iaik.hlapi
Class CMSDecrypterVerifier

java.lang.Object
  iaik.hlapi.DecrypterVerifier
      iaik.hlapi.CMSDecrypterVerifier

public class CMSDecrypterVerifier
extends DecrypterVerifier

This class decrypts CMS enveloped data objects and verifies CMS signed data objects.

It supports a signed data object that is nested inside an enveloped data object. If present it checks these signed attributes for consistency: content type, signing time, message digest and signing certificate (v1 and v2).

The input must be a DER encoded CMS ContentInfo structure.

Constructor Summary

CMSDecrypterVerifier()
Create a new object for decrypting and verifying CMS enveloped data and signed data objects.

Method Summary

void	dropDecryptionKeys() Release all references to any previously set decryption keys.
Date	getSigningTime() Get the signing time which was encoded as a signed property in the signature object.
InputStream	process(InputStream data) Decrypt and/or verify the given data.
void	registerDecryptionKey(KeyAndCertificate decryptionKey) Register a key to be a decryption key for the associated certificate.

Methods inherited from class iaik.hlapi.DecrypterVerifier

process, verify

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CMSDecrypterVerifier

public CMSDecrypterVerifier()

Create a new object for decrypting and verifying CMS enveloped data and signed data objects.

Method Detail

registerDecryptionKey

public void registerDecryptionKey(KeyAndCertificate decryptionKey)
                           throws HlApiException

Description copied from class: DecrypterVerifier

Register a key to be a decryption key for the associated certificate. The application may call this method more than once to register multiple decryption keys. The decryption operation will select one of them automatically.

The certificate in the decryptionKey may be null. In this case, the decryption method will try to use this key for decrypting the data. However, it is recommended to provide the certificate that belongs to the private key.

Specified by:

registerDecryptionKey in class DecrypterVerifier

Parameters:

decryptionKey - The decryption key and the certificate.

Throws:

HlApiException - If handling the certificate fails.

dropDecryptionKeys

public void dropDecryptionKeys()

Description copied from class: DecrypterVerifier

Release all references to any previously set decryption keys.

Specified by:

dropDecryptionKeys in class DecrypterVerifier

process

public InputStream process(InputStream data)
                    throws IOException,
                           NoKeyException,
                           HlApiException

Description copied from class: DecrypterVerifier

Decrypt and/or verify the given data.

If the data is encrypted, a suitable decryption keys must have been registered before using DecrypterVerifier.registerDecryptionKey(KeyAndCertificate).

Specified by:

process in class DecrypterVerifier

Parameters:

data - The stream that provides the encrypted and/or signed data.

Returns:

The decrypted/verified content data.

Throws:

IOException - If reading from the given stream fails.

NoKeyException - If there is no suitable key available for decryption.

HlApiException - If decryption or verification fails.

getSigningTime

public Date getSigningTime()
                    throws HlApiException

Description copied from class: DecrypterVerifier

Get the signing time which was encoded as a signed property in the signature object.

Specified by:

getSigningTime in class DecrypterVerifier

Returns:

The signing time or null if there was no signing time encoded in the signed data or if there was no signature.

Throws:

HlApiException - If parsing the signing time out of the signature structure fails.