CMSSignedDataStreamGeneratorpublic class CMSSignedDataStreamGenerator extends CMSSignedGenerator | General class for generating a pkcs7-signature message stream.
A simple example of usage.
CertStore certs...
CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
gen.addSigner(privateKey, cert, CMSSignedDataStreamGenerator.DIGEST_SHA1, "BC");
gen.addCertificatesAndCRLs(certs);
OutputStream sigOut = gen.open(bOut);
sigOut.write("Hello World!".getBytes());
sigOut.close();
|
| Fields Summary |
|---|
| private List | _signerInfs | | private List | _messageDigests | | private int | _bufferSize |
| Constructors Summary |
|---|
public CMSSignedDataStreamGenerator()base constructor
| public CMSSignedDataStreamGenerator(SecureRandom rand)constructor allowing specific source of randomness
super(rand);
|
| Methods Summary |
|---|
| public void | addSigner(java.security.PrivateKey key, byte[] subjectKeyID, java.lang.String digestOID, java.lang.String sigProvider)add a signer - no attributes other than the default ones will be
provided here.
addSigner(key, subjectKeyID, digestOID, new DefaultSignedAttributeTableGenerator(), (CMSAttributeTableGenerator)null, sigProvider);
| | public void | addSigner(java.security.PrivateKey key, byte[] subjectKeyID, java.lang.String digestOID, java.security.Provider sigProvider)add a signer - no attributes other than the default ones will be
provided here.
addSigner(key, subjectKeyID, digestOID, new DefaultSignedAttributeTableGenerator(), (CMSAttributeTableGenerator)null, sigProvider);
| | public void | addSigner(java.security.PrivateKey key, byte[] subjectKeyID, java.lang.String digestOID, org.bouncycastle.asn1.cms.AttributeTable signedAttr, org.bouncycastle.asn1.cms.AttributeTable unsignedAttr, java.lang.String sigProvider)add a signer with extra signed/unsigned attributes.
addSigner(key, subjectKeyID, digestOID,
new DefaultSignedAttributeTableGenerator(signedAttr), new SimpleAttributeTableGenerator(unsignedAttr), sigProvider);
| | public void | addSigner(java.security.PrivateKey key, byte[] subjectKeyID, java.lang.String digestOID, org.bouncycastle.asn1.cms.AttributeTable signedAttr, org.bouncycastle.asn1.cms.AttributeTable unsignedAttr, java.security.Provider sigProvider)add a signer with extra signed/unsigned attributes.
addSigner(key, subjectKeyID, digestOID,
new DefaultSignedAttributeTableGenerator(signedAttr), new SimpleAttributeTableGenerator(unsignedAttr), sigProvider);
| | public void | addSigner(java.security.PrivateKey key, byte[] subjectKeyID, java.lang.String digestOID, CMSAttributeTableGenerator signedAttrGenerator, CMSAttributeTableGenerator unsignedAttrGenerator, java.security.Provider sigProvider)
String encOID = getEncOID(key, digestOID);
String digestName = CMSSignedHelper.INSTANCE.getDigestAlgName(digestOID);
String signatureName = digestName + "with" + CMSSignedHelper.INSTANCE.getEncryptionAlgName(encOID);
Signature sig = CMSSignedHelper.INSTANCE.getSignatureInstance(signatureName, sigProvider);
MessageDigest dig = CMSSignedHelper.INSTANCE.getDigestInstance(digestName, sigProvider);
sig.initSign(key, rand);
_signerInfs.add(new SignerInf(key, subjectKeyID, digestOID, encOID, signedAttrGenerator, unsignedAttrGenerator, dig, sig));
_messageDigests.add(dig);
| | public void | addSigner(java.security.PrivateKey key, byte[] subjectKeyID, java.lang.String digestOID, CMSAttributeTableGenerator signedAttrGenerator, CMSAttributeTableGenerator unsignedAttrGenerator, java.lang.String sigProvider)
addSigner(key, subjectKeyID, digestOID, signedAttrGenerator, unsignedAttrGenerator, CMSUtils.getProvider(sigProvider));
| | public void | addSigner(java.security.PrivateKey key, java.security.cert.X509Certificate cert, java.lang.String digestOID, java.lang.String sigProvider)add a signer - no attributes other than the default ones will be
provided here.
addSigner(key, cert, digestOID, new DefaultSignedAttributeTableGenerator(), (CMSAttributeTableGenerator)null, sigProvider);
| | public void | addSigner(java.security.PrivateKey key, java.security.cert.X509Certificate cert, java.lang.String digestOID, java.security.Provider sigProvider)add a signer - no attributes other than the default ones will be
provided here.
addSigner(key, cert, digestOID, new DefaultSignedAttributeTableGenerator(), (CMSAttributeTableGenerator)null, sigProvider);
| | public void | addSigner(java.security.PrivateKey key, java.security.cert.X509Certificate cert, java.lang.String digestOID, org.bouncycastle.asn1.cms.AttributeTable signedAttr, org.bouncycastle.asn1.cms.AttributeTable unsignedAttr, java.lang.String sigProvider)add a signer with extra signed/unsigned attributes.
addSigner(key, cert, digestOID,
new DefaultSignedAttributeTableGenerator(signedAttr), new SimpleAttributeTableGenerator(unsignedAttr), sigProvider);
| | public void | addSigner(java.security.PrivateKey key, java.security.cert.X509Certificate cert, java.lang.String digestOID, org.bouncycastle.asn1.cms.AttributeTable signedAttr, org.bouncycastle.asn1.cms.AttributeTable unsignedAttr, java.security.Provider sigProvider)add a signer with extra signed/unsigned attributes.
addSigner(key, cert, digestOID,
new DefaultSignedAttributeTableGenerator(signedAttr), new SimpleAttributeTableGenerator(unsignedAttr), sigProvider);
| | public void | addSigner(java.security.PrivateKey key, java.security.cert.X509Certificate cert, java.lang.String digestOID, CMSAttributeTableGenerator signedAttrGenerator, CMSAttributeTableGenerator unsignedAttrGenerator, java.security.Provider sigProvider)
String encOID = getEncOID(key, digestOID);
String digestName = CMSSignedHelper.INSTANCE.getDigestAlgName(digestOID);
String signatureName = digestName + "with" + CMSSignedHelper.INSTANCE.getEncryptionAlgName(encOID);
Signature sig = CMSSignedHelper.INSTANCE.getSignatureInstance(signatureName, sigProvider);
MessageDigest dig = CMSSignedHelper.INSTANCE.getDigestInstance(digestName, sigProvider);
sig.initSign(key, rand);
_signerInfs.add(new SignerInf(key, cert, digestOID, encOID, signedAttrGenerator, unsignedAttrGenerator, dig, sig));
_messageDigests.add(dig);
| | public void | addSigner(java.security.PrivateKey key, java.security.cert.X509Certificate cert, java.lang.String digestOID, CMSAttributeTableGenerator signedAttrGenerator, CMSAttributeTableGenerator unsignedAttrGenerator, java.lang.String sigProvider)
addSigner(key, cert, digestOID, signedAttrGenerator, unsignedAttrGenerator, CMSUtils.getProvider(sigProvider));
| | private org.bouncycastle.asn1.DERInteger | calculateVersion(java.lang.String contentOid)
boolean otherCert = false;
boolean otherCrl = false;
boolean attrCertV1Found = false;
boolean attrCertV2Found = false;
if (_certs != null)
{
for (Iterator it = _certs.iterator(); it.hasNext();)
{
Object obj = it.next();
if (obj instanceof ASN1TaggedObject)
{
ASN1TaggedObject tagged = (ASN1TaggedObject)obj;
if (tagged.getTagNo() == 1)
{
attrCertV1Found = true;
}
else if (tagged.getTagNo() == 2)
{
attrCertV2Found = true;
}
else if (tagged.getTagNo() == 3)
{
otherCert = true;
}
}
}
}
if (otherCert)
{
return new DERInteger(5);
}
if (_crls != null && !otherCert) // no need to check if otherCert is true
{
for (Iterator it = _crls.iterator(); it.hasNext();)
{
Object obj = it.next();
if (obj instanceof ASN1TaggedObject)
{
otherCrl = true;
}
}
}
if (otherCrl)
{
return new DERInteger(5);
}
if (attrCertV2Found)
{
return new DERInteger(4);
}
if (attrCertV1Found)
{
return new DERInteger(3);
}
if (contentOid.equals(DATA))
{
if (checkForVersion3(_signers))
{
return new DERInteger(3);
}
else
{
return new DERInteger(1);
}
}
else
{
return new DERInteger(3);
}
| | private boolean | checkForVersion3(java.util.List signerInfos)
for (Iterator it = signerInfos.iterator(); it.hasNext();)
{
SignerInfo s = SignerInfo.getInstance(((SignerInformation)it.next()).toSignerInfo());
if (s.getVersion().getValue().intValue() == 3)
{
return true;
}
}
return false;
| | private org.bouncycastle.asn1.x509.AlgorithmIdentifier | makeAlgId(java.lang.String oid, byte[] params)
if (params != null)
{
return new AlgorithmIdentifier(
new DERObjectIdentifier(oid), makeObj(params));
}
else
{
return new AlgorithmIdentifier(
new DERObjectIdentifier(oid), new DERNull());
}
| | private org.bouncycastle.asn1.DERObject | makeObj(byte[] encoding)
if (encoding == null)
{
return null;
}
ASN1InputStream aIn = new ASN1InputStream(encoding);
return aIn.readObject();
| | public java.io.OutputStream | open(java.io.OutputStream out)generate a signed object that for a CMS Signed Data
object using the given provider.
return open(out, false);
| | public java.io.OutputStream | open(java.io.OutputStream out, boolean encapsulate)generate a signed object that for a CMS Signed Data
object using the given provider - if encapsulate is true a copy
of the message will be included in the signature with the
default content type "data".
return open(out, DATA, encapsulate);
| | public java.io.OutputStream | open(java.io.OutputStream out, boolean encapsulate, java.io.OutputStream dataOutputStream)generate a signed object that for a CMS Signed Data
object using the given provider - if encapsulate is true a copy
of the message will be included in the signature with the
default content type "data". If dataOutputStream is non null the data
being signed will be written to the stream as it is processed.
return open(out, DATA, encapsulate, dataOutputStream);
| | public java.io.OutputStream | open(java.io.OutputStream out, java.lang.String signedContentType, boolean encapsulate)generate a signed object that for a CMS Signed Data
object using the given provider - if encapsulate is true a copy
of the message will be included in the signature. The content type
is set according to the OID represented by the string signedContentType.
return open(out, signedContentType, encapsulate, null);
| | public java.io.OutputStream | open(java.io.OutputStream out, java.lang.String signedContentType, boolean encapsulate, java.io.OutputStream dataOutputStream)generate a signed object that for a CMS Signed Data
object using the given provider - if encapsulate is true a copy
of the message will be included in the signature. The content type
is set according to the OID represented by the string signedContentType.
//
// ContentInfo
//
BERSequenceGenerator sGen = new BERSequenceGenerator(out);
sGen.addObject(CMSObjectIdentifiers.signedData);
//
// Signed Data
//
BERSequenceGenerator sigGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true);
sigGen.addObject(calculateVersion(signedContentType));
ASN1EncodableVector digestAlgs = new ASN1EncodableVector();
//
// add the precalculated SignerInfo digest algorithms.
//
for (Iterator it = _signers.iterator(); it.hasNext();)
{
SignerInformation signer = (SignerInformation)it.next();
AlgorithmIdentifier digAlgId;
digAlgId = makeAlgId(signer.getDigestAlgOID(), signer.getDigestAlgParams());
digestAlgs.add(digAlgId);
}
//
// add the new digests
//
for (Iterator it = _signerInfs.iterator(); it.hasNext();)
{
SignerInf signer = (SignerInf)it.next();
AlgorithmIdentifier digAlgId;
digAlgId = makeAlgId(signer.getDigestAlgOID(), signer.getDigestAlgParams());
digestAlgs.add(digAlgId);
}
sigGen.getRawOutputStream().write(new DERSet(digestAlgs).getEncoded());
BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream());
eiGen.addObject(new DERObjectIdentifier(signedContentType));
OutputStream digStream;
if (encapsulate)
{
BEROctetStringGenerator octGen = new BEROctetStringGenerator(eiGen.getRawOutputStream(), 0, true);
if (_bufferSize != 0)
{
digStream = octGen.getOctetOutputStream(new byte[_bufferSize]);
}
else
{
digStream = octGen.getOctetOutputStream();
}
if (dataOutputStream != null)
{
digStream = new TeeOutputStream(dataOutputStream, digStream);
}
}
else
{
if (dataOutputStream != null)
{
digStream = dataOutputStream;
}
else
{
digStream = new NullOutputStream();
}
}
for (Iterator it = _messageDigests.iterator(); it.hasNext();)
{
digStream = new DigestOutputStream(digStream, (MessageDigest)it.next());
}
return new CmsSignedDataOutputStream(digStream, signedContentType, sGen, sigGen, eiGen);
| | public void | setBufferSize(int bufferSize)Set the underlying string size for encapsulated data
_bufferSize = bufferSize;
|
|
