Class SignerInfo

java.lang.Object
org.mozilla.jss.pkix.cms.SignerInfo
All Implemented Interfaces:
ASN1Value

public class SignerInfo extends Object implements ASN1Value
A CMS SignerInfo.
  • Field Details

  • Constructor Details

    • SignerInfo

      public SignerInfo(SignerIdentifier signerIdentifier, SET signedAttributes, SET unsignedAttributes, OBJECT_IDENTIFIER contentType, byte[] messageDigest, SignatureAlgorithm signingAlg, PrivateKey signingKey) throws InvalidKeyException, NoSuchAlgorithmException, NotInitializedException, SignatureException, TokenException
      A constructor for creating a new SignerInfo from scratch.
      Parameters:
      signerIdentifier - The signerIdentifier of the certificate from which the public key was extracted to create this SignerInfo.
      signedAttributes - An optional set of Attributes, which will be signed along with the message content. This parameter may be null, or the SET may be empty. DO NOT insert the PKCS #9 content-type or message-digest attributes. They will be added automatically if they are necessary.
      unsignedAttributes - An optional set of Attributes, which will be included in the SignerInfo but not signed. This parameter may be null, or the SET may be empty.
      contentType - The type of the ContentInfo that is being signed. If it is not data, then the PKCS #9 attributes content-type and message-digest will be automatically computed and added to the signed attributes.
      messageDigest - The digest of the message contents. The digest must have been created with the digest algorithm specified by the signingAlg parameter.
      signingAlg - The algorithm to be used to sign the content. This should be a composite algorithm, such as RSASignatureWithMD5Digest, instead of a raw algorithm, such as RSASignature. Note that the digest portion of this algorithm must be the same algorithm as was used to digest the message content.
      Throws:
      InvalidKeyException
      NoSuchAlgorithmException
      NotInitializedException
      SignatureException
      TokenException
    • SignerInfo

      SignerInfo(INTEGER version, SignerIdentifier signerIdentifier, AlgorithmIdentifier digestAlgorithm, SET signedAttributes, AlgorithmIdentifier digestEncryptionAlgorithm, byte[] encryptedDigest, SET unsignedAttributes)
      A constructor for creating a new SignerInfo from its decoding.
  • Method Details

    • getVersion

      public INTEGER getVersion()
      Retrieves the version number of this SignerInfo.
    • getSignerIdentifier

      public SignerIdentifier getSignerIdentifier()
      Retrieves the SignerIdentifier.
    • getDigestAlgorithm

      public DigestAlgorithm getDigestAlgorithm() throws NoSuchAlgorithmException
      Retrieves the DigestAlgorithm used in this SignerInfo.
      Throws:
      NoSuchAlgorithmException - If the algorithm is not recognized by JSS.
    • getDigestAlgorithmIdentifer

      public AlgorithmIdentifier getDigestAlgorithmIdentifer()
      Retrieves the DigestAlgorithmIdentifier used in this SignerInfo.
    • getSignedAttributes

      public SET getSignedAttributes()
      Retrieves the signed attributes, if they exist.
    • hasSignedAttributes

      public boolean hasSignedAttributes()
      Returns true if the signedAttributes field is present.
    • getDigestEncryptionAlgorithm

      public SignatureAlgorithm getDigestEncryptionAlgorithm() throws NoSuchAlgorithmException
      Returns the raw signature (digest encryption) algorithm used in this SignerInfo.
      Throws:
      NoSuchAlgorithmException - If the algorithm is not recognized by JSS.
    • getDigestEncryptionAlgorithmIdentifier

      public AlgorithmIdentifier getDigestEncryptionAlgorithmIdentifier()
      Returns the DigestEncryptionAlgorithmIdentifier used in this SignerInfo.
    • getEncryptedDigest

      public byte[] getEncryptedDigest()
      Retrieves the encrypted digest.
    • getUnsignedAttributes

      public SET getUnsignedAttributes()
      Retrieves the unsigned attributes, if they exist.
    • hasUnsignedAttributes

      public boolean hasUnsignedAttributes()
      Returns true if the unsignedAttributes field is present.
    • verify

      Verifies that this SignerInfo contains a valid signature of the given message digest. If any signed attributes are present, they are also validated. The verification algorithm is as follows: Note that this does not verify the validity of the the certificate itself, only the signature.
      • If no signed attributes are present, the content type is verified to be data. Then it is verified that the message digest passed in, when encrypted with the given public key, matches the encrypted digest in the SignerInfo.
      • If signed attributes are present, two particular attributes must be present:
        • PKCS #9 Content-Type, the type of content that is being signed. This must match the contentType parameter.
        • PKCS #9 Message-Digest, the digest of the content that is being signed. This must match the messageDigest parameter.
        After these two attributes are verified to be both present and correct, the encryptedDigest field of the SignerInfo is verified to be the signature of the contents octets of the DER encoding of the signedAttributes field.
      Parameters:
      messageDigest - The hash of the content that is signed by this SignerInfo.
      contentType - The type of the content that is signed by this SignerInfo.
      Throws:
      ObjectNotFoundException - If no certificate matching the issuer name and serial number can be found.
      NotInitializedException
      NoSuchAlgorithmException
      InvalidKeyException
      TokenException
      SignatureException
    • verify

      public void verify(byte[] messageDigest, OBJECT_IDENTIFIER contentType, PublicKey pubkey) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, TokenException, SignatureException
      Verifies that this SignerInfo contains a valid signature of the given message digest. If any signed attributes are present, they are also validated. The verification algorithm is as follows:
      • If no signed attributes are present, the content type is verified to be data. Then it is verified that the message digest passed in, when encrypted with the given public key, matches the encrypted digest in the SignerInfo.
      • If signed attributes are present, two particular attributes must be present:
        • PKCS #9 Content-Type, the type of content that is being signed. This must match the contentType parameter.
        • PKCS #9 Message-Digest, the digest of the content that is being signed. This must match the messageDigest parameter.
        After these two attributes are verified to be both present and correct, the encryptedDigest field of the SignerInfo is verified to be the signature of the contents octets of the DER encoding of the signedAttributes field.
      Parameters:
      messageDigest - The hash of the content that is signed by this SignerInfo.
      contentType - The type of the content that is signed by this SignerInfo.
      pubkey - The public key to use to verify the signature.
      Throws:
      NotInitializedException
      NoSuchAlgorithmException
      InvalidKeyException
      TokenException
      SignatureException
    • verifyWithoutSignedAttributes

      private void verifyWithoutSignedAttributes(byte[] messageDigest, OBJECT_IDENTIFIER contentType, PublicKey pubkey) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, TokenException, SignatureException
      Verifies that the message digest passed in, when encrypted with the given public key, matches the encrypted digest in the SignerInfo.
      Throws:
      NotInitializedException
      NoSuchAlgorithmException
      InvalidKeyException
      TokenException
      SignatureException
    • verifyWithSignedAttributes

      private void verifyWithSignedAttributes(byte[] messageDigest, OBJECT_IDENTIFIER contentType, PublicKey pubkey) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, TokenException, SignatureException
      Verifies a SignerInfo with signed attributes. If signed attributes are present, then two particular attributes must be present:
      • PKCS #9 Content-Type, the type of content that is being signed. This must match the contentType parameter.
      • PKCS #9 Message-Digest, the digest of the content that is being signed. This must match the messageDigest parameter.
      After these two attributes are verified to be both present and correct, the encryptedDigest field of the SignerInfo is verified to be the signature of the contents octets of the DER encoding of the signedAttributes field.
      Throws:
      NotInitializedException
      NoSuchAlgorithmException
      InvalidKeyException
      TokenException
      SignatureException
    • createDigestInfo

      private SEQUENCE createDigestInfo(byte[] data, boolean doDigest) throws NoSuchAlgorithmException
      Throws:
      NoSuchAlgorithmException
    • byteArraysAreSame

      private static boolean byteArraysAreSame(byte[] left, byte[] right)
      Compares two non-null byte arrays. Returns true if they are identical, false otherwise.
    • getTag

      public Tag getTag()
      Description copied from interface: ASN1Value
      Returns the base tag for this type, not counting any tags that may be imposed on it by its context.
      Specified by:
      getTag in interface ASN1Value
      Returns:
      Base tag.
    • encode

      public void encode(OutputStream ostream) throws IOException
      Description copied from interface: ASN1Value
      Write this value's DER encoding to an output stream using its own base tag.
      Specified by:
      encode in interface ASN1Value
      Parameters:
      ostream - Output stream.
      Throws:
      IOException - If an error occurred.
    • encode

      public void encode(Tag tag, OutputStream ostream) throws IOException
      Description copied from interface: ASN1Value
      Write this value's DER encoding to an output stream using an implicit tag.
      Specified by:
      encode in interface ASN1Value
      Parameters:
      tag - Implicit tag.
      ostream - Output stream.
      Throws:
      IOException - If an error occurred.
    • getTemplate

      public static SignerInfo.Template getTemplate()