org.bouncycastle.cms
public class CMSSignedDataParser extends CMSContentInfoParser
Note: that because we are in a streaming mode only one signer can be tried and it is important that the methods on the parser are called in the appropriate order.
A simple example of usage for an encapsulated signature.
Two notes: first, in the example below the validity of the certificate isn't verified, just the fact that one of the certs matches the given signer, and, second, because we are in a streaming mode the order of the operations is important.
CMSSignedDataParser sp = new CMSSignedDataParser(encapSigData); sp.getSignedContent().drain(); CertStore certs = sp.getCertificatesAndCRLs("Collection", "BC"); SignerInformationStore signers = sp.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation)it.next(); Collection certCollection = certs.getCertificates(signer.getSID()); Iterator certIt = certCollection.iterator(); X509Certificate cert = (X509Certificate)certIt.next(); System.out.println("verify returns: " + signer.verify(cert, "BC")); }Note also: this class does not introduce buffering - if you are processing large files you should create the parser with:
CMSSignedDataParser ep = new CMSSignedDataParser(new BufferedInputStream(encapSigData, bufSize));where bufSize is a suitably large buffer size.
Constructor Summary | |
---|---|
CMSSignedDataParser(byte[] sigBlock) | |
CMSSignedDataParser(CMSTypedStream signedContent, byte[] sigBlock) | |
CMSSignedDataParser(InputStream sigData)
base constructor - with encapsulated content | |
CMSSignedDataParser(CMSTypedStream signedContent, InputStream sigData)
base constructor
|
Method Summary | |
---|---|
X509Store | getAttributeCertificates(String type, String provider)
return a X509Store containing the attribute certificates, if any, contained
in this message.
|
X509Store | getCertificates(String type, String provider)
return a X509Store containing the public key certificates, if any, contained
in this message.
|
CertStore | getCertificatesAndCRLs(String type, String provider)
return a CertStore containing the certificates and CRLs associated with
this message.
|
X509Store | getCRLs(String type, String provider)
return a X509Store containing CRLs, if any, contained
in this message.
|
CMSTypedStream | getSignedContent() |
SignerInformationStore | getSignerInfos()
return the collection of signers that are associated with the
signatures for the message. |
int | getVersion()
Return the version number for the SignedData object
|
static OutputStream | replaceCertificatesAndCRLs(InputStream original, CertStore certsAndCrls, OutputStream out)
Replace the certificate and CRL information associated with this
CMSSignedData object with the new one passed in.
|
static OutputStream | replaceSigners(InputStream original, SignerInformationStore signerInformationStore, OutputStream out)
Replace the signerinformation store associated with the passed
in message contained in the stream original with the new one passed in.
|
Parameters: signedContent the content that was signed. sigData the signature object stream.
Parameters: type type of store to create provider provider to use
Returns: a store of attribute certificates
Throws: NoSuchProviderException if the provider requested isn't available. org.bouncycastle.x509.NoSuchStoreException if the store type isn't available. CMSException if a general exception prevents creation of the X509Store
Parameters: type type of store to create provider provider to use
Returns: a store of public key certificates
Throws: NoSuchProviderException if the provider requested isn't available. NoSuchStoreException if the store type isn't available. CMSException if a general exception prevents creation of the X509Store
Throws: NoSuchProviderException if the provider requested isn't available. NoSuchAlgorithmException if the cert store isn't available. CMSException if a general exception prevents creation of the CertStore
Parameters: type type of store to create provider provider to use
Returns: a store of CRLs
Throws: NoSuchProviderException if the provider requested isn't available. NoSuchStoreException if the store type isn't available. CMSException if a general exception prevents creation of the X509Store
Throws: CMSException
Returns: the version number
The output stream is returned unclosed.
Parameters: original the signed data stream to be used as a base. certsAndCrls the new certificates and CRLs to be used. out the stream to write the new signed data object to.
Returns: out.
Throws: CMSException if there is an error processing the CertStore
The output stream is returned unclosed.
Parameters: original the signed data stream to be used as a base. signerInformationStore the new signer information store to use. out the stream to write the new signed data object to.
Returns: out.