Package org.gudy.bouncycastle.jce
Class PKCS7SignedData
- java.lang.Object
-
- org.gudy.bouncycastle.jce.PKCS7SignedData
-
- All Implemented Interfaces:
PKCSObjectIdentifiers
public class PKCS7SignedData extends java.lang.Object implements PKCSObjectIdentifiers
Represents a PKCS#7 object - specifically the "Signed Data" type.How to use it? To verify a signature, do:
PKCS7SignedData pkcs7 = new PKCS7SignedData(der_bytes); // Create it pkcs7.update(bytes, 0, bytes.length); // Update checksum boolean verified = pkcs7.verify(); // Does it add up? To sign, do this: PKCS7SignedData pkcs7 = new PKCS7SignedData(privKey, certChain, "MD5"); pkcs7.update(bytes, 0, bytes.length); // Update checksum pkcs7.sign(); // Create digest bytes = pkcs7.getEncoded(); // Write it somewhere
This class is pretty close to obsolete, for a much better (and more complete) implementation of PKCS7 have a look at the org.gudy.bouncycastle.cms package.
-
-
Field Summary
Fields Modifier and Type Field Description private java.util.Collection
certs
private java.util.Collection
crls
private byte[]
digest
private java.lang.String
digestAlgorithm
private java.util.Set
digestalgos
private java.lang.String
digestEncryptionAlgorithm
private java.lang.String
ID_DSA
private java.lang.String
ID_MD2
private java.lang.String
ID_MD5
private java.lang.String
ID_PKCS7_DATA
private java.lang.String
ID_PKCS7_SIGNED_DATA
private java.lang.String
ID_RSA
private java.lang.String
ID_SHA1
private java.security.PrivateKey
privKey
private java.security.Signature
sig
private java.security.cert.X509Certificate
signCert
private int
signerversion
private int
version
-
Fields inherited from interface org.gudy.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers
bagtypes, canNotDecryptAny, certBag, crlBag, data, des_EDE3_CBC, dhKeyAgreement, digestedData, encryptedData, encryptionAlgorithm, envelopedData, id_aa, id_aa_encrypKeyPref, id_alg_PWRI_KEK, id_ct_compressedData, id_PBES2, id_PBKDF2, keyBag, md2, md2WithRSAEncryption, md4WithRSAEncryption, md5, md5WithRSAEncryption, pkcs_1, pkcs_12, pkcs_3, pkcs_5, pkcs_7, pkcs_9, pkcs_9_at_challengePassword, pkcs_9_at_contentType, pkcs_9_at_counterSignature, pkcs_9_at_emailAddress, pkcs_9_at_extendedCertificateAttributes, pkcs_9_at_extensionRequest, pkcs_9_at_friendlyName, pkcs_9_at_localKeyId, pkcs_9_at_messageDigest, pkcs_9_at_signingDescription, pkcs_9_at_signingTime, pkcs_9_at_smimeCapabilities, pkcs_9_at_unstructuredAddress, pkcs_9_at_unstructuredName, pkcs8ShroudedKeyBag, preferSignedData, RC2_CBC, rsaEncryption, safeContentsBag, secretBag, sha1WithRSAEncryption, sha256WithRSAEncryption, sha384WithRSAEncryption, sha512WithRSAEncryption, signedAndEnvelopedData, signedData, sMIMECapabilitiesVersions, srsaOAEPEncryptionSET, x509certType
-
-
Constructor Summary
Constructors Constructor Description PKCS7SignedData(byte[] in)
Read an existing PKCS#7 object from a DER encoded byte array using the BC provider.PKCS7SignedData(byte[] in, java.lang.String provider)
Read an existing PKCS#7 object from a DER encoded byte arrayPKCS7SignedData(java.security.PrivateKey privKey, java.security.cert.Certificate[] certChain, java.lang.String hashAlgorithm)
Create a new PKCS#7 object from the specified key using the BC provider.PKCS7SignedData(java.security.PrivateKey privKey, java.security.cert.Certificate[] certChain, java.lang.String hashAlgorithm, java.lang.String provider)
Create a new PKCS#7 object from the specified key.PKCS7SignedData(java.security.PrivateKey privKey, java.security.cert.Certificate[] certChain, java.security.cert.CRL[] crlList, java.lang.String hashAlgorithm, java.lang.String provider)
Create a new PKCS#7 object from the specified key.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.security.cert.Certificate[]
getCertificates()
Get the X.509 certificates associated with this PKCS#7 objectjava.util.Collection
getCRLs()
Get the X.509 certificate revocation lists associated with this PKCS#7 objectjava.lang.String
getDigestAlgorithm()
Get the algorithm used to calculate the message digestbyte[]
getEncoded()
return the bytes for the PKCS7SignedData object.private DERObject
getIssuer(byte[] enc)
Get the "issuer" from the TBSCertificate bytes that are passed injava.security.cert.X509Certificate
getSigningCertificate()
Get the X.509 certificate actually used to sign the digest.int
getSigningInfoVersion()
Get the version of the PKCS#7 "SignerInfo" object.int
getVersion()
Get the version of the PKCS#7 object.void
reset()
Resets the PKCS7SignedData object to it's initial state, ready to sign or verify a new buffer.void
update(byte buf)
Update the digest with the specified byte.void
update(byte[] buf, int off, int len)
Update the digest with the specified bytes.boolean
verify()
Verify the digest
-
-
-
Field Detail
-
version
private int version
-
signerversion
private int signerversion
-
digestalgos
private java.util.Set digestalgos
-
certs
private java.util.Collection certs
-
crls
private java.util.Collection crls
-
signCert
private java.security.cert.X509Certificate signCert
-
digest
private byte[] digest
-
digestAlgorithm
private java.lang.String digestAlgorithm
-
digestEncryptionAlgorithm
private java.lang.String digestEncryptionAlgorithm
-
sig
private java.security.Signature sig
-
privKey
private transient java.security.PrivateKey privKey
-
ID_PKCS7_DATA
private final java.lang.String ID_PKCS7_DATA
- See Also:
- Constant Field Values
-
ID_PKCS7_SIGNED_DATA
private final java.lang.String ID_PKCS7_SIGNED_DATA
- See Also:
- Constant Field Values
-
ID_MD5
private final java.lang.String ID_MD5
- See Also:
- Constant Field Values
-
ID_MD2
private final java.lang.String ID_MD2
- See Also:
- Constant Field Values
-
ID_SHA1
private final java.lang.String ID_SHA1
- See Also:
- Constant Field Values
-
ID_RSA
private final java.lang.String ID_RSA
- See Also:
- Constant Field Values
-
ID_DSA
private final java.lang.String ID_DSA
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
PKCS7SignedData
public PKCS7SignedData(byte[] in) throws java.lang.SecurityException, java.security.cert.CRLException, java.security.InvalidKeyException, java.security.cert.CertificateException, java.security.NoSuchProviderException, java.security.NoSuchAlgorithmException
Read an existing PKCS#7 object from a DER encoded byte array using the BC provider.- Throws:
java.lang.SecurityException
java.security.cert.CRLException
java.security.InvalidKeyException
java.security.cert.CertificateException
java.security.NoSuchProviderException
java.security.NoSuchAlgorithmException
-
PKCS7SignedData
public PKCS7SignedData(byte[] in, java.lang.String provider) throws java.lang.SecurityException, java.security.cert.CRLException, java.security.InvalidKeyException, java.security.cert.CertificateException, java.security.NoSuchProviderException, java.security.NoSuchAlgorithmException
Read an existing PKCS#7 object from a DER encoded byte array- Throws:
java.lang.SecurityException
java.security.cert.CRLException
java.security.InvalidKeyException
java.security.cert.CertificateException
java.security.NoSuchProviderException
java.security.NoSuchAlgorithmException
-
PKCS7SignedData
public PKCS7SignedData(java.security.PrivateKey privKey, java.security.cert.Certificate[] certChain, java.lang.String hashAlgorithm) throws java.lang.SecurityException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.NoSuchAlgorithmException
Create a new PKCS#7 object from the specified key using the BC provider.- Parameters:
the
- private key to be used for signing.the
- certifiacate chain associated with the private key.hashAlgorithm
- the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA"- Throws:
java.lang.SecurityException
java.security.InvalidKeyException
java.security.NoSuchProviderException
java.security.NoSuchAlgorithmException
-
PKCS7SignedData
public PKCS7SignedData(java.security.PrivateKey privKey, java.security.cert.Certificate[] certChain, java.lang.String hashAlgorithm, java.lang.String provider) throws java.lang.SecurityException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.NoSuchAlgorithmException
Create a new PKCS#7 object from the specified key.- Parameters:
privKey
- the private key to be used for signing.certChain
- the certificate chain associated with the private key.hashAlgorithm
- the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA"provider
- the provider to use.- Throws:
java.lang.SecurityException
java.security.InvalidKeyException
java.security.NoSuchProviderException
java.security.NoSuchAlgorithmException
-
PKCS7SignedData
public PKCS7SignedData(java.security.PrivateKey privKey, java.security.cert.Certificate[] certChain, java.security.cert.CRL[] crlList, java.lang.String hashAlgorithm, java.lang.String provider) throws java.lang.SecurityException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.NoSuchAlgorithmException
Create a new PKCS#7 object from the specified key.- Parameters:
privKey
- the private key to be used for signing.certChain
- the certificate chain associated with the private key.crlList
- the crl list associated with the private key.hashAlgorithm
- the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA"provider
- the provider to use.- Throws:
java.lang.SecurityException
java.security.InvalidKeyException
java.security.NoSuchProviderException
java.security.NoSuchAlgorithmException
-
-
Method Detail
-
getDigestAlgorithm
public java.lang.String getDigestAlgorithm()
Get the algorithm used to calculate the message digest
-
reset
public void reset()
Resets the PKCS7SignedData object to it's initial state, ready to sign or verify a new buffer.
-
getCertificates
public java.security.cert.Certificate[] getCertificates()
Get the X.509 certificates associated with this PKCS#7 object
-
getCRLs
public java.util.Collection getCRLs()
Get the X.509 certificate revocation lists associated with this PKCS#7 object
-
getSigningCertificate
public java.security.cert.X509Certificate getSigningCertificate()
Get the X.509 certificate actually used to sign the digest.
-
getVersion
public int getVersion()
Get the version of the PKCS#7 object. Always 1
-
getSigningInfoVersion
public int getSigningInfoVersion()
Get the version of the PKCS#7 "SignerInfo" object. Always 1
-
update
public void update(byte buf) throws java.security.SignatureException
Update the digest with the specified byte. This method is used both for signing and verifying- Throws:
java.security.SignatureException
-
update
public void update(byte[] buf, int off, int len) throws java.security.SignatureException
Update the digest with the specified bytes. This method is used both for signing and verifying- Throws:
java.security.SignatureException
-
verify
public boolean verify() throws java.security.SignatureException
Verify the digest- Throws:
java.security.SignatureException
-
getIssuer
private DERObject getIssuer(byte[] enc)
Get the "issuer" from the TBSCertificate bytes that are passed in
-
getEncoded
public byte[] getEncoded()
return the bytes for the PKCS7SignedData object.
-
-