iaik.cms
Class DefaultSDSEncodeListener

java.lang.Object
  extended by iaik.cms.SDSEncodeListener
      extended by iaik.cms.DefaultSDSEncodeListener

public class DefaultSDSEncodeListener
extends SDSEncodeListener

Simple SignedDataStream encode listener implementation allowing an application to add certificates/crls/SignerInfos to a SignedDataStream during the encoding is performed.

This SDSEncodeListener implements method beforeComputeSignature to add any required certificates, crls or SignerInfos to a SignedDataStream object AFTER the content data has been processed and digest calculation has been performed, but BEFORE the signature values are computed. A sample application might wish to add some SignedInfo(s) -- and corresponding certificates/crls -- to an existing implicit SignedData object that should be encoded again. Since the content data again has to be included in the new encoding, but the signerInfos field is located behind the content any new SignerInfo may be added not before the content has been processed. However, since digest computation has to be initialized before the data is written, any digest algorithm not used by the already included SignerInfos has to be known in advance to can be announced when binding this SDSEncodeListener to a SignedDataStream object. For that reason any digest algorithm that is required by some SignerInfo to be added should be set by calling method setDigestAlgorithms for this SDSEncodeListener, e.g.:

 // the input stream supplying the encoded SignedData:
 InputStream is = ...;
 // create a SignedDataStream to parse the encoding
 SignedDataStream signedData = new SignedDataStream(is);
 // create a SDSEncodeListener for SignerInfos, certs, crls to be added
 DefaultSDSEncodeListener dl = new DefaultSDSEncodeListener();
 // create a new SignerInfo to be added
 SignerInfo signerInfo = ...;
 // let the SDSEncodeListener add the SignerInfo
 dl.setSignerInfos(new SignerInfo[] { signer_info });    
 // we assume that the new SignerInfo uses SHA-256 for hashing
 dl.setDigestAlgorithms(new AlgorithmID [] { AlgorithmID.sha256 });
 // add any certificates/crls for used by the new Signer  
 dl.setCertificates(...);
 dl.setCrls(...);
 // since we cannot read the content data in a conventional way we direct
 // SDSEncodeListener to copy the content data to an OutputStream
 OutputStream os = ...;
 dl.setOutputStream(os);
 // now bind the SDSEncodeListener to the SignedDataStream
 signedData.setSDSEncodeListener(dl);  
 // and encode the SignedData again:
 signedData.setBlockSize(2048);
 OutputStream encodedStream = ...;
 signedData.writeTo(encodedStream);
 
Note that this default SDSEncodeListener implements method afterComputeSignature to let it verify the signature of any included (and added) SignerInfo throwing an exception if any of the signature verification fails. So you know that the signatures are verified when encoding a SignedData again in the way described above.

See Also:
SDSEncodeListener, SignedDataStream

Field Summary
protected  java.security.cert.Certificate[] certificates_
          Certificates that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature.
protected  X509CRL[] crls_
          CRLs that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature.
protected  SignerInfo[] signerInfos_
          SignerInfos that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature.
 
Fields inherited from class iaik.cms.SDSEncodeListener
digestAlgorithms_, outputStream_, report_
 
Constructor Summary
DefaultSDSEncodeListener()
          Default constructor.
 
Method Summary
protected  void afterComputeSignature(SignedDataStream signedData)
          Verifies the sigantures of all included SignerInfos.
protected  void beforeComputeSignature(SignedDataStream signedData)
          Adds any SignerInfos, certificates and crls that have been set for this SDSEncodeListener to the given SignedDataStream.
 java.security.cert.Certificate[] getCertificates()
          Gets any certificates that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature.
 X509CRL[] getCrls()
          Gets any crls set for this SDSEncodeListener.
 SignerInfo[] getSignerInfos()
          Gets any SignerInfos that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature.
 void setCertificates(java.security.cert.Certificate[] certificates)
          Sets any certificates that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature.
 void setCrls(X509CRL[] crls)
          Sets any crls that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature.
 void setSignerInfos(SignerInfo[] signerInfos)
          Sets any SignerInfos that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature.
 
Methods inherited from class iaik.cms.SDSEncodeListener
getDigestAlgorithms, getOutputStream, getReport, setDigestAlgorithms, setOutputStream
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

certificates_

protected java.security.cert.Certificate[] certificates_
Certificates that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature. When parsing an implicit SignedData object and encoding it again an application may wish to add some certificate(s) belonging to some newly added SignerInfo(s). Since the certificates field is located behind the content data the certificates SET can not be accessed before the content data is written to the new encoding stream. So method beforeComputeSignature may be used for adding any required certificates after the content data has been written.


crls_

protected X509CRL[] crls_
CRLs that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature. When parsing an implicit SignedData object and encoding it again an application may wish to add some crl(s) belonging to some newly added SignerInfo(s). Since the crls field is located behind the content data the crls SET can not be accessed before the content data is written to the new encoding stream. So method beforeComputeSignature may be used for adding any crls after the content data has been written.


signerInfos_

protected SignerInfo[] signerInfos_
SignerInfos that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature. When parsing an implicit SignedData object and encoding it again an application may wish to add some new SignerInfo(s). Since the signerInfos field is located behind the content data the SignerInfo SET can not be accessed before the content data is written to the new encoding stream. So method beforeComputeSignature may be used for adding any SignerInfo(s) after the content data has been written. Note that method afterComputeSignature should NOT be implemented in a way to for adding SignerInfos since signature calculation already has been done when method afterComputeSignature is executed.

Constructor Detail

DefaultSDSEncodeListener

public DefaultSDSEncodeListener()
Default constructor.

Method Detail

setCertificates

public void setCertificates(java.security.cert.Certificate[] certificates)
Sets any certificates that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature.

When parsing an implicit SignedData object and encoding it again an application may wish to add some certificate(s) belonging to some newly added SignerInfo(s). Since the certificates field is located behind the content data the certificates SET can not be accessed before the content data is written to the new encoding stream. So method beforeComputeSignature may be used for adding any required certificates after the content data has been written.

An application may not override this method.

Parameters:
certificates - the certificates to be added

getCertificates

public java.security.cert.Certificate[] getCertificates()
Gets any certificates that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature.

When parsing an implicit SignedData object and encoding it again an application may wish to add some certificate(s) belonging to some newly added SignerInfo(s). Since the certificates field is located behind the content data the certificates SET can not be accessed before the content data is written to the new encoding stream. So method beforeComputeSignature may be used for adding any required certificates after the content data has been written.

An application may not override this method.

Returns:
certificates to be added

setCrls

public void setCrls(X509CRL[] crls)
Sets any crls that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature.

When parsing an implicit SignedData object and encoding it again an application may wish to add some crl(s) belonging to some newly added SignerInfo(s). Since the crls field is located behind the content data the crls SET can not be accessed before the content data is written to the new encoding stream. So method beforeComputeSignature may be used for adding any crls after the content data has been written.

An application may not override this method.

Parameters:
crls - the crls to be added

getCrls

public X509CRL[] getCrls()
Gets any crls set for this SDSEncodeListener.

Returns:
the crls

setSignerInfos

public void setSignerInfos(SignerInfo[] signerInfos)
Sets any SignerInfos that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature. When parsing an implicit SignedData object and encoding it again an application may wish to add some new SignerInfo(s). Since the signerInfos field is located behind the content data the SignerInfo SET can not be accessed before the content data is written to the new encoding stream. So method beforeComputeSignature may be used for adding any SignerInfo(s) after the content data has been written. Note that method afterComputeSignature should NOT be implemented in a way to for adding SignerInfos since signature calculation already has been done when method afterComputeSignature is executed.

An application may not override this method.

Parameters:
signerInfos - the signerInfos to be added

getSignerInfos

public SignerInfo[] getSignerInfos()
Gets any SignerInfos that shall be added to the SignedDataStream (to which this SDSEncodeListener is bound to) during execution of method beforeComputeSignature. When parsing an implicit SignedData object and encoding it again an application may wish to add some new SignerInfo(s). Since the signerInfos field is located behind the content data the SignerInfo SET can not be accessed before the content data is written to the new encoding stream. So method beforeComputeSignature may be used for adding any SignerInfo(s) after the content data has been written. Note that method afterComputeSignature should NOT be implemented in a way to for adding SignerInfos since signature calculation already has been done when method afterComputeSignature is executed.

An application may not override this method.

Returns:
the signerInfos to be added

beforeComputeSignature

protected void beforeComputeSignature(SignedDataStream signedData)
                               throws CMSException
Adds any SignerInfos, certificates and crls that have been set for this SDSEncodeListener to the given SignedDataStream.

This method is executed after the digest calculation has been and before signature calculation is performed. This method only adds any SignerInfos, certificates and crls of this SDSListener to the given SignedDataStream.

Specified by:
beforeComputeSignature in class SDSEncodeListener
Parameters:
signedData - the SignedDataStream to be updated before signature calculation (and after content data processing; digest calculation)
Throws:
CMSException - if an error occurs while adding the SignerInfos
java.lang.IllegalArgumentException - if the supplied certificate is not a iaik.x509.X509Certificate or iaik.x509.attr.AttributeCertificate object

afterComputeSignature

protected void afterComputeSignature(SignedDataStream signedData)
                              throws CMSException
Verifies the sigantures of all included SignerInfos.

This method is executed after signature calculation is performed. It only verifies the signature of any included SignerInfo and throws an exception if the verification fails for any SignerInfo. This method assumes that all certificates that are required for signature verification are included in the certificates field of the given SignerInfos. Verifying the signatures before finishing the SignedData encoding may ensure that no invalid SignedData object has been created.

Specified by:
afterComputeSignature in class SDSEncodeListener
Parameters:
signedData - the SignedDataStream for which to verify the signatures
Throws:
CMSException - if signature verification fails

This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).

IAIK-CMS 5.1, (c) 2002 IAIK, (c) 2003 - 2010 SIC