org.bouncycastle.jce

Class PKCS7SignedData

public class PKCS7SignedData extends Object implements PKCSObjectIdentifiers

Deprecated: this class really is obsolete - use the CMS package.

Represents a PKCS#7 object - specifically the "Signed Data" type.

How to use it? To verify a signature, do:

 PKCS7SignedData pkcs7 = new PKCS7SignedData(der_bytes);        // Create it
 pkcs7.update(bytes, 0, bytes.length);                          // Update checksum
 boolean verified = pkcs7.verify();                             // Does it add up?

 To sign, do this:
 PKCS7SignedData pkcs7 = new PKCS7SignedData(privKey, certChain, "MD5");
 pkcs7.update(bytes, 0, bytes.length);                          // Update checksum
 pkcs7.sign();                                                  // Create digest

 bytes = pkcs7.getEncoded();                                    // Write it somewhere
 

This class is pretty close to obsolete, for a much better (and more complete) implementation of PKCS7 have a look at the org.bouncycastle.cms package.

Constructor Summary
PKCS7SignedData(byte[] in)
Read an existing PKCS#7 object from a DER encoded byte array using the BC provider.
PKCS7SignedData(byte[] in, String provider)
Read an existing PKCS#7 object from a DER encoded byte array
PKCS7SignedData(PrivateKey privKey, Certificate[] certChain, String hashAlgorithm)
Create a new PKCS#7 object from the specified key using the BC provider.
PKCS7SignedData(PrivateKey privKey, Certificate[] certChain, String hashAlgorithm, String provider)
Create a new PKCS#7 object from the specified key.
PKCS7SignedData(PrivateKey privKey, Certificate[] certChain, CRL[] crlList, String hashAlgorithm, String provider)
Create a new PKCS#7 object from the specified key.
Method Summary
Certificate[]getCertificates()
Get the X.509 certificates associated with this PKCS#7 object
CollectiongetCRLs()
Get the X.509 certificate revocation lists associated with this PKCS#7 object
StringgetDigestAlgorithm()
Get the algorithm used to calculate the message digest
byte[]getEncoded()
return the bytes for the PKCS7SignedData object.
X509CertificategetSigningCertificate()
Get the X.509 certificate actually used to sign the digest.
intgetSigningInfoVersion()
Get the version of the PKCS#7 "SignerInfo" object.
intgetVersion()
Get the version of the PKCS#7 object.
voidreset()
Resets the PKCS7SignedData object to it's initial state, ready to sign or verify a new buffer.
voidupdate(byte buf)
Update the digest with the specified byte.
voidupdate(byte[] buf, int off, int len)
Update the digest with the specified bytes.
booleanverify()
Verify the digest

Constructor Detail

PKCS7SignedData

public PKCS7SignedData(byte[] in)
Read an existing PKCS#7 object from a DER encoded byte array using the BC provider.

PKCS7SignedData

public PKCS7SignedData(byte[] in, String provider)
Read an existing PKCS#7 object from a DER encoded byte array

PKCS7SignedData

public PKCS7SignedData(PrivateKey privKey, Certificate[] certChain, String hashAlgorithm)
Create a new PKCS#7 object from the specified key using the BC provider.

Parameters: privKey the private key to be used for signing. certChain the certificate chain associated with the private key. hashAlgorithm the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA"

PKCS7SignedData

public PKCS7SignedData(PrivateKey privKey, Certificate[] certChain, String hashAlgorithm, String provider)
Create a new PKCS#7 object from the specified key.

Parameters: privKey the private key to be used for signing. certChain the certificate chain associated with the private key. hashAlgorithm the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA" provider the provider to use.

PKCS7SignedData

public PKCS7SignedData(PrivateKey privKey, Certificate[] certChain, CRL[] crlList, String hashAlgorithm, String provider)
Create a new PKCS#7 object from the specified key.

Parameters: privKey the private key to be used for signing. certChain the certificate chain associated with the private key. crlList the crl list associated with the private key. hashAlgorithm the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA" provider the provider to use.

Method Detail

getCertificates

public Certificate[] getCertificates()
Get the X.509 certificates associated with this PKCS#7 object

getCRLs

public Collection getCRLs()
Get the X.509 certificate revocation lists associated with this PKCS#7 object

getDigestAlgorithm

public String getDigestAlgorithm()
Get the algorithm used to calculate the message digest

getEncoded

public byte[] getEncoded()
return the bytes for the PKCS7SignedData object.

getSigningCertificate

public X509Certificate getSigningCertificate()
Get the X.509 certificate actually used to sign the digest.

getSigningInfoVersion

public int getSigningInfoVersion()
Get the version of the PKCS#7 "SignerInfo" object. Always 1

getVersion

public int getVersion()
Get the version of the PKCS#7 object. Always 1

reset

public void reset()
Resets the PKCS7SignedData object to it's initial state, ready to sign or verify a new buffer.

update

public void update(byte buf)
Update the digest with the specified byte. This method is used both for signing and verifying

update

public void update(byte[] buf, int off, int len)
Update the digest with the specified bytes. This method is used both for signing and verifying

verify

public boolean verify()
Verify the digest