SignerInfo
public SignerInfo(IssuerAndSerialNumber issuerAndSerialNumber,
SET authenticatedAttributes,
SET unauthenticatedAttributes,
OBJECT_IDENTIFIER contentType,
byte[] messageDigest,
SignatureAlgorithm signingAlg,
PrivateKey signingKey)
throws InvalidKeyException,
NoSuchAlgorithmException,
CryptoManager.NotInitializedException,
SignatureException,
TokenException
A constructor for creating a new SignerInfo from scratch.
issuerAndSerialNumber
- The issuer and serial number of the
certificate from which the public key was extracted to create
this SignerInfo.authenticatedAttributes
- An optional set of Attributes, which
will be signed along with the message content. This parameter may
be null, or the SET may be empty. DO NOT insert
the PKCS #9 content-type or message-digest attributes. They will
be added automatically if they are necessary.unauthenticatedAttributes
- An optional set of Attributes, which
will be included in the SignerInfo but not signed. This parameter
may be null, or the SET may be empty.contentType
- The type of the ContentInfo that is being signed.
If it is not data
, then the PKCS #9 attributes
content-type and message-digest will be automatically computed and
added to the authenticated attributes.messageDigest
- The digest of the message contents. The digest
must have been created with the digest algorithm specified by
the signingAlg parameter.signingAlg
- The algorithm to be used to sign the content.
This should be a composite algorithm, such as
RSASignatureWithMD5Digest, instead of a raw algorithm, such as
RSASignature.
Note that the digest portion of this algorithm must be the same
algorithm as was used to digest the message content.
encode
public void encode(OutputStream ostream)
throws IOException
- encode in interface ASN1Value
encode
public void encode(Tag tag,
OutputStream ostream)
throws IOException
- encode in interface ASN1Value
getAuthenticatedAttributes
public SET getAuthenticatedAttributes()
Retrieves the authenticated attributes, if they exist.
getDigestAlgorithm
public DigestAlgorithm getDigestAlgorithm()
throws NoSuchAlgorithmException
Retrieves the DigestAlgorithm used in this SignerInfo.
getDigestAlgorithmIdentifer
public AlgorithmIdentifier getDigestAlgorithmIdentifer()
Retrieves the DigestAlgorithmIdentifier used in this SignerInfo.
getDigestEncryptionAlgorithm
public SignatureAlgorithm getDigestEncryptionAlgorithm()
throws NoSuchAlgorithmException
Returns the raw signature (digest encryption) algorithm used in this
SignerInfo.
getDigestEncryptionAlgorithmIdentifier
public AlgorithmIdentifier getDigestEncryptionAlgorithmIdentifier()
Returns the DigestEncryptionAlgorithmIdentifier used in this SignerInfo.
getEncryptedDigest
public byte[] getEncryptedDigest()
Retrieves the encrypted digest.
getIssuerAndSerialNumber
public IssuerAndSerialNumber getIssuerAndSerialNumber()
Retrieves the issuer and serial number of the certificate whose
private key was used to sign the SignerInfo.
getUnauthenticatedAttributes
public SET getUnauthenticatedAttributes()
Retrieves the unauthenticated attributes, if they exist.
getVersion
public INTEGER getVersion()
Retrieves the version number of this SignerInfo.
hasAuthenticatedAttributes
public boolean hasAuthenticatedAttributes()
Returns true if the authenticatedAttributes field is present.
hasUnauthenticatedAttributes
public boolean hasUnauthenticatedAttributes()
Returns true if the unauthenticatedAttributes field is present.
verify
public void verify(byte[] messageDigest,
OBJECT_IDENTIFIER contentType)
throws CryptoManager.NotInitializedException,
NoSuchAlgorithmException,
InvalidKeyException,
TokenException,
SignatureException,
ObjectNotFoundException
Verifies that this SignerInfo contains a valid signature of the
given message digest. If any authenticated attributes are present,
they are also validated. The verification algorithm is as follows:
not- If no authenticated attributes are present, the content type is
verified to be data. Then it is verified that the message
digest passed
in, when encrypted with the given public key, matches the encrypted
digest in the SignerInfo.
- If authenticated attributes are present,
two particular attributes must be present:
- PKCS #9 Content-Type, the type of content that is being signed.
This must match the contentType parameter.
- PKCS #9 Message-Digest, the digest of the content that is being
signed. This must match the messageDigest parameter.
After these two attributes are verified to be both present and correct,
the encryptedDigest field of the SignerInfo is verified to be the
signature of the contents octets of the DER encoding of the
authenticatedAttributes field.
messageDigest
- The hash of the content that is signed by this
SignerInfo.contentType
- The type of the content that is signed by this
SignerInfo.
verify
public void verify(byte[] messageDigest,
OBJECT_IDENTIFIER contentType,
PublicKey pubkey)
throws CryptoManager.NotInitializedException,
NoSuchAlgorithmException,
InvalidKeyException,
TokenException,
SignatureException
Verifies that this SignerInfo contains a valid signature of the
given message digest. If any authenticated attributes are present,
they are also validated. The verification algorithm is as follows:
- If no authenticated attributes are present, the content type is
verified to be data. Then it is verified that the message
digest passed
in, when encrypted with the given public key, matches the encrypted
digest in the SignerInfo.
- If authenticated attributes are present,
two particular attributes must be present:
- PKCS #9 Content-Type, the type of content that is being signed.
This must match the contentType parameter.
- PKCS #9 Message-Digest, the digest of the content that is being
signed. This must match the messageDigest parameter.
After these two attributes are verified to be both present and correct,
the encryptedDigest field of the SignerInfo is verified to be the
signature of the contents octets of the DER encoding of the
authenticatedAttributes field.
messageDigest
- The hash of the content that is signed by this
SignerInfo.contentType
- The type of the content that is signed by this
SignerInfo.pubkey
- The public key to use to verify the signature.