iaik.cms

Class EncryptedContentInfoStream

java.lang.Object

iaik.cms.EncryptedContentInfoStream

Direct Known Subclasses:

EncryptedContentInfo

public class EncryptedContentInfoStream
extends java.lang.Object

This class represents the stream-supporting implementation of the CMS type EncryptedContentInfo.

The Cryptographic Message Syntax (CMS) (RFC 5652) defines the EncryptedContentInfo type for specifying the content type, the content encryption algorithm and the encrypted content of an EnvelopedData, or EncryptedData structure:

 EncryptedContentInfo ::= SEQUENCE {
   contentType                 ContentType,
   contentEncryptionAlgorithm  ContentEncryptionAlgorithmIdentifier,
   encryptedContent            [0] IMPLICIT EncryptedContent OPTIONAL }
 

 EncryptedContent ::= OCTET STRING
 

This class provides several constructors and methods for creating an EncryptedContentInfoStream, encrypting its content (thereby optionally creating a secret content-encryption key in accordance with the specified content-encryption algorithm), and "re-decrypting" the encrypted content again.

This class - as in common with all IAIK CMS content type implementations - provides mechanisms for encoding the inherent encrypted content data as indefinite constructed octet string instead of using the default primitive definite encoding scheme:

 0x24 0x80
           0x04 <blocksize> <first encrypted content block>
           0x04 <blocksize> <second encrypted content block>
           0x04 <blocksize> <third encrypted content block>
                ...
 0x00 0x00
 

instead of:

 0x04 <length> <encrypted content>
 

The indefinite constructed encoding scheme may be preferable for properly handling large amounts of data.
For enabling an indefinite constructed encoding of the inherent encrypted content, the setBlockSize method has to be used for defining the length of each primitive definite encoded octet string component before actually performing the encoding by means of the writeTo method, e.g.:

 //create a EncryptedContentInfoStream for the data to be encrypted, supplied from an input stream:
 InputStream dataStream = ...;
 EncryptedContentInfoStream eci = new EncryptedContentInfoStream(ObjectID.cms_data, dataStream);
 //generate secret key and set up the cipher for encryption:
 SecretKey key = eci.setupCipher((AlgorithmID)AlgorithmID.aes256_CBC.clone());
 //optionally set the block size for splitting the encoding:
 eci.setBlockSize(2048);
 //perform the content encryption and encode the EncryptedContentInfo to an output stream
 eci.writeTo(output_stream);
 

Note: in contrast to the equivalent non-stream supporting EncryptedContentInfo class, where the content encryption already is performed when calling a proper setupCipher method, this class performs the content encryption actually during the encoding by piping the data through a cipher stream when executing the writeTo method. The corresponding setupCipher method only initializes the cipher for the cipher stream pipe.

In the same way, when parsing an already existing EncryptedContentInfoStream object a proper setupCipher method has to be used for initializing the cipher stream pipe for decryption. The decryption actually is performed when reading the data previously obtained by means of the getInputstream method:

 //create an EncryptedContentInfoStream from the input stream supplying the encoding:
 EncryptedContentInfoStream eci = new EncryptedContentInfoStream(encoded_stream);
 //setup the cipher for decryption using the right secret key:
 eci.setupCipher(key);
 //get and read the data thereby actually performing the decryption
 InputStream data_is = eci.getInputStream();
 byte[] buf = new byte[2048];
 int r;
 while ((r = data_is.read(buf)) > 0) {
   // do something useful
 }
 

See Also:

EnvelopedDataStream, EncryptedDataStream

Field Summary

Fields

Modifier and Type	Field and Description
protected int	blockSize_ The block size.
protected CipherEngine	cipher_ The Cipher engine used for en/decryption.
protected iaik.asn1.structures.AlgorithmID	contentEncryptionAlgorithm_ The content-encryption algorithm
protected iaik.asn1.ObjectID	contentType_ The type of the content.
static int	EXPLICIT Denotes a mode where the encrypted message is not transported within the EncryptedContentInfo.
static int	IMPLICIT Denotes a mode where the encrypted message is included in the EncryptedContentInfo.
protected SecurityProvider	securityProvider_ The SeucrityProvider used for cryptographic tasks.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	EncryptedContentInfoStream() Default constructor.
	EncryptedContentInfoStream(java.io.InputStream is) Creates a new EncryptedContentInfoStream where the BER encoded data is read from the given InputStream.
	EncryptedContentInfoStream(iaik.asn1.ObjectID contentType, iaik.asn1.structures.AlgorithmID contentEncAlg) Creates an EncryptedContentInfoStream with given content type and content-encryption algorithm ID.
	EncryptedContentInfoStream(iaik.asn1.ObjectID contentType, java.io.InputStream is) Creates a new EncryptedContentInfoStream for the given content type where the content data to be encrypted is read from the provided InputStream.

Method Summary

Modifier and Type	Method and Description
protected void	decode(java.io.InputStream is) Reads and decodes an encoded EncryptedContentInfoStream from an input stream.
int	getBlockSize() Gets the block size defining the length of each definite primitive encoded octet string component.
iaik.asn1.structures.AlgorithmID	getContentEncryptionAlgorithm() Returns the content-encryption algorithm (including any associated parameters) of this EncryptedContentInfoStream.
iaik.asn1.ObjectID	getContentType() Returns the type of the content encrypted by this EncryptedContentInfoStream.
java.io.InputStream	getInputStream() Returns an InputStream for reading the decrypted content.
int	getMode() Gets the mode of this EncryptedContentInfoStream.
SecurityProvider	getSecurityProvider() Gets the SecurityProvider installed for this EncryptedContentInfoStream.
boolean	hasContent() Returns true if there is a content.
void	setAdditionalAuthData(byte[] aad) Sets the additional authenticated data which shall be authenticated but not encrypted.
void	setAuthEnveloped(boolean authEnveloped) Sets whether this EncryptedContentInfo is used for authenticated encryption.
void	setBlockSize(int blockSize) Sets the block size for encoding the encrypted content.
void	setInputStream(java.io.InputStream is) Sets the input stream that supplies the content data to be encrypted.
void	setMode(int mode) Sets the mode for this EncryptedContentInfoStream.
void	setSecurityProvider(SecurityProvider securityProvider) Sets the SecurityProvider for this EncryptedContentInfoStream.
javax.crypto.SecretKey	setupCipher(iaik.asn1.structures.AlgorithmID contentEA) Setups the cipher and generates a secret key for encrypting the content.
javax.crypto.SecretKey	setupCipher(iaik.asn1.structures.AlgorithmID contentEA, int keyLength) Setups the cipher and generates a secret key for encrypting the content.
javax.crypto.SecretKey	setupCipher(iaik.asn1.structures.AlgorithmID contentEA, int keyLength, java.security.AlgorithmParameters params) Setups the cipher and generates a secret key for encrypting the content.
javax.crypto.SecretKey	setupCipher(iaik.asn1.structures.AlgorithmID contentEA, int keyLength, java.security.spec.AlgorithmParameterSpec params) Setups the cipher and generates a secret key for encrypting the content.
void	setupCipher(iaik.asn1.structures.AlgorithmID contentEA, java.security.Key key, java.security.AlgorithmParameters params) Setups the cipher for encrypting the content.
void	setupCipher(iaik.asn1.structures.AlgorithmID contentEA, java.security.Key key, java.security.spec.AlgorithmParameterSpec params) Setups the cipher for encrypting the content.
void	setupCipher(java.security.Key key) Uses the specified content-encryption key to setup the cipher for decrypting the content.
void	setupCipher(java.security.Key key, java.security.AlgorithmParameters params) Uses the specified key and parameters to setup the cipher for decrypting the content.
void	setupCipher(java.security.Key key, java.security.spec.AlgorithmParameterSpec params) Uses the specified key and parameters to setup the cipher for decrypting the content.
iaik.asn1.ASN1Object	toASN1Object() Returns this EncryptedContentInfoStream as ASN1Object.
java.lang.String	toString() Returns a string giving some information about this EncryptedContentInfoStream object.
void	writeTo(java.io.OutputStream os) Writes the BER encoding of this object to the given OutputStream.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

IMPLICIT

public static final int IMPLICIT

Denotes a mode where the encrypted message is included in the EncryptedContentInfo.

See Also:

Constant Field Values

EXPLICIT

public static final int EXPLICIT

Denotes a mode where the encrypted message is not transported within the EncryptedContentInfo.

See Also:

Constant Field Values

contentType_

protected iaik.asn1.ObjectID contentType_

The type of the content.

contentEncryptionAlgorithm_

protected iaik.asn1.structures.AlgorithmID contentEncryptionAlgorithm_

The content-encryption algorithm

cipher_

protected CipherEngine cipher_

The Cipher engine used for en/decryption.

blockSize_

protected int blockSize_

The block size. (Default: 2048 to enforce indefinite constructed encoding).

securityProvider_

protected SecurityProvider securityProvider_

The SeucrityProvider used for cryptographic tasks.

Constructor Detail

EncryptedContentInfoStream

protected EncryptedContentInfoStream()

Default constructor. The block size is set to 2048 to enforce indefinite constructed encoding.

EncryptedContentInfoStream

public EncryptedContentInfoStream(iaik.asn1.ObjectID contentType,
                                  java.io.InputStream is)

Creates a new EncryptedContentInfoStream for the given content type where the content data to be encrypted is read from the provided InputStream.

Parameters:

contentType - the CMS content type

is - the input stream holding the content data to encrypt

EncryptedContentInfoStream

public EncryptedContentInfoStream(iaik.asn1.ObjectID contentType,
                                  iaik.asn1.structures.AlgorithmID contentEncAlg)

Creates an EncryptedContentInfoStream with given content type and content-encryption algorithm ID. The encrypted data must be supplied by other means.

Parameters:

contentType - the type of the encrypted content

contentEncAlg - the algorithm used to encrypt the content

EncryptedContentInfoStream

public EncryptedContentInfoStream(java.io.InputStream is)
                           throws java.io.IOException,
                                  CMSParsingException

Creates a new EncryptedContentInfoStream where the BER encoded data is read from the given InputStream.

The given input stream supplies the BER encoding of an already exisiting EncryptedContentInfoStream object that may have been created by calling writeTo.

Use the EncryptedContentInfoStream(ObjectID contentType, InputStream is) constructor for supplying the content to be encrypted when creating an EncryptedContentInfoStream object.

Parameters:

is - the InputStream holding a BER encoded EncryptedContentInfoStream object

Throws:

java.io.IOException - if an I/O error occurs during reading from the InputStream

CMSParsingException - if an error occurs while parsing the object

Method Detail

setMode

public void setMode(int mode)

Sets the mode for this EncryptedContentInfoStream.

This method may be only called to set the mode to EXPLICIT for creating a new EncryptedContentInfoStream in EXPLICIT mode where the encrypted content shall not be included in the EncryptedContentInfo. In this case the encrypted content has to be transmitted by other means. This method may not be called in IMPLICIT mode (default) where the encrypted content is included in the EncryptedContentInfo. This method MUST not be called when parsing an EncryptedContentInfo where the mode is automatically detected and cannot be changed.

Parameters:

mode - the mode, either IMPLICIT (to include the encrypted content (default) or EXPLICIT to not include it)

Throws:

java.lang.IllegalArgumentException - if the mode is not IMPLICIT or EXPLICIT; or if this method is called when parsing an EncryptedContentInfo

getMode

public int getMode()

Gets the mode of this EncryptedContentInfoStream.

Returns:

the mode, either IMPLICIT (to include the encrypted content (default) or EXPLICIT to not include it)

setSecurityProvider

public void setSecurityProvider(SecurityProvider securityProvider)

Sets the SecurityProvider for this EncryptedContentInfoStream.

This method allows to explicitly set a SecurityProvider for this EncryptedContentInfoStream. If no explicit SecurityProvider is set, the default system wide installed SecurityProvider will be used for the required cryptographic operations.

This class uses the following method(s) of the SecurityProvider, which may be overriden by an application, if required:

• getInputStreamCipherEngine methods to get an InputStreamCipherEngine for stream based content en/decryption
• getByteArrayCipherEngine methods to get a ByteArrayCipherEngine for content en/decryption for non-stream EncryptedContentInfo objects
• generateKey to generate the symmetric content encryption key
• getAlgorithmParameters to parse algorithm parameters from an AlgorithmID

Parameters:

securityProvider - the SecurityProvider to be set

getSecurityProvider

public SecurityProvider getSecurityProvider()

Gets the SecurityProvider installed for this EncryptedContentInfoStream.

This class uses the following method(s) of the SecurityProvider, which may be overriden by an application, if required:

• getInputStreamCipherEngine methods to get an InputStreamCipherEngine for stream based content en/decryption
• getByteArrayCipherEngine methods to get a ByteArrayCipherEngine for content en/decryption for non-stream EncryptedContentInfo objects
• generateKey to generate the symmetric content encryption key
• getAlgorithmParameters to parse algorithm parameters from an AlgorithmID

If no explicit SecurityProvider has been set for this object, the default system wide installed SecurityProvider will be used for the required cryptographic operations. However, this method will return null if it does not have its own SecurityProvider.

Returns:

the SecurityProvider explicitly installed for this object, or null if this object does not have its own SecurityProvider

decode

protected void decode(java.io.InputStream is)
               throws java.io.IOException,
                      CMSParsingException

Reads and decodes an encoded EncryptedContentInfoStream from an input stream.

Parameters:

is - the InputStream holding a BER encoded EncryptedContentInfoStream object

Throws:

java.io.IOException - if an I/O error occurs during reading from the InputStream

CMSParsingException - if an error occurs while parsing the object

setupCipher

public void setupCipher(iaik.asn1.structures.AlgorithmID contentEA,
                        java.security.Key key,
                        java.security.AlgorithmParameters params)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException,
                        java.security.InvalidAlgorithmParameterException

Setups the cipher for encrypting the content.

If parameters are specified they are set for the given content encryption algorithm. This method creates a cipher for the specified content-encryption algorithm and initializes it with given key and parameters. The content encryption actually is performed during the encoding when writing this EncyrptedContentInfo to a stream by calling the writeTo method. So it is important to setup the cipher before writing to the stream!

Note: This method internaly creates a clone of the supplied AlgorithmID. If parameters are supplied they are used for initializing the Cipher engine. After initializing the Cipher engine, method Cipher.getParameters() is called to get (back) the parameters the Cipher has been initialized with (respectively the Cipher has created itsself) for including them into the AlgorithmID to be sent to the recipient. This may override any parameters that have been included in the AlgorithmID by the user. So, if you have included parameters in the AlgorithmID, take care to supply them as params for initializing the Cipher, too. If params is null, the Cipher will create and use (and send in the AlgorithmID) its own parameters.

Parameters:

contentEA - the algorithm to use for encrypting the content

key - the key to use

params - the parameters to initialize the cipher

Throws:

java.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithm

java.security.InvalidKeyException - if the key is inappropriate for the content-encryption algorithm

java.security.InvalidAlgorithmParameterException - if the provided parameters are not appropriate for the algorithm

setupCipher

public void setupCipher(iaik.asn1.structures.AlgorithmID contentEA,
                        java.security.Key key,
                        java.security.spec.AlgorithmParameterSpec params)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException,
                        java.security.InvalidAlgorithmParameterException

Setups the cipher for encrypting the content. If parameters are specified they are set for the given content encryption algorithm. This method creates a cipher for the specified content-encryption algorithm and initializes it with given key and parameters. The content encryption actually is performed during the encoding when writing this EncyrptedContentInfo to a stream by calling the writeTo method. So it is important to setup the cipher before writing to the stream!

Note: This method internaly creates a clone of the supplied AlgorithmID. If parameters are supplied they are used for initializing the Cipher engine. After initializing the Cipher engine, method Cipher.getParameters() is called to get (back) the parameters the Cipher has been initialized with (respectively the Cipher has created itsself) for including them into the AlgorithmID to be sent to the recipient. This may override any parameters that have been included in the AlgorithmID by the user. So, if you have included parameters in the AlgorithmID, take care to supply them as params for initializing the Cipher, too. If params is null, the Cipher will create and use (and send in the AlgorithmID) its own parameters.

Parameters:

contentEA - the algorithm to use for encrypting the content

key - the key to use

params - the parameters to initialize the cipher

Throws:

java.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithm

java.security.InvalidKeyException - if the key is inappropriate for the content-encryption algorithm

java.security.InvalidAlgorithmParameterException - if the provided parameters are not appropriate for the algorithm

setupCipher

public javax.crypto.SecretKey setupCipher(iaik.asn1.structures.AlgorithmID contentEA)
                                   throws java.security.NoSuchAlgorithmException

Setups the cipher and generates a secret key for encrypting the content.

This method creates a cipher for the specified content-encryption algorithm and initializes it with a newly generated secret key. The content encryption actually is performed during the encoding when writing this EncyrptedContentInfo to a stream by calling the writeTo method. So it is important to setup the cipher before writing to the stream!

Attention! This method only shall be used for cipher setup if the secret key to be generated has a predefined length or default setting, since no key length parameter is offered. For generating a Key of specific length to be used for encrypting the content call method {#setupCipher(AlgorithmID, int) setupCipher(AlgorithmID contentEA, int keyLength)}.

Note: This method internaly creates a clone of the supplied AlgorithmID.

Parameters:

contentEA - the algorithm to use for encrypting the content

Returns:

the new symmetric key for encrypting the content

Throws:

java.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithm

setupCipher

public javax.crypto.SecretKey setupCipher(iaik.asn1.structures.AlgorithmID contentEA,
                                          int keyLength)
                                   throws java.security.NoSuchAlgorithmException

Setups the cipher and generates a secret key for encrypting the content.

If the specified content encryption algorithm supports variable key lengths, a particular key length may be set by means of the keyLength parameter. If no length is specified, the defined default key length will be used. If the algorithm only works with keys of fixed-size length, the keyLength parameter may be set to -1 or the setupCipher(AlgorithmID) method may be used.

This method creates a cipher for the specified content-encryption algorithm and initializes it with the newly generated secret key. The content encryption actually is performed during the encoding when writing this EncyrptedContentInfo to a stream by calling the writeTo method. So it is important to setup the cipher before writing to the stream!

Parameters:

contentEA - the algorithm to use for encrypting the content

keyLength - the key length that may be set when using a content encryption algorithm that supports variable key lengths

Returns:

the new symmetric key for encrypting the content

Throws:

java.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithm

setupCipher

public javax.crypto.SecretKey setupCipher(iaik.asn1.structures.AlgorithmID contentEA,
                                          int keyLength,
                                          java.security.spec.AlgorithmParameterSpec params)
                                   throws java.security.NoSuchAlgorithmException

Setups the cipher and generates a secret key for encrypting the content.

If the specified content encryption algorithm supports variable key lengths, a particular key length may be set by means of the keyLength parameter. If no length is specified, the defined default key length will be used. If the algorithm only works with keys of fixed-size length, the keyLength parameter may be set to -1 or the setupCipher(AlgorithmID) method may be used.

This method creates a cipher for the specified content-encryption algorithm and initializes it with the newly generated secret key. The content encryption actually is performed during the encoding when writing this EncyrptedContentInfo to a stream by calling the writeTo method. So it is important to setup the cipher before writing to the stream!

Parameters:

contentEA - the algorithm to use for encrypting the content

keyLength - the key length that may be set when using a content encryption algorithm that supports variable key lengths

params - the algorithm parameters for initializing the cipher

Returns:

the new symmetric key for encrypting the content

Throws:

java.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithm

setupCipher

public javax.crypto.SecretKey setupCipher(iaik.asn1.structures.AlgorithmID contentEA,
                                          int keyLength,
                                          java.security.AlgorithmParameters params)
                                   throws java.security.NoSuchAlgorithmException

Setups the cipher and generates a secret key for encrypting the content.

If the specified content encryption algorithm supports variable key lengths, a particular key length may be set by means of the keyLength parameter. If no length is specified, the defined default key length will be used. If the algorithm only works with keys of fixed-size length, the keyLength parameter may be set to -1 or the setupCipher(AlgorithmID) method may be used.

This method creates a cipher for the specified content-encryption algorithm and initializes it with the newly generated secret key. The content encryption actually is performed during the encoding when writing this EncyrptedContentInfo to a stream by calling the writeTo method. So it is important to setup the cipher before writing to the stream!

Parameters:

contentEA - the algorithm to use for encrypting the content

keyLength - the key length that may be set when using a content encryption algorithm that supports variable key lengths

params - the algorithm parameters for initializing the cipher

Returns:

the new symmetric key for encrypting the content

Throws:

java.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithm

setupCipher

public void setupCipher(java.security.Key key,
                        java.security.spec.AlgorithmParameterSpec params)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException,
                        java.security.InvalidAlgorithmParameterException

Uses the specified key and parameters to setup the cipher for decrypting the content.

The decryption actually is performed when subsequently getting and reading the content by means of the getInputStream method. So the content should not be read before setting up the cipher!

Parameters:

key - the (secret) key to decrypt the content

params - the algorithm parameters needed to decrypt the content

Throws:

java.security.NoSuchAlgorithmException - if there is no implementation for the content-encryption-algorithm to be used

java.security.InvalidKeyException - if the key is inappropriate for the content-encryption algorithm

java.security.InvalidAlgorithmParameterException - if the provided parameters are not appropriate for the created cipher

setupCipher

public void setupCipher(java.security.Key key,
                        java.security.AlgorithmParameters params)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException,
                        java.security.InvalidAlgorithmParameterException

Uses the specified key and parameters to setup the cipher for decrypting the content.

The decryption actually is performed when subsequently getting and reading the content by means of the getInputStream method. So the content should not be read before setting up the cipher!

Parameters:

key - the (secret) key to decrypt the content

params - the algorithm parameters needed to decrypt the content

Throws:

java.security.NoSuchAlgorithmException - if there is no implementation for the content-encryption-algorithm to be used

java.security.InvalidKeyException - if the key is inappropriate for the content-encryption algorithm

java.security.InvalidAlgorithmParameterException - if the provided parameters are not appropriate for the created cipher

setupCipher

public void setupCipher(java.security.Key key)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException,
                        CMSException

Uses the specified content-encryption key to setup the cipher for decrypting the content.

The decryption actually is performed when subsequently getting and reading the content by means of the getInputStream method. So the content should not be read before setting up the cipher!

Parameters:

key - the (secret) key to decrypt the content

Throws:

java.security.NoSuchAlgorithmException - if there is no implementation for the content-encryption-algorithm to be used

java.security.InvalidKeyException - if the key is inappropriate for the content-encryption algorithm

CMSException - if the algorithm parameter cannot be retrieved from the algorithm

setBlockSize

public void setBlockSize(int blockSize)

Sets the block size for encoding the encrypted content. If blockSize is positive, the encrypted content is encoded as indefinite constructed octet string being composed of a certain number of definite primitive encoded octet strings of blockSize length:

 0x24 0x80
           0x04 <blocksize> <first encrypted content block>
           0x04 <blocksize> <second encrypted content block>
           0x04 <blocksize> <third encrypted content block>
                ...
 0x00 0x00
 

If blockSize is not positive, whole the encrypted content is encoded as definite primitive octet string when calling the writeTo method:

  0x04 <length> <encrypted content>
 

Parameters:

blockSize - the block size defining the encoding scheme - and specifying the length of each primitive encoded octet string component, if positive

getBlockSize

public int getBlockSize()

Gets the block size defining the length of each definite primitive encoded octet string component.

If the value of blockSize is smaller or equal to zero the whole data is encoded as definite primitive octet string. This method may be used for enforcing block encoding when wrapping the EncryptedData into a ContentInfo.

Returns:

blockSize defining the encoding scheme and setting the octet string component length, if positive

toASN1Object

public iaik.asn1.ASN1Object toASN1Object()
                                  throws CMSException

Returns this EncryptedContentInfoStream as ASN1Object.

Returns:

this EncryptedContentInfoStream as ASN1Object.

Throws:

CMSException

writeTo

public void writeTo(java.io.OutputStream os)
             throws java.io.IOException,
                    CMSException

Writes the BER encoding of this object to the given OutputStream.

When encoding the content data to the given stream it is piped through a cipher stream thereby performing the content encryption.

If the setBlockSize method has been utilized for defining a positive blockSize value, the encrypted content is encoded as indefinite constructed octet string being composed of a certain number of definite primitive encoded octet strings of blockSize length:

 0x24 0x80
           0x04 <blocksize> <first encrypted content block>
           0x04 <blocksize> <second encrypted content block>
           0x04 <blocksize> <third encrypted content block>
                ...
 0x00 0x00
 

Otherwise, whole the encrypted content is encoded as definite primitive octet string:

  0x04 <length> <encrypted content>
 

Parameters:

os - the OutputStream to which the encoding shall be written to

Throws:

java.io.IOException - if an I/O error occurs during writing to the OutputStream

CMSException - if an error occurs while encoding the object

getContentType

public iaik.asn1.ObjectID getContentType()

Returns the type of the content encrypted by this EncryptedContentInfoStream.

Returns:

the content type

getContentEncryptionAlgorithm

public iaik.asn1.structures.AlgorithmID getContentEncryptionAlgorithm()

Returns the content-encryption algorithm (including any associated parameters) of this EncryptedContentInfoStream.

Returns:

the content-encryption AlgorithmID

getInputStream

public java.io.InputStream getInputStream()

Returns an InputStream for reading the decrypted content. Attention! The stream only may be read once.

When having created a new EncryptedContentInfoStream object to be encoded to a stream, this method should not be utilized at all, since the stream automatically will be read during performing the encoding (which is done when calling the writeTo method).
When having decoded and parsed a received EncryptedContentInfoStream object coming from some stream, this method may be used for obtaining the raw (decrypted) data after having done the cipher setup.

Returns:

an InputStream for reading the content data

setInputStream

public void setInputStream(java.io.InputStream is)

Sets the input stream that supplies the content data to be encrypted.

Parameters:

is - the input stream holding the content data to encrypt

hasContent

public boolean hasContent()

Returns true if there is a content.

Returns:

true if there is a content

toString

public java.lang.String toString()

Returns a string giving some information about this EncryptedContentInfoStream object.

Overrides:

toString in class java.lang.Object

Returns:

the string representation

setAuthEnveloped

public void setAuthEnveloped(boolean authEnveloped)

Sets whether this EncryptedContentInfo is used for authenticated encryption.

Parameters:

authEnveloped - whether to use this EncryptedContentInfo for authenticated encryption (default: false)

setAdditionalAuthData

public void setAdditionalAuthData(byte[] aad)

Sets the additional authenticated data which shall be authenticated but not encrypted.

Only meaningful for CMS content type AuthEnvelopedData.

Parameters:

aad - the additional authenticated data (DER encoded authenticated attributes from AuthEnvelopedData content type according to RFC 5083), or null if there are no authenticated attributes