iaik.cms.SDSEncodeListener
iaik.cms.DefaultSDSEncodeListener
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object
public class DefaultSDSEncodeListener
Simple SignedDataStream encode listener implementation allowing an application to add certificates/crls/SignerInfos to a SignedDataStream during the encoding is performed.
This SDSEncodeListener implements method beforeComputeSignature to
add any required certificates, crls or SignerInfos to a SignedDataStream
object AFTER the content data has been processed and digest calculation
has been performed, but BEFORE the signature values are computed. A
sample application might wish to add some SignedInfo(s) -- and corresponding
certificates/crls -- to an existing implicit SignedData object that should
be encoded again. Since the content data again has to be included in the
new encoding, but the signerInfos field is located behind the content any
new SignerInfo may be added not before the content has been processed.
However, since digest computation has to be initialized before the data
is written, any digest algorithm not used by the already included
SignerInfos has to be known in advance to can be announced when binding this SDSEncodeListener to a SignedDataStream object. For that reason any digest algorithm
that is required by some SignerInfo to be added should be set by
calling method setDigestAlgorithms for this SDSEncodeListener, e.g.:
// the input stream supplying the encoded SignedData:
InputStream is = ...;
// create a SignedDataStream to parse the encoding
SignedDataStream signedData = new SignedDataStream(is);
// create a SDSEncodeListener for SignerInfos, certs, crls to be added
DefaultSDSEncodeListener dl = new DefaultSDSEncodeListener();
// create a new SignerInfo to be added
SignerInfo signerInfo = ...;
// let the SDSEncodeListener add the SignerInfo
dl.setSignerInfos(new SignerInfo[] { signer_info });
// we assume that the new SignerInfo uses SHA-256 for hashing
dl.setDigestAlgorithms(new AlgorithmID [] { AlgorithmID.sha256 });
// add any certificates/crls for used by the new Signer
dl.setCertificates(...);
dl.setCrls(...);
// since we cannot read the content data in a conventional way we direct
// SDSEncodeListener to copy the content data to an OutputStream
OutputStream os = ...;
dl.setOutputStream(os);
// now bind the SDSEncodeListener to the SignedDataStream
signedData.setSDSEncodeListener(dl);
// and encode the SignedData again:
signedData.setBlockSize(2048);
OutputStream encodedStream = ...;
signedData.writeTo(encodedStream);
Note that this default SDSEncodeListener implements method afterComputeSignature to
let it verify the signature of any included (and added) SignerInfo
throwing an exception if any of the signature verification fails.
So you know that the signatures are verified when encoding
a SignedData again in the way described above.
SDSEncodeListener,
SignedDataStream| Field Summary | |
|---|---|
protected java.security.cert.Certificate[] |
certificates_
Certificates that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature. |
protected X509CRL[] |
crls_
CRLs that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature. |
protected SignerInfo[] |
signerInfos_
SignerInfos that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature. |
| Fields inherited from class iaik.cms.SDSEncodeListener |
|---|
digestAlgorithms_, outputStream_, report_ |
| Constructor Summary | |
|---|---|
DefaultSDSEncodeListener()
Default constructor. |
|
| Method Summary | |
|---|---|
protected void |
afterComputeSignature(SignedDataStream signedData)
Verifies the signatures of all included SignerInfos. |
protected void |
beforeComputeSignature(SignedDataStream signedData)
Adds any SignerInfos, certificates and crls that have been set for this SDSEncodeListener to the given SignedDataStream. |
java.security.cert.Certificate[] |
getCertificates()
Gets any certificates that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature. |
X509CRL[] |
getCrls()
Gets any crls set for this SDSEncodeListener. |
SignerInfo[] |
getSignerInfos()
Gets any SignerInfos that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature. |
void |
setCertificates(java.security.cert.Certificate[] certificates)
Sets any certificates that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature. |
void |
setCrls(X509CRL[] crls)
Sets any crls that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature. |
void |
setSignerInfos(SignerInfo[] signerInfos)
Sets any SignerInfos that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature. |
| Methods inherited from class iaik.cms.SDSEncodeListener |
|---|
getDigestAlgorithms, getOutputStream, getReport, setDigestAlgorithms, setOutputStream |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
protected java.security.cert.Certificate[] certificates_
beforeComputeSignature.
When parsing an implicit SignedData object and encoding it again an
application may wish to add some certificate(s) belonging to
some newly added SignerInfo(s). Since the certificates field is
located behind the content data the certificates SET can not be
accessed before the content data is written to the new encoding
stream. So method beforeComputeSignature may be used for adding any required
certificates after the content data has been written.
protected X509CRL[] crls_
beforeComputeSignature. When
parsing an implicit SignedData object and encoding it again an
application may wish to add some crl(s) belonging to
some newly added SignerInfo(s). Since the crls field is
located behind the content data the crls SET can not be
accessed before the content data is written to the new encoding
stream. So method beforeComputeSignature may be used for adding any
crls after the content data has been written.
protected SignerInfo[] signerInfos_
beforeComputeSignature. When
parsing an implicit SignedData object and encoding it again an
application may wish to add some new SignerInfo(s). Since the
signerInfos field is located behind the content data the
SignerInfo SET can not be accessed before the content data is
written to the new encoding stream. So method beforeComputeSignature may be used
for adding any SignerInfo(s) after the content data has been written.
Note that method afterComputeSignature should NOT be implemented in
a way to for adding SignerInfos since signature calculation already
has been done when method afterComputeSignature is
executed.
| Constructor Detail |
|---|
public DefaultSDSEncodeListener()
| Method Detail |
|---|
public void setCertificates(java.security.cert.Certificate[] certificates)
beforeComputeSignature.
When parsing an implicit SignedData object and encoding it again an
application may wish to add some certificate(s) belonging to
some newly added SignerInfo(s). Since the certificates field is
located behind the content data the certificates SET can not be
accessed before the content data is written to the new encoding
stream. So method beforeComputeSignature may be used for adding any required
certificates after the content data has been written.
An application may not override this method.
certificates - the certificates to be addedpublic java.security.cert.Certificate[] getCertificates()
beforeComputeSignature.
When parsing an implicit SignedData object and encoding it again an
application may wish to add some certificate(s) belonging to
some newly added SignerInfo(s). Since the certificates field is
located behind the content data the certificates SET can not be
accessed before the content data is written to the new encoding
stream. So method beforeComputeSignature may be used for adding any required
certificates after the content data has been written.
An application may not override this method.
public void setCrls(X509CRL[] crls)
beforeComputeSignature.
When parsing an implicit SignedData object and encoding it again an
application may wish to add some crl(s) belonging to
some newly added SignerInfo(s). Since the crls field is
located behind the content data the crls SET can not be
accessed before the content data is written to the new encoding
stream. So method beforeComputeSignature may be used for adding any
crls after the content data has been written.
An application may not override this method.
crls - the crls to be addedpublic X509CRL[] getCrls()
public void setSignerInfos(SignerInfo[] signerInfos)
beforeComputeSignature. When
parsing an implicit SignedData object and encoding it again an
application may wish to add some new SignerInfo(s). Since the
signerInfos field is located behind the content data the
SignerInfo SET can not be accessed before the content data is
written to the new encoding stream. So method beforeComputeSignature may be used
for adding any SignerInfo(s) after the content data has been written.
Note that method afterComputeSignature should NOT be implemented in
a way to for adding SignerInfos since signature calculation already
has been done when method afterComputeSignature is
executed.
An application may not override this method.
signerInfos - the signerInfos to be addedpublic SignerInfo[] getSignerInfos()
beforeComputeSignature. When
parsing an implicit SignedData object and encoding it again an
application may wish to add some new SignerInfo(s). Since the
signerInfos field is located behind the content data the
SignerInfo SET can not be accessed before the content data is
written to the new encoding stream. So method beforeComputeSignature may be used
for adding any SignerInfo(s) after the content data has been written.
Note that method afterComputeSignature should NOT be implemented in
a way to for adding SignerInfos since signature calculation already
has been done when method afterComputeSignature is
executed.
An application may not override this method.
protected void beforeComputeSignature(SignedDataStream signedData)
throws CMSException
This method is executed after the digest calculation has been and before signature calculation is performed. This method only adds any SignerInfos, certificates and crls of this SDSListener to the given SignedDataStream.
beforeComputeSignature in class SDSEncodeListenersignedData - the SignedDataStream to be updated before
signature calculation (and after content data processing;
digest calculation)
CMSException - if an error occurs while adding the SignerInfos
java.lang.IllegalArgumentException - if the supplied certificate
is not a iaik.x509.X509Certificate or
iaik.x509.attr.AttributeCertificate object
protected void afterComputeSignature(SignedDataStream signedData)
throws CMSException
This method is executed after signature calculation is performed. It only verifies the signature of any included SignerInfo and throws an exception if the verification fails for any SignerInfo. This method assumes that all certificates that are required for signature verification are included in the certificates field of the given SignerInfos. Verifying the signatures before finishing the SignedData encoding may ensure that no invalid SignedData object has been created.
afterComputeSignature in class SDSEncodeListenersignedData - the SignedDataStream for which to verify the signatures
CMSException - if signature verification fails
|
This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note). | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
IAIK-CMS 6.0, (c) 2002 IAIK, (c) 2003, 2023 SIC