org.bouncycastle.cms

Class CMSSignedDataParser

public class CMSSignedDataParser extends CMSContentInfoParser

Parsing class for an CMS Signed Data object from an input stream.

Note: that because we are in a streaming mode only one signer can be tried and it is important that the methods on the parser are called in the appropriate order.

A simple example of usage for an encapsulated signature.

Two notes: first, in the example below the validity of the certificate isn't verified, just the fact that one of the certs matches the given signer, and, second, because we are in a streaming mode the order of the operations is important.

      CMSSignedDataParser     sp = new CMSSignedDataParser(encapSigData);

      sp.getSignedContent().drain();

      CertStore               certs = sp.getCertificatesAndCRLs("Collection", "BC");
      SignerInformationStore  signers = sp.getSignerInfos();
      
      Collection              c = signers.getSigners();
      Iterator                it = c.iterator();

      while (it.hasNext())
      {
          SignerInformation   signer = (SignerInformation)it.next();
          Collection          certCollection = certs.getCertificates(signer.getSID());

          Iterator        certIt = certCollection.iterator();
          X509Certificate cert = (X509Certificate)certIt.next();

          System.out.println("verify returns: " + signer.verify(cert, "BC"));
      }
 
Note also: this class does not introduce buffering - if you are processing large files you should create the parser with:
          CMSSignedDataParser     ep = new CMSSignedDataParser(new BufferedInputStream(encapSigData, bufSize));
  
where bufSize is a suitably large buffer size.
Constructor Summary
CMSSignedDataParser(byte[] sigBlock)
CMSSignedDataParser(CMSTypedStream signedContent, byte[] sigBlock)
CMSSignedDataParser(InputStream sigData)
base constructor - with encapsulated content
CMSSignedDataParser(CMSTypedStream signedContent, InputStream sigData)
base constructor
Method Summary
X509StoregetAttributeCertificates(String type, String provider)
return a X509Store containing the attribute certificates, if any, contained in this message.
X509StoregetCertificates(String type, String provider)
return a X509Store containing the public key certificates, if any, contained in this message.
CertStoregetCertificatesAndCRLs(String type, String provider)
return a CertStore containing the certificates and CRLs associated with this message.
X509StoregetCRLs(String type, String provider)
return a X509Store containing CRLs, if any, contained in this message.
CMSTypedStreamgetSignedContent()
SignerInformationStoregetSignerInfos()
return the collection of signers that are associated with the signatures for the message.
intgetVersion()
Return the version number for the SignedData object
static OutputStreamreplaceCertificatesAndCRLs(InputStream original, CertStore certsAndCrls, OutputStream out)
Replace the certificate and CRL information associated with this CMSSignedData object with the new one passed in.
static OutputStreamreplaceSigners(InputStream original, SignerInformationStore signerInformationStore, OutputStream out)
Replace the signerinformation store associated with the passed in message contained in the stream original with the new one passed in.

Constructor Detail

CMSSignedDataParser

public CMSSignedDataParser(byte[] sigBlock)

CMSSignedDataParser

public CMSSignedDataParser(CMSTypedStream signedContent, byte[] sigBlock)

CMSSignedDataParser

public CMSSignedDataParser(InputStream sigData)
base constructor - with encapsulated content

CMSSignedDataParser

public CMSSignedDataParser(CMSTypedStream signedContent, InputStream sigData)
base constructor

Parameters: signedContent the content that was signed. sigData the signature object stream.

Method Detail

getAttributeCertificates

public X509Store getAttributeCertificates(String type, String provider)
return a X509Store containing the attribute certificates, if any, contained in this message.

Parameters: type type of store to create provider provider to use

Returns: a store of attribute certificates

Throws: NoSuchProviderException if the provider requested isn't available. org.bouncycastle.x509.NoSuchStoreException if the store type isn't available. CMSException if a general exception prevents creation of the X509Store

getCertificates

public X509Store getCertificates(String type, String provider)
return a X509Store containing the public key certificates, if any, contained in this message.

Parameters: type type of store to create provider provider to use

Returns: a store of public key certificates

Throws: NoSuchProviderException if the provider requested isn't available. NoSuchStoreException if the store type isn't available. CMSException if a general exception prevents creation of the X509Store

getCertificatesAndCRLs

public CertStore getCertificatesAndCRLs(String type, String provider)
return a CertStore containing the certificates and CRLs associated with this message.

Throws: NoSuchProviderException if the provider requested isn't available. NoSuchAlgorithmException if the cert store isn't available. CMSException if a general exception prevents creation of the CertStore

getCRLs

public X509Store getCRLs(String type, String provider)
return a X509Store containing CRLs, if any, contained in this message.

Parameters: type type of store to create provider provider to use

Returns: a store of CRLs

Throws: NoSuchProviderException if the provider requested isn't available. NoSuchStoreException if the store type isn't available. CMSException if a general exception prevents creation of the X509Store

getSignedContent

public CMSTypedStream getSignedContent()

getSignerInfos

public SignerInformationStore getSignerInfos()
return the collection of signers that are associated with the signatures for the message.

Throws: CMSException

getVersion

public int getVersion()
Return the version number for the SignedData object

Returns: the version number

replaceCertificatesAndCRLs

public static OutputStream replaceCertificatesAndCRLs(InputStream original, CertStore certsAndCrls, OutputStream out)
Replace the certificate and CRL information associated with this CMSSignedData object with the new one passed in.

The output stream is returned unclosed.

Parameters: original the signed data stream to be used as a base. certsAndCrls the new certificates and CRLs to be used. out the stream to write the new signed data object to.

Returns: out.

Throws: CMSException if there is an error processing the CertStore

replaceSigners

public static OutputStream replaceSigners(InputStream original, SignerInformationStore signerInformationStore, OutputStream out)
Replace the signerinformation store associated with the passed in message contained in the stream original with the new one passed in. You would probably only want to do this if you wanted to change the unsigned attributes associated with a signer, or perhaps delete one.

The output stream is returned unclosed.

Parameters: original the signed data stream to be used as a base. signerInformationStore the new signer information store to use. out the stream to write the new signed data object to.

Returns: out.