org.mozilla.jss.pkix.cms

Class SignedData

public class SignedData extends Object implements ASN1Value

A CMS SignedData structure.

The certificates field should only contain X.509 certificates. PKCS #6 extended certificates will fail to decode properly.

Nested Class Summary
static classSignedData.Template
A template file for decoding a SignedData blob
Constructor Summary
SignedData(SET digestAlgorithms, EncapsulatedContentInfo contentInfo, SET certificates, SET crls, SET signerInfos)
Create a SignedData ASN1 object.
Method Summary
voidencode(OutputStream ostream)
voidencode(Tag tag, OutputStream ostream)
SETgetCertificates()
Returns the certificates field, which is a SET of X.509 certificates (org.mozilla.jss.pkix.cert.Certificate).
EncapsulatedContentInfogetContentInfo()
Returns the EncapsulatedContentInfo containing the signed content.
SETgetCrls()
Returns the crls field, which contains a SET of certificate revocation lists represented by ANYs (org.mozilla.jss.asn1.ANY).
SETgetDigestAlgorithmIdentifiers()
Returns the digest algorithms used by the signers to digest the signed content.
SETgetSignerInfos()
Returns the signerInfos field, which is a SET of org.mozilla.jss.pkcs7.SignerInfo.
TaggetTag()
static SignedData.TemplategetTemplate()
INTEGERgetVersion()
Returns the version of this SignedData.
booleanhasCertificates()
Returns true if the certificates field is present.
booleanhasCrls()
Returns true if the crls field is present.

Constructor Detail

SignedData

public SignedData(SET digestAlgorithms, EncapsulatedContentInfo contentInfo, SET certificates, SET crls, SET signerInfos)
Create a SignedData ASN1 object. Both certificates and crls are optional. If you pass in a null for either value, that parameter will not get written in the sequence.

Parameters: digestAlgorithms A SET of zero or more algorithm identifiers. The purpose of this item is to list the digest algorithms used by the various signers to digest the signed content. This field will also be updated by the addSigner method. If all the signers are added with addSigner, it is not necessary to list the digest algorithms here.

If null is passed in, the digestAlgorithms field will be initialized with an empty SET. contentInfo The content that is being signed. This parameter may not be null. However, the content field of the contentInfo may be omitted, in which case the signatures contained in the SignerInfo structures are presumed to be on externally-supplied data. certificates A SET of org.mozilla.jss.pkix.cert.Certificate, the certificates containing the public keys used to sign the content. It may also contain elements of the CA chain extending from the leaf certificates. It is not necessary to include the CA chain, or indeed to include any certificates, if the certificates are expected to already be possessed by the recipient. The recipient can use the issuer and serial number in the SignerInfo structure to search for the necessary certificates. If this parameter is null, the certificates field will be omitted. crls A SET of ASN1Values, which should encode to the ASN1 type CertificateRevocationList. This implementation does not interpret crls. If this parameter is null, the crls field will be omitted. signerInfos SignerInfo structures containing signatures of the content. Additional signerInfos can be added with the addSigner method. If this parameter is null, the field will be initialized with an empty SET.

Method Detail

encode

public void encode(OutputStream ostream)

encode

public void encode(Tag tag, OutputStream ostream)

getCertificates

public SET getCertificates()
Returns the certificates field, which is a SET of X.509 certificates (org.mozilla.jss.pkix.cert.Certificate). PKCS #6 Extended Certificates are not supported by this implementation. Returns null if this optional field is not present.

getContentInfo

public EncapsulatedContentInfo getContentInfo()
Returns the EncapsulatedContentInfo containing the signed content. The simple case is for the content to be of type data, although any content type can be signed.

getCrls

public SET getCrls()
Returns the crls field, which contains a SET of certificate revocation lists represented by ANYs (org.mozilla.jss.asn1.ANY).

getDigestAlgorithmIdentifiers

public SET getDigestAlgorithmIdentifiers()
Returns the digest algorithms used by the signers to digest the signed content. There may be more than one, if different signers use different digesting algorithms.

getSignerInfos

public SET getSignerInfos()
Returns the signerInfos field, which is a SET of org.mozilla.jss.pkcs7.SignerInfo.

getTag

public Tag getTag()

getTemplate

public static SignedData.Template getTemplate()

getVersion

public INTEGER getVersion()
Returns the version of this SignedData. The current version of the spec is version 3.

hasCertificates

public boolean hasCertificates()
Returns true if the certificates field is present.

hasCrls

public boolean hasCrls()
Returns true if the crls field is present.