Package org.mozilla.jss.pkcs7

Class SignerInfo

  • All Implemented Interfaces:
    ASN1Value
    public class SignerInfo
extends java.lang.Object
implements ASN1Value
    A PKCS #7 SignerInfo.

    • Constructor Detail

      • SignerInfo

        public SignerInfo​(IssuerAndSerialNumber issuerAndSerialNumber,
                  SET authenticatedAttributes,
                  SET unauthenticatedAttributes,
                  OBJECT_IDENTIFIER contentType,
                  byte[] messageDigest,
                  SignatureAlgorithm signingAlg,
                  PrivateKey signingKey)
           throws java.security.InvalidKeyException,
                  java.security.NoSuchAlgorithmException,
                  NotInitializedException,
                  java.security.SignatureException,
                  TokenException
        A constructor for creating a new SignerInfo from scratch.
        Parameters:
        issuerAndSerialNumber - The issuer and serial number of the certificate from which the public key was extracted to create this SignerInfo.
        signingAlg - The algorithm to be used to sign the content. This should be a composite algorithm, such as RSASignatureWithMD5Digest, instead of a raw algorithm, such as RSASignature. Note that the digest portion of this algorithm must be the same algorithm as was used to digest the message content.
        authenticatedAttributes - An optional set of Attributes, which will be signed along with the message content. This parameter may be null, or the SET may be empty. DO NOT insert the PKCS #9 content-type or message-digest attributes. They will be added automatically if they are necessary.
        unauthenticatedAttributes - An optional set of Attributes, which will be included in the SignerInfo but not signed. This parameter may be null, or the SET may be empty.
        messageDigest - The digest of the message contents. The digest must have been created with the digest algorithm specified by the signingAlg parameter.
        contentType - The type of the ContentInfo that is being signed. If it is not data, then the PKCS #9 attributes content-type and message-digest will be automatically computed and added to the authenticated attributes.
        Throws:
        java.security.InvalidKeyException
        java.security.NoSuchAlgorithmException
        NotInitializedException
        java.security.SignatureException
        TokenException

    • Method Detail

      • getVersion

        public INTEGER getVersion()
        Retrieves the version number of this SignerInfo.

      • getIssuerAndSerialNumber

        public IssuerAndSerialNumber getIssuerAndSerialNumber()
        Retrieves the issuer and serial number of the certificate whose private key was used to sign the SignerInfo.

      • getDigestAlgorithm

        public DigestAlgorithm getDigestAlgorithm()
                                   throws java.security.NoSuchAlgorithmException
        Retrieves the DigestAlgorithm used in this SignerInfo.
        Throws:
        java.security.NoSuchAlgorithmException - If the algorithm is not recognized by JSS.

      • getDigestAlgorithmIdentifer

        public AlgorithmIdentifier getDigestAlgorithmIdentifer()
        Retrieves the DigestAlgorithmIdentifier used in this SignerInfo.

      • getAuthenticatedAttributes

        public SET getAuthenticatedAttributes()
        Retrieves the authenticated attributes, if they exist.

      • hasAuthenticatedAttributes

        public boolean hasAuthenticatedAttributes()
        Returns true if the authenticatedAttributes field is present.

      • getDigestEncryptionAlgorithm

        public SignatureAlgorithm getDigestEncryptionAlgorithm()
                                                throws java.security.NoSuchAlgorithmException
        Returns the raw signature (digest encryption) algorithm used in this SignerInfo.
        Throws:
        java.security.NoSuchAlgorithmException - If the algorithm is not recognized by JSS.

      • getDigestEncryptionAlgorithmIdentifier

        public AlgorithmIdentifier getDigestEncryptionAlgorithmIdentifier()
        Returns the DigestEncryptionAlgorithmIdentifier used in this SignerInfo.

      • getEncryptedDigest

        public byte[] getEncryptedDigest()
        Retrieves the encrypted digest.

      • getUnauthenticatedAttributes

        public SET getUnauthenticatedAttributes()
        Retrieves the unauthenticated attributes, if they exist.

      • hasUnauthenticatedAttributes

        public boolean hasUnauthenticatedAttributes()
        Returns true if the unauthenticatedAttributes field is present.

      • verify

        public void verify​(byte[] messageDigest,
                   OBJECT_IDENTIFIER contentType)
            throws NotInitializedException,
                   java.security.NoSuchAlgorithmException,
                   java.security.InvalidKeyException,
                   TokenException,
                   java.security.SignatureException,
                   ObjectNotFoundException
        Verifies that this SignerInfo contains a valid signature of the given message digest. If any authenticated attributes are present, they are also validated. The verification algorithm is as follows: Note that this does not verify the validity of the the certificate itself, only the signature.
        • If no authenticated attributes are present, the content type is verified to be data. Then it is verified that the message digest passed in, when encrypted with the given public key, matches the encrypted digest in the SignerInfo.
        • If authenticated attributes are present, two particular attributes must be present:
          • PKCS #9 Content-Type, the type of content that is being signed. This must match the contentType parameter.
          • PKCS #9 Message-Digest, the digest of the content that is being signed. This must match the messageDigest parameter.
          After these two attributes are verified to be both present and correct, the encryptedDigest field of the SignerInfo is verified to be the signature of the contents octets of the DER encoding of the authenticatedAttributes field.
        Parameters:
        messageDigest - The hash of the content that is signed by this SignerInfo.
        contentType - The type of the content that is signed by this SignerInfo.
        Throws:
        ObjectNotFoundException - If no certificate matching the the issuer name and serial number can be found.
        NotInitializedException
        java.security.NoSuchAlgorithmException
        java.security.InvalidKeyException
        TokenException
        java.security.SignatureException

      • verify

        public void verify​(byte[] messageDigest,
                   OBJECT_IDENTIFIER contentType,
                   java.security.PublicKey pubkey)
            throws NotInitializedException,
                   java.security.NoSuchAlgorithmException,
                   java.security.InvalidKeyException,
                   TokenException,
                   java.security.SignatureException
        Verifies that this SignerInfo contains a valid signature of the given message digest. If any authenticated attributes are present, they are also validated. The verification algorithm is as follows:
        • If no authenticated attributes are present, the content type is verified to be data. Then it is verified that the message digest passed in, when encrypted with the given public key, matches the encrypted digest in the SignerInfo.
        • If authenticated attributes are present, two particular attributes must be present:
          • PKCS #9 Content-Type, the type of content that is being signed. This must match the contentType parameter.
          • PKCS #9 Message-Digest, the digest of the content that is being signed. This must match the messageDigest parameter.
          After these two attributes are verified to be both present and correct, the encryptedDigest field of the SignerInfo is verified to be the signature of the contents octets of the DER encoding of the authenticatedAttributes field.
        Parameters:
        messageDigest - The hash of the content that is signed by this SignerInfo.
        contentType - The type of the content that is signed by this SignerInfo.
        pubkey - The public key to use to verify the signature.
        Throws:
        NotInitializedException
        java.security.NoSuchAlgorithmException
        java.security.InvalidKeyException
        TokenException
        java.security.SignatureException

      • getTag

        public Tag getTag()
        Description copied from interface: ASN1Value
        Returns the base tag for this type, not counting any tags that may be imposed on it by its context.
        Specified by:
        getTag in interface ASN1Value
        Returns:
        Base tag.

      • encode

        public void encode​(java.io.OutputStream ostream)
            throws java.io.IOException
        Description copied from interface: ASN1Value
        Write this value's DER encoding to an output stream using its own base tag.
        Specified by:
        encode in interface ASN1Value
        Parameters:
        ostream - Output stream.
        Throws:
        java.io.IOException - If an error occurred.

      • encode

        public void encode​(Tag tag,
                   java.io.OutputStream ostream)
            throws java.io.IOException
        Description copied from interface: ASN1Value
        Write this value's DER encoding to an output stream using an implicit tag.
        Specified by:
        encode in interface ASN1Value
        Parameters:
        tag - Implicit tag.
        ostream - Output stream.
        Throws:
        java.io.IOException - If an error occurred.