JSS 3.1.1

org.mozilla.jss.pkcs7
Class SignerInfo

java.lang.Object
  |
  +--org.mozilla.jss.pkcs7.SignerInfo
All Implemented Interfaces:
ASN1Value

public class SignerInfo
extends java.lang.Object
implements ASN1Value

A PKCS #7 SignerInfo.


Inner Class Summary
static class SignerInfo.Template
          A template for decoding a SignerInfo blob
 
Field Summary
private  SET authenticatedAttributes
           
private static OBJECT_IDENTIFIER CONTENT_TYPE
           
private  AlgorithmIdentifier digestAlgorithm
           
private  AlgorithmIdentifier digestEncryptionAlgorithm
           
private  OCTET_STRING encryptedDigest
           
private  IssuerAndSerialNumber issuerAndSerialNumber
           
private static OBJECT_IDENTIFIER MESSAGE_DIGEST
           
private static Tag TAG
           
private static SignerInfo.Template templateInstance
           
private  SET unauthenticatedAttributes
           
private  INTEGER version
           
private static INTEGER VERSION
           
 
Constructor Summary
(package private) SignerInfo(INTEGER version, IssuerAndSerialNumber issuerAndSerialNumber, AlgorithmIdentifier digestAlgorithm, SET authenticatedAttributes, AlgorithmIdentifier digestEncryptionAlgorithm, byte[] encryptedDigest, SET unauthenticatedAttributes)
          A constructor for creating a new SignerInfo from its decoding.
  SignerInfo(IssuerAndSerialNumber issuerAndSerialNumber, SET authenticatedAttributes, SET unauthenticatedAttributes, OBJECT_IDENTIFIER contentType, byte[] messageDigest, SignatureAlgorithm signingAlg, PrivateKey signingKey)
          A constructor for creating a new SignerInfo from scratch.
 
Method Summary
private static boolean byteArraysAreSame(byte[] left, byte[] right)
          Compares two non-null byte arrays.
 void encode(java.io.OutputStream ostream)
          Write this value's DER encoding to an output stream using its own base tag.
 void encode(Tag tag, java.io.OutputStream ostream)
          Write this value's DER encoding to an output stream using an implicit tag.
 SET getAuthenticatedAttributes()
          Retrieves the authenticated attributes, if they exist.
 DigestAlgorithm getDigestAlgorithm()
          Retrieves the DigestAlgorithm used in this SignerInfo.
 AlgorithmIdentifier getDigestAlgorithmIdentifer()
          Retrieves the DigestAlgorithmIdentifier used in this SignerInfo.
 SignatureAlgorithm getDigestEncryptionAlgorithm()
          Returns the raw signature (digest encryption) algorithm used in this SignerInfo.
 AlgorithmIdentifier getDigestEncryptionAlgorithmIdentifier()
          Returns the DigestEncryptionAlgorithmIdentifier used in this SignerInfo.
 byte[] getEncryptedDigest()
          Retrieves the encrypted digest.
 IssuerAndSerialNumber getIssuerAndSerialNumber()
          Retrieves the issuer and serial number of the certificate whose private key was used to sign the SignerInfo.
 Tag getTag()
          Returns the base tag for this type, not counting any tags that may be imposed on it by its context.
static SignerInfo.Template getTemplate()
           
 SET getUnauthenticatedAttributes()
          Retrieves the unauthenticated attributes, if they exist.
 INTEGER getVersion()
          Retrieves the version number of this SignerInfo.
 boolean hasAuthenticatedAttributes()
          Returns true if the authenticatedAttributes field is present.
 boolean hasUnauthenticatedAttributes()
          Returns true if the unauthenticatedAttributes field is present.
 void verify(byte[] messageDigest, OBJECT_IDENTIFIER contentType)
          Verifies that this SignerInfo contains a valid signature of the given message digest.
 void verify(byte[] messageDigest, OBJECT_IDENTIFIER contentType, java.security.PublicKey pubkey)
          Verifies that this SignerInfo contains a valid signature of the given message digest.
private  void verifyWithAuthenticatedAttributes(byte[] messageDigest, OBJECT_IDENTIFIER contentType, java.security.PublicKey pubkey)
          Verifies a SignerInfo with authenticated attributes.
private  void verifyWithoutAuthenticatedAttributes(byte[] messageDigest, OBJECT_IDENTIFIER contentType, java.security.PublicKey pubkey)
          Verifies that the message digest passed in, when encrypted with the given public key, matches the encrypted digest in the SignerInfo.
 
Methods inherited from class java.lang.Object
, clone, equals, finalize, getClass, hashCode, notify, notifyAll, registerNatives, toString, wait, wait, wait
 

Field Detail

CONTENT_TYPE

private static final OBJECT_IDENTIFIER CONTENT_TYPE

MESSAGE_DIGEST

private static final OBJECT_IDENTIFIER MESSAGE_DIGEST

version

private INTEGER version

issuerAndSerialNumber

private IssuerAndSerialNumber issuerAndSerialNumber

digestAlgorithm

private AlgorithmIdentifier digestAlgorithm

authenticatedAttributes

private SET authenticatedAttributes

digestEncryptionAlgorithm

private AlgorithmIdentifier digestEncryptionAlgorithm

encryptedDigest

private OCTET_STRING encryptedDigest

unauthenticatedAttributes

private SET unauthenticatedAttributes

VERSION

private static final INTEGER VERSION

TAG

private static final Tag TAG

templateInstance

private static SignerInfo.Template templateInstance
Constructor Detail

SignerInfo

public SignerInfo(IssuerAndSerialNumber issuerAndSerialNumber,
                  SET authenticatedAttributes,
                  SET unauthenticatedAttributes,
                  OBJECT_IDENTIFIER contentType,
                  byte[] messageDigest,
                  SignatureAlgorithm signingAlg,
                  PrivateKey signingKey)
           throws java.security.InvalidKeyException,
                  java.security.NoSuchAlgorithmException,
                  CryptoManager.NotInitializedException,
                  java.security.SignatureException,
                  TokenException
A constructor for creating a new SignerInfo from scratch.
Parameters:
issuerAndSerialNumber - The issuer and serial number of the certificate from which the public key was extracted to create this SignerInfo.
signingAlg - The algorithm to be used to sign the content. This should be a composite algorithm, such as RSASignatureWithMD5Digest, instead of a raw algorithm, such as RSASignature. Note that the digest portion of this algorithm must be the same algorithm as was used to digest the message content.
authenticatedAttributes - An optional set of Attributes, which will be signed along with the message content. This parameter may be null, or the SET may be empty. DO NOT insert the PKCS #9 content-type or message-digest attributes. They will be added automatically if they are necessary.
unauthenticatedAttributes - An optional set of Attributes, which will be included in the SignerInfo but not signed. This parameter may be null, or the SET may be empty.
messageDigest - The digest of the message contents. The digest must have been created with the digest algorithm specified by the signingAlg parameter.
contentType - The type of the ContentInfo that is being signed. If it is not data, then the PKCS #9 attributes content-type and message-digest will be automatically computed and added to the authenticated attributes.

SignerInfo

SignerInfo(INTEGER version,
           IssuerAndSerialNumber issuerAndSerialNumber,
           AlgorithmIdentifier digestAlgorithm,
           SET authenticatedAttributes,
           AlgorithmIdentifier digestEncryptionAlgorithm,
           byte[] encryptedDigest,
           SET unauthenticatedAttributes)
A constructor for creating a new SignerInfo from its decoding.
Method Detail

getVersion

public INTEGER getVersion()
Retrieves the version number of this SignerInfo.

getIssuerAndSerialNumber

public IssuerAndSerialNumber getIssuerAndSerialNumber()
Retrieves the issuer and serial number of the certificate whose private key was used to sign the SignerInfo.

getDigestAlgorithm

public DigestAlgorithm getDigestAlgorithm()
                                   throws java.security.NoSuchAlgorithmException
Retrieves the DigestAlgorithm used in this SignerInfo.
Throws:
NoSuchAlgorithm - If the algorithm is not recognized by JSS.

getDigestAlgorithmIdentifer

public AlgorithmIdentifier getDigestAlgorithmIdentifer()
Retrieves the DigestAlgorithmIdentifier used in this SignerInfo.

getAuthenticatedAttributes

public SET getAuthenticatedAttributes()
Retrieves the authenticated attributes, if they exist.

hasAuthenticatedAttributes

public boolean hasAuthenticatedAttributes()
Returns true if the authenticatedAttributes field is present.

getDigestEncryptionAlgorithm

public SignatureAlgorithm getDigestEncryptionAlgorithm()
                                                throws java.security.NoSuchAlgorithmException
Returns the raw signature (digest encryption) algorithm used in this SignerInfo.
Throws:
java.security.NoSuchAlgorithmException - If the algorithm is not recognized by JSS.

getDigestEncryptionAlgorithmIdentifier

public AlgorithmIdentifier getDigestEncryptionAlgorithmIdentifier()
Returns the DigestEncryptionAlgorithmIdentifier used in this SignerInfo.

getEncryptedDigest

public byte[] getEncryptedDigest()
Retrieves the encrypted digest.

getUnauthenticatedAttributes

public SET getUnauthenticatedAttributes()
Retrieves the unauthenticated attributes, if they exist.

hasUnauthenticatedAttributes

public boolean hasUnauthenticatedAttributes()
Returns true if the unauthenticatedAttributes field is present.

verify

public void verify(byte[] messageDigest,
                   OBJECT_IDENTIFIER contentType)
            throws CryptoManager.NotInitializedException,
                   java.security.NoSuchAlgorithmException,
                   java.security.InvalidKeyException,
                   TokenException,
                   java.security.SignatureException,
                   ObjectNotFoundException
Verifies that this SignerInfo contains a valid signature of the given message digest. If any authenticated attributes are present, they are also validated. The verification algorithm is as follows:
Parameters:
messageDigest - The hash of the content that is signed by this SignerInfo.
contentType - The type of the content that is signed by this SignerInfo.
pubkey - The public key to use to verify the signature.
Throws:
NoSuchObjectException - If no certificate matching the the issuer name and serial number can be found.

verify

public void verify(byte[] messageDigest,
                   OBJECT_IDENTIFIER contentType,
                   java.security.PublicKey pubkey)
            throws CryptoManager.NotInitializedException,
                   java.security.NoSuchAlgorithmException,
                   java.security.InvalidKeyException,
                   TokenException,
                   java.security.SignatureException
Verifies that this SignerInfo contains a valid signature of the given message digest. If any authenticated attributes are present, they are also validated. The verification algorithm is as follows:
Parameters:
messageDigest - The hash of the content that is signed by this SignerInfo.
contentType - The type of the content that is signed by this SignerInfo.
pubkey - The public key to use to verify the signature.

verifyWithoutAuthenticatedAttributes

private void verifyWithoutAuthenticatedAttributes(byte[] messageDigest,
                                                  OBJECT_IDENTIFIER contentType,
                                                  java.security.PublicKey pubkey)
                                           throws CryptoManager.NotInitializedException,
                                                  java.security.NoSuchAlgorithmException,
                                                  java.security.InvalidKeyException,
                                                  TokenException,
                                                  java.security.SignatureException
Verifies that the message digest passed in, when encrypted with the given public key, matches the encrypted digest in the SignerInfo.

verifyWithAuthenticatedAttributes

private void verifyWithAuthenticatedAttributes(byte[] messageDigest,
                                               OBJECT_IDENTIFIER contentType,
                                               java.security.PublicKey pubkey)
                                        throws CryptoManager.NotInitializedException,
                                               java.security.NoSuchAlgorithmException,
                                               java.security.InvalidKeyException,
                                               TokenException,
                                               java.security.SignatureException
Verifies a SignerInfo with authenticated attributes. If authenticated attributes are present, then two particular attributes must be present: After these two attributes are verified to be both present and correct, the encryptedDigest field of the SignerInfo is verified to be the signature of the contents octets of the DER encoding of the authenticatedAttributes field.

byteArraysAreSame

private static boolean byteArraysAreSame(byte[] left,
                                         byte[] right)
Compares two non-null byte arrays. Returns true if they are identical, false otherwise.

getTag

public Tag getTag()
Description copied from interface: ASN1Value
Returns the base tag for this type, not counting any tags that may be imposed on it by its context.
Specified by:
getTag in interface ASN1Value

encode

public void encode(java.io.OutputStream ostream)
            throws java.io.IOException
Description copied from interface: ASN1Value
Write this value's DER encoding to an output stream using its own base tag.
Specified by:
encode in interface ASN1Value

encode

public void encode(Tag tag,
                   java.io.OutputStream ostream)
            throws java.io.IOException
Description copied from interface: ASN1Value
Write this value's DER encoding to an output stream using an implicit tag.
Specified by:
encode in interface ASN1Value

getTemplate

public static SignerInfo.Template getTemplate()

JSS 3.1.1