anon.crypto
Class PKCS7SignedData

java.lang.Object
  extended by anon.crypto.PKCS7SignedData
All Implemented Interfaces:
org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers

public class PKCS7SignedData
extends java.lang.Object
implements org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers

This was stolen from BouncyCastle and changed a little bit to get it work without BC provider... Original Message was: Represents a PKCS#7 object - specifically the "Signed Data" type.

How to use it? To verify a signature, do:

 PKCS7SignedData pkcs7 = new PKCS7SignedData(der_bytes);                // Create it
 pkcs7.update(bytes, 0, bytes.length);  // Update checksum
 boolean verified = pkcs7.verify();             // Does it add up?

 To sign, do this:
 PKCS7SignedData pkcs7 = new PKCS7SignedData(privKey, certChain, "MD5");
 pkcs7.update(bytes, 0, bytes.length);  // Update checksum
 pkcs7.sign();                          // Create digest

 bytes = pkcs7.getEncoded();                    // Write it somewhere
 

This class is pretty close to obsolete, for a much better (and more complete) implementation of PKCS7 have a look at the org.bouncycastle.cms package.


Field Summary
private  java.util.Vector certs
           
private  byte[] digest
           
private  java.lang.String digestAlgorithm
           
private  java.util.Hashtable digestalgos
           
private  java.lang.String digestEncryptionAlgorithm
           
private  java.lang.String ID_DSA
           
private  java.lang.String ID_MD2
           
private  java.lang.String ID_MD5
           
private  java.lang.String ID_RSA
           
private  java.lang.String ID_SHA1
           
private  JAPCertificate signCert
           
private  int signerversion
           
private  int version
           
 
Fields inherited from interface org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers
bagtypes, canNotDecryptAny, certBag, certTypes, crlBag, crlTypes, data, des_EDE3_CBC, dhKeyAgreement, digestedData, encryptedData, encryptionAlgorithm, envelopedData, id_aa, id_aa_commitmentType, id_aa_contentHint, id_aa_contentIdentifier, id_aa_encrypKeyPref, id_aa_ets_archiveTimestamp, id_aa_ets_certCRLTimestamp, id_aa_ets_certificateRefs, id_aa_ets_certValues, id_aa_ets_commitmentType, id_aa_ets_contentTimestamp, id_aa_ets_escTimeStamp, id_aa_ets_otherSigCert, id_aa_ets_revocationRefs, id_aa_ets_revocationValues, id_aa_ets_signerAttr, id_aa_ets_signerLocation, id_aa_ets_sigPolicyId, id_aa_otherSigCert, id_aa_receiptRequest, id_aa_signatureTimeStampToken, id_aa_signerLocation, id_aa_signingCertificate, id_aa_signingCertificateV2, id_aa_sigPolicyId, id_alg_CMS3DESwrap, id_alg_CMSRC2wrap, id_alg_PWRI_KEK, id_ct, id_ct_compressedData, id_ct_TSTInfo, id_cti, id_cti_ets_proofOfApproval, id_cti_ets_proofOfCreation, id_cti_ets_proofOfDelivery, id_cti_ets_proofOfOrigin, id_cti_ets_proofOfReceipt, id_cti_ets_proofOfSender, id_hmacWithSHA1, id_hmacWithSHA224, id_hmacWithSHA256, id_hmacWithSHA384, id_hmacWithSHA512, id_mgf1, id_PBES2, id_PBKDF2, id_pSpecified, id_RSAES_OAEP, id_RSASSA_PSS, id_spq, id_spq_ets_unotice, id_spq_ets_uri, keyBag, md2, md2WithRSAEncryption, md4, md4WithRSAEncryption, md5, md5WithRSAEncryption, pbeWithMD2AndDES_CBC, pbeWithMD2AndRC2_CBC, pbeWithMD5AndDES_CBC, pbeWithMD5AndRC2_CBC, pbeWithSHA1AndDES_CBC, pbeWithSHA1AndRC2_CBC, pbeWithSHAAnd128BitRC2_CBC, pbeWithSHAAnd128BitRC4, pbeWithSHAAnd2_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC, pbewithSHAAnd40BitRC2_CBC, pbeWithSHAAnd40BitRC4, pkcs_1, pkcs_12, pkcs_12PbeIds, pkcs_3, pkcs_5, pkcs_7, pkcs_9, pkcs_9_at_challengePassword, pkcs_9_at_contentType, pkcs_9_at_counterSignature, pkcs_9_at_emailAddress, pkcs_9_at_extendedCertificateAttributes, pkcs_9_at_extensionRequest, pkcs_9_at_friendlyName, pkcs_9_at_localKeyId, pkcs_9_at_messageDigest, pkcs_9_at_signingDescription, pkcs_9_at_signingTime, pkcs_9_at_smimeCapabilities, pkcs_9_at_unstructuredAddress, pkcs_9_at_unstructuredName, pkcs8ShroudedKeyBag, preferSignedData, RC2_CBC, rsaEncryption, safeContentsBag, sdsiCertificate, secretBag, sha1WithRSAEncryption, sha224WithRSAEncryption, sha256WithRSAEncryption, sha384WithRSAEncryption, sha512WithRSAEncryption, signedAndEnvelopedData, signedData, sMIMECapabilitiesVersions, srsaOAEPEncryptionSET, x509Certificate, x509certType, x509Crl
 
Constructor Summary
PKCS7SignedData(byte[] in)
          Read an existing PKCS#7 object from a DER encoded byte array
 
Method Summary
 JAPCertificate[] getCertificates()
          Get the X.509 certificates associated with this PKCS#7 object
 java.lang.String getDigestAlgorithm()
          Get the algorithm used to calculate the message digest
private  org.bouncycastle.asn1.DERObject getIssuer(byte[] enc)
          Get the "issuer" from the TBSCertificate bytes that are passed in
 JAPCertificate getSigningCertificate()
          Get the X.509 certificate actually used to sign the digest.
 int getSigningInfoVersion()
          Get the version of the PKCS#7 "SignerInfo" object.
 int getVersion()
          Get the version of the PKCS#7 object.
 boolean verify(byte[] msg)
          Verify the digest
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

version

private int version

signerversion

private int signerversion

digestalgos

private java.util.Hashtable digestalgos

certs

private java.util.Vector certs

signCert

private JAPCertificate signCert

digest

private byte[] digest

digestAlgorithm

private java.lang.String digestAlgorithm

digestEncryptionAlgorithm

private java.lang.String digestEncryptionAlgorithm

ID_MD5

private final java.lang.String ID_MD5
See Also:
Constant Field Values

ID_MD2

private final java.lang.String ID_MD2
See Also:
Constant Field Values

ID_SHA1

private final java.lang.String ID_SHA1
See Also:
Constant Field Values

ID_RSA

private final java.lang.String ID_RSA
See Also:
Constant Field Values

ID_DSA

private final java.lang.String ID_DSA
See Also:
Constant Field Values
Constructor Detail

PKCS7SignedData

public PKCS7SignedData(byte[] in)
                throws java.lang.SecurityException,
                       java.security.InvalidKeyException,
                       java.security.NoSuchAlgorithmException
Read an existing PKCS#7 object from a DER encoded byte array

Throws:
java.lang.SecurityException
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
Method Detail

getDigestAlgorithm

public java.lang.String getDigestAlgorithm()
Get the algorithm used to calculate the message digest


getCertificates

public JAPCertificate[] getCertificates()
Get the X.509 certificates associated with this PKCS#7 object


getSigningCertificate

public JAPCertificate getSigningCertificate()
Get the X.509 certificate actually used to sign the digest.


getVersion

public int getVersion()
Get the version of the PKCS#7 object. Always 1


getSigningInfoVersion

public int getSigningInfoVersion()
Get the version of the PKCS#7 "SignerInfo" object. Always 1


verify

public boolean verify(byte[] msg)
               throws java.security.SignatureException
Verify the digest

Throws:
java.security.SignatureException

getIssuer

private org.bouncycastle.asn1.DERObject getIssuer(byte[] enc)
Get the "issuer" from the TBSCertificate bytes that are passed in