAlgorithmException
      • PKCS7SignedData

        public PKCS7SignedData​(java.security.PrivateKey privKey,
                               java.security.cert.Certificate[] certChain,
                               java.security.cert.CRL[] crlList,
                               java.lang.String hashAlgorithm,
                               java.lang.String provider)
                        throws java.lang.SecurityException,
                               java.security.InvalidKeyException,
                               java.security.NoSuchProviderException,
                               java.security.NoSuchAlgorithmException
        Create a new PKCS#7 object from the specified key.
        Parameters:
        privKey - the private key to be used for signing.
        certChain - the certificate chain associated with the private key.
        crlList - the crl list associated with the private key.
        hashAlgorithm - the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA"
        provider - the provider to use.
        Throws:
        java.lang.SecurityException
        java.security.InvalidKeyException
        java.security.NoSuchProviderException
        java.security.NoSuchAlgorithmException
    • Method Detail

      • getDigestAlgorithm

        public java.lang.String getDigestAlgorithm()
        Get the algorithm used to calculate the message digest
      • reset

        public void reset()
        Resets the PKCS7SignedData object to it's initial state, ready to sign or verify a new buffer.
      • getCertificates

        public java.security.cert.Certificate[] getCertificates()
        Get the X.509 certificates associated with this PKCS#7 object
      • getCRLs

        public java.util.Collection getCRLs()
        Get the X.509 certificate revocation lists associated with this PKCS#7 object
      • getSigningCertificate

        public java.security.cert.X509Certificate getSigningCertificate()
        Get the X.509 certificate actually used to sign the digest.
      • getVersion

        public int getVersion()
        Get the version of the PKCS#7 object. Always 1
      • getSigningInfoVersion

        public int getSigningInfoVersion()
        Get the version of the PKCS#7 "SignerInfo" object. Always 1
      • update

        public void update​(byte buf)
                    throws java.security.SignatureException
        Update the digest with the specified byte. This method is used both for signing and verifying
        Throws:
        java.security.SignatureException
      • update

        public void update​(byte[] buf,
                           int off,
                           int len)
                    throws java.security.SignatureException
        Update the digest with the specified bytes. This method is used both for signing and verifying
        Throws:
        java.security.SignatureException
      • verify

        public boolean verify()
                       throws java.security.SignatureException
        Verify the digest
        Throws:
        java.security.SignatureException
      • getIssuer

        private DERObject getIssuer​(byte[] enc)
        Get the "issuer" from the TBSCertificate bytes that are passed in
      • getEncoded

        public byte[] getEncoded()
        return the bytes for the PKCS7SignedData object.