Examples of codec.pkcs7.SignedData

• org.apache.harmony.security.pkcs7.SignedData
  The signatures generated by this class are compatible to Sun's jarsigner. The actual bytes being signed are denoted payload in this documenatation, in order to differentiate between the signing of arbitrary (opaque) data and the DER encoding of registered ASN.1 structures such as EnvelopedData.

  Presently, only content of type {@link Data Data} is supported. Eitherdetached signatures may be generated (in which case the content consists of a {@link Data Data} type with no content) or the payload may be embedded intothe content info of this structure (automatically wrapped into a {@link Data Data} type.

  Use {@link SignerInfo SignerInfo} instances for signing and verifyinginstances of this class such as illustrated in the code example below. This example shows how to verify a detached signature on a file. One PKCS#7 structure may contain multiple signatures. In the example given below, all of them are verified.

   public void verifyFile(SignedData sd, File file) { boolean ok; Iterator i; Verifier verifier; SignerInfo info; FileInputStream in; for (i = sd.getSignerInfos().iterator(); i.hasNext();) { info = (SignerInfo) i.next(); System.out.println("\nVerifying:\n" + info.toString()); verifier = new Verifier(sd, info, null); in = new FileInputStream(file); verifier.update(in); in.close(); ok = (verifier.verify() != null); System.out.println(ok ? "Signature OK" : "BAD SIGNATURE!"); } } 

  If the data embedded in a SignedData instance shall be verified then this data must be retrieved by means of the {@link #getData getData}method first and must be passed to one of the update methods just as the detached data in the example above.

  Likewise, if data shall be signed and attached to a SignedData instance then the signing process of that data must be completed as for detached data. The signed data then can be attached to the SignedData instance by means of the {@link #setData setData} method.The definition of this structure is:

   SignedData ::= SEQUENCE { version Version, digestAlgorithms DigestAlgorithmIdentifiers, contentInfo ContentInfo, certificates [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL, crls [1] IMPLICIT CertificateRevocationLists OPTIONAL, signerInfos SignerInfos } DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier SignerInfos ::= SET OF SignerInfo 

  Please note that SignerInfo structures only store the issuer and serial number of the signing certificate but not the certificate itself. Neither are certificates added automatically by this class when signing is done. If a certificate shall be included with an instance of this class then it must be added explicitly by calling addCertificate(..). @author Volker Roth @version "$Id: SignedData.java,v 1.8 2004/08/12 12:25:19 pebinger Exp $"

      throws IOException, ASN1Exception, GeneralSecurityException {
  // byte[] encodedData;
  ByteArrayInputStream bais;
  PBEKeySpec pbeSpec = null;
  byte[] data = null;
  EncryptedData encData = null;

  if (((ContentInfo) this.get(i)).getContent() instanceof EncryptedData) {
      encData = (EncryptedData) ((ContentInfo) this.get(i)).getContent();
  } else {
      System.out
        .println("This bag is public-key protected or not protected at all.");
      return null;
  }
  // "PbeWithSHAAnd40BitRC2_CBC";
  String algName = encData.getAlgorithm();

  // Create the PBEBMPKey ;
  pbeSpec = new PBEKeySpec(passwd);
  SecretKeyFactory skf = null;
  skf = SecretKeyFactory.getInstance(algName);
  SecretKey pbeKey = skf.generateSecret(pbeSpec);
  encData.init(pbeKey);
  data = encData.getData();
  bais = new ByteArrayInputStream(data);
  SafeContents safe = new SafeContents();
  BERDecoder decoder = new BERDecoder(bais);
  safe.decode(decoder);
  bais.close();

  SecretKey pbekey = skf.generateSecret(pbeSpec);

  // System.out.println("The pbe key for encrypting");
  // System.out.println(new ASN1OctetString(pbekey.getEncoded()));
  // make an EncryptedData and put it in a ContentInfo
  EncryptedData ecd = new EncryptedData(algorithm, pbekey, params);
  ecd.setData(bais);
  bais.close();

  ContentInfo cinfo = new ContentInfo();
  cinfo.setContent(new codec.asn1.ASN1ObjectIdentifier(
    "1.2.840.113549.1.7.6"), ecd);

      java.security.cert.X509Certificate cert) throws IOException,
      ASN1Exception, GeneralSecurityException, NoSuchElementException {
  ByteArrayInputStream bais;

  ContentInfo cinfo = (ContentInfo) this.get(i);
  EnvelopedData envData = null;
  if (cinfo.getContent() instanceof EnvelopedData) {
      envData = (EnvelopedData) cinfo.getContent();
  } else {
      System.out
        .println("This bag is password protected or not protected at all.");
      return null;
  }

  envData.init(cert, key);
  byte[] data = envData.getData();

  bais = new ByteArrayInputStream(data);
  SafeContents safe = new SafeContents();
  BERDecoder decoder = new BERDecoder(bais);
  safe.decode(decoder);

  safe.encode(encoder);
  bais = new ByteArrayInputStream(baos.toByteArray());
  baos.close();

  // Make an envelopedData and put it in a ContentInfo
  EnvelopedData edata = new EnvelopedData(key, algorithm, params);
  edata.setData(bais);
  bais.close();
  for (int i = 0; i < cert.length; i++) {
      edata.addRecipient(cert[i]);
  }

  ContentInfo cinfo = new ContentInfo(edata);
  return cinfo;
    }

                // generate the object from PkiPath encoded form
                return (X509CertPathImpl) ASN1.decode(in);
            } else {
                // generate the object from PKCS #7 encoded form
                ContentInfo ci = (ContentInfo) ContentInfo.ASN1.decode(in);
                SignedData sd = ci.getSignedData();
                if (sd == null) {
                    throw new CertificateException(
                        Messages.getString("security.160")); //$NON-NLS-1$
                }
                List certs = sd.getCertificates();
                if (certs == null) {
                    // empty chain of certificates
                    certs = new ArrayList();
                }
                List result = new ArrayList();

                // generate the object from PkiPath encoded form
                return (X509CertPathImpl) ASN1.decode(in);
            } else {
                // generate the object from PKCS #7 encoded form
                ContentInfo ci = (ContentInfo) ContentInfo.ASN1.decode(in);
                SignedData sd = ci.getSignedData();
                if (sd == null) {
                    throw new CertificateException(
                        Messages.getString("security.160")); //$NON-NLS-1$
                }
                List certs = sd.getCertificates();
                if (certs == null) {
                    certs = new ArrayList();
                }
                List result = new ArrayList();
                for (int i=0; i<certs.size(); i++) {

            // PkiPath encoded form
            return getEncoded();
        } else {
            // PKCS7 encoded form
            if (pkcs7Encoding == null) {
                SignedData sd = new SignedData(1, new ArrayList(),
                        new ContentInfo(ContentInfo.DATA, null), certificates,
                        null, new ArrayList());
                ContentInfo ci = new ContentInfo(ContentInfo.SIGNED_DATA, sd);
                pkcs7Encoding = ci.getEncoded();
            }

                ContentInfo info = (ContentInfo)
                    ((encoding != null)
                        ? ContentInfo.ASN1.decode(encoding)
                        : ContentInfo.ASN1.decode(inStream));
                // retrieve SignedData
                SignedData data = info.getSignedData();
                if (data == null) {
                    throw new CertificateException(
                            Messages.getString("security.154")); //$NON-NLS-1$
                }
                List certs = data.getCertificates();
                if (certs != null) {
                    for (int i = 0; i < certs.size(); i++) {
                        result.add(new X509CertImpl(
                            (org.apache.harmony.security.x509.Certificate)
                                certs.get(i)));

                ContentInfo info = (ContentInfo)
                    ((encoding != null)
                        ? ContentInfo.ASN1.decode(encoding)
                        : ContentInfo.ASN1.decode(inStream));
                // retrieve SignedData
                SignedData data = info.getSignedData();
                if (data == null) {
                    throw new CRLException(
                            Messages.getString("security.154")); //$NON-NLS-1$
                }
                List crls = data.getCRLs();
                if (crls != null) {
                    for (int i = 0; i < crls.size(); i++) {
                        result.add(new X509CRLImpl(
                            (CertificateList) crls.get(i)));
                    }

        // TSTInfo OID according to RFC 3161
        int[] tSTInfoOid = new int[] { 1, 2, 840, 113549, 1, 9, 16, 1, 4 };
        ContentInfo tSTInfoEncoded = new ContentInfo(tSTInfoOid,
                ASN1OctetString.getInstance().encode(
                        TSTInfo.ASN1.encode(tSTInfo)));
        SignedData tokenContent = new SignedData(1, Collections
                .singletonList(new AlgorithmIdentifier(sha1)), tSTInfoEncoded,
                null, null, Collections.singletonList(sigInfo));
        ContentInfo timeStampToken = new ContentInfo(ContentInfo.SIGNED_DATA,
                tokenContent);