demo.cms.signedData
Class CounterSignatureListener

java.lang.Object
  iaik.cms.SDSEncodeListener
      demo.cms.signedData.CounterSignatureListener

public class CounterSignatureListener
extends iaik.cms.SDSEncodeListener

A simple SignedDataStream encode listener implementation allowing an application to add a CounterSignature attribute to some SignerInfo(s) of a SignedDataStream (during the encoding is performed).

Using an SignedDataStream encode listener for adding a counter signature may be useful when newly encoding an implicit SignedDataStream where the content data is included and has to be written again to the new encoding. Since you cannot access the SignerInfo you wish to counter sign before the data is processed you need a mechanism to access and update the SignerInfo actually during the encoding process. This mechanism is provided by this SDSEncodeListener.

This SDSEncodeListener implements method afterComputeSignature to add a CounterSignature attribute to one particular or all of the SignerInfos of a SignedData object. When creating a creating a CounterSignatureListener information (ID, digest algorithm, (signature algorithm), private key) about the counter signer has to be supplied. Optionally the SignerInfo to be counter signed may be explicitly identified by the certificate of the corresponding original signer. If not, a CounterSignature attribute will be created and added to any SignerInfo of the SignedDataStream this SDSEncodeListener belongs to.

This SDSEncodeListener implementation is part of the CounterSignature demo. Please look at CounterSignatureDemo for a usage example:

 // the SignedDataStream parsing an implicit SignedData:
 SignedDataStream signedData = new SignedDataStream(inputStream);
 ...
 // the cert of the counter signer
 X509Certificate counterCert = ...;
 // the cert id of the counter signer:
 IssuerAndSerialNumber counterID = new IssuerAndSerialNumber(counterCert);
 // the private key of the counter signer:
 PrivateKey counterKey = ...;
 // use SHA-1 for hashing
 AlgorithmID digestAlg = (AlgorithmID)AlgorithmID.sha256.clone();
 // let an SDSEncodeListener create and add the CounterSignature attribute
 CounterSignatureListener csl = new CounterSignatureListener(counterID, digestAlg, counterKey);
 // we only want counter sign some specific signer
 csl.setCertOfSignerToBeCounterSigned(signerCert);
 // set the encode listener
 signedData.setSDSEncodeListener(csl);     
 ...
 // encode again
 signedData.writeTo(...);
 

Note that this class only represents a simple demo for a SignedDataStream encode listener that listens on the encoding procedure to add a counter signature to one specific or all of the SignerInfos included in a SignedDataStream. Any counter signature attribute added by this listener belongs to (i.e. is signed) by one and the same counter signer and only contains a SigningTime and MessageDigest attribute as signed attributes. Any application is free to implement its own CounterSignatureListener, e.g. to handle counter signatures for more than one signer, or to add some more signed attributes...

See Also:

CounterSignatureDemo, CounterSignature, SDSEncodeListener, SignedDataStream, SignerInfo

Field Summary

Fields inherited from class iaik.cms.SDSEncodeListener

digestAlgorithms_, outputStream_, report_

Constructor Summary

CounterSignatureListener(iaik.cms.CertificateIdentifier counterSigner, iaik.asn1.structures.AlgorithmID digestAlgorithm, iaik.asn1.structures.AlgorithmID signatureAlgorithm, java.security.PrivateKey privateKey)
Creates a new CounterSignatureListener for the given counter signer information.

CounterSignatureListener(iaik.cms.CertificateIdentifier counterSigner, iaik.asn1.structures.AlgorithmID digestAlgorithm, java.security.PrivateKey privateKey)
Creates a new CounterSignatureListener for the given counter signer information.

Method Summary

protected void	afterComputeSignature(iaik.cms.SignedDataStream signedData) Calculates and adds a CounterSignature to all or some specific SignerInfo(s).
protected void	beforeComputeSignature(iaik.cms.SignedDataStream signedData) Does nothing.
iaik.x509.X509Certificate	getCertOfSignerToBeCounterSigned() Identifies the SignerInfo to be counter signed.
void	setCertOfSignerToBeCounterSigned(iaik.x509.X509Certificate cert) Identify the SignerInfo to be counter signed.

Methods inherited from class iaik.cms.SDSEncodeListener

getDigestAlgorithms, getOutputStream, getReport, setDigestAlgorithms, setOutputStream

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CounterSignatureListener

public CounterSignatureListener(iaik.cms.CertificateIdentifier counterSigner,
                                iaik.asn1.structures.AlgorithmID digestAlgorithm,
                                java.security.PrivateKey privateKey)

Creates a new CounterSignatureListener for the given counter signer information. When using this constructor for creating a CounterSignatureListener rsaEncryption will be used for signing.

Parameters:

counterSigner - an id identifying the cert of the counter signer

digestAlgorithm - the digest algorithm to be used

privateKey - the private key of the counter signer

CounterSignatureListener

public CounterSignatureListener(iaik.cms.CertificateIdentifier counterSigner,
                                iaik.asn1.structures.AlgorithmID digestAlgorithm,
                                iaik.asn1.structures.AlgorithmID signatureAlgorithm,
                                java.security.PrivateKey privateKey)

Creates a new CounterSignatureListener for the given counter signer information.

Parameters:

counterSigner - an id identifying the cert of the counter signer

digestAlgorithm - the digest algorithm to be used

signatureAlgorithm - the signature algorithm to be used

privateKey - the private key of the counter signer

Method Detail

setCertOfSignerToBeCounterSigned

public void setCertOfSignerToBeCounterSigned(iaik.x509.X509Certificate cert)

Identify the SignerInfo to be counter signed.

This method may be used for identifying the SignerInfo to be counter signed by the certificate of the corresopnding signer. If set, any SignerInfo included in the SignedData is searched and a counter siganture is only attached to the SignerInfo belonging to the given cert. If not set, a counter signature is attched to any included SignerInfo.

Parameters:

cert - the cert of the signer to which the SignerInfo to be counter signed belongs

getCertOfSignerToBeCounterSigned

public iaik.x509.X509Certificate getCertOfSignerToBeCounterSigned()

Identifies the SignerInfo to be counter signed.

If set, the cert of the signer to be counter signed is used to identify the corresponding SignerInfo. Any SignerInfo included in the SignedData is searched and a counter siganture is only attached to the SignerInfo belonging to the given cert. If not set, a counter signature is attched to any included SignerInfo.

Returns:

the cert of the signer to which the SignerInfo to be counter signed belongs, or null if not set

beforeComputeSignature

protected void beforeComputeSignature(iaik.cms.SignedDataStream signedData)
                               throws iaik.cms.CMSException

Does nothing.

Specified by:

beforeComputeSignature in class iaik.cms.SDSEncodeListener

Throws:

iaik.cms.CMSException

afterComputeSignature

protected void afterComputeSignature(iaik.cms.SignedDataStream signedData)
                              throws iaik.cms.CMSException

Calculates and adds a CounterSignature to all or some specific SignerInfo(s). If the SignerInfo to be counter signed has not been explicitly identified a CounterSignature is created and added to any SignerInfo of the SignedDataStream this SDSEncodeListener belongs to.

Specified by:

afterComputeSignature in class iaik.cms.SDSEncodeListener

Parameters:

signedData - the SignedDataStream to which to add a CounterSignature

Throws:

iaik.cms.CMSException - if the CounterSignature cannot be added (e.g. because the SignerInfo to which to add the counter signature cannot be verified)