org.mozilla.jss.pkcs7

Class SignerInfo

public class SignerInfo extends Object implements ASN1Value

A PKCS #7 SignerInfo.
Nested Class Summary
static classSignerInfo.Template
A template for decoding a SignerInfo blob
Constructor Summary
SignerInfo(IssuerAndSerialNumber issuerAndSerialNumber, SET authenticatedAttributes, SET unauthenticatedAttributes, OBJECT_IDENTIFIER contentType, byte[] messageDigest, SignatureAlgorithm signingAlg, PrivateKey signingKey)
A constructor for creating a new SignerInfo from scratch.
Method Summary
voidencode(OutputStream ostream)
voidencode(Tag tag, OutputStream ostream)
SETgetAuthenticatedAttributes()
Retrieves the authenticated attributes, if they exist.
DigestAlgorithmgetDigestAlgorithm()
Retrieves the DigestAlgorithm used in this SignerInfo.
AlgorithmIdentifiergetDigestAlgorithmIdentifer()
Retrieves the DigestAlgorithmIdentifier used in this SignerInfo.
SignatureAlgorithmgetDigestEncryptionAlgorithm()
Returns the raw signature (digest encryption) algorithm used in this SignerInfo.
AlgorithmIdentifiergetDigestEncryptionAlgorithmIdentifier()
Returns the DigestEncryptionAlgorithmIdentifier used in this SignerInfo.
byte[]getEncryptedDigest()
Retrieves the encrypted digest.
IssuerAndSerialNumbergetIssuerAndSerialNumber()
Retrieves the issuer and serial number of the certificate whose private key was used to sign the SignerInfo.
TaggetTag()
static SignerInfo.TemplategetTemplate()
SETgetUnauthenticatedAttributes()
Retrieves the unauthenticated attributes, if they exist.
INTEGERgetVersion()
Retrieves the version number of this SignerInfo.
booleanhasAuthenticatedAttributes()
Returns true if the authenticatedAttributes field is present.
booleanhasUnauthenticatedAttributes()
Returns true if the unauthenticatedAttributes field is present.
voidverify(byte[] messageDigest, OBJECT_IDENTIFIER contentType)
Verifies that this SignerInfo contains a valid signature of the given message digest.
voidverify(byte[] messageDigest, OBJECT_IDENTIFIER contentType, PublicKey pubkey)
Verifies that this SignerInfo contains a valid signature of the given message digest.

Constructor Detail

SignerInfo

public SignerInfo(IssuerAndSerialNumber issuerAndSerialNumber, SET authenticatedAttributes, SET unauthenticatedAttributes, OBJECT_IDENTIFIER contentType, byte[] messageDigest, SignatureAlgorithm signingAlg, PrivateKey signingKey)
A constructor for creating a new SignerInfo from scratch.

Parameters: issuerAndSerialNumber The issuer and serial number of the certificate from which the public key was extracted to create this SignerInfo. signingAlg The algorithm to be used to sign the content. This should be a composite algorithm, such as RSASignatureWithMD5Digest, instead of a raw algorithm, such as RSASignature. Note that the digest portion of this algorithm must be the same algorithm as was used to digest the message content. authenticatedAttributes An optional set of Attributes, which will be signed along with the message content. This parameter may be null, or the SET may be empty. DO NOT insert the PKCS #9 content-type or message-digest attributes. They will be added automatically if they are necessary. unauthenticatedAttributes An optional set of Attributes, which will be included in the SignerInfo but not signed. This parameter may be null, or the SET may be empty. messageDigest The digest of the message contents. The digest must have been created with the digest algorithm specified by the signingAlg parameter. contentType The type of the ContentInfo that is being signed. If it is not data, then the PKCS #9 attributes content-type and message-digest will be automatically computed and added to the authenticated attributes.

Method Detail

encode

public void encode(OutputStream ostream)

encode

public void encode(Tag tag, OutputStream ostream)

getAuthenticatedAttributes

public SET getAuthenticatedAttributes()
Retrieves the authenticated attributes, if they exist.

getDigestAlgorithm

public DigestAlgorithm getDigestAlgorithm()
Retrieves the DigestAlgorithm used in this SignerInfo.

Throws: NoSuchAlgorithm If the algorithm is not recognized by JSS.

getDigestAlgorithmIdentifer

public AlgorithmIdentifier getDigestAlgorithmIdentifer()
Retrieves the DigestAlgorithmIdentifier used in this SignerInfo.

getDigestEncryptionAlgorithm

public SignatureAlgorithm getDigestEncryptionAlgorithm()
Returns the raw signature (digest encryption) algorithm used in this SignerInfo.

Throws: NoSuchAlgorithmException If the algorithm is not recognized by JSS.

getDigestEncryptionAlgorithmIdentifier

public AlgorithmIdentifier getDigestEncryptionAlgorithmIdentifier()
Returns the DigestEncryptionAlgorithmIdentifier used in this SignerInfo.

getEncryptedDigest

public byte[] getEncryptedDigest()
Retrieves the encrypted digest.

getIssuerAndSerialNumber

public IssuerAndSerialNumber getIssuerAndSerialNumber()
Retrieves the issuer and serial number of the certificate whose private key was used to sign the SignerInfo.

getTag

public Tag getTag()

getTemplate

public static SignerInfo.Template getTemplate()

getUnauthenticatedAttributes

public SET getUnauthenticatedAttributes()
Retrieves the unauthenticated attributes, if they exist.

getVersion

public INTEGER getVersion()
Retrieves the version number of this SignerInfo.

hasAuthenticatedAttributes

public boolean hasAuthenticatedAttributes()
Returns true if the authenticatedAttributes field is present.

hasUnauthenticatedAttributes

public boolean hasUnauthenticatedAttributes()
Returns true if the unauthenticatedAttributes field is present.

verify

public void verify(byte[] messageDigest, OBJECT_IDENTIFIER contentType)
Verifies that this SignerInfo contains a valid signature of the given message digest. If any authenticated attributes are present, they are also validated. The verification algorithm is as follows:

Parameters: messageDigest The hash of the content that is signed by this SignerInfo. contentType The type of the content that is signed by this SignerInfo. pubkey The public key to use to verify the signature.

Throws: NoSuchObjectException If no certificate matching the the issuer name and serial number can be found.

verify

public void verify(byte[] messageDigest, OBJECT_IDENTIFIER contentType, PublicKey pubkey)
Verifies that this SignerInfo contains a valid signature of the given message digest. If any authenticated attributes are present, they are also validated. The verification algorithm is as follows:

Parameters: messageDigest The hash of the content that is signed by this SignerInfo. contentType The type of the content that is signed by this SignerInfo. pubkey The public key to use to verify the signature.