org.bouncycastle.cms
Class CMSSignedDataParser

java.lang.Object
  |
  +--org.bouncycastle.cms.CMSContentInfoParser
        |
        +--org.bouncycastle.cms.CMSSignedDataParser

public class CMSSignedDataParser

extends CMSContentInfoParser

Parsing class for an CMS Signed Data object from an input stream.

Note: that because we are in a streaming mode only one signer can be tried and it is important that the methods on the parser are called in the appropriate order.

A simple example of usage for an encapsulated signature.

Two notes: first, in the example below the validity of the certificate isn't verified, just the fact that one of the certs matches the given signer, and, second, because we are in a streaming mode the order of the operations is important.

CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), encapSigData); sp.getSignedContent().drain(); Store certStore = sp.getCertificates(); SignerInformationStore signers = sp.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation)it.next(); Collection certCollection = certStore.getMatches(signer.getSID()); Iterator certIt = certCollection.iterator(); X509CertificateHolder cert = (X509CertificateHolder)certIt.next(); System.out.println("verify returns: " + signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))); } Note also: this class does not introduce buffering - if you are processing large files you should create the parser with: CMSSignedDataParser ep = new CMSSignedDataParser(new BufferedInputStream(encapSigData, bufSize)); where bufSize is a suitably large buffer size.

Fields inherited from class org.bouncycastle.cms.CMSContentInfoParser

_contentInfo, _data

Constructor Summary

CMSSignedDataParser(DigestCalculatorProvider digestCalculatorProvider, byte[] sigBlock)

CMSSignedDataParser(DigestCalculatorProvider digestCalculatorProvider, CMSTypedStream signedContent, byte[] sigBlock)

CMSSignedDataParser(DigestCalculatorProvider digestCalculatorProvider, CMSTypedStream signedContent, java.io.InputStream sigData)
base constructor

CMSSignedDataParser(DigestCalculatorProvider digestCalculatorProvider, java.io.InputStream sigData)
base constructor - with encapsulated content

Method Summary

org.bouncycastle.util.Store	getAttributeCertificates() Return any X.509 attribute certificate objects in this SignedData structure as a Store of X509AttributeCertificateHolder objects.
org.bouncycastle.util.Store	getCertificates() Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects.
org.bouncycastle.util.Store	getCRLs() Return any X.509 CRL objects in this SignedData structure as a Store of X509CRLHolder objects.
java.util.Set	getDigestAlgorithmIDs() Return the digest algorithm identifiers for the SignedData object
org.bouncycastle.util.Store	getOtherRevocationInfo(org.bouncycastle.asn1.ASN1ObjectIdentifier otherRevocationInfoFormat) Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in this SignedData structure.
CMSTypedStream	getSignedContent()
java.lang.String	getSignedContentTypeOID() Return the a string representation of the OID associated with the encapsulated content info structure carried in the signed data.
SignerInformationStore	getSignerInfos() return the collection of signers that are associated with the signatures for the message.
int	getVersion() Return the version number for the SignedData object
static java.io.OutputStream	replaceCertificatesAndCRLs(java.io.InputStream original, org.bouncycastle.util.Store certs, org.bouncycastle.util.Store crls, org.bouncycastle.util.Store attrCerts, java.io.OutputStream out) Replace the certificate and CRL information associated with this CMSSignedData object with the new one passed in.
static java.io.OutputStream	replaceSigners(java.io.InputStream original, SignerInformationStore signerInformationStore, java.io.OutputStream out) Replace the signerinformation store associated with the passed in message contained in the stream original with the new one passed in.

Methods inherited from class org.bouncycastle.cms.CMSContentInfoParser

close

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CMSSignedDataParser

public CMSSignedDataParser(DigestCalculatorProvider digestCalculatorProvider,
                           byte[] sigBlock)
                    throws CMSException

CMSSignedDataParser

public CMSSignedDataParser(DigestCalculatorProvider digestCalculatorProvider,
                           CMSTypedStream signedContent,
                           byte[] sigBlock)
                    throws CMSException

CMSSignedDataParser

public CMSSignedDataParser(DigestCalculatorProvider digestCalculatorProvider,
                           java.io.InputStream sigData)
                    throws CMSException

base constructor - with encapsulated content

CMSSignedDataParser

public CMSSignedDataParser(DigestCalculatorProvider digestCalculatorProvider,
                           CMSTypedStream signedContent,
                           java.io.InputStream sigData)
                    throws CMSException

base constructor

Parameters:

digestCalculatorProvider - for generating accumulating digests

signedContent - the content that was signed.

sigData - the signature object stream.

Method Detail

getVersion

public int getVersion()

Return the version number for the SignedData object

Returns:

the version number

getDigestAlgorithmIDs

public java.util.Set getDigestAlgorithmIDs()

Return the digest algorithm identifiers for the SignedData object

Returns:

the set of digest algorithm identifiers

getSignerInfos

public SignerInformationStore getSignerInfos()
                                      throws CMSException

return the collection of signers that are associated with the signatures for the message.

Throws:

CMSException -

getCertificates

public org.bouncycastle.util.Store getCertificates()
                                            throws CMSException

Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects.

Returns:

a Store of X509CertificateHolder objects.

getCRLs

public org.bouncycastle.util.Store getCRLs()
                                    throws CMSException

Return any X.509 CRL objects in this SignedData structure as a Store of X509CRLHolder objects.

Returns:

a Store of X509CRLHolder objects.

getAttributeCertificates

public org.bouncycastle.util.Store getAttributeCertificates()
                                                     throws CMSException

Return any X.509 attribute certificate objects in this SignedData structure as a Store of X509AttributeCertificateHolder objects.

Returns:

a Store of X509AttributeCertificateHolder objects.

getOtherRevocationInfo

public org.bouncycastle.util.Store getOtherRevocationInfo(org.bouncycastle.asn1.ASN1ObjectIdentifier otherRevocationInfoFormat)
                                                   throws CMSException

Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in this SignedData structure.

Parameters:

otherRevocationInfoFormat - OID of the format type been looked for.

Returns:

a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found.

getSignedContentTypeOID

public java.lang.String getSignedContentTypeOID()

Return the a string representation of the OID associated with the encapsulated content info structure carried in the signed data.

Returns:

the OID for the content type.

getSignedContent

public CMSTypedStream getSignedContent()

replaceSigners

public static java.io.OutputStream replaceSigners(java.io.InputStream original,
                                                  SignerInformationStore signerInformationStore,
                                                  java.io.OutputStream out)
                                           throws CMSException,
                                                  java.io.IOException

Replace the signerinformation store associated with the passed in message contained in the stream original with the new one passed in. You would probably only want to do this if you wanted to change the unsigned attributes associated with a signer, or perhaps delete one.

The output stream is returned unclosed.

Parameters:

original - the signed data stream to be used as a base.

signerInformationStore - the new signer information store to use.

out - the stream to write the new signed data object to.

Returns:

out.

replaceCertificatesAndCRLs

public static java.io.OutputStream replaceCertificatesAndCRLs(java.io.InputStream original,
                                                              org.bouncycastle.util.Store certs,
                                                              org.bouncycastle.util.Store crls,
                                                              org.bouncycastle.util.Store attrCerts,
                                                              java.io.OutputStream out)
                                                       throws CMSException,
                                                              java.io.IOException

Replace the certificate and CRL information associated with this CMSSignedData object with the new one passed in.

The output stream is returned unclosed.

Parameters:

original - the signed data stream to be used as a base.

certs - new certificates to be used, if any.

crls - new CRLs to be used, if any.

attrCerts - new attribute certificates to be used, if any.

out - the stream to write the new signed data object to.

Returns:

out.

Throws:

CMSException - if there is an error processing the CertStore