iaik.cms.attributes

Class CounterSignature

java.lang.Object

iaik.asn1.structures.AttributeValue

iaik.cms.attributes.CounterSignature

All Implemented Interfaces:

iaik.asn1.ASN1Type

public class CounterSignature
extends iaik.asn1.structures.AttributeValue

The CMS CounterSignature attribute.

The Cryptographic Message Syntax (CMS) (RFC 5652) specifies the CounterSignature attribute to may be included as an unsigned attribute into a SignerInfo for counter signing (signing in serial) the signature value of a SignerInfo included in a SignedData. The value of a CounterSignature attribute itself is a SignerInfo:

 CounterSignature ::= SignerInfo

 id-countersignature OBJECT IDENTIFIER ::= { iso(1) member-body(2)
         us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }
 

Since being itself a SignerInfo, CounterSignature objects may be created and supplied with attributes -- note, that the content-type attribute is not required since a counter signature has no content type -- in similar way as done for ordinary SignerInfos. However, whereas signing and verifying of ordinary SignerInfos usually is controlled from the SignedData(Stream) object they belong to, an application explicitly has to call proper counterSign or verify methods thereby specifying the signature value, SignerInfo or other CounterSignature object to be counter signed, e.g.:

 // the SignerInfo to be counter signed:
 SignerInfo signerInfo = ...;
 // the cert of the counter signer
 X509Certificate counterCert = ...;
 // the private key of the counter signer:
 PrivateKey counterKey = ...;
 // create a CounterSignature for the counter signer:
 CounterSignature counterSignature = 
    new CounterSignature(new IssuerAndSerialNumber(counterCert), AlgorithmID.sha256, counterKey);
 ...
 // add any attributes, if required
 ...
 // now counter sign the SignerInfo
 counterSignature.counterSign(signerInfo);
 // and add the counter signature as unsigned attribute
 Attribute[] unsignedAttributes = new Attribute[] { new Attribute(counterSignature) };
 signerInfo.addUnsignedAttributes(unsignedAttributes);
 ...
 

On the verification end get the CounterSignature unsigned attribute and call a proper verify method thereby specifying the signature value, SignerInfo or other CounterSignature object to be "counter" verified, e.g.:

 // the SignerInfo parsed from a SignedData
 SignerInfo signerInfo = ...;
 // look for a CounterSignature attribute
 Attribute counterSignatureAttribute = signerInfo.getUnsignedAttribute(ObjectID.countersignature);
 if (counterSignatureAttribute != null) {
   // check for any included CounterSignature
   AttributeValue[] counterSignatures = counterSignatureAttribute.getAttributeValues();
   System.out.println("This SignerInfo is counter signed from: ");
   // may have more than one values
   for (int j = 0; j < counterSignatures.length; j++) {
     CounterSignature counterSignature = (CounterSignature)counterSignatures[i];
     try {
       if (counterSignature.verify(counterCert.getPublicKey(), signerInfo)) {
         System.out.println("Signature OK from counter signer: "+counterSignature.getSignerIdentifier());  
       } else {
         System.out.println("Signature ERROR from counter signer: "+counterSignature.getSignerIdentifier());  
       }  
     } catch (SignatureException ex) {
       System.out.println("Signature ERROR from counter signer: "+counterSignature.getSignerIdentifier());  
     }  
   }
 }
 

See Also:

SignedData, SignedDataStream, SignerInfo

Field Summary

Fields

Modifier and Type	Field and Description
static iaik.asn1.ObjectID	oid The attributeType object identifier of the CMS CounterSignature attribute.

Constructor Summary

Constructors

Constructor and Description
CounterSignature() Default constructor.
CounterSignature(iaik.asn1.ASN1Object obj) Creates a CMS CounterSignature from an ASN1Object.
CounterSignature(CertificateIdentifier signerIdentifier, iaik.asn1.structures.AlgorithmID digestAlgorithm, iaik.asn1.structures.AlgorithmID signatureAlgorithm, java.security.PrivateKey privateKey) Creates a new CounterSignature from given signerIdentifier, and digestAlgorithm ID, signature algorithmID, and the signer private key.
CounterSignature(CertificateIdentifier signerIdentifier, iaik.asn1.structures.AlgorithmID digestAlgorithm, java.security.PrivateKey privateKey) Creates a new CounterSignature from given SignerIdentifier, digestAlgorithm ID, and the counter signer private key.

Method Summary

Modifier and Type	Method and Description
void	addSignedAttribute(iaik.asn1.structures.Attribute attribute) Adds the given attribute to the set of signed attributes.
void	addSignedAttributes(iaik.asn1.structures.Attribute[] attributes) Adds the given attributes to the set of signed attributes.
void	addUnsignedAttribute(iaik.asn1.structures.Attribute attribute) Adds the given attribute to the set of unsigned attributes.
void	addUnsignedAttributes(iaik.asn1.structures.Attribute[] attributes) Adds the given attributes to the set of unsigned attributes.
void	counterSign(byte[] signatureToBeCounterSigned) Counter signs the given signature value.
void	counterSign(CounterSignature counterSignature) Counter signs the given CounterSignature.
void	counterSign(SignerInfo signerInfo) Counter signs the given SignerInfo.
void	decode(iaik.asn1.ASN1Object obj) Decodes the given ASN.1 CounterSignature object for parsing the internal structure.
iaik.asn1.ObjectID	getAttributeType() Returns the OID identifying the CMS CounterSignature attribute type.
iaik.asn1.structures.AlgorithmID	getDigestAlgorithm() Returns the AlgorithmID of the message-digest algorithm that has been used for digesting the content and any signed attributes.
SecurityProvider	getSecurityProvider() Gets the SecurityProvider installed for this CounterSignature.
iaik.asn1.structures.AlgorithmID	getSignatureAlgorithm() Returns the signature algorithm used for calculating the signature and associated information with the signer private key.
byte[]	getSignatureValue() Returns the signature value.
iaik.asn1.structures.Attribute	getSignedAttribute(iaik.asn1.ObjectID oid) Returns the first signed attribute matching to the given ObjectID, if included in this CounterSignature object.
iaik.asn1.structures.Attribute[]	getSignedAttributes() Returns a set of attributes that are signed by the signer.
iaik.asn1.structures.Attribute[]	getSignedAttributes(iaik.asn1.ObjectID oid) Returns all signed attributes matching to the given attribute type, if included in this CounterSignature object.
iaik.asn1.structures.AttributeValue	getSignedAttributeValue(iaik.asn1.ObjectID oid) Returns the attribute value of a single valued signed attribute with the given type.
byte[]	getSignedDigest() Returns the message digest included in the signed attributes.
CertificateIdentifier	getSignerIdentifier() Returns information about the signer certificate.
SigningCertificate	getSigningCertificateAttribute() Gets the SigningCertificate attribute, if included.
SigningCertificateV2	getSigningCertificateV2Attribute() Gets the SigningCertificateV2 attribute, if included.
iaik.asn1.structures.Attribute	getUnsignedAttribute(iaik.asn1.ObjectID oid) Returns the first unsigned attribute matching to the given ObjectID, if included in this CounterSignature object.
iaik.asn1.structures.Attribute[]	getUnsignedAttributes() Returns a set of attributes that are not signed by the signer.
iaik.asn1.structures.Attribute[]	getUnsignedAttributes(iaik.asn1.ObjectID oid) Returns all unsigned attributes matching to the given attribute type, if included in this CounterSignature object.
iaik.asn1.structures.AttributeValue	getUnsignedAttributeValue(iaik.asn1.ObjectID oid) Returns the attribute value of a single valued unsigned attribute with the given type.
int	getVersion() Returns the synatx version number (1 or 3).
boolean	isSignerCertificate(iaik.x509.X509Certificate cert) Checks whether the supplied certificate actually is the certificate of the signer.
void	removeSignedAttribute(iaik.asn1.ObjectID attributeType) Removes all signed attributes with the given attribute type.
void	removeUnsignedAttribute(iaik.asn1.ObjectID attributeType) Removes all unsigned attributes with the given attribute type.
void	setSecurityProvider(SecurityProvider securityProvider) Sets the SecurityProvider for this CounterSignature.
void	setSignatureValue(byte[] signatureValue) Sets the signature value.
void	setSignedAttributes(iaik.asn1.structures.Attribute[] attributes) Sets a set of attributes to be signed along with the content to be signed.
void	setUnsignedAttributes(iaik.asn1.structures.Attribute[] attributes) Sets a set of attributes that are not signed by the signer.
iaik.asn1.ASN1Object	toASN1Object() Returns this CounterSignature as ASN1Object.
java.lang.String	toString() Returns a string giving some information about this CounterSignature object.
java.lang.String	toString(boolean detailed) Returns a string giving some - if requested - detailed information about this CounterSignature object.
boolean	verify(java.security.PublicKey publicKey, byte[] signatureThatWasCounterSigned) Verifies the counter signature of the given signature value with the given public key.
boolean	verify(java.security.PublicKey publicKey, CounterSignature counterSignature) Verifies the counter signature of the given CounterSiganture with the given public key.
boolean	verify(java.security.PublicKey publicKey, SignerInfo signerInfo) Verifies the counter signature of the given SignerInfo with the given public key.

Methods inherited from class iaik.asn1.structures.AttributeValue

getName, multipleAllowed

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

oid

public static final iaik.asn1.ObjectID oid

The attributeType object identifier of the CMS CounterSignature attribute. The corresponding OID string is "1.2.840.113549.1.9.6".

Constructor Detail

CounterSignature

public CounterSignature()

Default constructor. Creates an empty CounterSignature object and sets the SignerInfo version number to 1, and the signature algorithm ID to rsaEncryption.

CounterSignature

public CounterSignature(CertificateIdentifier signerIdentifier,
                        iaik.asn1.structures.AlgorithmID digestAlgorithm,
                        java.security.PrivateKey privateKey)

Creates a new CounterSignature from given SignerIdentifier, digestAlgorithm ID, and the counter signer private key.

The signerIdentifier identifies the signer certificate either by issuer distinguished name and issuer-specific serial number or by SubjectKeyIdentifier. The digestAlgorithm ID specifies the message digest algorithm used for calculating the digest of the content and any signed information. The private key is used for calculating the signature. When using this constructor, the signature is calculated with the PKCS#1 rsaEncryption method.

Parameters:

signerIdentifier - information about the counter signer certificate.

digestAlgorithm - the AlgorithmID of the message-digest algorithm

privateKey - the counter signer private key to be used for signing

Throws:

java.lang.IllegalArgumentException - if the supplied signerIdentifier is not a SubjectKeyID or IssuerAndSerialNumber

CounterSignature

public CounterSignature(CertificateIdentifier signerIdentifier,
                        iaik.asn1.structures.AlgorithmID digestAlgorithm,
                        iaik.asn1.structures.AlgorithmID signatureAlgorithm,
                        java.security.PrivateKey privateKey)

Creates a new CounterSignature from given signerIdentifier, and digestAlgorithm ID, signature algorithmID, and the signer private key.

The signerIdentifier identifies the signer certificate either by issuer distinguished name and issuer-specific serial number or by SubjectKeyIdentifier. The digestAlgorithm ID specifies the message digest algorithm used for calculating the digest of the content and any signed information. The private key is used for calculating the signature with the given signature algorithm.

Parameters:

signerIdentifier - information about the counter igner certificate.

digestAlgorithm - the AlgorithmID of the message-digest algorithm

signatureAlgorithm - the algorithm to be used for signature calculation

privateKey - the counter signer private key to be used for signing

CounterSignature

public CounterSignature(iaik.asn1.ASN1Object obj)
                 throws iaik.asn1.CodingException

Creates a CMS CounterSignature from an ASN1Object.

The ASN1Object supplied to this constructor represents an already exisiting CounterSignature object that may have been created by calling toASN1Object.

Parameters:

obj - the CMS CounterSignature as ASN1Object

Throws:

iaik.asn1.CodingException - if the object can not be parsed

Method Detail

setSecurityProvider

public void setSecurityProvider(SecurityProvider securityProvider)

Sets the SecurityProvider for this CounterSignature.

This method allows to explicitly set a SecurityProvider for this CounterSignature. If no explicit SecurityProvider is set, the default system wide installed SecurityProvider will be used for the required cryptographic operations.

This class may use the following method(s) of the SecurityProvider, which may be overriden by an application, if required:

• calculateSignatureFromSignedAttributes() to calculate the signature value from the encoding of the signed attributes
• calculateSignatureFromHash() to calculate the signature value from the message hash
• getHash() as may be required for cert hash calculation when querying for included SigningCertificate attributes

Parameters:

securityProvider - the SecurityProvider to be set

getSecurityProvider

public SecurityProvider getSecurityProvider()

Gets the SecurityProvider installed for this CounterSignature.

This class uses the following method(s) of the SecurityProvider, which may be overriden by an application, if required:

• calculateSignatureFromSignedAttributes() to calculate the signature value from the encoding of the signed attributes
• calculateSignatureFromHash() to calculate the signature value from the message hash
• getHash() as may be required for cert hash calculation when querying for included SigningCertificate or SigningCertificateV2 attributes

If no explicit SecurityProvider has been set for this object, the default system wide installed SecurityProvider will be used for the required cryptographic operations. However, this method will return null if it does not have its own SecurityProvider.

Returns:

the SecurityProvider explicitly installed for this object, or null if this object does not have its own SecurityProvider

decode

public void decode(iaik.asn1.ASN1Object obj)
            throws iaik.asn1.CodingException

Decodes the given ASN.1 CounterSignature object for parsing the internal structure.

This method internally is called when creating a CMS SignerInfo object from an already existing CounterSignature object, supplied as ASN1Object.

Parameters:

obj - the CMS CounterSignature as ASN1Object

Throws:

iaik.asn1.CodingException - if the object can not be parsed

toASN1Object

public iaik.asn1.ASN1Object toASN1Object()
                                  throws iaik.asn1.CodingException

Returns this CounterSignature as ASN1Object.

Returns:

this CounterSignature as ASN1Object.

Throws:

iaik.asn1.CodingException - if the ASN1Object could not be created

getAttributeType

public iaik.asn1.ObjectID getAttributeType()

Returns the OID identifying the CMS CounterSignature attribute type.

Specified by:

getAttributeType in class iaik.asn1.structures.AttributeValue

Returns:

the OID identifying the CMS CounterSignature attribute type.

setSignedAttributes

public void setSignedAttributes(iaik.asn1.structures.Attribute[] attributes)

Sets a set of attributes to be signed along with the content to be signed.

Parameters:

attributes - a set of attributes to be signed along with the content to be signed.

Throws:

java.lang.IllegalArgumentException - if the given attributes contain a ContentType attribute (not allowed for CounterSignatures)

addSignedAttributes

public void addSignedAttributes(iaik.asn1.structures.Attribute[] attributes)

Adds the given attributes to the set of signed attributes.

Parameters:

attributes - the attributes to be added to the signed attributes

Throws:

java.lang.IllegalArgumentException - if the given attributes contain a ContentType attribute (not allowed for CounterSignatures)

addSignedAttribute

public void addSignedAttribute(iaik.asn1.structures.Attribute attribute)

Adds the given attribute to the set of signed attributes.

Parameters:

attribute - the attribute to be added to the signed attributes

Throws:

java.lang.IllegalArgumentException - if the given attribute is a ContentType attribute (not allowed for CounterSignatures)

removeSignedAttribute

public void removeSignedAttribute(iaik.asn1.ObjectID attributeType)

Removes all signed attributes with the given attribute type.

Parameters:

attributeType - the OID identifying the attribute to be removed

getSigningCertificateAttribute

public SigningCertificate getSigningCertificateAttribute()
                                                  throws CMSException

Gets the SigningCertificate attribute, if included.

Returns:

the SigningCertificate attribute, or null if not included

Throws:

CMSException - if an error occurs while parsing for the SigningCertificate attribute

getSigningCertificateV2Attribute

public SigningCertificateV2 getSigningCertificateV2Attribute()
                                                      throws CMSException

Gets the SigningCertificateV2 attribute, if included.

Returns:

the SigningCertificateV2 attribute, or null if not included

Throws:

CMSException - if an error occurs while parsing for the SigningCertificateV2 attribute

getSignedDigest

public byte[] getSignedDigest()
                       throws CMSException

Returns the message digest included in the signed attributes.

Returns:

the message digest included in the signed attributes, or null if not present

Throws:

CMSException

setUnsignedAttributes

public void setUnsignedAttributes(iaik.asn1.structures.Attribute[] attributes)

Sets a set of attributes that are not signed by the signer.

Parameters:

attributes - a set of attributes that are not signed by the signer

addUnsignedAttributes

public void addUnsignedAttributes(iaik.asn1.structures.Attribute[] attributes)

Adds the given attributes to the set of unsigned attributes.

Parameters:

attributes - the attributes to be added to the unsigned attributes

addUnsignedAttribute

public void addUnsignedAttribute(iaik.asn1.structures.Attribute attribute)

Adds the given attribute to the set of unsigned attributes.

Parameters:

attribute - the attribute to be added to the unsigned attributes

removeUnsignedAttribute

public void removeUnsignedAttribute(iaik.asn1.ObjectID attributeType)

Removes all unsigned attributes with the given attribute type.

Parameters:

attributeType - the OID identifying the attribute to be removed

getVersion

public int getVersion()

Returns the synatx version number (1 or 3).

Returns:

the version number

getSignerIdentifier

public CertificateIdentifier getSignerIdentifier()

Returns information about the signer certificate.

The information is returned as CertificateIdentifier object specifying the signer certificate either by issuer distinguished name and issuer-specific serial number or by SubjectKeyIdentifier.

Returns:

information about the signer certificate

isSignerCertificate

public boolean isSignerCertificate(iaik.x509.X509Certificate cert)
                            throws CMSException

Checks whether the supplied certificate actually is the certificate of the signer.

This method first checks if the the signerIdentifier of this CounterSignature identifies the supplied certificate via IssuerAndSerialNumber or SubjectKeyIdentifier. If this check is successful, this method then looks if the SigningCertificate and/or the SigningCertificateV2 are present and identify the given certificate as cert of the signer. If both SigningCertificate attributes are present this method accepts the given certificate as signer certificate only if it is identified by both SigningCertificate attributes.

Parameters:

cert - the certificate to be checked of being the one of the signer

Returns:

true if the supplied certificate is the signer certificate, false if not

Throws:

CMSException - if the check cannot be completed because an error occurs when parsing the SigningCertificate or SigningCertificate attribute or a hash algorithm (required for calculating the cert hash) is not supported by the installed cryptographic providers

getDigestAlgorithm

public iaik.asn1.structures.AlgorithmID getDigestAlgorithm()

Returns the AlgorithmID of the message-digest algorithm that has been used for digesting the content and any signed attributes.

Returns:

the AlgorithmID of the message-digest algorithm

getSignedAttributes

public iaik.asn1.structures.Attribute[] getSignedAttributes()

Returns a set of attributes that are signed by the signer.

Returns:

a set of attributes that are signed by the signer

getSignedAttribute

public iaik.asn1.structures.Attribute getSignedAttribute(iaik.asn1.ObjectID oid)

Returns the first signed attribute matching to the given ObjectID, if included in this CounterSignature object.

Returns:

the first signed attribute belonging to the given ObjectID or null if there is no attribute for the given OID.

getSignedAttributes

public iaik.asn1.structures.Attribute[] getSignedAttributes(iaik.asn1.ObjectID oid)

Returns all signed attributes matching to the given attribute type, if included in this CounterSignature object.

Parameters:

oid - the attribute type to look for

Returns:

all signed attributes matching to the given attribute type, or null if there is no attribute for the given OID.

getSignedAttributeValue

public iaik.asn1.structures.AttributeValue getSignedAttributeValue(iaik.asn1.ObjectID oid)
                                                            throws CMSException

Returns the attribute value of a single valued signed attribute with the given type.

This method provides the possibility to immediately access the value of an attribute with the given type. This method may be used for getting the value of the first included attribute of requested type or -- more appropriate -- the only one value of a single valued signed attribute of requested type. In this way, this method can be seen as an alternative to method getSignedAttribute for providing immediate access to the attribute value, e.g.:

 SigningCertificate signingCertificate = (SigningCertificate)counterSignature.getSignedAttributeValue(Signingcertificate.oid);
 if (signingCertificate != null) {
   ...
 }
 

Parameters:

oid - the object identifier representing the type of the attribute for which to get the value

Returns:

the attribute value of null if no attribute of given type is included

Throws:

CMSException - if the ASN.1 representation of the attribute value cannot be parsed

getSignatureAlgorithm

public iaik.asn1.structures.AlgorithmID getSignatureAlgorithm()

Returns the signature algorithm used for calculating the signature and associated information with the signer private key.

Returns:

the signature algorithm

getSignatureValue

public byte[] getSignatureValue()

Returns the signature value.

Returns:

the signature value, as byte array

setSignatureValue

public void setSignatureValue(byte[] signatureValue)

Sets the signature value. This method may be used for calculating the signature value outside and explicitly setting it.

Parameters:

signatureValue - the signature value, calculated from outside

getUnsignedAttributes

public iaik.asn1.structures.Attribute[] getUnsignedAttributes()

Returns a set of attributes that are not signed by the signer.

Returns:

a set of attributes that are not signed by the signer

getUnsignedAttribute

public iaik.asn1.structures.Attribute getUnsignedAttribute(iaik.asn1.ObjectID oid)

Returns the first unsigned attribute matching to the given ObjectID, if included in this CounterSignature object.

Returns:

the first unsigned attribute belonging to the given ObjectID or null if there is no attribute for the given OID.

getUnsignedAttributes

public iaik.asn1.structures.Attribute[] getUnsignedAttributes(iaik.asn1.ObjectID oid)

Returns all unsigned attributes matching to the given attribute type, if included in this CounterSignature object.

Parameters:

oid - the attribute type to look for

Returns:

all unsigned attributes matching to the given attribute type, or null if there is no attribute for the given OID.

getUnsignedAttributeValue

public iaik.asn1.structures.AttributeValue getUnsignedAttributeValue(iaik.asn1.ObjectID oid)
                                                              throws CMSException

Returns the attribute value of a single valued unsigned attribute with the given type.

This method provides the possibility to immediately access the value of an unsigned attribute with the given type. This method may be used for getting the value of the first included unsigned attribute of requested type or -- more appropriate -- the only one value of a single valued unsigned attribute of requested type. In this way, this method can be seen as an alternative to method getUnsignedAttribute for providing immediate access to the attribute value, e.g.:

 SigningTime signingTime = 
   (SigningTime)counterSignature.getUnsignedAttributeValue(SigningTime.oid);
 if (signingTime != null) {
   ...
 }
 

Parameters:

oid - the object identifier representing the type of the attribute for which to get the value

Returns:

the attribute value of null if no attribute of given type is included

Throws:

CMSException - if the ASN.1 representation of the attribute value cannot be parsed

toString

public java.lang.String toString()

Returns a string giving some information about this CounterSignature object.

Specified by:

toString in class iaik.asn1.structures.AttributeValue

Returns:

the string representation

toString

public java.lang.String toString(boolean detailed)

Returns a string giving some - if requested - detailed information about this CounterSignature object.

Parameters:

detailed - - whether or not to give detailed information

Returns:

the string representation

counterSign

public void counterSign(SignerInfo signerInfo)
                 throws java.security.SignatureException

Counter signs the given SignerInfo. After counter signing the SignerInfo you must explicitly set the CounterSignature attribute, e.g.:

 ...
 counterSignature.counterSign(signerInfo);
 // and add the counter signature as unsigned attribute
 Attribute[] unsignedAttributes = new Attribute[] { new Attribute(counterSignature) };
 signerInfo.addUnsignedAttributes(unsignedAttributes);
 ...
 

Please note that one single CounterSignature object only can sign one single signature. So do not repeatedly call this method for signing more than one signatures; rather create a new CounterSignature object for any new signature to be counter signed.

Parameters:

signerInfo - the SignerInfo to be counter signed

Throws:

java.security.SignatureException - if signing fails for some reason

counterSign

public void counterSign(CounterSignature counterSignature)
                 throws java.security.SignatureException

Counter signs the given CounterSignature.

This method may be used for counter signing another CounterSognature. After counter signing the CounterSignature you must explicitly set the CounterSignature attribute, e.g.:

 ...
 counterSignature.counterSign(firstCounterSignature);
 // and add the counter signature as unsigned attribute
 Attribute[] unsignedAttributes = new Attribute[] { new Attribute(counterSignature) };
 firstCounterSignature.addUnsignedAttributes(unsignedAttributes);
 ...
 

Please note that one single CounterSignature object only can sign one single signature. So do not repeatedly call this method for signing more than one signatures; rather create a new CounterSignature object for any new signature to be counter signed.

Parameters:

counterSignature - the CounterSignature to be counter signed

Throws:

java.security.SignatureException - if signing fails for some reason

counterSign

public void counterSign(byte[] signatureToBeCounterSigned)
                 throws java.security.SignatureException

Counter signs the given signature value. After counter signing the SignerInfo you must explicitly set the CounterSignature attribute, e.g.:

 ...
 counterSignature.counterSign(signerInfo.getSignatureValue());
 // and add the counter signature as unsigned attribute
 Attribute[] unsignedAttributes = new Attribute[] { new Attribute(counterSignature) };
 signerInfo.addUnsignedAttributes(unsignedAttributes);
 ...
 

Please note that one single CounterSignature object only can sign one single signature. So do not repeatedly call this method for signing more than one signatures; rather create a new CounterSignature object for any new signature to be counter signed.

Parameters:

signatureToBeCounterSigned - the signature value to be counter signed

Throws:

java.security.SignatureException - if signing fails for some reason

verify

public boolean verify(java.security.PublicKey publicKey,
                      SignerInfo signerInfo)
               throws java.security.SignatureException

Verifies the counter signature of the given SignerInfo with the given public key.

The given SignerInfo represents the SignerInfo that has been counter signed, e.g.:

 try {
   if (counterSignature.verify(counterCert.getPublicKey(), signerInfo)) {
     System.out.println("Signature OK from counter signer: "+counterSignature.getSignerIdentifier());  
   } else {
     System.out.println("Signature ERROR from counter signer: "+counterSignature.getSignerIdentifier());  
   }  
 } catch (SignatureException ex) {
   System.out.println("Signature ERROR from counter signer: "+counterSignature.getSignerIdentifier());  
 }  
 

Parameters:

publicKey - the public key of the counter signer

signerInfo - SignerInfo the SignerInfo that has been counter signed

Returns:

true if the signature verifies, false if not

Throws:

java.security.SignatureException - signature verification process fails

verify

public boolean verify(java.security.PublicKey publicKey,
                      CounterSignature counterSignature)
               throws java.security.SignatureException

Verifies the counter signature of the given CounterSiganture with the given public key.

CounterSignatures may be applied recursively, i.e. one CounterSignature may be counter signed by another. The given CounterSignature represents the CounterSignature that has been counter signed, e.g.:

 try {
   if (counterSignature.verify(counterCert.getPublicKey(), counterSignature)) {
     System.out.println("Signature OK from counter signer: "+counterSignature.getSignerIdentifier());  
   } else {
     System.out.println("Signature ERROR from counter signer: "+counterSignature.getSignerIdentifier());  
   }  
 } catch (SignatureException ex) {
   System.out.println("Signature ERROR from counter signer: "+counterSignature.getSignerIdentifier());  
 }  
 

Parameters:

publicKey - the public key of the counter signer

counterSignature - CounterSignature the CounterSignature that has been counter signed

Returns:

true if the signature verifies, false if not

Throws:

java.security.SignatureException - signature verification process fails

verify

public boolean verify(java.security.PublicKey publicKey,
                      byte[] signatureThatWasCounterSigned)
               throws java.security.SignatureException

Verifies the counter signature of the given signature value with the given public key.

The given signature value may be the one of the SignerInfo that has been counter signed, e.g.:

 try {
   if (counterSignature.verify(counterCert.getPublicKey(), signerInfo.getSignatureValue())) {
     System.out.println("Signature OK from counter signer: "+counterSignature.getSignerIdentifier());  
   } else {
     System.out.println("Signature ERROR from counter signer: "+counterSignature.getSignerIdentifier());  
   }  
 } catch (SignatureException ex) {
   System.out.println("Signature ERROR from counter signer: "+counterSignature.getSignerIdentifier());  
 }  
 

Parameters:

publicKey - the public key of the counter signer

signatureThatWasCounterSigned - the siganture that has been counter signed

Returns:

true if the signature verifies, false if not

Throws:

java.security.SignatureException - if the signature verification process fails for some reason

InvalidContentHashException - if the signature verification process fails because the content hash does not match to value of the included MessageDigest attribute

InvalidContentTypeException - if the signed attributes contain a ContentType attribute (not allowed for CounterSignature)