Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
IAIK High-Level API
version 1.1
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

iaik.hlapi
Class CMSSignerEncrypter

java.lang.Object
  extended by iaik.hlapi.SignerEncrypter
      extended by iaik.hlapi.CMSSignerEncrypter

public class CMSSignerEncrypter
extends SignerEncrypter

This SignerEncrypter implementation creates CMS signed and encrypted data. It employs SignedData and EnvelopedData structures.

To the signature, it automatically adds the certificate chain and signed attributes, which are: content type, signing time, message digest and signing certificate according to ETSI CAdES v1.7.3. The signature is a CAdES-BES signature. Moreover, it selects a signature algorithm automatically depending on the given signature key. If the given key is a RSA key, it will select a suitable hash algorithm depending on the key length.

The output is a DER encoded CMS ContentInfo structure.

Using setIncludeData(boolean), the application can specify if the signed data is included in the result. Per default, it is included. Notice, if the data is excluded, an encryption will only cover the signature.

Constructor Summary
CMSSignerEncrypter()
          Construct a new signer/encrypter.
 
Method Summary
 void addRecipient(X509Certificate recipientCert)
          Add one recipient of the encrypted data.
 void clearRecipients()
          Clear the list of recipients.
 void dropSigningKey()
          Release all references to any previously set signing key.
 OutputStream process(OutputStream out)
          This method returns an OutputStream.
 void setIncludeData(boolean includeData)
          Specify if the signed data is included in the result.
 void setSigningKey(KeyAndCertificate signingKey)
          Set the signing key.
 
Methods inherited from class iaik.hlapi.SignerEncrypter
process
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CMSSignerEncrypter

public CMSSignerEncrypter()
Construct a new signer/encrypter. It will create implicit signed data.

Method Detail

setSigningKey

public void setSigningKey(KeyAndCertificate signingKey)
                   throws HlApiException
Description copied from class: SignerEncrypter
Set the signing key. The certificate chain should also be set. All certificates of the given chain will be included in the signature. To include one certificate only, simply provide a certificate chain of with only that certificate.

Overrides:
setSigningKey in class SignerEncrypter
Parameters:
signingKey - The signing key with the certificate chain.
Throws:
HlApiException - If handling the certificate fails.

dropSigningKey

public void dropSigningKey()
Description copied from class: SignerEncrypter
Release all references to any previously set signing key.

Overrides:
dropSigningKey in class SignerEncrypter

addRecipient

public void addRecipient(X509Certificate recipientCert)
                  throws HlApiException
Add one recipient of the encrypted data.

The certificate must contain a public key which is applicable for encryption (key wrapping to be more precise). The implementation may also require that the certificate has the required key-usage bits set.

Call clearRecipients() to clear all recipients which have been added so far. An encryption operation does not clear this list.

Overrides:
addRecipient in class SignerEncrypter
Parameters:
recipientCert - The X.509 certificate of the recipient.
Throws:
HlApiException - If the certificate is invalid for encryption.
See Also:
clearRecipients()
Preconditions
(recipientCert != null)
Postconditions
(result != null)

clearRecipients

public void clearRecipients()
Clear the list of recipients.

Overrides:
clearRecipients in class SignerEncrypter
See Also:
addRecipient(X509Certificate)

process

public OutputStream process(OutputStream out)
                     throws IOException,
                            HlApiException
Description copied from class: SignerEncrypter
This method returns an OutputStream. The application can write to this stream all data that it wants to sign and/or encrypt. The application finishes writing data by closing the stream. The method will write the signed and/or encrypted data to out.

Note that the application must set a signing key in advance using SignerEncrypter.setSigningKey(KeyAndCertificate) to sign the data. To encrypt the data, it must have set one or more recipient certificates.

Specified by:
process in class SignerEncrypter
Parameters:
out - The stream which receives the signed and/or encrypted data.
Returns:
The OutputStream to which the application writes the data to be signed and/or encrypted.
Throws:
IOException - If writing to the given stream fails.
HlApiException - If signing fails.

setIncludeData

public void setIncludeData(boolean includeData)
Specify if the signed data is included in the result. Default is true (included).

Parameters:
includeData - true to include data, false to exclude it.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
IAIK High-Level API
version 1.1
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2007, IAIK, Graz University of Technology
Copyright © 2007, Stiftung SIC