// Copyright (C) 2002 IAIK
// https://sic.tech/
//
// Copyright (C) 2003 - 2025 Stiftung Secure Information and 
//                           Communication Technologies SIC
// https://sic.tech/
//
// All rights reserved.
//
// This source is provided for inspection purposes and recompilation only,
// unless specified differently in a contract with IAIK. This source has to
// be kept in strict confidence and must not be disclosed to any third party
// under any circumstances. Redistribution in source and binary forms, with
// or without modification, are <not> permitted in any case!
//
// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
// ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
// SUCH DAMAGE.
//
// $Header: /IAIK-CMS/current/src/demo/cms/ecc/EckaEGAuthEnvelopedDataDemo.java 12    12.02.25 17:58 Dbratko $
// $Revision: 12 $
//


package demo.cms.ecc;

import iaik.asn1.CodingException;
import iaik.asn1.ObjectID;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.Attribute;
import iaik.cms.AuthEnvelopedData;
import iaik.cms.AuthEnvelopedDataOutputStream;
import iaik.cms.AuthEnvelopedDataStream;
import iaik.cms.CMSAlgorithmID;
import iaik.cms.CMSException;
import iaik.cms.CertificateIdentifier;
import iaik.cms.CompressedData;
import iaik.cms.CompressedDataOutputStream;
import iaik.cms.CompressedDataStream;
import iaik.cms.ContentInfo;
import iaik.cms.ContentInfoOutputStream;
import iaik.cms.ContentInfoStream;
import iaik.cms.EncryptedContentInfo;
import iaik.cms.EncryptedContentInfoStream;
import iaik.cms.IssuerAndSerialNumber;
import iaik.cms.KeyAgreeRecipientInfo;
import iaik.cms.KeyIdentifier;
import iaik.cms.RecipientInfo;
import iaik.cms.RecipientKeyIdentifier;
import iaik.cms.SignedData;
import iaik.cms.SignedDataStream;
import iaik.cms.SignerInfo;
import iaik.cms.attributes.CMSContentType;
import iaik.cms.attributes.SigningTime;
import iaik.security.random.SecRandom;
import iaik.utils.Util;
import iaik.x509.X509Certificate;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.SignatureException;

import javax.crypto.SecretKey;

import demo.DemoUtil;
import demo.cms.ecc.keystore.CMSEccKeyStore;


/**
 * Demonstrates the usage of class {@link iaik.cms.SignedDataStream} and
 * {@link iaik.cms.SignedData}, and {@link iaik.cms.AuthEnvelopedDataStream} and
 * {@link iaik.cms.AuthEnvelopedData} according to the BSI Technical
 * Recommendation <a href = 
 * "https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-1_Anlage_CMS.pdf;jsessionid=3DD6E4FBAC90766F8E2AB3F79BB003C5.1_cid341?__blob=publicationFile&v=1" target="_blank">
 * BSI TR-03109-1</a> for transmitting signed authenticated encrypted 
 * data between Smart-Meter-Gateways and external market participants and the
 * Smart Meter Gateway Administrator. 
 * <p>
 * This demo uses AES-GCM as specified by <a href = "http://www.ietf.org/rfc/rfc5084.txt" target="_blank">RFC 5084</a>
 * and AES-CBC-CMAC as specified by BSI TR-03109-1 for authenticated encryption.
 * The demo compressed the data, creates an AuthEnvelopedData object, packs it into a SignedData and 
 * subsequently shows several ways that may be used for decrypting the content 
 * for some particular recipient.
 * <p>
 * Any keys/certificates required for this demo are read from a keystore
 * file "cmsecc.keystore" located in your current working directory. If
 * the keystore file does not exist you can create it by running the
 * {@link demo.cms.ecc.keystore.SetupCMSEccKeyStore SetupCMSEccKeyStore}
 * program. 
 * <p>
 * Additionally to <code>iaik_cms.jar</code> you also must have 
 * <code>iaik_jce_(full).jar</code> (IAIK-JCE, <a href =
 * "https://sic.tech/products/core-crypto-toolkits/jca-jce/" target="_blank">
 * https://sic.tech/products/core-crypto-toolkits/jca-jce/</a>),
 * and <code>iaik_eccelarate.jar</code> (IAIK-ECCelerate<sup><small>TM</small></sup>, <a href =
 * "https://sic.tech/products/core-crypto-toolkits/eccelerate/" target="_blank">
 * https://sic.tech/products/core-crypto-toolkits/eccelerate/</a>)
 * in your classpath.
 * 
 * @see iaik.cms.AuthEnvelopedDataStream
 * @see iaik.cms.AuthEnvelopedData
 * @see iaik.cms.SignedDataStream
 * @see iaik.cms.SignedData
 * @see iaik.cms.RecipientInfo
 * @see iaik.cms.KeyAgreeRecipientInfo
 * 
 */
public class EckaEGAuthEnvelopedDataDemo {
  
  // certificate of signer
  X509Certificate[] ecdsa256bitSignerCertChain_;
  // private key of signer
  PrivateKey ecdsa256bitSignerPrivateKey_;
  
  // certificate of signer
  X509Certificate[] ecdsa384bitSignerCertChain_;
  // private key of signer
  PrivateKey ecdsa384bitSignerPrivateKey_;
  
  //certificate of signer
  X509Certificate[] ecdsa521bitSignerCertChain_;
  // private key of signer
  PrivateKey ecdsa521bitSignerPrivateKey_;


  // certificate of recipient 1 (recipient 1 is signer)
  X509Certificate ecdh256bitRecipient1Cert_;
  // private key of recipient 1 
  PrivateKey ecdh256bitRecipient1PrivateKey_;
  // certificate of recipient 2
  X509Certificate ecdh256bitRecipient2Cert_;
  // private key of recipient 2
  PrivateKey ecdh256bitRecipient2PrivateKey_;
  
  //certificate of recipient 1 (recipient 1 is signer)
  X509Certificate ecdh384bitRecipient1Cert_;
  // private key of recipient 1 
  PrivateKey ecdh384bitRecipient1PrivateKey_;
  // certificate of recipient 2
  X509Certificate ecdh384bitRecipient2Cert_;
  // private key of recipient 2
  PrivateKey ecdh384bitRecipient2PrivateKey_;
  
  //certificate of recipient 1 (recipient 1 is signer)
  X509Certificate ecdh521bitRecipient1Cert_;
  // private key of recipient 1 
  PrivateKey ecdh521bitRecipient1PrivateKey_;
  // certificate of recipient 2
  X509Certificate ecdh521bitRecipient2Cert_;
  // private key of recipient 2
  PrivateKey ecdh521bitRecipient2PrivateKey_;
  
  // secure random number generator
  SecureRandom random;

  /**
   * Setup the demo certificate chains.
   *
   * Keys and certificates are retrieved from the demo KeyStore ("cmsecc.keystore")
   * file which has to be located in your current working directory and may be
   * created by running {@link demo.cms.ecc.keystore.SetupCMSEccKeyStore 
   * SetupCMSEccKeyStore}.
   *
   * @throws IOException if an file read error occurs
   */
  public EckaEGAuthEnvelopedDataDemo() throws IOException {
    
    System.out.println();
    System.out.println("**********************************************************************************");
    System.out.println("*                           EckaEGAuthEnvelopedDataDemo                          *");
    System.out.println("* (CMS AuthEnvelopedData/SignedData for  type implementation for BSI TR-03109-1) *");
    System.out.println("**********************************************************************************");
    System.out.println();
    
    ecdsa256bitSignerCertChain_ = CMSEccKeyStore.getCertificateChain(CMSEccKeyStore.ECDSA, CMSEccKeyStore.SZ_256_SIGN);
    ecdsa256bitSignerPrivateKey_ = CMSEccKeyStore.getPrivateKey(CMSEccKeyStore.ECDSA, CMSEccKeyStore.SZ_256_SIGN);
    ecdsa384bitSignerCertChain_ = CMSEccKeyStore.getCertificateChain(CMSEccKeyStore.ECDSA, CMSEccKeyStore.SZ_384_SIGN);
    ecdsa384bitSignerPrivateKey_ = CMSEccKeyStore.getPrivateKey(CMSEccKeyStore.ECDSA, CMSEccKeyStore.SZ_384_SIGN);
    ecdsa521bitSignerCertChain_ = CMSEccKeyStore.getCertificateChain(CMSEccKeyStore.ECDSA, CMSEccKeyStore.SZ_521_SIGN);
    ecdsa521bitSignerPrivateKey_ = CMSEccKeyStore.getPrivateKey(CMSEccKeyStore.ECDSA, CMSEccKeyStore.SZ_521_SIGN);

    
    ecdh256bitRecipient1Cert_ = CMSEccKeyStore.getCertificateChain(CMSEccKeyStore.ECDH, CMSEccKeyStore.SZ_256_CRYPT_1)[0];
    ecdh256bitRecipient1PrivateKey_ = CMSEccKeyStore.getPrivateKey(CMSEccKeyStore.ECDH, CMSEccKeyStore.SZ_256_CRYPT_1);
    ecdh256bitRecipient2Cert_ = CMSEccKeyStore.getCertificateChain(CMSEccKeyStore.ECDH, CMSEccKeyStore.SZ_256_CRYPT_2)[0];
    ecdh256bitRecipient2PrivateKey_ = CMSEccKeyStore.getPrivateKey(CMSEccKeyStore.ECDH, CMSEccKeyStore.SZ_256_CRYPT_2);
    
    ecdh384bitRecipient1Cert_ = CMSEccKeyStore.getCertificateChain(CMSEccKeyStore.ECDH, CMSEccKeyStore.SZ_384_CRYPT_1)[0];
    ecdh384bitRecipient1PrivateKey_ = CMSEccKeyStore.getPrivateKey(CMSEccKeyStore.ECDH, CMSEccKeyStore.SZ_384_CRYPT_1);
    ecdh384bitRecipient2Cert_ = CMSEccKeyStore.getCertificateChain(CMSEccKeyStore.ECDH, CMSEccKeyStore.SZ_384_CRYPT_2)[0];
    ecdh384bitRecipient2PrivateKey_ = CMSEccKeyStore.getPrivateKey(CMSEccKeyStore.ECDH, CMSEccKeyStore.SZ_384_CRYPT_2);
    
    ecdh521bitRecipient1Cert_ = CMSEccKeyStore.getCertificateChain(CMSEccKeyStore.ECDH, CMSEccKeyStore.SZ_521_CRYPT_1)[0];
    ecdh521bitRecipient1PrivateKey_ = CMSEccKeyStore.getPrivateKey(CMSEccKeyStore.ECDH, CMSEccKeyStore.SZ_521_CRYPT_1);
    ecdh521bitRecipient2Cert_ = CMSEccKeyStore.getCertificateChain(CMSEccKeyStore.ECDH, CMSEccKeyStore.SZ_521_CRYPT_2)[0];
    ecdh521bitRecipient2PrivateKey_ = CMSEccKeyStore.getPrivateKey(CMSEccKeyStore.ECDH, CMSEccKeyStore.SZ_521_CRYPT_2);
    random = SecRandom.getDefault();
    
  }


  /**
   * Creates a CMS <code>AuthEnvelopedData</code> message using class <code>AuthEnvelopedDataStream</code>.
   *
   * @param message the message to be authenticated-enveloped, as byte representation
   * @param contentAuthEncAlg the id of the content-authenticated encryption algorithm
   * @param recipient1Cert the certificate of the first recipient (sender)
   * @param recipient2Cert the certificate of the second recipient    *
   *  
   * @return the BER encoding of the <code>AuthEnvelopedData</code> object just created
   * 
   * @throws CMSException if the <code>AuthEnvelopedData</code> object cannot
   *                          be created
   * @throws IOException if an I/O error occurs
   */
  public byte[] createAuthEnvelopedDataStream(byte[] message, 
                                              AlgorithmID contentAuthEncAlg,
                                              X509Certificate recipient1Cert,
                                              X509Certificate recipient2Cert)
    throws CMSException, IOException {
    
    System.out.println("Create a new AuthEnvelopedData message using " + contentAuthEncAlg);

    // we are testing the stream interface
    ByteArrayInputStream is = new ByteArrayInputStream(message);
    // create a new AuthEnvelopedData object 
    AuthEnvelopedDataStream authEnvelopedData = new AuthEnvelopedDataStream(ObjectID.cms_compressedData, is, contentAuthEncAlg);
    
    //  create some authenticated attributes
    try {
      Attribute[] attributes = { new Attribute(new CMSContentType(ObjectID.cms_data)) };
      authEnvelopedData.setAuthenticatedAttributes(attributes);
    } catch (Exception ex) {
      throw new CMSException("Error creating attribute: " + ex.toString());   
    }

    // create the recipient infos
    RecipientInfo[] recipients = createRecipients(contentAuthEncAlg, recipient1Cert, recipient2Cert);
    // specify the recipients of the encrypted message
    authEnvelopedData.setRecipientInfos(recipients);

    // wrap into ContentInfo
    ContentInfoStream contentInfo = new ContentInfoStream(authEnvelopedData);
    ByteArrayOutputStream os = new ByteArrayOutputStream();
    contentInfo.writeTo(os);
    return os.toByteArray();
  }
  
  /**
   * Creates a CMS <code>AuthEnvelopedData</code> message using class
   * <code>AuthEnvelopedDataOutputStream</code>. The content data is 
   * compressed inside this method.
   *
   * @param message the message to be authenticated-enveloped, as byte representation
   * @param contentAuthEncAlg the id of the content-authenticated encryption algorithm
   * @param recipient1Cert the certificate of the first recipient (sender)
   * @param recipient2Cert the certificate of the second recipient  
   * 
   * @return the BER encoding of the <code>AuthEnvelopedData</code> object just created
   * 
   * @throws CMSException if the <code>AuthEnvelopedData</code> object cannot
   *                          be created
   * @throws IOException if an I/O error occurs
   */
  public byte[] createAuthEnvelopedDataOutputStream(byte[] message, 
                                                    AlgorithmID contentAuthEncAlg,
                                                    X509Certificate recipient1Cert,
                                                    X509Certificate recipient2Cert)
    throws CMSException, IOException {
    
    System.out.println("Create a new AuthEnvelopedData message using " + contentAuthEncAlg);

    // we are testing the stream interface
    ByteArrayInputStream is = new ByteArrayInputStream(message);
    // the stream to which to write the AuthEnvelopedData
    ByteArrayOutputStream resultStream = new ByteArrayOutputStream();
    AuthEnvelopedDataOutputStream authEnvelopedData;

    //  wrap AuthEnvelopedData into a ContentInfo 
    ContentInfoOutputStream contentInfoStream = 
      new ContentInfoOutputStream(ObjectID.cms_authEnvelopedData, resultStream);
   
    // create a new AuthEnvelopedData object 
    authEnvelopedData = new AuthEnvelopedDataOutputStream(contentInfoStream, 
                                                          contentAuthEncAlg);
    
        // create the recipient infos
    RecipientInfo[] recipients = createRecipients(contentAuthEncAlg, recipient1Cert, recipient2Cert);
    // specify the recipients of the encrypted message
    authEnvelopedData.setRecipientInfos(recipients);
    
    //  create some authenticated attributes
    try {
      Attribute[] attributes = { new Attribute(new CMSContentType(ObjectID.cms_data)) };
      authEnvelopedData.setAuthenticatedAttributes(attributes);
    } catch (Exception ex) {
      throw new CMSException("Error creating attribute: " + ex.toString());   
    }

    // compress message
    CompressedDataOutputStream compressedData = 
        new CompressedDataOutputStream(authEnvelopedData,
                                       (AlgorithmID)CMSAlgorithmID.zlib_compress.clone());

    int blockSize = 16; // in real world we would use a block size like 2048
    //  write in the data to be encrypted
    byte[] buffer = new byte[blockSize];
    int bytesRead;
    while ((bytesRead = is.read(buffer)) != -1) {
      compressedData.write(buffer, 0, bytesRead);
    }
    
    // closing the stream finishes encryption and closes the underlying stream
    compressedData.close();
   // authEnvelopedData.close();
    return resultStream.toByteArray();
  }
  

  /**
   * Decrypts the encrypted content of the given <code>AuthEnvelopedData</code> object for
   * the recipient identified by its index into the recipientInfos field and verifies
   * the message authentication code.
   * <p>
   * This way of decrypting the content may be used for any type of RecipientInfo
   * (KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo), but requires to
   * know at what index of the recipientInfo field the RecipientInfo for the 
   * particular recipient in mind can be found. If the recipient in mind uses
   * a RecipientInfo of type KeyAgreeRecipientInfo some processing overhead may
   * take place because a KeyAgreeRecipientInfo may contain encrypted content-encryption
   * keys for more than only one recipient; since the recipientInfoIndex only
   * specifies the RecipientInfo but not the encrypted content encryption key 
   * -- if there are more than only one -- repeated decryption runs may be
   * required as long as the decryption process completes successfully.
   *
   * @param encoding the <code>AuthEnvelopedData</code> object as DER encoded byte array
   * @param key the key to decrypt the message
   * @param recipientInfoIndex the index into the <code>RecipientInfo</code> array
   *                        to which the specified key belongs
   *
   * @return the recovered message, as byte array
   * @throws CMSException if the message cannot be recovered or MAC verification fails
   * @throws IOException if a stream read/write error occurs
   */
  public byte[] getAuthEnvelopedDataStream(byte[] encoding, Key key, int recipientInfoIndex)
    throws CMSException, IOException {

    // create the AuthEnvelopedData object from a BER encoded byte array
    ByteArrayInputStream is = new ByteArrayInputStream(encoding);
    AuthEnvelopedDataStream authEnvelopedData = new AuthEnvelopedDataStream(is);

    System.out.println("Information about the authenticated encrypted data:");
    EncryptedContentInfoStream eci = authEnvelopedData.getEncryptedContentInfo();
    System.out.println("Content type: "+eci.getContentType().getName());
    System.out.println("Content encryption algorithm: "+eci.getContentEncryptionAlgorithm().getName());

    System.out.println("\nThis message can be decrypted by the owners of the following certificates:");
    RecipientInfo[] recipients = authEnvelopedData.getRecipientInfos();
    
    // for demonstration purposes we only look one time for all recipients included:
    if (recipientInfoIndex == 0) {
      int k = 0;
      for (int i=0; i<recipients.length; i++) {
        KeyIdentifier[] recipientIDs = recipients[i].getRecipientIdentifiers();
        for (int j = 0; j < recipientIDs.length; j++) {
          System.out.println("Recipient "+(++k)+":");
          System.out.println(recipientIDs[j]);
        }   
      }
    }
    // decrypt the message for the first recipient and verify mac
    try {
      authEnvelopedData.setupCipher(key, recipientInfoIndex);
      InputStream decrypted = authEnvelopedData.getInputStream();
      ByteArrayOutputStream os = new ByteArrayOutputStream();
      Util.copyStream(decrypted, os, null);
      byte[] content = os.toByteArray();

      // get authenticated attributes
      Attribute contentTypeAttribute = authEnvelopedData.getAuthenticatedAttribute(ObjectID.contentType);
      if (contentTypeAttribute != null) {
        CMSContentType contentType = (CMSContentType)contentTypeAttribute.getAttributeValue();
        System.out.println("Authenticated content type attribute included: " + contentType.get().getName());
      }
      
      return content;
    } catch (InvalidKeyException ex) {
      throw new CMSException("Private key error: "+ex.toString());
    } catch (NoSuchAlgorithmException ex) {
      throw new CMSException("Content encryption algorithm not implemented: "+ex.toString());
    } catch (CodingException ex) {
      throw new CMSException("Error reading authenticated attributes: "+ex.toString());
    }
  }
  
  /**
   * Decrypts the encrypted content of the given <code>EnvelopedData</code> object for
   * the recipient identified by recipient identifier and verifies the message 
   * authentication code.
   * <p>
   * This way of decrypting the content may be used for any type of RecipientInfo
   * (KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo). The 
   * recipient in mind is identified by its recipient identifier.
   *
   * @param encoding the <code>AuthEnvelopedData</code> object as BER encoded byte array
   * @param key the key to decrypt the message
   * @param recipientID the recipient identifier uniquely identifying the key of the
   *        recipient
   *
   * @return the recovered message, as byte array
   * @throws CMSException if the message cannot be recovered
   * @throws IOException if a stream read/write error occurs
   */
  public byte[] getAuthEnvelopedDataStream(byte[] encoding, Key key, KeyIdentifier recipientID)
    throws CMSException, IOException {

    // create the AuthEnvelopedData object from a DER encoded byte array
    ByteArrayInputStream is = new ByteArrayInputStream(encoding);
    AuthEnvelopedDataStream authEnvelopedData = new AuthEnvelopedDataStream(is);

    System.out.println("Information about the encrypted data:");
    EncryptedContentInfoStream eci = authEnvelopedData.getEncryptedContentInfo();
    System.out.println("Content type: "+eci.getContentType().getName());
    System.out.println("Content encryption algorithm: "+eci.getContentEncryptionAlgorithm().getName());
    
    // get the right RecipientInfo
    System.out.println("\nSearch for RecipientInfo:");
    RecipientInfo recipient = authEnvelopedData.getRecipientInfo(recipientID);
    if (recipient != null) {
      System.out.println("RecipientInfo: " + recipient);   
    } else {
      throw new CMSException("No recipient with ID: " + recipientID);
    }    
    // decrypt the content encryption key and the content; verify mac
    try {
      System.out.println("Decrypt encrypted content encryption key...");
      SecretKey cek = recipient.decryptKey(key, recipientID);
      System.out.println("Decrypt content with decrypted content encryption key...");
      authEnvelopedData.setupCipher(cek);
      InputStream decrypted = authEnvelopedData.getInputStream();
      ByteArrayOutputStream os = new ByteArrayOutputStream();
      Util.copyStream(decrypted, os, null);
      byte[] content = os.toByteArray();

      // get authenticated attributes
      Attribute contentTypeAttribute = authEnvelopedData.getAuthenticatedAttribute(ObjectID.contentType);
      if (contentTypeAttribute != null) {
        CMSContentType contentType = (CMSContentType)contentTypeAttribute.getAttributeValue();
        System.out.println("Authenticated content type attribute included: " + contentType.get().getName());
      }
      
      return content;
    } catch (InvalidKeyException ex) {
      throw new CMSException("Private key error: "+ex.toString());
    } catch (NoSuchAlgorithmException ex) {
      throw new CMSException("Content encryption algorithm not implemented: "+ex.toString());
    } catch (CodingException ex) {
      throw new CMSException("Error reading authenticated attributes: "+ex.toString());
    }
  }
  
  /**
   * Decrypts the encrypted content of the given <code>AuthEnvelopedData</code> object for
   * the recipient identified by its recipient certificate and verifies the message 
   * authentication code.
   * <p>
   *
   * @param encoding the <code>AuthEnvelopedData</code> object as BER encoded byte array
   * @param key the key to decrypt the message
   * @param recipientCert the certificate of the recipient having a RecipientInfo of
   *                      type KeyTransRecipientInfo or KeyAgreeRecipientInfo
   *
   * @return the recovered message, as byte array
   * @throws CMSException if the message cannot be recovered
   * @throws IOException if a stream read/write error occurs
   */
  public byte[] getAuthEnvelopedDataStream(byte[] encoding, Key key, X509Certificate recipientCert)
    throws CMSException, IOException {

    // create the AuthEnvelopedData object from a BER encoded byte array
    ByteArrayInputStream is = new ByteArrayInputStream(encoding);
    AuthEnvelopedDataStream authEnvelopedData = new AuthEnvelopedDataStream(is);

    System.out.println("Information about the encrypted data:");
    EncryptedContentInfoStream eci = (EncryptedContentInfoStream)authEnvelopedData.getEncryptedContentInfo();
    System.out.println("Content type: "+eci.getContentType().getName());
    System.out.println("Content encryption algorithm: "+eci.getContentEncryptionAlgorithm().getName());
    
    // decrypt the content encryption key and the content; verify mac
    try {
      System.out.println("Decrypt the content...");
      authEnvelopedData.setupCipher(key, recipientCert);
      InputStream decrypted = authEnvelopedData.getInputStream();
      ByteArrayOutputStream os = new ByteArrayOutputStream();
      Util.copyStream(decrypted, os, null);
      byte[] content = os.toByteArray();

      // get authenticated attributes
      Attribute contentTypeAttribute = authEnvelopedData.getAuthenticatedAttribute(ObjectID.contentType);
      if (contentTypeAttribute != null) {
        CMSContentType contentType = (CMSContentType)contentTypeAttribute.getAttributeValue();
        System.out.println("Authenticated content type attribute included: " + contentType.get().getName());
      }
      
      return content;
    } catch (InvalidKeyException ex) {
      throw new CMSException("Private key error: "+ex.toString());
    } catch (NoSuchAlgorithmException ex) {
      throw new CMSException("Content encryption algorithm not implemented: "+ex.toString());
    } catch (CodingException ex) {
      throw new CMSException("Error reading authenticated attributes: "+ex.toString());
    }
  }


  // non stream

  /**
   * Creates a CMS <code>AuthEnvelopedData</code> message.
   * 
   * @param message the message to be enveloped, as byte representation
   * @param contentAuthEncAlg the id of the content-authenticated encryption algorithm
   * @param recipient1Cert the certificate of the first recipient (sender)
   * @param recipient2Cert the certificate of the second recipient  
   * 
   * @return the encoded <code>AuthEnvelopedData</code>, as byte array
   * 
   * @throws CMSException if the <code>AuthEnvelopedData</code> object cannot
   *                          be created
   */
  public byte[] createAuthEnvelopedData(
      byte[] message, 
      AlgorithmID contentAuthEncAlg,
      X509Certificate recipient1Cert,
      X509Certificate recipient2Cert)
    throws CMSException {
    
    System.out.println("Create a new AuthEnvelopedData message using " + contentAuthEncAlg);
    
    AuthEnvelopedData authEnvelopedData;

    // create a new AuthEnvelopedData object
    authEnvelopedData = new AuthEnvelopedData(ObjectID.cms_compressedData, message, contentAuthEncAlg);
    
    //  create some authenticated attributes
    try {
      Attribute[] attributes = { new Attribute(new CMSContentType(ObjectID.cms_data)) };
      authEnvelopedData.setAuthenticatedAttributes(attributes);
    } catch (Exception ex) {
      throw new CMSException("Error creating attribute: " + ex.toString());   
    }
    
    // set the RecipientInfos
    RecipientInfo[] recipients = createRecipients(contentAuthEncAlg, recipient1Cert, recipient2Cert);
    authEnvelopedData.setRecipientInfos(recipients);
    authEnvelopedData.getEncryptedContentInfo().setBlockSize(2048);

    // wrap into ContentInfo
    ContentInfo contentInfo = new ContentInfo(authEnvelopedData);
    // return encoded EnvelopedData
    return contentInfo.getEncoded();
  }


  /**
   * Decrypts the encrypted content of the given <code>AuthEnvelopedData</code> object for
   * the recipient identified by its index into the recipientInfos field and verifies
   * the message authentication code.
   * <p>
   * This way of decrypting the content may be used for any type of RecipientInfo
   * (KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo), but requires to
   * know at what index of the recipientInfo field the RecipientInfo for the 
   * particular recipient in mind can be found. If the recipient in mind uses
   * a RecipientInfo of type KeyAgreeRecipientInfo some processing overhead may
   * take place because a KeyAgreeRecipientInfo may contain encrypted content-encryption
   * keys for more than only one recipient; since the recipientInfoIndex only
   * specifies the RecipientInfo but not the encrypted content encryption key 
   * -- if there are more than only one -- repeated decryption runs may be
   * required as long as the decryption process completes successfully.
   *
   * @param enc the encoded <code>AuthEnvelopedData</code>
   * 
   * @param key the key to decrypt the message
   * 
   * @param recipientInfoIndex the index into the <code>RecipientInfo</code> array
   *                    to which the specified key belongs
   *
   * @return the recovered message, as byte array
   * 
   * @throws CMSException if the message cannot be recovered
   * @throws IOException if an I/O error occurs
   */
  public byte[] getAuthEnvelopedData(byte[] enc, Key key, int recipientInfoIndex) 
    throws CMSException, IOException {
    ByteArrayInputStream bais = new ByteArrayInputStream(enc);
    AuthEnvelopedData authEnvelopedData = new AuthEnvelopedData(bais);

    System.out.println("Information about the encrypted data:");
    EncryptedContentInfo eci = (EncryptedContentInfo)authEnvelopedData.getEncryptedContentInfo();
    System.out.println("Content type: "+eci.getContentType().getName());
    System.out.println("Content encryption algorithm: "+eci.getContentEncryptionAlgorithm().getName());

    System.out.println("\nThis message can be decrypted by the owners of the following certificates:");
    RecipientInfo[] recipients = authEnvelopedData.getRecipientInfos();
    
    // for demonstration purposes we only look one time for all recipients included:
    if (recipientInfoIndex == 0) {
      int k = 0;
      for (int i=0; i<recipients.length; i++) {
        KeyIdentifier[] recipientIDs = recipients[i].getRecipientIdentifiers();
        for (int j = 0; j < recipientIDs.length; j++) {
          System.out.println("Recipient "+(++k)+":");
          System.out.println(recipientIDs[j]);
        }   
      }
    }
    
    // decrypt the message and verify the mac
    try {
      authEnvelopedData.setupCipher(key, recipientInfoIndex);
      byte[] content = authEnvelopedData.getContent();

      // get authenticated attributes
      Attribute contentTypeAttribute = authEnvelopedData.getAuthenticatedAttribute(ObjectID.contentType);
      if (contentTypeAttribute != null) {
        CMSContentType contentType = (CMSContentType)contentTypeAttribute.getAttributeValue();
        System.out.println("Authenticated content type attribute included: " + contentType.get().getName());
      }
      
      return content;
    } catch (InvalidKeyException ex) {
      throw new CMSException("Private key error: "+ex.toString());
    } catch (NoSuchAlgorithmException ex) {
      throw new CMSException("Content encryption algorithm not implemented: "+ex.toString());
    } catch (CodingException ex) {
      throw new CMSException("Error reading authenticated attributes: "+ex.toString());
    }
  }
  
  /**
   * Decrypts the encrypted content of the given <code>AuthEnvelopedData</code> object for
   * the recipient identified by recipient identifier.
   * <p>
   * This way of decrypting the content may be used for any type of RecipientInfo
   * (KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo). The 
   * recipient in mind is identified by its recipient identifier.
   *
   * @param enc the BER encoded <code>AuthEnvelopedData</code> ASN.1 object
   * @param key the key to decrypt the message
   * @param recipientID the recipient identifier uniquely identifying the key of the
   *        recipient
   *
   * @return the recovered message, as byte array
   * @throws CMSException if the message cannot be recovered
   * @throws IOException if an I/O error occurs
   */
  public byte[] getAuthEnvelopedData(byte[] enc, Key key, KeyIdentifier recipientID) 
    throws CMSException, IOException {
    ByteArrayInputStream bais = new ByteArrayInputStream(enc);
    AuthEnvelopedData authEnvelopedData = new AuthEnvelopedData(bais);

    System.out.println("Information about the encrypted data:");
    EncryptedContentInfo eci = (EncryptedContentInfo)authEnvelopedData.getEncryptedContentInfo();
    System.out.println("Content type: "+eci.getContentType().getName());
    System.out.println("Content encryption algorithm: "+eci.getContentEncryptionAlgorithm().getName());

    // get the right RecipientInfo
    System.out.println("\nSearch for RecipientInfo:");
    RecipientInfo recipient = authEnvelopedData.getRecipientInfo(recipientID);
    if (recipient != null) {
      System.out.println("RecipientInfo: " + recipient);   
    } else {
      throw new CMSException("No recipient with ID: " + recipientID);
    }    
    // decrypt the content encryption key and the content
    try {
      byte[] content = null;
      System.out.println("Decrypt encrypted content encryption key...");
      SecretKey cek = recipient.decryptKey(key, recipientID);
     // decrypt content and verify mac
      System.out.println("Decrypt content with decrypted content encryption key...");
      authEnvelopedData.setupCipher(cek);
      content = authEnvelopedData.getContent();
      // get authenticated attributes
      Attribute contentTypeAttribute = authEnvelopedData.getAuthenticatedAttribute(ObjectID.contentType);
      if (contentTypeAttribute != null) {
        CMSContentType contentType = (CMSContentType)contentTypeAttribute.getAttributeValue();
        System.out.println("Authenticated content type attribute included: " + contentType.get().getName());
      }
      
      return content;
    } catch (InvalidKeyException ex) {
      throw new CMSException("Private key error: "+ex.toString());
    } catch (NoSuchAlgorithmException ex) {
      throw new CMSException("Content encryption algorithm not implemented: "+ex.toString());
    } catch (CodingException ex) {
      throw new CMSException("Error reading authenticated attributes: "+ex.toString());
    }
  }
  
  /**
   * Decrypts the encrypted content of the given <code>AuthEnvelopedData</code> object for
   * the recipient identified by its recipient certificate.
   *
   * @param enc the BER encoded <code>AuthEnvelopedData</code> ASN.1 object
   * @param key the key to decrypt the message
   * @param recipientCert the certificate of the recipient having a RecipientInfo of
   *                      type KeyTransRecipientInfo or KeyAgreeRecipientInfo
   *
   * @return the recovered message, as byte array
   * @throws CMSException if the message cannot be recovered
   */
  public byte[] getAuthEnvelopedData(byte[] enc, Key key, X509Certificate recipientCert) 
    throws CMSException, IOException {
    ByteArrayInputStream bais = new ByteArrayInputStream(enc);
    AuthEnvelopedData authEnvelopedData = new AuthEnvelopedData(bais);

    System.out.println("Information about the encrypted data:");
    EncryptedContentInfo eci = (EncryptedContentInfo)authEnvelopedData.getEncryptedContentInfo();
    System.out.println("Content type: "+eci.getContentType().getName());
    System.out.println("Content encryption algorithm: "+eci.getContentEncryptionAlgorithm().getName());

    // decrypt the content encryption key and the content
    try {
      System.out.println("Decrypt the content and verify mac...");
      // decrypt content and verify mac
      authEnvelopedData.setupCipher(key, recipientCert);
      
      byte[] content = authEnvelopedData.getContent();

      // get authenticated attributes
      Attribute contentTypeAttribute = authEnvelopedData.getAuthenticatedAttribute(ObjectID.contentType);
      if (contentTypeAttribute != null) {
        CMSContentType contentType = (CMSContentType)contentTypeAttribute.getAttributeValue();
        System.out.println("Authenticated content type attribute included: " + contentType.get().getName());
      }
      
      return content;
    } catch (InvalidKeyException ex) {
      throw new CMSException("Private key error: "+ex.toString());
    } catch (NoSuchAlgorithmException ex) {
      throw new CMSException("Content encryption algorithm not implemented: "+ex.toString());
    } catch (CodingException ex) {
      throw new CMSException("Error reading authenticated attributes: "+ex.toString());
    }

  }
  
  /**
   * Creates the RecipientInfos.
   * 
   * @param contentAuthEncAlg the content encryption algorithm
   * @param recipient1Cert the certificate of the first recipient (sender)
   * @param recipient2Cert the certificate of the second recipient 
   *
   * @return the RecipientInfos created, one
   *         KeyAgreeRecipientInfo (for two recipients with same domain
   *         parameters)
   *
   * @throws CMSException if an error occurs when creating the recipient infos
   */
  public RecipientInfo[] createRecipients(
      AlgorithmID contentAuthEncAlg,
      X509Certificate recipient1Cert,
      X509Certificate recipient2Cert) throws CMSException {
    
    RecipientInfo[] recipients = new RecipientInfo[1];
    try {
   
      // next recipients use key agreement
      // the key encryption (key agreement) algorithm to use:
      AlgorithmID keyEA = (AlgorithmID)AlgorithmID.ecka_eg_X963KDF_SHA256.clone();
      // the key wrap algorithm to use:
      AlgorithmID keyWrapAlg = (AlgorithmID)AlgorithmID.cms_aes128_wrap.clone();
      // the length of the key encryption key to be generated:
      int kekLength = 128;
      if ((contentAuthEncAlg.equals(AlgorithmID.aes192_GCM) ||
          (contentAuthEncAlg.equals(AlgorithmID.aes_CBC_CMAC_192)))) {
        keyEA = (AlgorithmID)AlgorithmID.ecka_eg_X963KDF_SHA384.clone();
        keyWrapAlg = (AlgorithmID)AlgorithmID.cms_aes192_wrap.clone();
        kekLength = 192;
      } else if ((contentAuthEncAlg.equals(AlgorithmID.aes256_GCM) ||
          (contentAuthEncAlg.equals(AlgorithmID.aes_CBC_CMAC_256)))) {
        keyEA = (AlgorithmID)AlgorithmID.ecka_eg_X963KDF_SHA512.clone();
        keyWrapAlg = (AlgorithmID)AlgorithmID.cms_aes256_wrap.clone();
        kekLength = 256;
      }
      recipients[0] = new KeyAgreeRecipientInfo(keyEA, keyWrapAlg, kekLength);
      // ecdhUser1 is the third receiver  (cert identified by IssuerAndSerialNumber)
      ((KeyAgreeRecipientInfo)recipients[0]).addRecipient(recipient1Cert, CertificateIdentifier.ISSUER_AND_SERIALNUMBER);
      // ecdhUser2 is the fourth receiver (cert identified by RecipientKeyIdentifier)
      ((KeyAgreeRecipientInfo)recipients[0]).addRecipient(recipient2Cert, CertificateIdentifier.RECIPIENT_KEY_IDENTIFIER);
      
    } catch (Exception ex) {
      throw new CMSException("Error adding recipients: " + ex.getMessage()); 
    }    
    return recipients;
  }  
  
  /**
   * Parses an AuthEnvelopedData and decrypts the content for all test recipients
   * using the index into the recipientInfos field for identifying the recipient.
   *
   * @param stream whether to use AuthEnvelopedDataStream or AuthEnvelopedData
   * @param encodedAuthEnvelopedData the encoded AuthEnvelopedData object
   * @param recipient1PrivateKey the private key of the first recipient (sender)
   * @param recipient2PrivateKey the private key of the second recipient
   *
   * @throws Exception if some error occurs during decoding/decryption
   */ 
  public void parseAuthEnvelopedDataWithRecipientInfoIndex(
      boolean stream, 
      byte[] encodedAuthEnvelopedData,
      PrivateKey recipient1PrivateKey,
      PrivateKey recipient2PrivateKey) throws Exception {
    byte[] receivedMessage;
    if (stream) {
      // ecdhUser1
      System.out.println("\nDecrypt for ecdhUser1:");
      receivedMessage = getAuthEnvelopedDataStream(encodedAuthEnvelopedData, recipient1PrivateKey, 0);
      // decompress
      receivedMessage = getCompressedDataStream(receivedMessage);
      System.out.print("\nDecrypted content: ");
      System.out.println(new String(receivedMessage));
      // ecdhUser2
      System.out.println("\nDecrypt for ecdhUser2:");
      receivedMessage = getAuthEnvelopedDataStream(encodedAuthEnvelopedData, recipient2PrivateKey, 0);
      // decompress
      receivedMessage = getCompressedDataStream(receivedMessage);
      System.out.print("\nDecrypted content: ");
      System.out.println(new String(receivedMessage));

    } else {
      // ecdhUser1
      System.out.println("\nDecrypt for ecdhUser1:");
      receivedMessage = getAuthEnvelopedData(encodedAuthEnvelopedData, recipient1PrivateKey, 0);
      // decompress
      receivedMessage = getCompressedData(receivedMessage);
      System.out.print("\nDecrypted content: ");
      System.out.println(new String(receivedMessage));
      // ecdhUser2
      System.out.println("\nDecrypt for ecdhUser2:");
      receivedMessage = getAuthEnvelopedData(encodedAuthEnvelopedData, recipient2PrivateKey, 0);
      // decompress
      receivedMessage = getCompressedData(receivedMessage);
      System.out.print("\nDecrypted content: ");
      System.out.println(new String(receivedMessage));

    }    
  }
  
  /**
   * Parses an AuthEnvelopedData and decrypts the content for all test recipients
   * using their recipient identifiers for identifying the recipient.
   *
   * @param stream whether to use AuthEnvelopedDataStream or AuthEnvelopedData
   * @param encodedAuthEnvelopedData the encoded AuthEnvelopedData object 
   * @param recipient1PrivateKey the private key of the first recipient (sender)
   * @param recipient1Cert the certificate of the first recipient (sender)
   * @param recipient2PrivateKey the private key of the second recipient
   * @param recipient2Cert the certificate of the second recipient 
   *
   * @throws Exception if some error occurs during decoding/decryption
   */ 
  public void parseAuthEnvelopedDataWithRecipientIdentifier(
      boolean stream, 
      byte[] encodedAuthEnvelopedData,
      PrivateKey recipient1PrivateKey,
      X509Certificate recipient1Cert,
      PrivateKey recipient2PrivateKey,
      X509Certificate recipient2Cert) throws Exception {
    byte[] receivedMessage;
    if (stream) {
      // ecdhUser1
      System.out.println("\nDecrypt for ecdhUser1:");
      receivedMessage = getAuthEnvelopedDataStream(encodedAuthEnvelopedData, recipient1PrivateKey, new IssuerAndSerialNumber(recipient1Cert));
      // decompress
      receivedMessage = getCompressedDataStream(receivedMessage);
      System.out.print("\nDecrypted content: ");
      System.out.println(new String(receivedMessage));
      // ecdhUser2
      System.out.println("\nDecrypt for ecdhUser2:");
      receivedMessage = getAuthEnvelopedDataStream(encodedAuthEnvelopedData, recipient2PrivateKey, new RecipientKeyIdentifier(recipient2Cert));
      // decompress
      receivedMessage = getCompressedDataStream(receivedMessage);      
      System.out.print("\nDecrypted content: ");
      System.out.println(new String(receivedMessage));
    } else {
      // ecdhUser1
      System.out.println("\nDecrypt for ecdhUser1:");
      receivedMessage = getAuthEnvelopedData(encodedAuthEnvelopedData, recipient1PrivateKey, new IssuerAndSerialNumber(recipient1Cert));
      // decompress
      receivedMessage = getCompressedData(receivedMessage);      
      System.out.print("\nDecrypted content: ");
      System.out.println(new String(receivedMessage));
      // ecdhUser2
      System.out.println("\nDecrypt for ecdhUser2:");
      receivedMessage = getAuthEnvelopedData(encodedAuthEnvelopedData, recipient2PrivateKey, new RecipientKeyIdentifier(recipient2Cert));
      // decompress
      receivedMessage = getCompressedData(receivedMessage);
      System.out.print("\nDecrypted content: ");
      System.out.println(new String(receivedMessage));
    }    
  }
  
  /**
   * Parses an AuthEnvelopedData and decrypts the content for all test recipients
   * using their recipient certificate for identifying the recipient.
   *
   * @param stream whether to use AuthEnvelopedDataStream or AuthEnvelopedData
   * @param encodedAuthEnvelopedData the encoded AuthEnvelopedData object 
   * @param recipient1PrivateKey the private key of the first recipient (sender)
   * @param recipient1Cert the certificate of the first recipient (sender)
   * @param recipient2PrivateKey the private key of the second recipient
   * @param recipient2Cert the certificate of the second recipient
   *
   * @throws Exception if some error occurs during decoding/decryption
   */ 
  public void parseAuthEnvelopedDataWithRecipientCert(
      boolean stream, 
      byte[] encodedAuthEnvelopedData,
      PrivateKey recipient1PrivateKey,
      X509Certificate recipient1Cert,
      PrivateKey recipient2PrivateKey,
      X509Certificate recipient2Cert) throws Exception {
    byte[] receivedMessage;
    if (stream) {
      // ecdhUser1
      System.out.println("\nDecrypt for ecdhUser1:");
      receivedMessage = getAuthEnvelopedDataStream(encodedAuthEnvelopedData, recipient1PrivateKey, recipient1Cert);
      // decompress
      receivedMessage = getCompressedDataStream(receivedMessage);
      System.out.print("\nDecrypted content: ");
      System.out.println(new String(receivedMessage));
      // ecdhUser2
      System.out.println("\nDecrypt for ecdhUser2:");
      receivedMessage = getAuthEnvelopedDataStream(encodedAuthEnvelopedData, recipient2PrivateKey, recipient2Cert);
      // decompress
      receivedMessage = getCompressedDataStream(receivedMessage);      
      System.out.print("\nDecrypted content: ");
      System.out.println(new String(receivedMessage));
    } else {
      // ecdhUser1
      System.out.println("\nDecrypt for ecdhUser1:");
      receivedMessage = getAuthEnvelopedData(encodedAuthEnvelopedData, recipient1PrivateKey, recipient1Cert);
      // decompress
      receivedMessage = getCompressedData(receivedMessage);      
      System.out.print("\nDecrypted content: ");
      System.out.println(new String(receivedMessage));
      // ecdhUser2
      System.out.println("\nDecrypt for ecdhUser2:");
      receivedMessage = getAuthEnvelopedData(encodedAuthEnvelopedData, recipient2PrivateKey, recipient2Cert);
      // decompress
      receivedMessage = getCompressedData(receivedMessage);
      System.out.print("\nDecrypted content: ");
      System.out.println(new String(receivedMessage));
    }    
  }
  
  /**
   * Creates an ECDSA signed CMS <code>SignedDataStream</code> object and wraps it by a
   * CMS <code>ContentInfoStream</code>.
   *
   * @param message the message to be signed, as byte representation
   * @param mode the transmission mode, either IMPLICIT or EXPLICIT
   * @param hashAlgorithm the hash algorithm to be used
   * @param signatureAlgorithm the signature algorithm to be used
   * @param signerKey the private key of the signer
   * @param certificates the certificate chain of the signer
   * 
   * @return the DER encoding of the <code>ContentInfo</code> object just created
   * 
   * @throws CMSException if the <code>SignedData</code>, <code>ContentInfo</code>
   *            object cannot be created
   * @throws IOException if an I/O related error occurs
   */
  public byte[] createSignedDataStream(byte[] message, 
                                       int mode,
                                       AlgorithmID hashAlgorithm,
                                       AlgorithmID signatureAlgorithm,
                                       PrivateKey signerKey,
                                       X509Certificate[] certificates) 
    throws CMSException, IOException  {
    
    System.out.print("Create a new message signed with " + signatureAlgorithm.getName());
   
    // we are testing the stream interface
    ByteArrayInputStream is = new ByteArrayInputStream(message);
    // create a new SignedData object which includes the data
    SignedDataStream signed_data = new SignedDataStream(is, ObjectID.cms_authEnvelopedData, mode);
    
    // SignedData shall include the certificate chain for verifying
    signed_data.setCertificates(certificates);

    // cert at index 0 is the user certificate
    IssuerAndSerialNumber issuer = new IssuerAndSerialNumber(certificates[0]);

    // create a new SignerInfo
    AlgorithmID ecdsaSig = (AlgorithmID)signatureAlgorithm.clone();
    // CMS-ECDSA requires to encode the parameter field as NULL (see RFC 3278)
    ecdsaSig.encodeAbsentParametersAsNull(true);
    SignerInfo signer_info = new SignerInfo(issuer, (AlgorithmID)hashAlgorithm.clone(), ecdsaSig, signerKey);
    
    try {
      // create some signed attributes
      // the message digest attribute is automatically added
      Attribute[] attributes = new Attribute[2];
      // content type is data
      CMSContentType contentType = new CMSContentType(ObjectID.cms_authEnvelopedData);
      attributes[0] = new Attribute(contentType);
      // signing time is now
      SigningTime signingTime = new SigningTime();
      attributes[1] = new Attribute(signingTime);
  
      // set the attributes
      signer_info.setSignedAttributes(attributes);
    } catch (Exception ex) {
      throw new CMSException("Error adding attributes: " + ex.toString());
    }
    
    // finish the creation of SignerInfo by calling method addSigner
    try {
      signed_data.addSignerInfo(signer_info);
    } catch (NoSuchAlgorithmException ex) {
      throw new CMSException("No implementation for signature algorithm: "+ex.getMessage());
    }

    // write the data through SignedData to any out-of-band place
    if (mode == SignedDataStream.EXPLICIT) {
      InputStream data_is = signed_data.getInputStream();
      byte[] buf = new byte[1024];
      int r;
      while ((r = data_is.read(buf)) > 0) {
        ;   // skip data
      }  
    }

    signed_data.setBlockSize(2048);
     // create the ContentInfo
    ContentInfoStream cis = new ContentInfoStream(signed_data);
    // return the SignedData as DER encoded byte array with block size 2048
    ByteArrayOutputStream os = new ByteArrayOutputStream();
    cis.writeTo(os);
    return os.toByteArray();
  }
  
  
  /**
   * Parses a CMS <code>ContentInfo</code> object holding a <code>SignedData</code> 
   * object and verifies the signature.
   *
   * @param signedData the <code>ContentInfo</code> holding the <code>SignedData</code> 
   *                   object as BER encoded byte array
   * @param message the the message which was transmitted out-of-band (explicit signed)
   * @param certificates the certificate of the signer (used for alternative signature verification)
   * 
   * @return the inherent message as byte array
   * 
   * @throws CMSException if any signature does not verify
   * @throws IOException if an I/O related error occurs
   */
  public byte[] getSignedDataStream(byte[] signedData, byte[] message, X509Certificate[] certificates) 
    throws CMSException, IOException {

    // we are testing the stream interface
    ByteArrayInputStream is = new ByteArrayInputStream(signedData);

    SignedDataStream signed_data = new SignedDataStream(is);

    if (signed_data.getMode() == SignedDataStream.EXPLICIT) {
      // in explicit mode explicitly supply the content for hash computation
      signed_data.setInputStream(new ByteArrayInputStream(message));
    }

    // get an InputStream for reading the signed content and update hash computation
    InputStream data = signed_data.getInputStream();
    ByteArrayOutputStream os = new ByteArrayOutputStream();
    Util.copyStream(data, os, null);

    System.out.println("SignedData contains the following signer information:");
    SignerInfo[] signer_infos = signed_data.getSignerInfos();
    
    int numberOfSignerInfos = signer_infos.length;
    if (numberOfSignerInfos == 0) {
      String warning = "Warning: Unsigned message (no SignerInfo included)!";  
      System.err.println(warning);
      throw new CMSException(warning);
    } else {
      for (int i = 0; i < numberOfSignerInfos; i++) {
        try {
          // verify the signed data using the SignerInfo at index i
          X509Certificate signer_cert = signed_data.verify(i);
          // if the signature is OK the certificate of the signer is returned
          System.out.println("Signature OK from signer: "+signer_cert.getSubjectDN());
          // check for some included attributes
          SigningTime signingTime = (SigningTime)signer_infos[i].getSignedAttributeValue(ObjectID.signingTime);
          if (signingTime != null) {
            System.out.println("This message has been signed at " + signingTime.get());
          } 
          CMSContentType contentType = (CMSContentType)signer_infos[i].getSignedAttributeValue(ObjectID.contentType);
          if (contentType != null) {
            System.out.println("The content has CMS content type " + contentType.get().getName());
          }  
        } catch (SignatureException ex) {
          // if the signature is not OK a SignatureException is thrown
          System.out.println("Signature ERROR from signer: "+signed_data.getCertificate(signer_infos[i].getSignerIdentifier()).getSubjectDN());
          throw new CMSException(ex.toString());
        }  
      }  
      // now check alternative signature verification
      System.out.println("Now check the signature assuming that no certs have been included:");
      try {
        SignerInfo signer_info = signed_data.verify(certificates[0]);
        // if the signature is OK the certificate of the signer is returned
        System.out.println("Signature OK from signer: "+signed_data.getCertificate(signer_info.getSignerIdentifier()).getSubjectDN());
      } catch (SignatureException ex) {
        // if the signature is not OK a SignatureException is thrown
        System.out.println("Signature ERROR from signer: "+certificates[0].getSubjectDN());
        throw new CMSException(ex.toString());
      }
      // in practice we also would validate the signer certificate(s)  
    }      
    return os.toByteArray();
  }
  
  
  /**
   * Creates an ECDSA signed CMS <code>SignedData</code> object and wraps it by a CMS
   * <code>ContentInfo</code> object.
   * <p>
   *
   * @param message the message to be signed, as byte representation
   * @param mode the mode, either SignedData.IMPLICIT or SignedData.EXPLICIT
   * @param hashAlgorithm the hash algorithm to be used
   * @param signatureAlgorithm the signature algorithm to be used
   * @param signerKey the private key of the signer
   * @param certificates the certificate chain of the signer
   * 
   * @return the DER encoded <code>SignedData</code>-<code>ContentInfo</code> object
   *  
   * @throws CMSException if the <code>SignedData</code>-<code>ContentInfo</code> object cannot
   *                          be created
   * @throws IOException if an I/O related error occurs
   */
  public byte[] createSignedData(byte[] message, 
                                 int mode,
                                 AlgorithmID hashAlgorithm,
                                 AlgorithmID signatureAlgorithm,
                                 PrivateKey signerKey,
                                 X509Certificate[] certificates) 
    throws CMSException, IOException  {
    
    System.out.println("Create a new message signed with " + signatureAlgorithm.getName());
  
    // create a new SignedData object which includes the data
    SignedData signed_data = new SignedData(message, ObjectID.cms_authEnvelopedData, mode);
    
    // SignedData shall include the certificate chain for verifying
    signed_data.setCertificates(certificates);
  
    // cert at index 0 is the user certificate
    IssuerAndSerialNumber issuer = new IssuerAndSerialNumber(certificates[0]);

    // create a new SignerInfo
    AlgorithmID ecdsaSig = (AlgorithmID)signatureAlgorithm.clone();
    // CMS-ECC requires that the parameters field is encoded as ASN.1 NULL object (see RFC 3278)
    ecdsaSig.encodeAbsentParametersAsNull(true);
    SignerInfo signer_info = new SignerInfo(issuer, (AlgorithmID)hashAlgorithm.clone(), ecdsaSig, signerKey);
    
    try {
      // create some signed attributes
      // the message digest attribute is automatically added
      Attribute[] attributes = new Attribute[2];
      // content type is data
      CMSContentType contentType = new CMSContentType(ObjectID.cms_authEnvelopedData);
      attributes[0] = new Attribute(contentType);
      // signing time is now
      SigningTime signingTime = new SigningTime();
      attributes[1] = new Attribute(signingTime);
  
      // set the attributes
      signer_info.setSignedAttributes(attributes);
    } catch (Exception ex) {
      throw new CMSException("Error adding attributes: " + ex.toString());
    }
    
    // finish the creation of SignerInfo by calling method addSigner
    try {
      signed_data.addSignerInfo(signer_info);
    } catch (NoSuchAlgorithmException ex) {
      throw new CMSException("No implementation for signature algorithm: "+ex.getMessage());
    }

    ContentInfo ci = new ContentInfo(signed_data); 
    return ci.getEncoded();
  }
  
  
  /**
   * Parses a CMS <code>ContentInfo</code> holding a <code>SignedData</code> 
   * object and verifies the signature.
   *
   * @param signedData the <code>ContentInfo</code> holding the <code>SignedData</code> 
   *                   object as DER encoded byte array
   * @param message the message which was transmitted out-of-band (explicit signed)
   * @param certificates the certificate of the signer (used for alternative signature verification) 
   * 
   * @return the inherent message as byte array
   * 
   * @throws CMSException if any signature does not verify
   * @throws IOException if an I/O related error occurs
   */
  public byte[] getSignedData(byte[] signedData, byte[] message, X509Certificate[] certificates) 
    throws CMSException, IOException {
    
    ByteArrayInputStream is = new ByteArrayInputStream(signedData);
    // create the SignedData object
    SignedData signed_data = new SignedData(is);
    
    if (signed_data.getMode() == SignedData.EXPLICIT) {
      // in explcit mode explictly supply the content data to do the hash calculation
      signed_data.setContent(message);
    }
    
    System.out.println("SignedData contains the following signer information:");
    SignerInfo[] signer_infos = signed_data.getSignerInfos();
    
    int numberOfSignerInfos = signer_infos.length;
    if (numberOfSignerInfos == 0) {
      String warning = "Warning: Unsigned message (no SignerInfo included)!";  
      System.err.println(warning);
      throw new CMSException(warning);
    } else {
      for (int i = 0; i < numberOfSignerInfos; i++) {
        try {
          // verify the signed data using the SignerInfo at index i
          X509Certificate signer_cert = signed_data.verify(i);
          // if the signature is OK the certificate of the signer is returned
          System.out.println("Signature OK from signer: "+signer_cert.getSubjectDN());
          // check some attributes
          SigningTime signingTime = (SigningTime)signer_infos[i].getSignedAttributeValue(ObjectID.signingTime);
          if (signingTime != null) {
            System.out.println("This message has been signed at " + signingTime.get());
          } 
          CMSContentType contentType = (CMSContentType)signer_infos[i].getSignedAttributeValue(ObjectID.contentType);
          if (contentType != null) {
            System.out.println("The content has CMS content type " + contentType.get().getName());
          }
        } catch (SignatureException ex) {
          // if the signature is not OK a SignatureException is thrown
          System.out.println("Signature ERROR from signer: "+signed_data.getCertificate(signer_infos[i].getSignerIdentifier()).getSubjectDN());
          throw new CMSException(ex.toString());
        } 
      }      
    
      // now check alternative signature verification
      System.out.println("Now check the signature assuming that no certs have been included:");
      try {
        SignerInfo signer_info = signed_data.verify(certificates[0]);
        // if the signature is OK the certificate of the signer is returned
        System.out.println("Signature OK from signer: "+signed_data.getCertificate(signer_info.getSignerIdentifier()).getSubjectDN());
      } catch (SignatureException ex) {
        // if the signature is not OK a SignatureException is thrown
        System.out.println("Signature ERROR from signer: "+certificates[0].getSubjectDN());
        throw new CMSException(ex.toString());
      }
      // in practice we also would validate the signer certificate(s)  
    }      
    return signed_data.getContent();
  }
  
  /**
   * Creates a CMS <code>CompressedData</code> object.
   * <p>
   * @param message the message to be compressed, as byte representation
   *
   * @return the BER encoding of the <code>CompressedData</code> object just created
   *
   * @throws CMSException if the <code>CompressedData</code> object cannot
   *                          be created
   * @throws IOException if an I/O error occurs
   * @throws NoSuchAlgorithmException if the compression algorithm is not supported
   */
  public byte[] createCompressedDataStream(byte[] message) 
    throws CMSException, IOException, NoSuchAlgorithmException {

    System.out.println("Create a new CompressedData message");

    // we are testing the stream interface
    ByteArrayInputStream is = new ByteArrayInputStream(message);

    // create a new CompressedData object 
    CompressedDataStream compressedData = new CompressedDataStream(is, 
                                                                   (AlgorithmID)CMSAlgorithmID.zlib_compress.clone(),
                                                                   CompressedDataStream.IMPLICIT);

    // for testing return the CompressedData as BER encoded byte array with block size of 4
    ByteArrayOutputStream os = new ByteArrayOutputStream();
    compressedData.setBlockSize(4);
    ContentInfoStream cis = new ContentInfoStream(compressedData);
    cis.writeTo(os);
    return os.toByteArray();
  }

  /**
   * Parses a CMS <code>CompressedData</code> object.
   *
   * @param encoding  the <code>CompressedData</code> object as BER encoded byte array
   *
   * @return the decompressed message as byte array
   *
   * @throws CMSException if the CompressedData cannot be parsed
   * @throws IOException if an I/O error occurs
   * @throws NoSuchAlgorithmException if the compression algorithm is not supported
   */
  public byte[] getCompressedDataStream(byte[] encoding) 
    throws CMSException, IOException, NoSuchAlgorithmException {

    System.out.println("Parse CompressedData message.");
    // we are testing the stream interface
    ByteArrayInputStream is = new ByteArrayInputStream(encoding);
    // create the CompressedData object
    CompressedDataStream compressedData = new CompressedDataStream(is);
    // get an InputStream for reading and decompressing the content
    InputStream data = compressedData.getInputStream();
    ByteArrayOutputStream os = new ByteArrayOutputStream();
    Util.copyStream(data, os, null);
  
    return os.toByteArray();
  }


  /**
   * Creates a CMS <code>CompressedData</code> object.
   * <p>
   *
   * @param message the message to be compressed, as byte representation
   *
   * @return the DER encoded <code>CompressedData</code>
   *
   * @throws CMSException if the <code>CompressedData</code> object cannot
   *                          be created
   * @throws IOException if an I/O error occurs
   * @throws NoSuchAlgorithmException if the compression algorithm is not supported
   */
  public byte[] createCompressedData(byte[] message)
    throws CMSException, IOException, NoSuchAlgorithmException {

    System.out.println("Create a new CompressedData message");

    // create a new CompressedData object 
    CompressedData compressedData = new CompressedData(message, 
                                                      (AlgorithmID)CMSAlgorithmID.zlib_compress.clone(),
                                                       CompressedData.IMPLICIT);
    ContentInfo ci = new ContentInfo(compressedData);
    return ci.getEncoded();
  }

  /**
   * Parses a CMS <code>CompressedData</code> object.
   *
   * @param encoding the DER encoded <code>CompressedData</code> object 
   *
   * @return the decompressed message as byte array
   *
   * @throws CMSException if the CompressedData cannot be parsed
   * @throws IOException if an I/O error occurs
   * @throws NoSuchAlgorithmException if the compression algorithm is not supported
   */
  public byte[] getCompressedData(byte[] encoding) 
    throws CMSException, IOException, NoSuchAlgorithmException {
    
    System.out.println("Parse CompressedData message.");
    ByteArrayInputStream encodedStream = new ByteArrayInputStream(encoding);
    // create the CompressedData object
    CompressedData compressedData = new CompressedData(encodedStream);
    // decompress
    return compressedData.getContent();
  }
  
  /**
   * Starts the test.
   */
  public void start() {
    
    PrivateKey signerPrivateKey = null; 
    X509Certificate[] signerCertChain = null;
    PrivateKey recipient1PrivateKey = null; 
    X509Certificate recipient1Cert = null;
    PrivateKey recipient2PrivateKey = null; 
    X509Certificate recipient2Cert = null;
    
    // AES-GCM

    // AES128-GCM
    AlgorithmID contentAuthEncAlg = (AlgorithmID)AlgorithmID.aes128_GCM.clone();
    signerPrivateKey = ecdsa256bitSignerPrivateKey_;
    signerCertChain = ecdsa256bitSignerCertChain_;
    recipient1PrivateKey = ecdh256bitRecipient1PrivateKey_; 
    recipient1Cert = ecdh256bitRecipient1Cert_;
    recipient2PrivateKey = ecdh256bitRecipient2PrivateKey_; 
    recipient2Cert = ecdh256bitRecipient2Cert_;
    start(contentAuthEncAlg, signerPrivateKey, signerCertChain, recipient1PrivateKey, recipient1Cert, recipient2PrivateKey, recipient2Cert);
    // AES192-GCM
    contentAuthEncAlg = (AlgorithmID)AlgorithmID.aes192_GCM.clone();
    signerPrivateKey = ecdsa384bitSignerPrivateKey_;
    signerCertChain = ecdsa384bitSignerCertChain_;
    recipient1PrivateKey = ecdh384bitRecipient1PrivateKey_; 
    recipient1Cert = ecdh384bitRecipient1Cert_;
    recipient2PrivateKey = ecdh384bitRecipient2PrivateKey_; 
    recipient2Cert = ecdh384bitRecipient2Cert_;
    start(contentAuthEncAlg, signerPrivateKey, signerCertChain, recipient1PrivateKey, recipient1Cert, recipient2PrivateKey, recipient2Cert);
    // AES256-GCM
    contentAuthEncAlg = (AlgorithmID)AlgorithmID.aes256_GCM.clone();
    signerPrivateKey = ecdsa521bitSignerPrivateKey_;
    signerCertChain = ecdsa521bitSignerCertChain_;
    recipient1PrivateKey = ecdh521bitRecipient1PrivateKey_; 
    recipient1Cert = ecdh521bitRecipient1Cert_;
    recipient2PrivateKey = ecdh521bitRecipient2PrivateKey_; 
    recipient2Cert = ecdh521bitRecipient2Cert_;
    start(contentAuthEncAlg, signerPrivateKey, signerCertChain, recipient1PrivateKey, recipient1Cert, recipient2PrivateKey, recipient2Cert);
    
    // AES-CBC-CMAC
    
    // AES-CBC-CMAC-128
    contentAuthEncAlg = (AlgorithmID)AlgorithmID.aes_CBC_CMAC_128.clone();
    signerPrivateKey = ecdsa256bitSignerPrivateKey_;
    signerCertChain = ecdsa256bitSignerCertChain_;
    recipient1PrivateKey = ecdh256bitRecipient1PrivateKey_; 
    recipient1Cert = ecdh256bitRecipient1Cert_;
    recipient2PrivateKey = ecdh256bitRecipient2PrivateKey_; 
    recipient2Cert = ecdh256bitRecipient2Cert_;
    start(contentAuthEncAlg, signerPrivateKey, signerCertChain, recipient1PrivateKey, recipient1Cert, recipient2PrivateKey, recipient2Cert);
    // AES-CBC-CMAC-192
    contentAuthEncAlg = (AlgorithmID)AlgorithmID.aes_CBC_CMAC_192.clone();
    signerPrivateKey = ecdsa384bitSignerPrivateKey_;
    signerCertChain = ecdsa384bitSignerCertChain_;
    recipient1PrivateKey = ecdh384bitRecipient1PrivateKey_; 
    recipient1Cert = ecdh384bitRecipient1Cert_;
    recipient2PrivateKey = ecdh384bitRecipient2PrivateKey_; 
    recipient2Cert = ecdh384bitRecipient2Cert_;
    start(contentAuthEncAlg, signerPrivateKey, signerCertChain, recipient1PrivateKey, recipient1Cert, recipient2PrivateKey, recipient2Cert);
    // AES-CBC-CMAC-256
    contentAuthEncAlg = (AlgorithmID)AlgorithmID.aes_CBC_CMAC_256.clone();
    signerPrivateKey = ecdsa521bitSignerPrivateKey_;
    signerCertChain = ecdsa521bitSignerCertChain_;
    recipient1PrivateKey = ecdh521bitRecipient1PrivateKey_; 
    recipient1Cert = ecdh521bitRecipient1Cert_;
    recipient2PrivateKey = ecdh521bitRecipient2PrivateKey_; 
    recipient2Cert = ecdh521bitRecipient2Cert_;
    start(contentAuthEncAlg, signerPrivateKey, signerCertChain, recipient1PrivateKey, recipient1Cert, recipient2PrivateKey, recipient2Cert);
  }
  
  /**
   * Starts the test for the given content-authenticated encryption algorithm.
   * 
   * @param contentAuthEncAlg the id of the content-authenticated encryption algorithm
   */
  public void start(AlgorithmID contentAuthEncAlg,
                    PrivateKey signerPrivateKey, 
                    X509Certificate[] signerCertChain,
                    PrivateKey recipient1PrivateKey, 
                    X509Certificate recipient1Cert,
                    PrivateKey recipient2PrivateKey, 
                    X509Certificate recipient2Cert) {
     // the test message
    String m = "This is the test message.";
    System.out.println("Test message: \""+m+"\"");
    System.out.println();
    byte[] message = m.getBytes();

    try {
      byte[] encodedAuthEnvelopedData;
      byte[] encodedSignedAuthEnvelopedData;
      System.out.println("Stream implementation demos");
      System.out.println("===========================");

      AlgorithmID hashAlgorithm = AlgorithmID.sha256;
      AlgorithmID signatureAlgorithm = AlgorithmID.ecdsa_With_SHA256;
      
      
      // the stream implementation
      System.out.println("\nCMS Signed AuthEnvelopedDataStream demo [create]:\n");
      // compress content
      byte[] compressedData = createCompressedDataStream(message);
      encodedAuthEnvelopedData = createAuthEnvelopedDataStream(compressedData, 
                                                               (AlgorithmID)contentAuthEncAlg.clone(),
                                                               recipient1Cert, 
                                                               recipient2Cert);
      encodedSignedAuthEnvelopedData = createSignedDataStream(encodedAuthEnvelopedData, 
                                                              SignedDataStream.IMPLICIT,
                                                              (AlgorithmID)hashAlgorithm.clone(),
                                                              (AlgorithmID)signatureAlgorithm.clone(),
                                                              signerPrivateKey,
                                                              signerCertChain);
      
      // transmit data
      System.out.println("\nCMS Signed AuthEnvelopedDataStream demo [parse]:\n");
      // verify signature
      encodedAuthEnvelopedData = getSignedDataStream(encodedSignedAuthEnvelopedData, null, signerCertChain);
      // parse contents
      System.out.println("Decrypt for the several recipients using their index into the recipientInfos field.");
      parseAuthEnvelopedDataWithRecipientInfoIndex(true, encodedAuthEnvelopedData, recipient1PrivateKey, recipient2PrivateKey);
      System.out.println("Decrypt for the several recipients using their RecipientIdentifier.");
      parseAuthEnvelopedDataWithRecipientIdentifier(true, encodedAuthEnvelopedData, recipient1PrivateKey, recipient1Cert, recipient2PrivateKey, recipient2Cert);
      System.out.println("Decrypt for the several recipients using their certificate.");
      parseAuthEnvelopedDataWithRecipientCert(true, encodedAuthEnvelopedData, recipient1PrivateKey, recipient1Cert, recipient2PrivateKey, recipient2Cert);

      // the non-stream implementation
      System.out.println("\nNon-stream implementation demos");
      System.out.println("===============================");

            
      System.out.println("\nCMS Signed AuthEnvelopedData demo [create]:\n");
      // compress content
      compressedData = createCompressedData(message);
      encodedAuthEnvelopedData = createAuthEnvelopedData(compressedData, 
                                                         (AlgorithmID)contentAuthEncAlg.clone(),
                                                         recipient1Cert, 
                                                         recipient2Cert);
      encodedSignedAuthEnvelopedData = createSignedData(encodedAuthEnvelopedData, 
                                                        SignedData.IMPLICIT,
                                                        (AlgorithmID)hashAlgorithm.clone(),
                                                        (AlgorithmID)signatureAlgorithm.clone(),
                                                        signerPrivateKey,
                                                        signerCertChain);
      // transmit data
      System.out.println("\nCMS Signed AuthEnvelopedData demo [parse]:\n");
      // verify signature
      encodedAuthEnvelopedData = getSignedData(encodedSignedAuthEnvelopedData, null, signerCertChain);
      // parse contents
      System.out.println("Decrypt for the several recipients using their index into the recipientInfos field.");
      parseAuthEnvelopedDataWithRecipientInfoIndex(false, encodedAuthEnvelopedData, recipient1PrivateKey, recipient2PrivateKey);
      System.out.println("Decrypt for the several recipients using their RecipientIdentifier.");
      parseAuthEnvelopedDataWithRecipientIdentifier(false, encodedAuthEnvelopedData, recipient1PrivateKey, recipient1Cert, recipient2PrivateKey, recipient2Cert);
      System.out.println("Decrypt for the several recipients using their certificate.");
      parseAuthEnvelopedDataWithRecipientCert(false, encodedAuthEnvelopedData, recipient1PrivateKey, recipient1Cert, recipient2PrivateKey, recipient2Cert);
      
      
      System.out.println("OutputStream implementation demos");
      System.out.println("===========================");

      
      // the stream implementation
      System.out.println("\nCMS Signed AuthEnvelopedDataOutputStream demo [create]:\n");
      // compression of content is done in method createAuthEnvelopedDataOutputStream
      encodedAuthEnvelopedData = createAuthEnvelopedDataOutputStream(message, 
                                                                     (AlgorithmID)contentAuthEncAlg.clone(),                                                                     recipient1Cert, 
                                                                     recipient2Cert);
      encodedSignedAuthEnvelopedData = createSignedDataStream(encodedAuthEnvelopedData, 
                                                              SignedDataStream.IMPLICIT,
                                                              (AlgorithmID)hashAlgorithm.clone(),
                                                              (AlgorithmID)signatureAlgorithm.clone(),
                                                              signerPrivateKey,
                                                              signerCertChain);
      
      // transmit data
      System.out.println("\nCMS Signed AuthEnvelopedDataStream demo [parse]:\n");
      // verify signature
      encodedAuthEnvelopedData = getSignedDataStream(encodedSignedAuthEnvelopedData, null, signerCertChain);
      // parse contents
      System.out.println("Decrypt for the several recipients using their index into the recipientInfos field.");
      parseAuthEnvelopedDataWithRecipientInfoIndex(true, encodedAuthEnvelopedData, recipient1PrivateKey, recipient2PrivateKey);
      System.out.println("Decrypt for the several recipients using their RecipientIdentifier.");
      parseAuthEnvelopedDataWithRecipientIdentifier(true, encodedAuthEnvelopedData, recipient1PrivateKey, recipient1Cert, recipient2PrivateKey, recipient2Cert);
      System.out.println("Decrypt for the several recipients using their certificate.");
      parseAuthEnvelopedDataWithRecipientCert(true, encodedAuthEnvelopedData, recipient1PrivateKey, recipient1Cert, recipient2PrivateKey, recipient2Cert);
      

        } catch (Exception ex) {
          ex.printStackTrace();
          throw new RuntimeException(ex.toString());
        }
  }
  
  
  /**
   * Main method.
   *
   * @throws IOException
   *            if an I/O error occurs when reading required keys
   *            and certificates from files
   */
  public static void main(String argv[]) throws Exception {

    DemoUtil.initDemos();
    ECCDemoUtil.installIaikEccProvider();

    (new EckaEGAuthEnvelopedDataDemo()).start();
    System.out.println("\nReady!");
    DemoUtil.waitKey();
  }
}