Package org.mozilla.jss.pkcs7
Class SignerInfo
java.lang.Object
org.mozilla.jss.pkcs7.SignerInfo
- All Implemented Interfaces:
ASN1Value
A PKCS #7 SignerInfo.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic class
A template for decoding a SignerInfo blob -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate SET
private static final OBJECT_IDENTIFIER
private AlgorithmIdentifier
private AlgorithmIdentifier
private OCTET_STRING
private IssuerAndSerialNumber
private static final OBJECT_IDENTIFIER
private static final Tag
private static SignerInfo.Template
private SET
private INTEGER
private static final INTEGER
-
Constructor Summary
ConstructorsConstructorDescriptionSignerInfo
(INTEGER version, IssuerAndSerialNumber issuerAndSerialNumber, AlgorithmIdentifier digestAlgorithm, SET authenticatedAttributes, AlgorithmIdentifier digestEncryptionAlgorithm, byte[] encryptedDigest, SET unauthenticatedAttributes) A constructor for creating a new SignerInfo from its decoding.SignerInfo
(IssuerAndSerialNumber issuerAndSerialNumber, SET authenticatedAttributes, SET unauthenticatedAttributes, OBJECT_IDENTIFIER contentType, byte[] messageDigest, SignatureAlgorithm signingAlg, PrivateKey signingKey) A constructor for creating a new SignerInfo from scratch. -
Method Summary
Modifier and TypeMethodDescriptionprivate static boolean
byteArraysAreSame
(byte[] left, byte[] right) Compares two non-null byte arrays.void
encode
(OutputStream ostream) Write this value's DER encoding to an output stream using its own base tag.void
encode
(Tag tag, OutputStream ostream) Write this value's DER encoding to an output stream using an implicit tag.Retrieves the authenticated attributes, if they exist.Retrieves the DigestAlgorithm used in this SignerInfo.Retrieves the DigestAlgorithmIdentifier used in this SignerInfo.Returns the raw signature (digest encryption) algorithm used in this SignerInfo.Returns the DigestEncryptionAlgorithmIdentifier used in this SignerInfo.byte[]
Retrieves the encrypted digest.Retrieves the issuer and serial number of the certificate whose private key was used to sign the SignerInfo.getTag()
Returns the base tag for this type, not counting any tags that may be imposed on it by its context.static SignerInfo.Template
Retrieves the unauthenticated attributes, if they exist.Retrieves the version number of this SignerInfo.boolean
Returns true if the authenticatedAttributes field is present.boolean
Returns true if the unauthenticatedAttributes field is present.void
verify
(byte[] messageDigest, OBJECT_IDENTIFIER contentType) Verifies that this SignerInfo contains a valid signature of the given message digest.void
verify
(byte[] messageDigest, OBJECT_IDENTIFIER contentType, PublicKey pubkey) Verifies that this SignerInfo contains a valid signature of the given message digest.private void
verifyWithAuthenticatedAttributes
(byte[] messageDigest, OBJECT_IDENTIFIER contentType, PublicKey pubkey) Verifies a SignerInfo with authenticated attributes.private void
verifyWithoutAuthenticatedAttributes
(byte[] messageDigest, OBJECT_IDENTIFIER contentType, PublicKey pubkey) Verifies that the message digest passed in, when encrypted with the given public key, matches the encrypted digest in the SignerInfo.
-
Field Details
-
CONTENT_TYPE
-
MESSAGE_DIGEST
-
version
-
issuerAndSerialNumber
-
digestAlgorithm
-
authenticatedAttributes
-
digestEncryptionAlgorithm
-
encryptedDigest
-
unauthenticatedAttributes
-
VERSION
-
TAG
-
templateInstance
-
-
Constructor Details
-
SignerInfo
public SignerInfo(IssuerAndSerialNumber issuerAndSerialNumber, SET authenticatedAttributes, SET unauthenticatedAttributes, OBJECT_IDENTIFIER contentType, byte[] messageDigest, SignatureAlgorithm signingAlg, PrivateKey signingKey) throws InvalidKeyException, NoSuchAlgorithmException, NotInitializedException, SignatureException, TokenException A constructor for creating a new SignerInfo from scratch.- Parameters:
issuerAndSerialNumber
- The issuer and serial number of the certificate from which the public key was extracted to create this SignerInfo.authenticatedAttributes
- An optional set of Attributes, which will be signed along with the message content. This parameter may be null, or the SET may be empty. DO NOT insert the PKCS #9 content-type or message-digest attributes. They will be added automatically if they are necessary.unauthenticatedAttributes
- An optional set of Attributes, which will be included in the SignerInfo but not signed. This parameter may be null, or the SET may be empty.contentType
- The type of the ContentInfo that is being signed. If it is notdata
, then the PKCS #9 attributes content-type and message-digest will be automatically computed and added to the authenticated attributes.messageDigest
- The digest of the message contents. The digest must have been created with the digest algorithm specified by the signingAlg parameter.signingAlg
- The algorithm to be used to sign the content. This should be a composite algorithm, such as RSASignatureWithMD5Digest, instead of a raw algorithm, such as RSASignature. Note that the digest portion of this algorithm must be the same algorithm as was used to digest the message content.- Throws:
InvalidKeyException
NoSuchAlgorithmException
NotInitializedException
SignatureException
TokenException
-
SignerInfo
SignerInfo(INTEGER version, IssuerAndSerialNumber issuerAndSerialNumber, AlgorithmIdentifier digestAlgorithm, SET authenticatedAttributes, AlgorithmIdentifier digestEncryptionAlgorithm, byte[] encryptedDigest, SET unauthenticatedAttributes) A constructor for creating a new SignerInfo from its decoding.
-
-
Method Details
-
getVersion
Retrieves the version number of this SignerInfo. -
getIssuerAndSerialNumber
Retrieves the issuer and serial number of the certificate whose private key was used to sign the SignerInfo. -
getDigestAlgorithm
Retrieves the DigestAlgorithm used in this SignerInfo.- Throws:
NoSuchAlgorithmException
- If the algorithm is not recognized by JSS.
-
getDigestAlgorithmIdentifer
Retrieves the DigestAlgorithmIdentifier used in this SignerInfo. -
getAuthenticatedAttributes
Retrieves the authenticated attributes, if they exist. -
hasAuthenticatedAttributes
public boolean hasAuthenticatedAttributes()Returns true if the authenticatedAttributes field is present. -
getDigestEncryptionAlgorithm
Returns the raw signature (digest encryption) algorithm used in this SignerInfo.- Throws:
NoSuchAlgorithmException
- If the algorithm is not recognized by JSS.
-
getDigestEncryptionAlgorithmIdentifier
Returns the DigestEncryptionAlgorithmIdentifier used in this SignerInfo. -
getEncryptedDigest
public byte[] getEncryptedDigest()Retrieves the encrypted digest. -
getUnauthenticatedAttributes
Retrieves the unauthenticated attributes, if they exist. -
hasUnauthenticatedAttributes
public boolean hasUnauthenticatedAttributes()Returns true if the unauthenticatedAttributes field is present. -
verify
public void verify(byte[] messageDigest, OBJECT_IDENTIFIER contentType) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, TokenException, SignatureException, ObjectNotFoundException Verifies that this SignerInfo contains a valid signature of the given message digest. If any authenticated attributes are present, they are also validated. The verification algorithm is as follows: Note that this does not verify the validity of the the certificate itself, only the signature.- If no authenticated attributes are present, the content type is verified to be data. Then it is verified that the message digest passed in, when encrypted with the given public key, matches the encrypted digest in the SignerInfo.
- If authenticated attributes are present,
two particular attributes must be present:
- PKCS #9 Content-Type, the type of content that is being signed. This must match the contentType parameter.
- PKCS #9 Message-Digest, the digest of the content that is being signed. This must match the messageDigest parameter.
- Parameters:
messageDigest
- The hash of the content that is signed by this SignerInfo.contentType
- The type of the content that is signed by this SignerInfo.- Throws:
ObjectNotFoundException
- If no certificate matching the the issuer name and serial number can be found.NotInitializedException
NoSuchAlgorithmException
InvalidKeyException
TokenException
SignatureException
-
verify
public void verify(byte[] messageDigest, OBJECT_IDENTIFIER contentType, PublicKey pubkey) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, TokenException, SignatureException Verifies that this SignerInfo contains a valid signature of the given message digest. If any authenticated attributes are present, they are also validated. The verification algorithm is as follows:- If no authenticated attributes are present, the content type is verified to be data. Then it is verified that the message digest passed in, when encrypted with the given public key, matches the encrypted digest in the SignerInfo.
- If authenticated attributes are present,
two particular attributes must be present:
- PKCS #9 Content-Type, the type of content that is being signed. This must match the contentType parameter.
- PKCS #9 Message-Digest, the digest of the content that is being signed. This must match the messageDigest parameter.
- Parameters:
messageDigest
- The hash of the content that is signed by this SignerInfo.contentType
- The type of the content that is signed by this SignerInfo.pubkey
- The public key to use to verify the signature.- Throws:
NotInitializedException
NoSuchAlgorithmException
InvalidKeyException
TokenException
SignatureException
-
verifyWithoutAuthenticatedAttributes
private void verifyWithoutAuthenticatedAttributes(byte[] messageDigest, OBJECT_IDENTIFIER contentType, PublicKey pubkey) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, TokenException, SignatureException Verifies that the message digest passed in, when encrypted with the given public key, matches the encrypted digest in the SignerInfo. -
verifyWithAuthenticatedAttributes
private void verifyWithAuthenticatedAttributes(byte[] messageDigest, OBJECT_IDENTIFIER contentType, PublicKey pubkey) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, TokenException, SignatureException Verifies a SignerInfo with authenticated attributes. If authenticated attributes are present, then two particular attributes must be present:- PKCS #9 Content-Type, the type of content that is being signed. This must match the contentType parameter.
- PKCS #9 Message-Digest, the digest of the content that is being signed. This must match the messageDigest parameter.
-
byteArraysAreSame
private static boolean byteArraysAreSame(byte[] left, byte[] right) Compares two non-null byte arrays. Returns true if they are identical, false otherwise. -
getTag
Description copied from interface:ASN1Value
Returns the base tag for this type, not counting any tags that may be imposed on it by its context. -
encode
Description copied from interface:ASN1Value
Write this value's DER encoding to an output stream using its own base tag.- Specified by:
encode
in interfaceASN1Value
- Parameters:
ostream
- Output stream.- Throws:
IOException
- If an error occurred.
-
encode
Description copied from interface:ASN1Value
Write this value's DER encoding to an output stream using an implicit tag.- Specified by:
encode
in interfaceASN1Value
- Parameters:
tag
- Implicit tag.ostream
- Output stream.- Throws:
IOException
- If an error occurred.
-
getTemplate
-