Examples of codec.pkcs9.Attributes

• codec.pkcs9.InvalidAttributeException
  This class represents Attributes as defined in PKCS#6. The ASN.1 definition of this structure is

   Attributes ::= SET OF Attribute 

  Instances can be initialized with a {@link OIDRegistry OIDRegistry} that isused to resolve attribute value types. The type of value of a PKCS#6 Content Type Attribute is for instance OBJECT IDENTIFIER. The OID of this attribute is { pkcs-9 3}. The OID identifies both the attribute and the attribute value's type.

  Please note that when a registry is specified, exceptions are thrown if an attribute is encountered whose type cannot be resolved by that registry or any of the global registries. @author Volker Roth @version "$Id: Attributes.java,v 1.2 2000/12/06 17:47:33 vroth Exp $"

    public Verifier(Signable sigdat, SignerInfo info, X509Certificate cert)
      throws GeneralSecurityException {
  AlgorithmParameterSpec spec;
  ASN1ObjectIdentifier oid;
  ASN1OctetString octets;
  Attributes attributes;
  Attribute attribute;
  String sigalg;
  String mdalg;

  /*
   * Either a certificate or a SignerInfo is needed. We might do without
   * one of'em but not without both. The SignedData is need in every case.
   */
  if (info == null && cert == null) {
      throw new IllegalArgumentException(
        "Need either a SignerInfo or a certificate!");
  }
  if (sigdat == null) {
      throw new NullPointerException("Need a SignedData!");
  }
  target_ = sigdat;

  /*
   * If the SignerInfo is null then we try to get it from the SignedData.
   */
  if (info == null) {
      info = target_.getSignerInfo(cert);

      if (info == null) {
    throw new NoSuchSignerException("No signer info found for: "
      + cert.getIssuerDN().getName() + ", "
      + cert.getSerialNumber());
      }
  }
  /*
   * If we have a SignerInfo but no certificate the we try and see if we
   * can get it from the SignedData.
   */
  else if (cert == null) {
      cert = target_.getCertificate(info.getIssuerDN(), info
        .getSerialNumber());

      if (cert == null) {
    throw new CertificateException("No certificate available for: "
      + info.getIssuerDN().getName() + ", "
      + info.getSerialNumber());
      }
  }
  /*
   * We have both a SignerInfo and a certificate, now let's see if they
   * have matching issuer and serial number.
   */
  else {
      if (!info.equivIssuerAndSerialNumber(cert)) {
    throw new IllegalArgumentException(
      "SignerInfo and certificate don't match!");
      }
  }
  /*
   * At this point we should have both a SignerInfo and a matching
   * certificate.
   */
  info_ = info;
  cert_ = cert;
  sigalg = info_.getAlgorithm();

  /*
   * We now check for a simple one-step verification or a two-step
   * verification. One-step occurs only in the degenerate case that the
   * content type of the SignedData instance is DATA and there are no
   * authenticated attributes in it.
   *
   * Otherwise we have to check painfully for the various details on
   * required attributes.
   */
  attributes = info_.authenticatedAttributes();
  oid = target_.getContentType();

  if (attributes.size() > 0 || !oid.equals(DATA)) {
      twostep_ = true;

      attribute = info_.authenticatedAttributes().getAttribute(
        CONTENT_TYPE);

  /* Digest Algorithm Identifier */
  dAlg_ = new AlgorithmIdentifier();
  add(dAlg_);

  /* Authenticated Attributes */
  auth_ = new Attributes();
  add(new ASN1TaggedType(0, auth_, false, true));

  /* Digest Encryption Algorithm Identifier */
  cAlg_ = new AlgorithmIdentifier();
  add(cAlg_);

  /* Encrypted Digest */
  edig_ = new ASN1OctetString();
  add(edig_);

  /* Unauthenticated Attributes */
  attr_ = new Attributes();
  add(new ASN1TaggedType(1, attr_, false, true));
    }

  /* Digest Algorithm Identifier */
  dAlg_ = new AlgorithmIdentifier();
  add(dAlg_);

  /* Authenticated Attributes */
  auth_ = new Attributes(registry);
  add(new ASN1TaggedType(0, auth_, false, true));

  /* Digest Encryption Algorithm Identifier */
  cAlg_ = new AlgorithmIdentifier();
  add(cAlg_);

  /* Encrypted Digest */
  edig_ = new ASN1OctetString();
  add(edig_);

  /* Unauthenticated Attributes */
  attr_ = new Attributes(registry);
  add(new ASN1TaggedType(1, attr_, false, true));
    }

  }
  /* Digest Algorithm Identifier */
  add(dAlg_);

  /* Authenticated Attributes */
  auth_ = new Attributes();
  add(new ASN1TaggedType(0, auth_, false, true));

  /* Digest Encryption Algorithm Identifier */
  add(cAlg_);

  /* Encrypted Digest */
  edig_ = new ASN1OctetString();
  add(edig_);

  /* Unauthenticated Attributes */
  attr_ = new Attributes();
  add(new ASN1TaggedType(1, attr_, false, true));

  algorithm_ = algorithm;
    }

  }
  /* Digest Algorithm Identifier */
  add(dAlg_);

  /* Authenticated Attributes */
  auth_ = new Attributes();
  add(new ASN1TaggedType(0, auth_, false, true));

  /* Digest Encryption Algorithm Identifier */
  add(cAlg_);

  /* Encrypted Digest */
  edig_ = new ASN1OctetString();
  add(edig_);

  /* Unauthenticated Attributes */
  attr_ = new Attributes();
  add(new ASN1TaggedType(1, attr_, false, true));

  algorithm_ = algorithm;
    }

  /* Digest Algorithm Identifier */
  add(dAlg_);

  /* Authenticated Attributes */
  auth_ = new Attributes();
  add(new ASN1TaggedType(0, auth_, false, true));

  /* Digest Encryption Algorithm Identifier */
  add(cAlg_);

  /* Encrypted Digest */
  edig_ = new ASN1OctetString();
  add(edig_);

  /* Unauthenticated Attributes */
  attr_ = new Attributes();
  add(new ASN1TaggedType(1, attr_, false, true));

  algorithm_ = algorithm;
  if (params != null) {
      try {

  /* Digest Algorithm Identifier */
  add(dAlg_);

  /* Authenticated Attributes */
  auth_ = new Attributes();
  add(new ASN1TaggedType(0, auth_, false, true));

  /* Digest Encryption Algorithm Identifier */
  add(cAlg_);

  /* Encrypted Digest */
  edig_ = new ASN1OctetString();
  add(edig_);

  /* Unauthenticated Attributes */
  attr_ = new Attributes();
  add(new ASN1TaggedType(1, attr_, false, true));

  algorithm_ = algorithm;
  if (params != null) {
      try {

     */
    public Signer(Signable sigdat, SignerInfo info, PrivateKey key)
      throws GeneralSecurityException {
  AlgorithmParameterSpec spec;
  ASN1ObjectIdentifier oid;
  Attributes attributes;
  Attribute attribute;
  String sigalg;
  String mdalg;

  /*
   * We can't do without both a SignerInfo and a private key.
   */
  if (sigdat == null || info == null || key == null) {
      throw new NullPointerException(
        "Need a Signable, SignerInfo and PrivateKey!");
  }
  info_ = info;
  target_ = sigdat;
  sigalg = info_.getAlgorithm();

  /*
   * Here comes the tough part. We have to check the authenticated
   * attributes. In the degenerated case of no authenticated attributes
   * and a content type of Data in the SignedData we do one-step signing.
   * In all other cases we have to use two steps and we have to add and/or
   * check attributes.
   */
  attributes = info_.authenticatedAttributes();
  oid = target_.getContentType();

  // CHANGED BY CV
  // if (attributes.size() > 0 || !oid.equals(DATA))
  if (attributes.size() > 0) {
      twostep_ = true;

      attribute = info_.authenticatedAttributes().getAttribute(
        CONTENT_TYPE);

      /*
       * If there is no content type attribute then we have to add one. If
       * there is one then we have to make sure that there is no mismatch.
       *
       * The code could correct and replace attributes with a wrong type,
       * but I guess it's better to throw an exception because something
       * with the application's code is probably wrong.
       */
      if (attribute == null) {
    attribute = new Attribute((ASN1ObjectIdentifier) CONTENT_TYPE
      .clone(), (ASN1ObjectIdentifier) oid.clone());

    attributes.add(attribute);
      } else if (attribute.valueCount() < 1) {
    throw new InvalidAttributeException(
      "Content type attribute has no value!");
      } else if (!attribute.valueAt(0).equals(oid)) {
    throw new InvalidAttributeException(

      if (attribute == null) {
    throw new NoSuchAttributeException(
      "ContentType attribute missing!");
      }
      if (attribute.valueCount() == 0) {
    throw new InvalidAttributeException(
      "ContentType attribute has no OID!");
      }
      if (!oid.equals(attribute.valueAt(0))) {
    throw new InvalidAttributeException(
      "ContentType attribute mismatch!");
      }
      attribute = info_.authenticatedAttributes().getAttribute(
        MESSAGE_DIGEST);

      if (attribute == null) {
    throw new NoSuchAttributeException(
      "MessageDigest attribute missing!");
      }
      if (attribute.valueCount() == 0) {
    throw new InvalidAttributeException(
      "MessageDigest attribute has no data!");
      }
      octets = (ASN1OctetString) attribute.valueAt(0);
      md_ = octets.getByteArray();
      mdalg = JCA.getName(JCA.getDigestOID(sigalg));

    attribute = new Attribute((ASN1ObjectIdentifier) CONTENT_TYPE
      .clone(), (ASN1ObjectIdentifier) oid.clone());

    attributes.add(attribute);
      } else if (attribute.valueCount() < 1) {
    throw new InvalidAttributeException(
      "Content type attribute has no value!");
      } else if (!attribute.valueAt(0).equals(oid)) {
    throw new InvalidAttributeException(
      "Content type attribute has wrong value!");
      }
      attribute = info_.authenticatedAttributes().getAttribute(
        MESSAGE_DIGEST);