org.mozilla.jss.pkix.cms

Class SignerInfo

public class SignerInfo extends Object implements ASN1Value

A CMS SignerInfo.
Nested Class Summary
static classSignerInfo.Template
A template for decoding a SignerInfo blob
Constructor Summary
SignerInfo(SignerIdentifier signerIdentifier, SET signedAttributes, SET unsignedAttributes, OBJECT_IDENTIFIER contentType, byte[] messageDigest, SignatureAlgorithm signingAlg, PrivateKey signingKey)
A constructor for creating a new SignerInfo from scratch.
Method Summary
voidencode(OutputStream ostream)
voidencode(Tag tag, OutputStream ostream)
DigestAlgorithmgetDigestAlgorithm()
Retrieves the DigestAlgorithm used in this SignerInfo.
AlgorithmIdentifiergetDigestAlgorithmIdentifer()
Retrieves the DigestAlgorithmIdentifier used in this SignerInfo.
SignatureAlgorithmgetDigestEncryptionAlgorithm()
Returns the raw signature (digest encryption) algorithm used in this SignerInfo.
AlgorithmIdentifiergetDigestEncryptionAlgorithmIdentifier()
Returns the DigestEncryptionAlgorithmIdentifier used in this SignerInfo.
byte[]getEncryptedDigest()
Retrieves the encrypted digest.
SETgetSignedAttributes()
Retrieves the signed attributes, if they exist.
SignerIdentifiergetSignerIdentifier()
Retrieves the SignerIdentifier.
TaggetTag()
static SignerInfo.TemplategetTemplate()
SETgetUnsignedAttributes()
Retrieves the unsigned attributes, if they exist.
INTEGERgetVersion()
Retrieves the version number of this SignerInfo.
booleanhasSignedAttributes()
Returns true if the signedAttributes field is present.
booleanhasUnsignedAttributes()
Returns true if the unsignedAttributes field is present.
voidverify(byte[] messageDigest, OBJECT_IDENTIFIER contentType)
Verifies that this SignerInfo contains a valid signature of the given message digest.
voidverify(byte[] messageDigest, OBJECT_IDENTIFIER contentType, PublicKey pubkey)
Verifies that this SignerInfo contains a valid signature of the given message digest.

Constructor Detail

SignerInfo

public SignerInfo(SignerIdentifier signerIdentifier, SET signedAttributes, SET unsignedAttributes, OBJECT_IDENTIFIER contentType, byte[] messageDigest, SignatureAlgorithm signingAlg, PrivateKey signingKey)
A constructor for creating a new SignerInfo from scratch.

Parameters: signerIdentifier The signerIdentifier of the certificate from which the public key was extracted to create this SignerInfo. signingAlg The algorithm to be used to sign the content. This should be a composite algorithm, such as RSASignatureWithMD5Digest, instead of a raw algorithm, such as RSASignature. Note that the digest portion of this algorithm must be the same algorithm as was used to digest the message content. signedAttributes An optional set of Attributes, which will be signed along with the message content. This parameter may be null, or the SET may be empty. DO NOT insert the PKCS #9 content-type or message-digest attributes. They will be added automatically if they are necessary. unsignedAttributes An optional set of Attributes, which will be included in the SignerInfo but not signed. This parameter may be null, or the SET may be empty. messageDigest The digest of the message contents. The digest must have been created with the digest algorithm specified by the signingAlg parameter. contentType The type of the ContentInfo that is being signed. If it is not data, then the PKCS #9 attributes content-type and message-digest will be automatically computed and added to the signed attributes.

Method Detail

encode

public void encode(OutputStream ostream)

encode

public void encode(Tag tag, OutputStream ostream)

getDigestAlgorithm

public DigestAlgorithm getDigestAlgorithm()
Retrieves the DigestAlgorithm used in this SignerInfo.

Throws: NoSuchAlgorithm If the algorithm is not recognized by JSS.

getDigestAlgorithmIdentifer

public AlgorithmIdentifier getDigestAlgorithmIdentifer()
Retrieves the DigestAlgorithmIdentifier used in this SignerInfo.

getDigestEncryptionAlgorithm

public SignatureAlgorithm getDigestEncryptionAlgorithm()
Returns the raw signature (digest encryption) algorithm used in this SignerInfo.

Throws: NoSuchAlgorithmException If the algorithm is not recognized by JSS.

getDigestEncryptionAlgorithmIdentifier

public AlgorithmIdentifier getDigestEncryptionAlgorithmIdentifier()
Returns the DigestEncryptionAlgorithmIdentifier used in this SignerInfo.

getEncryptedDigest

public byte[] getEncryptedDigest()
Retrieves the encrypted digest.

getSignedAttributes

public SET getSignedAttributes()
Retrieves the signed attributes, if they exist.

getSignerIdentifier

public SignerIdentifier getSignerIdentifier()
Retrieves the SignerIdentifier.

getTag

public Tag getTag()

getTemplate

public static SignerInfo.Template getTemplate()

getUnsignedAttributes

public SET getUnsignedAttributes()
Retrieves the unsigned attributes, if they exist.

getVersion

public INTEGER getVersion()
Retrieves the version number of this SignerInfo.

hasSignedAttributes

public boolean hasSignedAttributes()
Returns true if the signedAttributes field is present.

hasUnsignedAttributes

public boolean hasUnsignedAttributes()
Returns true if the unsignedAttributes field is present.

verify

public void verify(byte[] messageDigest, OBJECT_IDENTIFIER contentType)
Verifies that this SignerInfo contains a valid signature of the given message digest. If any signed attributes are present, they are also validated. The verification algorithm is as follows:

Parameters: messageDigest The hash of the content that is signed by this SignerInfo. contentType The type of the content that is signed by this SignerInfo.

Throws: NoSuchObjectException If no certificate matching the the issuer name and serial number can be found.

verify

public void verify(byte[] messageDigest, OBJECT_IDENTIFIER contentType, PublicKey pubkey)
Verifies that this SignerInfo contains a valid signature of the given message digest. If any signed attributes are present, they are also validated. The verification algorithm is as follows:

Parameters: messageDigest The hash of the content that is signed by this SignerInfo. contentType The type of the content that is signed by this SignerInfo. pubkey The public key to use to verify the signature.