Examples of codec.pkcs7.SignedData

• codec.pkcs7.Data
  The signatures generated by this class are compatible to Sun's jarsigner. The actual bytes being signed are denoted payload in this documenatation, in order to differentiate between the signing of arbitrary (opaque) data and the DER encoding of registered ASN.1 structures such as EnvelopedData.

  Presently, only content of type {@link Data Data} is supported. Eitherdetached signatures may be generated (in which case the content consists of a {@link Data Data} type with no content) or the payload may be embedded intothe content info of this structure (automatically wrapped into a {@link Data Data} type.

  Use {@link SignerInfo SignerInfo} instances for signing and verifyinginstances of this class such as illustrated in the code example below. This example shows how to verify a detached signature on a file. One PKCS#7 structure may contain multiple signatures. In the example given below, all of them are verified.

   public void verifyFile(SignedData sd, File file) { boolean ok; Iterator i; Verifier verifier; SignerInfo info; FileInputStream in; for (i = sd.getSignerInfos().iterator(); i.hasNext();) { info = (SignerInfo) i.next(); System.out.println("\nVerifying:\n" + info.toString()); verifier = new Verifier(sd, info, null); in = new FileInputStream(file); verifier.update(in); in.close(); ok = (verifier.verify() != null); System.out.println(ok ? "Signature OK" : "BAD SIGNATURE!"); } } 

  If the data embedded in a SignedData instance shall be verified then this data must be retrieved by means of the {@link #getData getData}method first and must be passed to one of the update methods just as the detached data in the example above.

  Likewise, if data shall be signed and attached to a SignedData instance then the signing process of that data must be completed as for detached data. The signed data then can be attached to the SignedData instance by means of the {@link #setData setData} method.The definition of this structure is:

   SignedData ::= SEQUENCE { version Version, digestAlgorithms DigestAlgorithmIdentifiers, contentInfo ContentInfo, certificates [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL, crls [1] IMPLICIT CertificateRevocationLists OPTIONAL, signerInfos SignerInfos } DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier SignerInfos ::= SET OF SignerInfo 

  Please note that SignerInfo structures only store the issuer and serial number of the signing certificate but not the certificate itself. Neither are certificates added automatically by this class when signing is done. If a certificate shall be included with an instance of this class then it must be added explicitly by calling addCertificate(..). @author Volker Roth @version "$Id: SignedData.java,v 1.8 2004/08/12 12:25:19 pebinger Exp $"

     * @param safe
     *                the SafeContents to be added to the AuthenticatedSafe
     */
    public void addSafeContents(SafeContents safe) throws IOException,
      ASN1Exception {
  ContentInfo cinfo = makeData(safe);
  add(cinfo);
    }

     *                the PBE algorithm to be used
     */
    public void addSafeContents(SafeContents safe, char[] passwd,
      String algorithm) throws IOException, ASN1Exception,
      GeneralSecurityException {
  ContentInfo cinfo = makeEncryptedData(safe, passwd, algorithm);
  add(cinfo);
    }

     */
    public void addSafeContents(SafeContents safe, SecretKey key,
      String algorithm, AlgorithmParameters params,
      java.security.cert.X509Certificate[] cert) throws IOException,
      ASN1Exception, BadNameException, GeneralSecurityException {
  ContentInfo cinfo = makeEnvelopedData(safe, key, algorithm, params,
    cert);
  add(cinfo);
    }

     */
    public int[] getProtectionMode() {
  int[] proMode;
  proMode = new int[this.size()];
  for (int i = 0; i < this.size(); i++) {
      ContentInfo cinfo = (ContentInfo) this.get(i);
      if (cinfo.getContent() instanceof Data) {
    proMode[i] = NO_PROTECTION;
      } else if (cinfo.getContent() instanceof EncryptedData) {
    proMode[i] = PASSWORD_PROTECTION;
      } else if (cinfo.getContent() instanceof EnvelopedData) {
    proMode[i] = PUBLIC_KEY_PROTECTION;
      } else {
    throw new IllegalStateException("Illegal protection mode: "
      + proMode[i]);
      }

     */
    public SafeContents getSafeContents(int i) throws IOException,
      ASN1Exception {
  byte[] encodedData;
  ByteArrayInputStream bais;
  ContentInfo cinfo = (ContentInfo) this.get(i);
  if (cinfo.getContent() instanceof Data) {
      encodedData = ((Data) cinfo.getContent()).getByteArray();
  } else {
      System.out
        .println("This bag is either password or public-key protected.");
      return null;
  }

    public SafeContents getSafeContents(int i, java.security.PrivateKey key,
      java.security.cert.X509Certificate cert) throws IOException,
      ASN1Exception, GeneralSecurityException, NoSuchElementException {
  ByteArrayInputStream bais;

  ContentInfo cinfo = (ContentInfo) this.get(i);
  EnvelopedData envData = null;
  if (cinfo.getContent() instanceof EnvelopedData) {
      envData = (EnvelopedData) cinfo.getContent();
  } else {
      System.out
        .println("This bag is password protected or not protected at all.");
      return null;
  }

  ByteArrayOutputStream baos = new ByteArrayOutputStream();
  DEREncoder encoder = new DEREncoder(baos);
  safe.encode(encoder);
  data = new Data(baos.toByteArray());
  baos.close();
  ContentInfo cInfo = new ContentInfo(data);
  return cInfo;
    }

  // make an EncryptedData and put it in a ContentInfo
  EncryptedData ecd = new EncryptedData(algorithm, pbekey, params);
  ecd.setData(bais);
  bais.close();

  ContentInfo cinfo = new ContentInfo();
  cinfo.setContent(new codec.asn1.ASN1ObjectIdentifier(
    "1.2.840.113549.1.7.6"), ecd);
  return cinfo;
    }

  bais.close();
  for (int i = 0; i < cert.length; i++) {
      edata.addRecipient(cert[i]);
  }

  ContentInfo cinfo = new ContentInfo(edata);
  return cinfo;
    }

     *
     * @return Contentinfo with contentType Data.
     */
    private ContentInfo makeData(SafeContents safe) throws IOException,
      ASN1Exception {
  Data data = null;
  ByteArrayOutputStream baos = new ByteArrayOutputStream();
  DEREncoder encoder = new DEREncoder(baos);
  safe.encode(encoder);
  data = new Data(baos.toByteArray());
  baos.close();
  ContentInfo cInfo = new ContentInfo(data);
  return cInfo;
    }