iaik.cms
Class SignerInfo

java.lang.Object
  iaik.cms.SignerInfo

All Implemented Interfaces:

ASN1Type

Direct Known Subclasses:

SMimeSignerInfo

public class SignerInfo
extends java.lang.Object
implements ASN1Type

This class implements the CMS SignerInfo type.

The Cryptographic Message Syntax (CMS) (RFC 5652) specifies the SignerInfo type for collecting all signer-related information about some particular signer intending to build a digital signature on the content of a CMS SignedData object. Content of any type may be signed by any number of signers in parallel. For each signer, a message digest is computed on the content (and any additional authenticating information) with a signer-specific message-digest algorithm. Subsequently, again for each signer, the corresponding message digest from the previous step is signed with the particular signer private key and - together with some signer-specific information - collected into a SignerInfo value. Finally all created SignerInfo values are collected together with the content for forming a SignedData structure (when.

The SignerInfo structure collecting all signer-related information is defined as ASN.1 SEQUENCE type containing the following components (see RFC 5652):

 SignerInfo ::= SEQUENCE {
   version                 CMSVersion,
   sid                     SignerIdentifier,
   digestAlgorithm         DigestAlgorithmIdentifier,
   signedAttrs         [0] IMPLICIT Attributes OPTIONAL,
   signatureAlgorithm      SignatureAlgorithmIdentifier,
   signature               SignatureValue,
   unsignedAttributes  [1] IMPLICIT Attributes OPTIONAL }
 

 SignerIdentifier ::= CHOICE {
    issuerAndSerialNumber IssuerAndSerialNumber,
    subjectKeyIdentifier [0] SubjectKeyIdentifier }
 

 SignatureValue ::= OCTET STRING
 

 SignedAttributes ::= SET SIZE (1..MAX) OF Attribute

 UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute

 

The digestAlgorithm and signatureAlgorithm fields identify the algorithms used for digesting the content and any signed attributes, respectively signing the message digest and associated information with the signer private key. The signerIdentifier field specifies the signer certificate by issuer distinguished name and issuer-specific serial number. SignedAttributes and unsignedAttributes are optional fields giving some attributes that are signed (respectively not signed) by the signer. Attributes that may be used here, are defined in PKCS #9. The signature field finally contains the result of the signature calculation process. It is derived by signing the message digest on the content and associated information with the signer private key.

For more information see RFC 5652.

This class provides several constructors and methods for creating a SignerInfo object, setting some attributes, obtaining the component values, and signing (respectively verifying) the signature value.

Assuming that certificate represents the X509v3 certificate of some signer, a SignerInfo object may be created by supplying the certificate issuer distinguished name and the issuer-specific serial number, the signer message digest algorithm ID, and the signer private key:

 IssuerAndSerialNumber issuerAndSerialNr = new IssuerAndSerialNumber(certificate);
 SignerInfo signerInfo = new SignerInfo(issuerAndSerialNr, AlgorithmID.sha256, privateKey);
 

Instead of identifying the signer certificate by issuer distinguished name and issuer-specific serial number the SubjectKeyIdentifier extension my be used, if appropriate:

 SubjectKeyID subjectKeyId = new SubjectKeyID(certificate);
 SignerInfo signerInfo = new SignerInfo(subjectKeyId, AlgorithmID.sha256, privateKey);
 

Attributes may be added using the setSignedAttributes respectively setUnsignedAttributes methods, e.g.:

 Attribute[] attributes = new Attribute[2];
 // PKCS#9 ContentType attribute specifying, e.g. the Data content type:
 attributes[0] = new Attribute(ObjectID.contentType, new ASN1Object[] {ObjectID.cms_data});
 // PKCS#9 SigningTime attribute specifying the signing time (e.g. current time):
 attributes[1] = new Attribute(ObjectID.signingTime, new ASN1Object[] {new ChoiceOfTime().toASN1Object()});
 // add the attributes to the SignerInfo:
 signerInfo.setSignedAttributes(attributes);
 

Add a SignerInfo to a SignedData object by calling the addSignerInfo method of the SignedData(Stream) class.

See Also:

SignedData, SignedDataStream, CertificateIdentifier, IssuerAndSerialNumber, SubjectKeyID

Constructor Summary

SignerInfo()
Default constructor.

SignerInfo(ASN1Object obj)
Creates a CMS SignerInfo from an ASN1Object.

SignerInfo(CertificateIdentifier signerIdentifier, AlgorithmID digestAlgorithm, AlgorithmID signatureAlgorithm, java.security.PrivateKey privateKey)
Creates a new SignerInfo from given signerIdentifier, and digestAlgorithm ID, signature algorithmID, and the signer private key.

SignerInfo(CertificateIdentifier signerIdentifier, AlgorithmID digestAlgorithm, java.security.PrivateKey privateKey)
Creates a new SignerInfo from given SignerIdentifier, digestAlgorithm ID, and the signer private key.

SignerInfo(java.io.InputStream is)
Reads and parses a encoded SignerInfo from an InputStream.

SignerInfo(X509Certificate signerCertificate, AlgorithmID digestAlgorithm, AlgorithmID signatureAlgorithm, java.security.PrivateKey privateKey)
Creates a new SignerInfo from given signer certificate, digest algorithm ID, signature algorithm ID, and the signer private key.

SignerInfo(X509Certificate signerCertificate, AlgorithmID digestAlgorithm, java.security.PrivateKey privateKey)
Creates a new SignerInfo from given signer certificate, digest algorithm ID and the signer private key.

Method Summary

void	addSignedAttribute(Attribute attribute) Adds the given attribute to the set of signed attributes.
void	addSignedAttributes(Attribute[] attributes) Adds the given attributes to the set of signed attributes.
void	addUnsignedAttribute(Attribute attribute) Adds the given attribute to the set of unsigned attributes.
void	addUnSignedAttribute(Attribute attribute) Deprecated. use addUnsignedAttribute(iaik.asn1.structures.Attribute)
void	addUnsignedAttributes(Attribute[] attributes) Adds the given attributes to the set of unsigned attributes.
void	decode(ASN1Object obj) Decodes the given ASN.1 SignerInfo object for parsing the internal structure.
CMSVersion	getCMSVersion() Returns the syntax version number (1 or 3).
byte[]	getDigest() Returns the message digest calculated on the content.
AlgorithmID	getDigestAlgorithm() Returns the AlgorithmID of the message-digest algorithm that has been used for digesting the content and any signed attributes.
SecurityProvider	getSecurityProvider() Gets the SecurityProvider installed for this SignerInfo.
AlgorithmID	getSignatureAlgorithm() Returns the signature algorithm used for calculating the signature and associated information with the signer private key.
byte[]	getSignatureValue() Returns the signature value.
Attribute	getSignedAttribute(ObjectID oid) Returns the first signed attribute matching to the given ObjectID, if included in this SignerInfo object.
Attribute[]	getSignedAttributes() Returns a set of attributes that are signed by the signer.
Attribute[]	getSignedAttributes(ObjectID oid) Returns all signed attributes matching to the given attribute type, if included in this SignerInfo object.
AttributeValue	getSignedAttributeValue(ObjectID oid) Returns the attribute value of a single valued signed attribute with the given type.
SignedAttributes	getSignedAttrs() Returns a set of attributes that are signed by the signer.
byte[]	getSignedDigest() Returns the value of the MessageDigest attribute.
SignerIdentifier	getSignerId() Returns information about the signer certificate.
CertificateIdentifier	getSignerIdentifier() Returns information about the signer certificate.
SigningCertificate	getSigningCertificateAttribute() Gets the SigningCertificate attribute, if included.
SigningCertificateV2	getSigningCertificateV2Attribute() Gets the SigningCertificateV2 attribute, if included.
SignatureValue	getSigValue() Returns the signature value as SignatureValue object.
Attribute	getUnsignedAttribute(ObjectID oid) Returns the first unsigned attribute matching to the given ObjectID, if included in this SignerInfo object.
Attribute[]	getUnsignedAttributes() Returns a set of attributes that are not signed by the signer.
Attribute[]	getUnsignedAttributes(ObjectID oid) Returns all unsigned attributes matching to the given attribute type, if included in this SignerInfo object.
AttributeValue	getUnsignedAttributeValue(ObjectID oid) Returns the attribute value of a single valued unsigned attribute with the given type.
int	getVersion() Returns the syntax version number (1 or 3).
boolean	isSignerCertificate(X509Certificate cert) Checks whether the supplied certificate actually is the certificate of the signer.
void	removeSignedAttribute(ObjectID attributeType) Removes all signed attributes with the given attribute type.
void	removeUnsignedAttribute(ObjectID attributeType) Removes all unsigned attributes with the given attribute type.
void	removeUnSignedAttribute(ObjectID attributeType) Deprecated. use removeUnsignedAttribute(iaik.asn1.ObjectID)
void	setEncryptedDigest(byte[] signatureValue) Deprecated. use method setSignatureValue to set the signature value (this method does exactly the same as method setEncryptedDigest)
void	setSecurityProvider(SecurityProvider securityProvider) Sets the SecurityProvider for this SignerInfo.
void	setSignatureValue(byte[] signatureValue) Sets the signature value.
void	setSignedAttributes(Attribute[] attributes) Sets a set of attributes to be signed along with the content to be signed.
void	setUnsignedAttributes(Attribute[] attributes) Sets a set of attributes that are not signed by the signer.
ASN1Object	toASN1Object() Returns this SignerInfo as ASN1Object.
java.lang.String	toString() Returns a string giving some information about this SignerInfo object.
java.lang.String	toString(boolean detailed) Returns a string giving some - if requested - detailed information about this SignerInfo object.
boolean	verifySignature(byte[] contentHash, java.security.PublicKey publicKey) Verifies the signature with the given public key.
boolean	verifySignature(java.security.PublicKey publicKey) Verifies the signature with the given public key.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

SignerInfo

public SignerInfo()

Default constructor. Creates an empty SignerInfo object and sets the version number to 1, and the signature algorithm ID to rsaEncryption.

SignerInfo

public SignerInfo(CertificateIdentifier signerIdentifier,
                  AlgorithmID digestAlgorithm,
                  java.security.PrivateKey privateKey)

Creates a new SignerInfo from given SignerIdentifier, digestAlgorithm ID, and the signer private key.

The signerIdentifier identifies the signer certificate either by issuer distinguished name and issuer-specific serial number or by SubjectKeyIdentifier. The digestAlgorithm ID specifies the message digest algorithm used for calculating the digest of the content and any signed information. The private key is used for calculating the signature. This constructor tries to derive the signature algorithm to be used from the private key algorithm (by default -- if the signature algorithm cannot be derived from the key -- the PKCS#1 rsaEncryption method is used for signature calculation). If the given digest algorithm is null it is set according the private key algorithm (default: SHA-256).

Parameters:

signerIdentifier - information about the signer certificate.

digestAlgorithm - the algorithm to be used for message-digest calculation

privateKey - the signer private key to be used for signing

Throws:

java.lang.IllegalArgumentException - if the supplied signerIdentifier is not a SubjectKeyID or IssuerAndSerialNumber

SignerInfo

public SignerInfo(CertificateIdentifier signerIdentifier,
                  AlgorithmID digestAlgorithm,
                  AlgorithmID signatureAlgorithm,
                  java.security.PrivateKey privateKey)

Creates a new SignerInfo from given signerIdentifier, and digestAlgorithm ID, signature algorithmID, and the signer private key.

The signerIdentifier identifies the signer certificate either by issuer distinguished name and issuer-specific serial number or by SubjectKeyIdentifier. The digestAlgorithm ID specifies the message digest algorithm used for calculating the digest of the content and any signed information. The private key is used for calculating the signature with the given signature algorithm.

If the given digest or signature algorithm are null this constructor tries to set digest and/or signature algorithm according to the private key algorithm (by default -- if the digest/signature algorithm cannot be derived from the key -- SHA-256 is used as digest algorithm and the PKCS#1 rsaEncryption method is used for signature calculation).

Parameters:

signerIdentifier - information about the signer certificate.

digestAlgorithm - the algorithm to be used for message-digest calculation

signatureAlgorithm - the algorithm to be used for signature calculation

privateKey - the signer private key to be used for signing

Throws:

java.lang.IllegalArgumentException - if the supplied signerIdentifier is not a SubjectKeyID or IssuerAndSerialNumber

SignerInfo

public SignerInfo(X509Certificate signerCertificate,
                  AlgorithmID digestAlgorithm,
                  java.security.PrivateKey privateKey)

Creates a new SignerInfo from given signer certificate, digest algorithm ID and the signer private key.

The signer will be identified by issuer distinguished name and issuer-specific serial number. The digestAlgorithm ID specifies the message digest algorithm used for calculating the digest of the content and any signed information. The private key is used for calculating the signature with the given signature algorithm.

This constructor tries to derive the signature algorithm to be used from the certificate public key algorithm (by default -- if the signature algorithm cannot be derived from the key -- the PKCS#1 rsaEncryption method is used for signature calculation). If the given digest algorithm is null it is set according the private key algorithm (default: SHA-256).

Parameters:

signerCertificate - the signer certificate.

digestAlgorithm - the algorithm to be used for message-digest calculation

privateKey - the signer private key to be used for signing

SignerInfo

public SignerInfo(X509Certificate signerCertificate,
                  AlgorithmID digestAlgorithm,
                  AlgorithmID signatureAlgorithm,
                  java.security.PrivateKey privateKey)

Creates a new SignerInfo from given signer certificate, digest algorithm ID, signature algorithm ID, and the signer private key.

The signer will be identified by issuer distinguished name and issuer-specific serial number. The digestAlgorithm ID specifies the message digest algorithm used for calculating the digest of the content and any signed information. The private key is used for calculating the signature with the given signature algorithm.

If the given digest or signature algorithm are null this constructor tries to set digest and/or signature algorithm according to the certificate public key algorithm (by default -- if the digest/signature algorithm cannot be derived from the key -- SHA-256 is used as digest algorithm and the PKCS#1 rsaEncryption method is used for signature calculation).

Parameters:

signerCertificate - the signer certificate.

digestAlgorithm - the algorithm to be used for message-digest calculation

signatureAlgorithm - the algorithm to be used for signature calculation

privateKey - the signer private key to be used for signing

SignerInfo

public SignerInfo(ASN1Object obj)
           throws CodingException

Creates a CMS SignerInfo from an ASN1Object.

The ASN1Object supplied to this constructor represents an already exisiting SignerInfo object that may have been created by calling toASN1Object.

Parameters:

obj - the CMS SignerInfo as ASN1Object

Throws:

CodingException - if the object can not be parsed

SignerInfo

public SignerInfo(java.io.InputStream is)
           throws java.io.IOException

Reads and parses a encoded SignerInfo from an InputStream.

Parameters:

is - the stream from which to read the encoded SignerInfo

Throws:

java.io.IOException - if the SignerInfo can not be parsed

Method Detail

setSecurityProvider

public void setSecurityProvider(SecurityProvider securityProvider)

Sets the SecurityProvider for this SignerInfo.

This method allows to explicitly set a SecurityProvider for this SignerInfo. If no explicit SecurityProvider is set, the default system wide installed SecurityProvider will be used for the required cryptographic operations.

This class may use the following method(s) of the SecurityProvider, which may be overriden by an application, if required:

• calculateSignatureFromSignedAttributes() to calculate the signature value from the encoding of the signed attributes
• calculateSignatureFromHash() to calculate the signature value from the message hash
• verifySignatureFromSignedAttributes() to verify the signature value calculated from the encoding of the signed attributes
• verifySignatureFromHash() to verify the signature value calculated from the message hash
• getHash() as may be required for cert hash calculation when querying for included SigningCertificate or SigningCertificateV2 attributes

Parameters:

securityProvider - the SecurityProvider to be set

getSecurityProvider

public SecurityProvider getSecurityProvider()

Gets the SecurityProvider installed for this SignerInfo.

This class uses the following method(s) of the SecurityProvider, which may be overriden by an application, if required:

• calculateSignatureFromSignedAttributes() to calculate the signature value from the encoding of the signed attributes
• calculateSignatureFromHash() to calculate the signature value from the message hash
• verifySignatureFromSignedAttributes() to verify the signature value calculated from the encoding of the signed attributes
• verifySignatureFromHash() to verify the signature value calculated from the message hash
• getHash() as may be required for cert hash calculation when querying for included SigningCertificate or SigningCertificateV2 attributes

If no explicit SecurityProvider has been set for this object, the default system wide installed SecurityProvider will be used for the required cryptographic operations. However, this method will return null if it does not have its own SecurityProvider.

Returns:

the SecurityProvider explicitly installed for this object, or null if this object does not have its own SecurityProvider

decode

public void decode(ASN1Object obj)
            throws CodingException

Decodes the given ASN.1 SignerInfo object for parsing the internal structure.

This method internally is called when creating a CMS SignerInfo object from an already existing SignerInfo object, supplied as ASN1Object.

Specified by:

decode in interface ASN1Type

Parameters:

obj - the CMS SignerInfo as ASN1Object

Throws:

CodingException - if the object can not be parsed

toASN1Object

public ASN1Object toASN1Object()
                        throws CodingException

Returns this SignerInfo as ASN1Object.

Specified by:

toASN1Object in interface ASN1Type

Returns:

this SignerInfo as ASN1Object.

Throws:

CodingException - if the ASN1Object could not be created

setSignedAttributes

public void setSignedAttributes(Attribute[] attributes)

Sets a set of attributes to be signed along with the content to be signed.

The signedAttributes field is optional, but must be present if the content type of the EncypsulatedContentInfo value being signed is not the Data type.

If the signedAttributes field is present, it must include the PKCS#9 content-type attribute and the PKCS#9 message-digest attribute. If the message-digest attribute is not included in the supplied signed attributes it is automatically calculated and set. If the content-type attribute is not included it is automatically added and set to id-data when adding the SignerInfo to a SignedData object.

A further attribute type specified by PKCS#9 may be used for specifying the time at which the signer has performed the signing process, e.g.:

 Attribute[] attributes = new Attribute[2];
 // PKCS#9 ContentType attribute specifying, e.g. the Data content type:
 attributes[0] = new Attribute(ObjectID.contentType, new ASN1Object[] {ObjectID.cms_data});
 // PKCS#9 SigningTime attribute specifying the signing time (e.g. current time):
 attributes[1] = new Attribute(ObjectID.signingTime, new ASN1Object[] {new ChoiceOfTime().toASN1Object()});
 // add the attributes to the SignerInfo:
 signerInfo.setSignedAttributes(attributes);
 

Parameters:

attributes - a set of attributes to be signed along with the content to be signed.

addSignedAttributes

public void addSignedAttributes(Attribute[] attributes)

Adds the given attributes to the set of signed attributes.

The signedAttributes field is optional, but must be present if the content type of the EncypsulatedContentInfo value being signed is not the Data type.

If the signedAttributes field is present, it must include the PKCS#9 content-type attribute and the PKCS#9 message-digest attribute. If the message-digest attribute is not included in the supplied signed attributes it is automatically calculated and set. If the content-type attribute is not included it is automatically added and set to the eContentType of the SignedData EncapsulatedContentInfo when adding the SignerInfo to the SignedData object.

Parameters:

attributes - the attributes to be added to the signed attributes

addSignedAttribute

public void addSignedAttribute(Attribute attribute)

Adds the given attribute to the set of signed attributes.

The signedAttributes field is optional, but must be present if the content type of the EncypsulatedContentInfo value being signed is not the Data type.

If the signedAttributes field is present, it must include the PKCS#9 content-type attribute and the PKCS#9 message-digest attribute. If the message-digest attribute is not added it is automatically calculated and set. If the content-type attribute is not added it is automatically added and set to the eContentType of the SignedData EncapsulatedContentInfo when adding the SignerInfo to the SignedData object.

Parameters:

attribute - the attribute to be added to the signed attributes

removeSignedAttribute

public void removeSignedAttribute(ObjectID attributeType)

Removes all signed attributes with the given attribute type.

Parameters:

attributeType - the OID identifying the attribute to be removed

getSigningCertificateAttribute

public SigningCertificate getSigningCertificateAttribute()
                                                  throws CMSException

Gets the SigningCertificate attribute, if included.

Returns:

the SigningCertificate attribute, or null if not included

Throws:

CMSException - if an error occurs while parsing for the SigningCertificate attribute

getSigningCertificateV2Attribute

public SigningCertificateV2 getSigningCertificateV2Attribute()
                                                      throws CMSException

Gets the SigningCertificateV2 attribute, if included.

Returns:

the SigningCertificateV2 attribute, or null if not included

Throws:

CMSException - if an error occurs while parsing for the SigningCertificateV2 attribute

verifySignature

public boolean verifySignature(java.security.PublicKey publicKey)
                        throws CMSSignatureException

Verifies the signature with the given public key.

When using this method, the content hash required for verification is supplied by the digest provider (SignedDataStream or SignedData) object to which this SignerInfo belongs to.
Note that SignedDataStream cannot be used as digest provider when having to verify RFC 8419 EdDSA signatures (curve25519, curve448) with missing signed attributes because in this case the whole content must be available when actually verifying the signature value. For that reason an application shall use the non-stream SignedData implementation for verifying EdDSA signatures without signed attributes. However, when signed attributes are included, both SignedDataStream or SignedData maybe used.

Parameters:

publicKey - the public key of the signer

Returns:

true if the signature verifies, false if not

Throws:

InvalidContentHashException - if the signature verification process fails because the content hash does not match to value of the included MessageDigest attribute

InvalidContentTypeException - if the ContentType attribute is not included in the signed attributes or the ContentType attribute does not match the encapsulated content type

CMSSignatureException - signature verification process fails for some other reason than an invalid content hash or invalid content type (e.g. wrong signature value)

verifySignature

public boolean verifySignature(byte[] contentHash,
                               java.security.PublicKey publicKey)
                        throws CMSSignatureException

Verifies the signature with the given public key.

When using this method for verifying the signature, you have to supply the hash calculated over the content. Any signed attribute hashing will be done automatically by this method if required.

Parameters:

contentHash - the digest calculated over the content

publicKey - the public key of the signer

Returns:

true if the signature verifies, false if not

Throws:

CMSSignatureException - if the signature verification process fails for some reason

InvalidContentHashException - if the signature verification process fails because the content hash does not match to value of the included MessageDigest attribute

InvalidContentTypeException - if the ContentType attribute is not included in the signed attributes or the ContentType attribute does not match the encapsulated content type

getDigest

public byte[] getDigest()
                 throws CMSException

Returns the message digest calculated on the content. This method ONLY may be called on the receiving end for getting the message digest calculated on the content. The digest value returned by this method is not the one included in the signed attributes which can be retrieved by method getSignedDigest (however, has to be the same value: the digest value calculated over the content has to be the same as the value of the MessageDigest attribute).

Returns:

the message digest calculated on the content

Throws:

CMSException - if the digest calculation fails for some reason (e.g. the digest algorihtm used by this SignerInfo is not supported)

getSignedDigest

public byte[] getSignedDigest()
                       throws CMSException

Returns the value of the MessageDigest attribute. This value represents the digest calculated on the content.

Returns:

the value of the MessageDigest attribute, if included in the set of signed attributes

Throws:

CMSException - if no MessageDigest attribute is included in the set of signed attributes

setUnsignedAttributes

public void setUnsignedAttributes(Attribute[] attributes)

Sets a set of attributes that are not signed by the signer. Attributes that might be useful are defined in PKCS#9.

Parameters:

attributes - a set of attributes that are not signed by the signer

addUnsignedAttributes

public void addUnsignedAttributes(Attribute[] attributes)

Adds the given attributes to the set of unsigned attributes.

Parameters:

attributes - the attributes to be added to the unsigned attributes

addUnSignedAttribute

public void addUnSignedAttribute(Attribute attribute)

Deprecated. use addUnsignedAttribute(iaik.asn1.structures.Attribute)

Adds the given attribute to the set of unsigned attributes.

Parameters:

attribute - the attribute to be added to the unsigned attributes

addUnsignedAttribute

public void addUnsignedAttribute(Attribute attribute)

Adds the given attribute to the set of unsigned attributes.

Parameters:

attribute - the attribute to be added to the unsigned attributes

removeUnSignedAttribute

public void removeUnSignedAttribute(ObjectID attributeType)

Deprecated. use removeUnsignedAttribute(iaik.asn1.ObjectID)

Removes all unsigned attributes with the given attribute type.

Parameters:

attributeType - the OID identifying the attribute to be removed

removeUnsignedAttribute

public void removeUnsignedAttribute(ObjectID attributeType)

Removes all unsigned attributes with the given attribute type.

Parameters:

attributeType - the OID identifying the attribute to be removed

getVersion

public int getVersion()

Returns the syntax version number (1 or 3).

Returns:

the version number

getCMSVersion

public CMSVersion getCMSVersion()

Returns the syntax version number (1 or 3).

Returns:

the version number as CMSVersion object

getSignerIdentifier

public CertificateIdentifier getSignerIdentifier()

Returns information about the signer certificate.

The information is returned as CertificateIdentifier object specifying the signer certificate either by issuer distinguished name and issuer-specific serial number or by SubjectKeyIdentifier.

Returns:

information about the signer certificate

getSignerId

public SignerIdentifier getSignerId()

Returns information about the signer certificate.

The information is returned as SignerIdentifier object representing a choice of IssuerAndSerialNumber or by SubjectKeyIdentifier:

 
 SignerIdentifier ::= CHOICE {
   issuerAndSerialNumber IssuerAndSerialNumber,
   subjectKeyIdentifier [0] SubjectKeyIdentifier }
 

To get the inherent IssuerAndSerialNumber or by SubjectKeyIdentifier CertificateIdentifier call method getCertificateIdentifier():

 SignerIdentifier signerId = signerInfo.getSignerId();
 CertificateIdentifier certId = signerId.getCertificateIdentifier();
 

Or immediately call method getSignerIdentifier():

 CertificateIdentifier certId = signerInfo.getSignerIdentifier();
 

Returns:

information about the signer certificate

isSignerCertificate

public boolean isSignerCertificate(X509Certificate cert)
                            throws CMSException

Checks whether the supplied certificate actually is the certificate of the signer.

This method first checks if the signerIdentifier of this SignerInfo identifies the supplied certificate via IssuerAndSerialNumber or SubjectKeyIdentifier. If this check is successful, this method then looks if the SigningCertificate and/or the SigningCertificateV2 are present and identify the given certificate as cert of the signer. If both SigningCertificate attributes are present this method accepts the given certificate as signer certificate only if it is identified by both SigningCertificate attributes.

Parameters:

cert - the certificate to be checked of being the one of the signer

Returns:

true if the supplied certificate is the signer certificate, false if not

Throws:

CMSException - if the check cannot be completed because an error occurs when parsing the SigningCertificate or SigningCertificateV2 attribute or a hash algorithm (required for calculating the cert hash) is not supported by the installed cryptographic providers

getDigestAlgorithm

public AlgorithmID getDigestAlgorithm()

Returns the AlgorithmID of the message-digest algorithm that has been used for digesting the content and any signed attributes.

Returns:

the AlgorithmID of the message-digest algorithm

getSignedAttributes

public Attribute[] getSignedAttributes()

Returns a set of attributes that are signed by the signer. The signedAttributes field is optional, but must be present if the content type of the EncypsulatedContentInfo value being signed is not the Data type.

Returns:

an array of attributes that are signed by the signer;; the array maybe empty if no signed attributes are included

See Also:

setSignedAttributes(iaik.asn1.structures.Attribute[])

getSignedAttrs

public SignedAttributes getSignedAttrs()

Returns a set of attributes that are signed by the signer. The signedAttributes field is optional, but must be present if the content type of the EncypsulatedContentInfo value being signed is not the Data type.

Returns:

the signed attributes as SignedAttributes object

See Also:

setSignedAttributes(iaik.asn1.structures.Attribute[])

getSignedAttribute

public Attribute getSignedAttribute(ObjectID oid)

Returns the first signed attribute matching to the given ObjectID, if included in this SignerInfo object.

Parameters:

oid - the attribute type to look for

Returns:

the first signed attribute belonging to the given ObjectID or null if there is no attribute for the given OID.

getSignedAttributes

public Attribute[] getSignedAttributes(ObjectID oid)

Returns all signed attributes matching to the given attribute type, if included in this SignerInfo object.

Parameters:

oid - the attribute type to look for

Returns:

all signed attributes matching to the given attribute type, or null if there is no attribute for the given OID.

getSignedAttributeValue

public AttributeValue getSignedAttributeValue(ObjectID oid)
                                       throws CMSException

Returns the attribute value of a single valued signed attribute with the given type.

This method provides the possibility to immediately access the value of a signed attribute with the given type. This method may be used for getting the value of the first included signed attribute of requested type or -- more appropriate -- the only one value of a single valued signed attribute of requested type. In this way, this method can be seen as an alternative to method getSignedAttribute for providing immediate access to the attribute value, e.g.:

 SigningCertificate signingCertificate = (SigningCertificate)signerInfo.getSignedAttributeValue(Signingcertificate.oid);
 if (signingCertificate != null) {
   ...
 }
 

Parameters:

oid - the object identifier representing the type of the attribute for which to get the value

Returns:

the attribute value of null if no attribute of given type is included

Throws:

if - the ASN.1 representation of the attribute value cannot be parsed

CMSException

getSignatureAlgorithm

public AlgorithmID getSignatureAlgorithm()

Returns the signature algorithm used for calculating the signature and associated information with the signer private key.

Returns:

the signature algorithm

getSignatureValue

public byte[] getSignatureValue()

Returns the signature value.

Returns:

the signature value, as byte array

getSigValue

public SignatureValue getSigValue()

Returns the signature value as SignatureValue object.

Provides an alternative way to get the signature value from a SignerInfo object got from a SignedDataInOutStream object during parsing:

 SignedDataInOutStream signedData = ...;
 SignerInfo signerInfo = signedData.getSignerInfos()[0];
 SignatureValue signatureValue = signerInfo.getSigValue();
 byte[] signature = signatureValue.getValue();
 

Usually it is more convenient to get the signature value immediately by calling method getSignatureValue:

 ...
 byte[] signature = signatureValue.getSignatureValue();
 

The only purpose of class SignatureValue is to get the parsed encoded representation of the signature value OCTET STRING:

 ...
 SignatureValue signatureValue = signerInfo.getSigValue();
 byte[] encodedSignatureValue = signatureValue.getEncoded();
 

Returns:

the signature value, as SignatureValue object

setEncryptedDigest

public void setEncryptedDigest(byte[] signatureValue)

Deprecated. use method setSignatureValue to set the signature value (this method does exactly the same as method setEncryptedDigest)

Sets the signature value. This method may be used for calculating the signature value outside and explicitly setting it.

Parameters:

signatureValue - the signature value, calculated from outside

setSignatureValue

public void setSignatureValue(byte[] signatureValue)

Sets the signature value.

This method may be used for calculating the signature value outside and explicitly setting it.

Parameters:

signatureValue - the signature value, calculated from outside

getUnsignedAttributes

public Attribute[] getUnsignedAttributes()

Returns a set of attributes that are not signed by the signer. Attributes that might be useful are defined in PKCS#9.

Returns:

an array of attributes that are not signed by the signer; the array maybe empty if no unsigned attributes are included

See Also:

setUnsignedAttributes(iaik.asn1.structures.Attribute[])

getUnsignedAttribute

public Attribute getUnsignedAttribute(ObjectID oid)

Returns the first unsigned attribute matching to the given ObjectID, if included in this SignerInfo object.

Parameters:

oid - the attribute type to look for

Returns:

the first unsigned attribute belonging to the given ObjectID or null if there is no attribute for the given OID.

getUnsignedAttributes

public Attribute[] getUnsignedAttributes(ObjectID oid)

Returns all unsigned attributes matching to the given attribute type, if included in this SignerInfo object.

Parameters:

oid - the attribute type to look for

Returns:

all unsigned attributes matching to the given attribute type, or null if there is no attribute for the given OID.

getUnsignedAttributeValue

public AttributeValue getUnsignedAttributeValue(ObjectID oid)
                                         throws CMSException

Returns the attribute value of a single valued unsigned attribute with the given type.

This method provides the possibility to immediately access the value of an unsigned attribute with the given type. This method may be used for getting the value of the first included unsigned attribute of requested type or -- more appropriate -- the only one value of a single valued unsigned attribute of requested type. In this way, this method can be seen as an alternative to method getUnsignedAttribute for providing immediate access to the attribute value, e.g.:

 SignatureTimeStampToken signatureTimeStampToken = 
   (SignatureTimeStampToken)signer_info.getUnsignedAttributeValue(SignatureTimeStampToken.oid);
 if (signatureTimeStampToken != null) {
   ...
 }
 

Parameters:

oid - the object identifier representing the type of the attribute for which to get the value

Returns:

the attribute value of null if no attribute of given type is included

Throws:

if - the ASN.1 representation of the attribute value cannot be parsed

CMSException

toString

public java.lang.String toString()

Returns a string giving some information about this SignerInfo object.

Overrides:

toString in class java.lang.Object

Returns:

the string representation

toString

public java.lang.String toString(boolean detailed)

Returns a string giving some - if requested - detailed information about this SignerInfo object.

Parameters:

detailed - - whether or not to give detailed information

Returns:

the string representation