iaik.cms
Class AuthenticatedDataOutputStream

java.lang.Object
  java.io.OutputStream
      iaik.cms.AuthenticatedDataOutputStream

All Implemented Interfaces:

java.io.Closeable, java.io.Flushable

public class AuthenticatedDataOutputStream
extends java.io.OutputStream

This is an OutputStream implementation of the CMS (RFC 5652) AuthenticatedData structure. It allows creating an AuthenticatedData object by writing the content to be authenticated to this stream.

It supports implicit (where the content is included in the AuthenticatedData object) and explicit (where the content is transmitted by other means) authentication formats.

This stream version will encode the content of the AuthenticatedData as a constructed OCTET STRING. Each write operation to this stream will result in an OCTET STRING block within this constructed OCTET STRING. Consequently, the size of each block equals the size of the data provided to the wirte operation.

The final call to close() will finish mac calcualtion and encoding and write any authenticated and/or unauthenticated attributes and the mac value.

The typical usage of this class looks like the following example for creating a CMS AuthenticatedData structure with the authenticated content included and using RSA for encrypting the secret mac key for the intended recipient(s).

   // the inherent content type
   ObjectID contentType = ObjectID.cms_data;
   // the mac algorithm to be used
   AlgorithmID macAlgorithm = (AlgorithmID)AlgorithmID.hMAC_SHA256.clone();
   // the length of the mac key to be generated
   int macKeyLength = 32;
   // we do not need mac algorithm parameters
   AlgorithmParameterSpec macParams = null;
   // we want to include authenticated attributes and therefore need a digest algorithm
   AlgorithmID digestAlgorithm = (AlgorithmID)AlgorithmID.sha256.clone();
   // the transmission mode (either AuthenticatedDataOutputStream.IMPLICIT or AuthenticatedDataOutputStream.EXPLICIT)
   int mode = AuthenticatedDataOutputStream.IMPLICIT;
   
   // the input stream from which to read the data to be authenticated
   InputStream dataInputStream = ...
   // the output stream to which to write the AuthenticatedData
   OutputStream resultStream = ...
   
   // create AuthenticatedDataOutputStream
   AuthenticatedDataOutputStream authenticatedData = 
     new AuthenticatedDataOutputStream(contentType, 
                                       resultStream, 
                                       macAlgorithm,
                                       macKeyLength,
                                       macParams,
                                       digestAlgorithm,
                                       mode);
     
   // the certificate of the recipient (we assume to use RSA for encrypting the mac key)
   X509Certificate recipientCert = ...
   // create and add RecipientInfo
   RecipientInfo recipient = new KeyTransRecipientInfo(recipientCert, AlgorithmID.rsaEncryption);
   authenticatedData.addRecipientInfo(recipient);   
       
   // add some authenticated attribute(s) (the MessageDigest attribute is calculated automatically)
   Attribute[] attributes = { new Attribute(new CMSContentType(contentType)) };
   authenticatedData.setAuthenticatedAttributes(attributes);
   
   // write in the data to be authenticated
   byte[] buffer = new byte[2048];
   int bytesRead;
   while ((bytesRead = dataInputStream.read(buffer)) != -1) {
     authenticatedData.write(buffer, 0, bytesRead);
   }
   // closing the stream calculates and adds the mac value and closes the underlying stream
   authenticatedData.close();
 
 

For using the AuthenticatedDataOutputStream in explicit mode, specify AuthenticatedDataOutputStream.EXPLICIT when creating the AuthenticatedDataOutputStream object:

   AuthenticatedDataOutputStream authenticatedData = 
     new AuthenticatedDataOutputStream(resultStream, AuthenticatedDataOutputStream.EXPLICIT);
 

The further proceeding is the same as in implicit mode. When calling a write method, the content data is dropped (since it must not be included in the AuthenticatedData object and has to be transmitted by other means). However, piping the data through write calls is required for hash and mac calculation.

If you want to encapsulate the AuthenticatedData into a ContentInfo you first must wrap a ContentInfoOutputStream around the final output stream (the ContentInfoStream has to write its headers to the stream at first, thus it must be created at the "lowest" level):

   ContentInfoOutputStream contentInfoStream = 
     new ContentInfoOutputStream(ObjectID.cms_authData, resultStream);
   // now create AuthenticatedDataOutputStream for the ContentInfoStream:
   AuthenticatedDataOutputStream authenticatedData = 
     new AuthenticatedDataOutputStream(contentType, 
                                       contentInfoStream, 
                                       macAlgorithm,
                                       macKeyLength,
                                       macParams,
                                       digestAlgorithm,
                                       mode);
       
   // the further proceeding is same as above
   
   // the certificate of the recipient (we assume to use RSA for encrypting the mac key)
   X509Certificate recipientCert = ...
   // create and add RecipientInfo
   RecipientInfo recipient = new KeyTransRecipientInfo(recipientCert, AlgorithmID.rsaEncryption);
   authenticatedData.addRecipientInfo(recipient);   
       
   // add some authenticated attribute(s) (the MessageDigest attribute is calculated automatically)
   Attribute[] attributes = { new Attribute(new CMSContentType(contentType)) };
   authenticatedData.setAuthenticatedAttributes(attributes);
   
   // write in the data to be authenticated
   byte[] buffer = new byte[2048];
   int bytesRead;
   while ((bytesRead = dataInputStream.read(buffer)) != -1) {
     authenticatedData.write(buffer, 0, bytesRead);
   }
   // closing the stream calculates and adds the mac value and closes the underlying stream
   authenticatedData.close();

 

Use class AuthenticatedDataStream to read in and parse the encoded AuthenticatedData and verify the message authentication code.

Have a look at the IAIK-CMS Demo library for AuthenticatedData examples.

See Also:

RecipientInfo, AuthenticatedDataStream, ContentInfoOutputStream

Field Summary

static int	EXPLICIT Denotes a mode where the content is not transmitted within the AuthenticatedData.
static int	IMPLICIT Denotes a mode where the content is included in the AuthenticatedData.

Constructor Summary

AuthenticatedDataOutputStream(ObjectID contentType, java.io.OutputStream out, AlgorithmID macAlg, byte[] mac, AlgorithmID digestAlg, int mode)
Creates an AuthenticatedDataOutputStream from an already calculated MAC value.

AuthenticatedDataOutputStream(ObjectID contentType, java.io.OutputStream out, AlgorithmID macAlg, int macKeyLength, java.security.spec.AlgorithmParameterSpec macParams, AlgorithmID digestAlg, int mode)
Creates a new AuthenticatedDataOutputStream which later writes the complete encoded AuthenticatedData structure to the given output stream (e.g.

AuthenticatedDataOutputStream(ObjectID contentType, java.io.OutputStream out, AlgorithmID macAlg, int macKeyLength, java.security.spec.AlgorithmParameterSpec macParams, AlgorithmID digestAlg, int mode, SecurityProvider securityProvider)
Creates a new AuthenticatedDataOutputStream which later writes the complete encoded AuthenticatedData structure to the given output stream (e.g.

AuthenticatedDataOutputStream(ObjectID contentType, java.io.OutputStream out, AlgorithmID macAlg, int macKeyLength, java.security.spec.AlgorithmParameterSpec macParams, int mode)
Creates a new AuthenticatedDataOutputStream which later writes the complete encoded AuthenticatedData structure to the given output stream (e.g.

AuthenticatedDataOutputStream(ObjectID contentType, java.io.OutputStream out, AlgorithmID macAlg, int macKeyLength, java.security.spec.AlgorithmParameterSpec macParams, int mode, SecurityProvider securityProvider)
Creates a new AuthenticatedDataOutputStream which later writes the complete encoded AuthenticatedData structure to the given output stream (e.g.

Method Summary

void	addRecipientInfo(RecipientInfo recipient) Adds one recipient to the list of recipient infos.
void	close() Finishes the encoding, calculates the mac value and writes the mac value and any authenticated/unauthenticated attributes (if set) to the stream.
void	flush() Flushes any internal data and calls flush of the underlying stream.
Attribute	getAuthenticatedAttribute(ObjectID oid) Returns the first authenticated attribute matching to the given ObjectID, if included in this AutheticatedData object.
Attribute[]	getAuthenticatedAttributes() Gets the authenticated attributes included in this AutheticatedData.
byte[]	getAuthenticatedDigest() Gets the value of the MessageDigest attribute, if included in the authenticated attributes.
byte[]	getMac() Gets the MAC value.
SecurityProvider	getSecurityProvider() Gets the SecurityProvider installed for this EncryptedDataStream.
Attribute	getUnauthenticatedAttribute(ObjectID oid) Returns the first unauthenticated attribute matching to the given ObjectID, if included in this AutheticatedData object.
Attribute[]	getUnauthenticatedAttributes() Gets the unauthenticated attributes included in this AutheticatedData.
int	getVersion() Returns the syntax version number.
boolean	isPassThroughClose() Checks whether a call to close() will call close of the underlying output stream
void	setAuthenticatedAttributes(Attribute[] attributes) Sets a set of (authenticated) attributes.
void	setOriginatorInfo(OriginatorInfo originatorInfo) Sets the optional OriginatorInfo.
void	setPassThroughClose(boolean passThroughClose) Setting this to true will cause close() to call close of the underlying output stream.
void	setRecipientInfos(RecipientInfo[] recipients) Sets the recipient infos.
void	setSecurityProvider(SecurityProvider securityProvider) Sets the SecurityProvider for this AuthenticatedDataOutputStream.
void	setUnauthenticatedAttributes(Attribute[] attributes) Sets a set of (unauthenticated) attributes.
java.lang.String	toString() Returns a string giving some information about this AutheticatedData object.
java.lang.String	toString(boolean detailed) Returns a string giving some - if requested - detailed information about this AutheticatedData object.
void	write(byte[] b) Processes the given content data to be authenticated.
void	write(byte[] b, int off, int len) Processes the given content data to be authenticated.
void	write(int b) Processes the given content byte to be authenticated.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

IMPLICIT

public static final int IMPLICIT

Denotes a mode where the content is included in the AuthenticatedData.

See Also:

Constant Field Values

EXPLICIT

public static final int EXPLICIT

Denotes a mode where the content is not transmitted within the AuthenticatedData.

See Also:

Constant Field Values

Constructor Detail

AuthenticatedDataOutputStream

public AuthenticatedDataOutputStream(ObjectID contentType,
                                     java.io.OutputStream out,
                                     AlgorithmID macAlg,
                                     int macKeyLength,
                                     java.security.spec.AlgorithmParameterSpec macParams,
                                     int mode)
                              throws java.security.NoSuchAlgorithmException

Creates a new AuthenticatedDataOutputStream which later writes the complete encoded AuthenticatedData structure to the given output stream (e.g. write(byte[])). This constructor generates a symmetric MAC key and uses an OutputStreamMacEngine to wrap a mac calculating output stream around the output stream to which the data to be authenticated is later written (e.g. write(byte[])).

Parameters:

contentType - the type of the authenticated content (e.g. ObjectID.cms_data)

out - the OutputStream receiving the authenticated data

macAlg - the MAC algorithm to be used

macKeyLength - the length (in bytes) of the mac key to be generated; if not specified (-1), a default value will be used depending on the mac algorithm and the implementation of the SecurityProvider method generateKey. The IaikProvider tries to determine the block length of the mac algorithm in use; otherwise it uses the length of the underlying digest algorithm.

macParams - any parameters, if required by the mac algorithm

mode - the transmission mode; either IMPLICIT (to include the content) or EXPLICIT to transmit it by other means

Throws:

java.security.NoSuchAlgorithmException - if the requested digest or mac algorithm is not supported or the MAC key cannot be created

AuthenticatedDataOutputStream

public AuthenticatedDataOutputStream(ObjectID contentType,
                                     java.io.OutputStream out,
                                     AlgorithmID macAlg,
                                     int macKeyLength,
                                     java.security.spec.AlgorithmParameterSpec macParams,
                                     int mode,
                                     SecurityProvider securityProvider)
                              throws java.security.NoSuchAlgorithmException

Creates a new AuthenticatedDataOutputStream which later writes the complete encoded AuthenticatedData structure to the given output stream (e.g. write(byte[])). This constructor generates a symmetric MAC key and uses an OutputStreamMacEngine to wrap a mac calculating output stream around the output stream to which the data to be authenticated is later written (e.g. write(byte[])).

Parameters:

contentType - the type of the authenticated content (e.g. ObjectID.cms_data)

out - the OutputStream receiving the authenticated data

macAlg - the MAC algorithm to be used

macKeyLength - the length (in bytes) of the mac key to be generated; if not specified (-1), a default value will be used depending on the mac algorithm and the implementation of the SecurityProvider method generateKey. The IaikProvider tries to determine the block length of the mac algorithm in use; otherwise it uses the length of the underlying digest algorithm.

macParams - any parameters, if required by the mac algorithm

mode - the transmission mode; either IMPLICIT (to include the content) or EXPLICIT to transmit it by other means

securityProvider - the SecurityProvider to be used for any required cryptographic operation

Throws:

java.security.NoSuchAlgorithmException - if the requested digest or mac algorithm is not supported or the MAC key cannot be created

AuthenticatedDataOutputStream

public AuthenticatedDataOutputStream(ObjectID contentType,
                                     java.io.OutputStream out,
                                     AlgorithmID macAlg,
                                     int macKeyLength,
                                     java.security.spec.AlgorithmParameterSpec macParams,
                                     AlgorithmID digestAlg,
                                     int mode)
                              throws java.security.NoSuchAlgorithmException

Creates a new AuthenticatedDataOutputStream which later writes the complete encoded AuthenticatedData structure to the given output stream (e.g. write(byte[])). This constructor generates a symmetric MAC key. If the digestAlg parameter is not null, an OutputStreamHashEngine is used to wrap a hash calculating output stream around the output stream to which the data to be authenticated is later written (e.g. write(byte[])). In this case authenticated attributes have to be set by calling method setAuthenticatedAttributes and the MAC value is calculated from the DER encoded authenticated attributes which contain the -- (if not set) automatically calculated -- MessageDigest attribute. However, if the digestAlg parameter is null, an OutputStreamMacEngine is used to wrap a MAC calculating output stream around the output stream to which the data to be authenticated is later written (e.g. write(byte[])). In this case the MAC value is calculated immediately from the content.

Parameters:

contentType - the type of the authenticated content (e.g. ObjectID.cms_data)

out - the OutputStream receiving the authenticated data

macAlg - the OID of the MAC algorithm to be used

macKeyLength - the length (in bytes) of the mac key to be generated; if not specified (-1), a default value will be used depending on the mac algorithm and the implementation of the SecurityProvider method generateKey. The IaikProvider tries to determine the block length of the mac algorithm in use; otherwise it uses the length of the underlying digest algorithm.

macParams - any parameters, if required by the mac algorithm

digestAlg - the OID of the digest algorithm to be used for hash computation if authenticated attributes are to be included

mode - the transmission mode; either IMPLICIT (to include the content) or EXPLICIT to transmit it by other means

Throws:

java.security.NoSuchAlgorithmException - if the requested digest or mac algorithm is not supported or the MAC key cannot be created

AuthenticatedDataOutputStream

public AuthenticatedDataOutputStream(ObjectID contentType,
                                     java.io.OutputStream out,
                                     AlgorithmID macAlg,
                                     int macKeyLength,
                                     java.security.spec.AlgorithmParameterSpec macParams,
                                     AlgorithmID digestAlg,
                                     int mode,
                                     SecurityProvider securityProvider)
                              throws java.security.NoSuchAlgorithmException

Creates a new AuthenticatedDataOutputStream which later writes the complete encoded AuthenticatedData structure to the given output stream (e.g. write(byte[])). This constructor generates a symmetric MAC key. If the digestAlg parameter is not null, an OutputStreamHashEngine is used to wrap a hash calculating output stream around the output stream to which the data to be authenticated is later written (e.g. write(byte[])). In this case authenticated attributes have to be set by calling method setAuthenticatedAttributes and the MAC value is calculated from the DER encoded authenticated attributes which contain the -- (if not set) automatically calculated -- MessageDigest attribute. However, if the digestAlg parameter is null, an OutputStreamMacEngine is used to wrap a MAC calculating output stream around the output stream to which the data to be authenticated is later written (e.g. write(byte[])). In this case the MAC value is calculated immediately from the content.

Parameters:

contentType - the type of the authenticated content (e.g. ObjectID.cms_data)

out - the OutputStream receiving the authenticated data

macAlg - the MAC algorithm to be used

macKeyLength - the length (in bytes) of the mac key to be generated; if not specified (-1), a default value will be used depending on the mac algorithm and the implementation of the SecurityProvider method generateKey. The IaikProvider tries to determine the block length of the mac algorithm in use; otherwise it uses the length of the underlying digest algorithm.

macParams - any parameters, if required by the mac algorithm

digestAlg - the digest algorithm to be used for hash computation if authenticated attributes are to be included

mode - the transmission mode; either IMPLICIT (to include the content) or EXPLICIT to transmit it by other means

securityProvider - the SecurityProvider to be used for any required cryptographic operation

Throws:

java.security.NoSuchAlgorithmException - if the requested digest or mac algorithm is not supported or the MAC key cannot be created

AuthenticatedDataOutputStream

public AuthenticatedDataOutputStream(ObjectID contentType,
                                     java.io.OutputStream out,
                                     AlgorithmID macAlg,
                                     byte[] mac,
                                     AlgorithmID digestAlg,
                                     int mode)

Creates an AuthenticatedDataOutputStream from an already calculated MAC value. No mac or digest calculation is initialized. If setAuthenticatedAttributes are supplied, they already have to contain the MessageDigest attribute. Any RecipientInfo added to this AuthenticatedDataOutputStream already has to contain the encrypted mac key (i.e. no MAC key is generated and encrypted for each recipient).

Parameters:

contentType - the type of the authenticated content (e.g. ObjectID.cms_data)

out - the OutputStream receiving the authenticated data

macAlg - the OID of the MAC algorithm used for mac calculation

mac - the already calculated mac value

digestAlg - the OID of the digest algorithm used for hash calculation

mode - the transmission mode; either IMPLICIT (to include the content) or EXPLICIT to transmit it by other means

Method Detail

write

public void write(byte[] b,
                  int off,
                  int len)
           throws java.io.IOException

Processes the given content data to be authenticated. The mac/digest calculation is updated with the given data. In IMPLICIT mode the content data is encoded and written to the output stream. In EXPLICIT mode the content data is not written to the output stream (since it must not be included in the AuthenticatedData and has to be transmitted by other means), but contributes to the mac/digest calculation as required.

Overrides:

write in class java.io.OutputStream

Parameters:

b - The data to be authenticated as byte array.

off - The start offset in the data array b.

len - The number of bytes to write.

Throws:

java.io.IOException - If an I/O error occurs.

write

public void write(byte[] b)
           throws java.io.IOException

Processes the given content data to be authenticated. The mac/digest calculation is updated with the given data. In IMPLICIT mode the content data is encoded and written to the output stream. In EXPLICIT mode the content data is not written to the output stream (since it must not be included in the AuthenticatedData and has to be transmitted by other means), but contributes to the mac/digest calculation as required.

Overrides:

write in class java.io.OutputStream

Parameters:

b - The data to be signed as byte array.

Throws:

java.io.IOException - If an I/O error occurs.

write

public void write(int b)
           throws java.io.IOException

Processes the given content byte to be authenticated. The mac/digest calculation is updated with the given data. In IMPLICIT mode the content data is encoded and written to the output stream. In EXPLICIT mode the content data is not written to the output stream (since it must not be included in the AuthenticatedData and has to be transmitted by other means), but contributes to the mac/digest calculation as required.

Note that when repeatedly calling this method to write single data bytes the encoding may consist of many single-byte OCTET STRINGs. Thus it may be more appropriate to use a byte array expcting write method.

Specified by:

write in class java.io.OutputStream

Parameters:

b - The content data byte to be authenticated

Throws:

java.io.IOException - If an I/O error occurs.

flush

public void flush()
           throws java.io.IOException

Flushes any internal data and calls flush of the underlying stream.

Specified by:

flush in interface java.io.Flushable

Overrides:

flush in class java.io.OutputStream

Throws:

java.io.IOException - If flushing the stream fails.

close

public void close()
           throws java.io.IOException

Finishes the encoding, calculates the mac value and writes the mac value and any authenticated/unauthenticated attributes (if set) to the stream.

Specified by:

close in interface java.io.Closeable

Overrides:

close in class java.io.OutputStream

Throws:

java.io.IOException - if an I/O error occurs while writing to the stream

isPassThroughClose

public boolean isPassThroughClose()

Checks whether a call to close() will call close of the underlying output stream

Returns:

true if a call to close() will call close of the underlying output stream; false if a call to close() will not close the underlying stream.

setPassThroughClose

public void setPassThroughClose(boolean passThroughClose)

Setting this to true will cause close() to call close of the underlying output stream. If false, a call to close() will not close the underlying stream.

Parameters:

passThroughClose - true to pass through close() calls. false to not pass them through.

setSecurityProvider

public void setSecurityProvider(SecurityProvider securityProvider)

Sets the SecurityProvider for this AuthenticatedDataOutputStream.

This method allows to explicitly set a SecurityProvider for this AuthenticatedDataOutputStream. If no explicit SecurityProvider is set, the default system wide installed SecurityProvider will be used for the required cryptographic operations.

This class uses the following method(s) of the SecurityProvider, which may be overriden by an application, if required:

• getOutputStreamHashEngine methods to get an OutputStreamHashEngine for stream based digest calculation
• getOutputStreamMacEngine methods to get an OutputStreamMacEngine for stream based mac calculation
• calculateMac for mac calculation from DER encoded authenticated attributes; if present
• generateKey to generate the symmetric mac key
• getAlgorithmParameterSpec to create an AlgorithmParameterSpec from algorithm parameters (if included in a MAC algorithmID)
• several SecurityProvider methods for key en/decryption and parsing as used by the inherent recipient infos

Parameters:

securityProvider - the SecurityProvider to be set

getSecurityProvider

public SecurityProvider getSecurityProvider()

Gets the SecurityProvider installed for this EncryptedDataStream.

This class uses the following method(s) of the SecurityProvider, which may be overriden by an application, if required:

• getOutputStreamHashEngine methods to get an OutputStreamHashEngine for stream based digest calculation
• getOutputStreamMacEngine methods to get an OutputStreamMacEngine for stream based mac calculation
• calculateMac for mac calculation from DER encoded authenticated attributes; if present
• generateKey to generate the symmetric mac key
• getAlgorithmParameterSpec to create an AlgorithmParameterSpec from algorithm parameters (if included in a MAC algorithmID)
• several SecurityProvider methods for key en/decryption and parsing as used by the inherent recipient infos

If no explicit SecurityProvider has been set for this object, the default system wide installed SecurityProvider will be used for the required cryptographic operations. However, this method will return null if it does not have its own SecurityProvider.

Returns:

the SecurityProvider explicitly installed for this object, or null if this object does not have its own SecurityProvider

setOriginatorInfo

public void setOriginatorInfo(OriginatorInfo originatorInfo)

Sets the optional OriginatorInfo.

The originatorInfo may be set for including certificates and/or certificate revocation lists for the originator if required by the key management algorithm used (e.g. ESDH or ESDH Diffie Hellman Key Agreement).

Parameters:

originatorInfo - the OriginatorInfo to be set

setRecipientInfos

public void setRecipientInfos(RecipientInfo[] recipients)

Sets the recipient infos.

Any RecipientInfo added supplies recipient-specific information used for identifying the key of the recipient to be used for en/decrypting the symmetric mac key.

Parameters:

recipients - a collection of per-recipient information

See Also:

RecipientInfo, KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo, PasswordRecipientInfo, OtherRecipientInfo

addRecipientInfo

public void addRecipientInfo(RecipientInfo recipient)

Adds one recipient to the list of recipient infos.

The RecipientInfo added supplies recipient-specific information used for identifying the key of the recipient to be used for en/decrypting the symmetric mac key.

Parameters:

recipient - the RecipientInfo to be added

See Also:

RecipientInfo, KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo, PasswordRecipientInfo, OtherRecipientInfo

setAuthenticatedAttributes

public void setAuthenticatedAttributes(Attribute[] attributes)

Sets a set of (authenticated) attributes. If authenticated attributes are present, the MAC value is calculated from the DER encoded authenticated attributes which have to contain the MessageDigest attribute. In this case the digestAlgorithm field is not allowed to be null since it identifies the algorithm to be used for calculating a digest value from the content and set it as MessageDigest attribute. If the MessageDigest attribute is not included in the set of attributes supplied to this methode, it is automatically calculated and set.

Parameters:

attributes - the authenticated attributes to be set

Throws:

java.lang.NullPointerException - if no digest algorithm has been specified when creating this AuthenticatedDataOutputStream object

setUnauthenticatedAttributes

public void setUnauthenticatedAttributes(Attribute[] attributes)

Sets a set of (unauthenticated) attributes.

Parameters:

attributes - the unauthenticated attributes to be set

getAuthenticatedDigest

public byte[] getAuthenticatedDigest()
                              throws CMSException

Gets the value of the MessageDigest attribute, if included in the authenticated attributes.

Returns:

the message digest included in the authenticated attributes

Throws:

CMSException - if no message digest attribute is included

getVersion

public int getVersion()

Returns the syntax version number.

Returns:

the syntax version number

getAuthenticatedAttributes

public Attribute[] getAuthenticatedAttributes()

Gets the authenticated attributes included in this AutheticatedData.

Returns:

the authenticated attributes; if included

getUnauthenticatedAttributes

public Attribute[] getUnauthenticatedAttributes()

Gets the unauthenticated attributes included in this AutheticatedData.

Returns:

the unauthenticated attributes; if included

getAuthenticatedAttribute

public Attribute getAuthenticatedAttribute(ObjectID oid)

Returns the first authenticated attribute matching to the given ObjectID, if included in this AutheticatedData object.

Returns:

the first authenticated attribute belonging to the given ObjectID or null if there is no attribute for the given OID.

getMac

public byte[] getMac()

Gets the MAC value.

Returns:

the MAC value.

getUnauthenticatedAttribute

public Attribute getUnauthenticatedAttribute(ObjectID oid)

Returns the first unauthenticated attribute matching to the given ObjectID, if included in this AutheticatedData object.

Returns:

the first unauthenticated attribute belonging to the given ObjectID or null if there is no attribute for the given OID.

toString

public java.lang.String toString()

Returns a string giving some information about this AutheticatedData object.

Overrides:

toString in class java.lang.Object

Returns:

the string representation

toString

public java.lang.String toString(boolean detailed)

Returns a string giving some - if requested - detailed information about this AutheticatedData object.

Parameters:

detailed - - whether or not to give detailed information

Returns:

the string representation