demo.cms.pkcs11
Class SignedDataStreamDemo

java.lang.Object
  demo.cms.pkcs11.PKCS11Demo
      demo.cms.pkcs11.SignedDataStreamDemo

Direct Known Subclasses:

ExplicitRSAPssSignedDataStreamDemo, ExplicitSignedDataStreamDemo, ImplicitRSAPssSignedDataStreamDemo, ImplicitSignedDataStreamDemo

public abstract class SignedDataStreamDemo
extends PKCS11Demo

Base class of SignedDataStream demos using PKCS#11 for accessing the signer key on a smart card.

Field Summary

protected java.security.cert.X509Certificate	signerCertificate_ This is the certificate used for verifying the signature.
protected java.security.PrivateKey	signerKey_ The private key of the signer.

Fields inherited from class demo.cms.pkcs11.PKCS11Demo

iaikPkcs11Provider_, iaikSoftwareProvider_, moduleName_, tokenKeyStore_, userPin_

Constructor Summary

protected

SignedDataStreamDemo() Creates a SignedDataStreamDemo object that has to be explicitly initialized with a module name.

Method Summary

protected iaik.cms.SignerInfo	createSignerInfo(iaik.x509.X509Certificate signerCertificate) This method creates a SignerInfo for the given signer certificate.
protected void	getSignatureKey() This method gets the key stores of all inserted (compatible) smart cards and simply takes the first key-entry.
protected void	getSignatureKey(java.lang.String algorithm) This method gets the key stores of all inserted (compatible) smart cards and simply takes the first key-entry.
void	init(java.lang.String[] args) This method starts the demo based on the given command line arguments.
byte[]	sign(byte[] data, boolean implicit) This method signs the data in the byte array DATA with signatureKey_.
void	start(boolean implicit) Starts the demo.
byte[]	verify(byte[] encodedSignedData, byte[] contentData) This method verifies the signature stored in signatureKey_ .

Methods inherited from class demo.cms.pkcs11.PKCS11Demo

getKeyStore, init

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

signerKey_

protected java.security.PrivateKey signerKey_

The private key of the signer. In this case only a proxy object, but the application cannot see this.

signerCertificate_

protected java.security.cert.X509Certificate signerCertificate_

This is the certificate used for verifying the signature. In contrast to the private signer key, the certificate holds the actual public keying material.

Constructor Detail

SignedDataStreamDemo

protected SignedDataStreamDemo()

Creates a SignedDataStreamDemo object that has to be explicitly initialized with a module name.

Method Detail

getSignatureKey

protected void getSignatureKey()
                        throws java.security.GeneralSecurityException,
                               java.io.IOException

This method gets the key stores of all inserted (compatible) smart cards and simply takes the first key-entry. From this key entry it takes the private key and the certificate to retrieve the public key from. The keys are stored in the member variables signerKey_ and signerCertificate_.

Throws:

java.security.GeneralSecurityException - If anything with the provider fails.

java.io.IOException - If loading the key store fails.

getSignatureKey

protected void getSignatureKey(java.lang.String algorithm)
                        throws java.security.GeneralSecurityException,
                               java.io.IOException

This method gets the key stores of all inserted (compatible) smart cards and simply takes the first key-entry. From this key entry it takes the private key and the certificate to retrieve the public key from. The keys are stored in the member variables signerKey_ and signerCertificate_.
If algorithm is not null only those keys are considered that match the given algorithm.

Parameters:

algorithm - the key algorithm; maybe null to take the first signing key regardless of its algorithm

Throws:

java.security.GeneralSecurityException - If anything with the provider fails.

java.io.IOException - If loading the key store fails.

createSignerInfo

protected iaik.cms.SignerInfo createSignerInfo(iaik.x509.X509Certificate signerCertificate)

This method creates a SignerInfo for the given signer certificate.

Parameters:

signerCertificate - the certificate of the signer

Returns:

the SignerInfo

sign

public byte[] sign(byte[] data,
                   boolean implicit)
            throws java.security.GeneralSecurityException,
                   java.io.IOException,
                   iaik.cms.CMSException

This method signs the data in the byte array DATA with signatureKey_. Normally the data would be read from file. The created signature is stored in signature_.

Parameters:

data - the data to be signed

implicit - whether to include the data (implicit mode) or to not include it (explicit mode)

Returns:

the encoded SignedData

Throws:

java.security.GeneralSecurityException - If anything with the provider fails.

java.io.IOException - If the data file could not be found or writing to it failed.

iaik.cms.CMSException - If an error occurs when creating/encoding the SignedData

verify

public byte[] verify(byte[] encodedSignedData,
                     byte[] contentData)
              throws java.security.GeneralSecurityException,
                     iaik.cms.CMSException,
                     java.io.IOException,
                     java.security.SignatureException

This method verifies the signature stored in signatureKey_ . The verification key used is verificationKey_. The implementation for the signature algorithm is taken from an other provider. Here IAIK is used, IAIK is pure software.

Parameters:

encodedSignedData - the encoded SignedData object

contentData - the contentData (in explicit mode required for signature verification)

Returns:

the content data

Throws:

java.security.GeneralSecurityException - If anything with the provider fails.

java.io.IOException - If reading the CMS file fails.

iaik.cms.CMSException - If handling the CMS structure fails.

java.security.SignatureException - If the signature verification fails

start

public void start(boolean implicit)

Starts the demo.

Parameters:

implicit - whether the implicit or explicit mode is used (data included in signature or not)

init

public void init(java.lang.String[] args)

This method starts the demo based on the given command line arguments.

Parameters:

args - These are the command line arguments.