iaik.cms.attributes
Class CounterSignature

java.lang.Object
  extended by iaik.asn1.structures.AttributeValue
      extended by iaik.cms.attributes.CounterSignature
All Implemented Interfaces:
ASN1Type

public class CounterSignature
extends AttributeValue

The CMS CounterSignature attribute.

The Cryptographic Message Syntax (CMS) (RFC 5652) specifies the CounterSignature attribute to may be included as an unsigned attribute into a SignerInfo for counter signing (signing in serial) the signature value of a SignerInfo included in a SignedData. The value of a CounterSignature attribute itself is a SignerInfo:

 CounterSignature ::= SignerInfo

 id-countersignature OBJECT IDENTIFIER ::= { iso(1) member-body(2)
         us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }
 

Since being itself a SignerInfo, CounterSignature objects may be created and supplied with attributes -- note, that the content-type attribute is not required since a counter signature has no content type -- in similar way as done for ordinary SignerInfos. However, whereas signing and verifying of ordinary SignerInfos usually is controlled from the SignedData(Stream) object they belong to, an application explicitly has to call proper counterSign or verify methods thereby specifying the signature value, SignerInfo or other CounterSignature object to be counter signed, e.g.:

 // the SignerInfo to be counter signed:
 SignerInfo signerInfo = ...;
 // the cert of the counter signer
 X509Certificate counterCert = ...;
 // the private key of the counter signer:
 PrivateKey counterKey = ...;
 // create a CounterSignature for the counter signer:
 CounterSignature counterSignature = 
    new CounterSignature(new IssuerAndSerialNumber(counterCert), AlgorithmID.sha256, counterKey);
 ...
 // add any attributes, if required
 ...
 // now counter sign the SignerInfo
 counterSignature.counterSign(signerInfo);
 // and add the counter signature as unsigned attribute
 Attribute[] unsignedAttributes = new Attribute[] { new Attribute(counterSignature) };
 signerInfo.addUnsignedAttributes(unsignedAttributes);
 ...
 
On the verification end get the CounterSignature unsigned attribute and call a proper verify method thereby specifying the signature value, SignerInfo or other CounterSignature object to be "counter" verified, e.g.:
 // the SignerInfo parsed from a SignedData
 SignerInfo signerInfo = ...;
 // look for a CounterSignature attribute
 Attribute counterSignatureAttribute = signerInfo.getUnsignedAttribute(ObjectID.countersignature);
 if (counterSignatureAttribute != null) {
   // check for any included CounterSignature
   AttributeValue[] counterSignatures = counterSignatureAttribute.getAttributeValues();
   System.out.println("This SignerInfo is counter signed from: ");
   // may have more than one values
   for (int j = 0; j < counterSignatures.length; j++) {
     CounterSignature counterSignature = (CounterSignature)counterSignatures[i];
     try {
       if (counterSignature.verify(counterCert.getPublicKey(), signerInfo)) {
         System.out.println("Signature OK from counter signer: "+counterSignature.getSignerIdentifier());  
       } else {
         System.out.println("Signature ERROR from counter signer: "+counterSignature.getSignerIdentifier());  
       }  
     } catch (SignatureException ex) {
       System.out.println("Signature ERROR from counter signer: "+counterSignature.getSignerIdentifier());  
     }  
   }
 }
 

See Also:
SignedData, SignedDataStream, SignerInfo

Field Summary
static ObjectID oid
          The attributeType object identifier of the CMS CounterSignature attribute.
 
Constructor Summary
CounterSignature()
          Default constructor.
CounterSignature(ASN1Object obj)
          Creates a CMS CounterSignature from an ASN1Object.
CounterSignature(CertificateIdentifier signerIdentifier, AlgorithmID digestAlgorithm, AlgorithmID signatureAlgorithm, java.security.PrivateKey privateKey)
          Creates a new CounterSignature from given signerIdentifier, and digestAlgorithm ID, signature algorithmID, and the signer private key.
CounterSignature(CertificateIdentifier signerIdentifier, AlgorithmID digestAlgorithm, java.security.PrivateKey privateKey)
          Creates a new CounterSignature from given SignerIdentifier, digestAlgorithm ID, and the counter signer private key.
 
Method Summary
 void addSignedAttribute(Attribute attribute)
          Adds the given attribute to the set of signed attributes.
 void addSignedAttributes(Attribute[] attributes)
          Adds the given attributes to the set of signed attributes.
 void addUnsignedAttribute(Attribute attribute)
          Adds the given attribute to the set of unsigned attributes.
 void addUnsignedAttributes(Attribute[] attributes)
          Adds the given attributes to the set of unsigned attributes.
 void counterSign(byte[] signatureToBeCounterSigned)
          Counter signs the given signature value.
 void counterSign(CounterSignature counterSignature)
          Counter signs the given CounterSignature.
 void counterSign(SignerInfo signerInfo)
          Counter signs the given SignerInfo.
 void decode(ASN1Object obj)
          Decodes the given ASN.1 CounterSignature object for parsing the internal structure.
 ObjectID getAttributeType()
          Returns the OID identifying the CMS CounterSignature attribute type.
 AlgorithmID getDigestAlgorithm()
          Returns the AlgorithmID of the message-digest algorithm that has been used for digesting the content and any signed attributes.
 SecurityProvider getSecurityProvider()
          Gets the SecurityProvider installed for this CounterSignature.
 AlgorithmID getSignatureAlgorithm()
          Returns the signature algorithm used for calculating the signature and associated information with the signer private key.
 byte[] getSignatureValue()
          Returns the signature value.
 Attribute getSignedAttribute(ObjectID oid)
          Returns the first signed attribute matching to the given ObjectID, if included in this CounterSignature object.
 Attribute[] getSignedAttributes()
          Returns a set of attributes that are signed by the signer.
 Attribute[] getSignedAttributes(ObjectID oid)
          Returns all signed attributes matching to the given attribute type, if included in this CounterSignature object.
 AttributeValue getSignedAttributeValue(ObjectID oid)
          Returns the attribute value of a single valued signed attribute with the given type.
 byte[] getSignedDigest()
          Returns the message digest included in the signed attributes.
 CertificateIdentifier getSignerIdentifier()
          Returns information about the signer certificate.
 SigningCertificate getSigningCertificateAttribute()
          Gets the SigningCertificate attribute, if included.
 SigningCertificateV2 getSigningCertificateV2Attribute()
          Gets the SigningCertificateV2 attribute, if included.
 Attribute getUnsignedAttribute(ObjectID oid)
          Returns the first unsigned attribute matching to the given ObjectID, if included in this CounterSignature object.
 Attribute[] getUnsignedAttributes()
          Returns a set of attributes that are not signed by the signer.
 Attribute[] getUnsignedAttributes(ObjectID oid)
          Returns all unsigned attributes matching to the given attribute type, if included in this CounterSignature object.
 AttributeValue getUnsignedAttributeValue(ObjectID oid)
          Returns the attribute value of a single valued unsigned attribute with the given type.
 int getVersion()
          Returns the synatx version number (1 or 3).
 boolean isSignerCertificate(X509Certificate cert)
          Checks whether the supplied certificate actually is the certificate of the signer.
 void removeSignedAttribute(ObjectID attributeType)
          Removes all signed attributes with the given attribute type.
 void removeUnsignedAttribute(ObjectID attributeType)
          Removes all unsigned attributes with the given attribute type.
 void setSecurityProvider(SecurityProvider securityProvider)
          Sets the SecurityProvider for this CounterSignature.
 void setSignatureValue(byte[] signatureValue)
          Sets the signature value.
 void setSignedAttributes(Attribute[] attributes)
          Sets a set of attributes to be signed along with the content to be signed.
 void setUnsignedAttributes(Attribute[] attributes)
          Sets a set of attributes that are not signed by the signer.
 ASN1Object toASN1Object()
          Returns this CounterSignature as ASN1Object.
 java.lang.String toString()
          Returns a string giving some information about this CounterSignature object.
 java.lang.String toString(boolean detailed)
          Returns a string giving some - if requested - detailed information about this CounterSignature object.
 boolean verify(java.security.PublicKey publicKey, byte[] signatureThatWasCounterSigned)
          Verifies the counter signature of the given signature value with the given public key.
 boolean verify(java.security.PublicKey publicKey, CounterSignature counterSignature)
          Verifies the counter signature of the given CounterSiganture with the given public key.
 boolean verify(java.security.PublicKey publicKey, SignerInfo signerInfo)
          Verifies the counter signature of the given SignerInfo with the given public key.
 
Methods inherited from class iaik.asn1.structures.AttributeValue
getName, multipleAllowed
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

oid

public static final ObjectID oid
The attributeType object identifier of the CMS CounterSignature attribute. The corresponding OID string is "1.2.840.113549.1.9.6".

Constructor Detail

CounterSignature

public CounterSignature()
Default constructor. Creates an empty CounterSignature object and sets the SignerInfo version number to 1, and the signature algorithm ID to rsaEncryption.


CounterSignature

public CounterSignature(CertificateIdentifier signerIdentifier,
                        AlgorithmID digestAlgorithm,
                        java.security.PrivateKey privateKey)
Creates a new CounterSignature from given SignerIdentifier, digestAlgorithm ID, and the counter signer private key.

The signerIdentifier identifies the signer certificate either by issuer distinguished name and issuer-specific serial number or by SubjectKeyIdentifier. The digestAlgorithm ID specifies the message digest algorithm used for calculating the digest of the content and any signed information. The private key is used for calculating the signature. When using this constructor, the signature is calculated with the PKCS#1 rsaEncryption method.

Parameters:
signerIdentifier - information about the counter signer certificate.
digestAlgorithm - the AlgorithmID of the message-digest algorithm
privateKey - the counter signer private key to be used for signing
Throws:
java.lang.IllegalArgumentException - if the supplied signerIdentifier is not a SubjectKeyID or IssuerAndSerialNumber

CounterSignature

public CounterSignature(CertificateIdentifier signerIdentifier,
                        AlgorithmID digestAlgorithm,
                        AlgorithmID signatureAlgorithm,
                        java.security.PrivateKey privateKey)
Creates a new CounterSignature from given signerIdentifier, and digestAlgorithm ID, signature algorithmID, and the signer private key.

The signerIdentifier identifies the signer certificate either by issuer distinguished name and issuer-specific serial number or by SubjectKeyIdentifier. The digestAlgorithm ID specifies the message digest algorithm used for calculating the digest of the content and any signed information. The private key is used for calculating the signature with the given signature algorithm.

Parameters:
signerIdentifier - information about the counter igner certificate.
digestAlgorithm - the AlgorithmID of the message-digest algorithm
signatureAlgorithm - the algorithm to be used for signature calculation
privateKey - the counter signer private key to be used for signing
Throws:
if - the supplied signerIdentifier is not a SubjectKeyID or IssuerAndSerialNumber

CounterSignature

public CounterSignature(ASN1Object obj)
                 throws CodingException
Creates a CMS CounterSignature from an ASN1Object.

The ASN1Object supplied to this constructor represents an already exisiting CounterSignature object that may have been created by calling toASN1Object.

Parameters:
obj - the CMS CounterSignature as ASN1Object
Throws:
CodingException - if the object can not be parsed
Method Detail

setSecurityProvider

public void setSecurityProvider(SecurityProvider securityProvider)
Sets the SecurityProvider for this CounterSignature.

This method allows to explicitly set a SecurityProvider for this CounterSignature. If no explicit SecurityProvider is set, the default system wide installed SecurityProvider will be used for the required cryptographic operations.

This class may use the following method(s) of the SecurityProvider, which may be overriden by an application, if required:

Parameters:
securityProvider - the SecurityProvider to be set

getSecurityProvider

public SecurityProvider getSecurityProvider()
Gets the SecurityProvider installed for this CounterSignature.

This class uses the following method(s) of the SecurityProvider, which may be overriden by an application, if required:

If no explicit SecurityProvider has been set for this object, the default system wide installed SecurityProvider will be used for the required cryptographic operations. However, this method will return null if it does not have its own SecurityProvider.

Returns:
the SecurityProvider explicitly installed for this object, or null if this object does not have its own SecurityProvider

decode

public void decode(ASN1Object obj)
            throws CodingException
Decodes the given ASN.1 CounterSignature object for parsing the internal structure.

This method internally is called when creating a CMS SignerInfo object from an already existing CounterSignature object, supplied as ASN1Object.

Parameters:
obj - the CMS CounterSignature as ASN1Object
Throws:
CodingException - if the object can not be parsed

toASN1Object

public ASN1Object toASN1Object()
                        throws CodingException
Returns this CounterSignature as ASN1Object.

Returns:
this CounterSignature as ASN1Object.
Throws:
CodingException - if the ASN1Object could not be created

getAttributeType

public ObjectID getAttributeType()
Returns the OID identifying the CMS CounterSignature attribute type.

Specified by:
getAttributeType in class AttributeValue
Returns:
the OID identifying the CMS CounterSignature attribute type.

setSignedAttributes

public void setSignedAttributes(Attribute[] attributes)
Sets a set of attributes to be signed along with the content to be signed.

Parameters:
attributes - a set of attributes to be signed along with the content to be signed.
Throws:
java.lang.IllegalArgumentException - if the given attributes contain a ContentType attribute (not allowed for CounterSignatures)

addSignedAttributes

public void addSignedAttributes(Attribute[] attributes)
Adds the given attributes to the set of signed attributes.

Parameters:
attributes - the attributes to be added to the signed attributes
Throws:
java.lang.IllegalArgumentException - if the given attributes contain a ContentType attribute (not allowed for CounterSignatures)

addSignedAttribute

public void addSignedAttribute(Attribute attribute)
Adds the given attribute to the set of signed attributes.

Parameters:
attribute - the attribute to be added to the signed attributes
Throws:
java.lang.IllegalArgumentException - if the given attribute is a ContentType attribute (not allowed for CounterSignatures)

removeSignedAttribute

public void removeSignedAttribute(ObjectID attributeType)
Removes all signed attributes with the given attribute type.

Parameters:
attributeType - the OID identifying the attribute to be removed

getSigningCertificateAttribute

public SigningCertificate getSigningCertificateAttribute()
                                                  throws CMSException
Gets the SigningCertificate attribute, if included.

Returns:
the SigningCertificate attribute, or null if not included
Throws:
CMSException - if an error occurs while parsing for the SigningCertificate attribute

getSigningCertificateV2Attribute

public SigningCertificateV2 getSigningCertificateV2Attribute()
                                                      throws CMSException
Gets the SigningCertificateV2 attribute, if included.

Returns:
the SigningCertificateV2 attribute, or null if not included
Throws:
CMSException - if an error occurs while parsing for the SigningCertificateV2 attribute

getSignedDigest

public byte[] getSignedDigest()
                       throws CMSException
Returns the message digest included in the signed attributes.

Returns:
the message digest included in the signed attributes, or null if not present
Throws:
CMSException

setUnsignedAttributes

public void setUnsignedAttributes(Attribute[] attributes)
Sets a set of attributes that are not signed by the signer.

Parameters:
attributes - a set of attributes that are not signed by the signer

addUnsignedAttributes

public void addUnsignedAttributes(Attribute[] attributes)
Adds the given attributes to the set of unsigned attributes.

Parameters:
attributes - the attributes to be added to the unsigned attributes

addUnsignedAttribute

public void addUnsignedAttribute(Attribute attribute)
Adds the given attribute to the set of unsigned attributes.

Parameters:
attribute - the attribute to be added to the unsigned attributes

removeUnsignedAttribute

public void removeUnsignedAttribute(ObjectID attributeType)
Removes all unsigned attributes with the given attribute type.

Parameters:
attributeType - the OID identifying the attribute to be removed

getVersion

public int getVersion()
Returns the synatx version number (1 or 3).

Returns:
the version number

getSignerIdentifier

public CertificateIdentifier getSignerIdentifier()
Returns information about the signer certificate.

The information is returned as CertificateIdentifier object specifying the signer certificate either by issuer distinguished name and issuer-specific serial number or by SubjectKeyIdentifier.

Returns:
information about the signer certificate

isSignerCertificate

public boolean isSignerCertificate(X509Certificate cert)
                            throws CMSException
Checks whether the supplied certificate actually is the certificate of the signer.

This method first checks if the the signerIdentifier of this CounterSignature identifies the supplied certificate via IssuerAndSerialNumber or SubjectKeyIdentifier. If this check is successful, this method then looks if the SigningCertificate and/or the SigningCertificateV2 are present and identify the given certificate as cert of the signer. If both SigningCertificate attributes are present this method accepts the given certificate as signer certificate only if it is identified by both SigningCertificate attributes.

Parameters:
cert - the certificate to be checked of being the one of the signer
Returns:
true if the supplied certificate is the signer certificate, false if not
Throws:
CMSException - if the check cannot be completed because an error occurs when parsing the SigningCertificate or SigningCertificate attribute or a hash algorithm (required for calculating the cert hash) is not supported by the installed cryptographic providers

getDigestAlgorithm

public AlgorithmID getDigestAlgorithm()
Returns the AlgorithmID of the message-digest algorithm that has been used for digesting the content and any signed attributes.

Returns:
the AlgorithmID of the message-digest algorithm

getSignedAttributes

public Attribute[] getSignedAttributes()
Returns a set of attributes that are signed by the signer.

Returns:
a set of attributes that are signed by the signer

getSignedAttribute

public Attribute getSignedAttribute(ObjectID oid)
Returns the first signed attribute matching to the given ObjectID, if included in this CounterSignature object.

Returns:
the first signed attribute belonging to the given ObjectID or null if there is no attribute for the given OID.

getSignedAttributes

public Attribute[] getSignedAttributes(ObjectID oid)
Returns all signed attributes matching to the given attribute type, if included in this CounterSignature object.

Parameters:
oid - the attribute type to look for
Returns:
all signed attributes matching to the given attribute type, or null if there is no attribute for the given OID.

getSignedAttributeValue

public AttributeValue getSignedAttributeValue(ObjectID oid)
                                       throws CMSException
Returns the attribute value of a single valued signed attribute with the given type.

This method provides the possibility to immediately access the value of an attribute with the given type. This method may be used for getting the value of the first included attribute of requested type or -- more appropriate -- the only one value of a single valued signed attribute of requested type. In this way, this method can be seen as an alternative to method getSignedAttribute for providing immediate access to the attribute value, e.g.:

 SigningCertificate signingCertificate = (SigningCertificate)counterSignature.getSignedAttributeValue(Signingcertificate.oid);
 if (signingCertificate != null) {
   ...
 }
 

Parameters:
oid - the object identifier representing the type of the attribute for which to get the value
Returns:
the attribute value of null if no attribute of given type is included
Throws:
if - the ASN.1 representation of the attribute value cannot be parsed
CMSException

getSignatureAlgorithm

public AlgorithmID getSignatureAlgorithm()
Returns the signature algorithm used for calculating the signature and associated information with the signer private key.

Returns:
the signature algorithm

getSignatureValue

public byte[] getSignatureValue()
Returns the signature value.

Returns:
the signature value, as byte array

setSignatureValue

public void setSignatureValue(byte[] signatureValue)
Sets the signature value. This method may be used for calculating the signature value outside and explicitly setting it.

Parameters:
signatureValue - the signature value, calculated from outside

getUnsignedAttributes

public Attribute[] getUnsignedAttributes()
Returns a set of attributes that are not signed by the signer.

Returns:
a set of attributes that are not signed by the signer

getUnsignedAttribute

public Attribute getUnsignedAttribute(ObjectID oid)
Returns the first unsigned attribute matching to the given ObjectID, if included in this CounterSignature object.

Returns:
the first unsigned attribute belonging to the given ObjectID or null if there is no attribute for the given OID.

getUnsignedAttributes

public Attribute[] getUnsignedAttributes(ObjectID oid)
Returns all unsigned attributes matching to the given attribute type, if included in this CounterSignature object.

Parameters:
oid - the attribute type to look for
Returns:
all unsigned attributes matching to the given attribute type, or null if there is no attribute for the given OID.

getUnsignedAttributeValue

public AttributeValue getUnsignedAttributeValue(ObjectID oid)
                                         throws CMSException
Returns the attribute value of a single valued unsigned attribute with the given type.

This method provides the possibility to immediately access the value of an unsigned attribute with the given type. This method may be used for getting the value of the first included unsigned attribute of requested type or -- more appropriate -- the only one value of a single valued unsigned attribute of requested type. In this way, this method can be seen as an alternative to method getUnsignedAttribute for providing immediate access to the attribute value, e.g.:

 SigningTime signingTime = 
   (SigningTime)counterSignature.getUnsignedAttributeValue(SigningTime.oid);
 if (signingTime != null) {
   ...
 }
 

Parameters:
oid - the object identifier representing the type of the attribute for which to get the value
Returns:
the attribute value of null if no attribute of given type is included
Throws:
if - the ASN.1 representation of the attribute value cannot be parsed
CMSException

toString

public java.lang.String toString()
Returns a string giving some information about this CounterSignature object.

Specified by:
toString in class AttributeValue
Returns:
the string representation

toString

public java.lang.String toString(boolean detailed)
Returns a string giving some - if requested - detailed information about this CounterSignature object.

Parameters:
detailed - - whether or not to give detailed information
Returns:
the string representation

counterSign

public void counterSign(SignerInfo signerInfo)
                 throws java.security.SignatureException
Counter signs the given SignerInfo. After counter signing the SignerInfo you must explicitly set the CounterSignature attribute, e.g.:
 ...
 counterSignature.counterSign(signerInfo);
 // and add the counter signature as unsigned attribute
 Attribute[] unsignedAttributes = new Attribute[] { new Attribute(counterSignature) };
 signerInfo.addUnsignedAttributes(unsignedAttributes);
 ...
 
Please note that one single CounterSignature object only can sign one single signature. So do not repeatedly call this method for signing more than one signatures; rather create a new CounterSignature object for any new signature to be counter signed.

Parameters:
signerInfo - the SignerInfo to be counter signed
Throws:
java.security.SignatureException - if signing fails for some reason

counterSign

public void counterSign(CounterSignature counterSignature)
                 throws java.security.SignatureException
Counter signs the given CounterSignature.

This method may be used for counter signing another CounterSognature. After counter signing the CounterSignature you must explicitly set the CounterSignature attribute, e.g.:

 ...
 counterSignature.counterSign(firstCounterSignature);
 // and add the counter signature as unsigned attribute
 Attribute[] unsignedAttributes = new Attribute[] { new Attribute(counterSignature) };
 firstCounterSignature.addUnsignedAttributes(unsignedAttributes);
 ...
 
Please note that one single CounterSignature object only can sign one single signature. So do not repeatedly call this method for signing more than one signatures; rather create a new CounterSignature object for any new signature to be counter signed.

Parameters:
counterSignature - the CounterSignature to be counter signed
Throws:
java.security.SignatureException - if signing fails for some reason

counterSign

public void counterSign(byte[] signatureToBeCounterSigned)
                 throws java.security.SignatureException
Counter signs the given signature value. After counter signing the SignerInfo you must explicitly set the CounterSignature attribute, e.g.:
 ...
 counterSignature.counterSign(signerInfo.getSignatureValue());
 // and add the counter signature as unsigned attribute
 Attribute[] unsignedAttributes = new Attribute[] { new Attribute(counterSignature) };
 signerInfo.addUnsignedAttributes(unsignedAttributes);
 ...
 
Please note that one single CounterSignature object only can sign one single signature. So do not repeatedly call this method for signing more than one signatures; rather create a new CounterSignature object for any new signature to be counter signed.

Parameters:
signatureToBeCounterSigned - the signature value to be counter signed
Throws:
java.security.SignatureException - if signing fails for some reason

verify

public boolean verify(java.security.PublicKey publicKey,
                      SignerInfo signerInfo)
               throws java.security.SignatureException
Verifies the counter signature of the given SignerInfo with the given public key.

The given SignerInfo represents the SignerInfo that has been counter signed, e.g.:

 try {
   if (counterSignature.verify(counterCert.getPublicKey(), signerInfo)) {
     System.out.println("Signature OK from counter signer: "+counterSignature.getSignerIdentifier());  
   } else {
     System.out.println("Signature ERROR from counter signer: "+counterSignature.getSignerIdentifier());  
   }  
 } catch (SignatureException ex) {
   System.out.println("Signature ERROR from counter signer: "+counterSignature.getSignerIdentifier());  
 }  
 

Parameters:
publicKey - the public key of the counter signer
signerInfo - SignerInfo the SignerInfo that has been counter signed
Returns:
true if the signature verifies, false if not
Throws:
java.security.SignatureException - signature verification process fails

verify

public boolean verify(java.security.PublicKey publicKey,
                      CounterSignature counterSignature)
               throws java.security.SignatureException
Verifies the counter signature of the given CounterSiganture with the given public key.

CounterSignatures may be applied recursively, i.e. one CounterSignature may be counter signed by another. The given CounterSignature represents the CounterSignature that has been counter signed, e.g.:

 try {
   if (counterSignature.verify(counterCert.getPublicKey(), counterSignature)) {
     System.out.println("Signature OK from counter signer: "+counterSignature.getSignerIdentifier());  
   } else {
     System.out.println("Signature ERROR from counter signer: "+counterSignature.getSignerIdentifier());  
   }  
 } catch (SignatureException ex) {
   System.out.println("Signature ERROR from counter signer: "+counterSignature.getSignerIdentifier());  
 }  
 

Parameters:
publicKey - the public key of the counter signer
counterSignature - CounterSignature the CounterSignature that has been counter signed
Returns:
true if the signature verifies, false if not
Throws:
java.security.SignatureException - signature verification process fails

verify

public boolean verify(java.security.PublicKey publicKey,
                      byte[] signatureThatWasCounterSigned)
               throws java.security.SignatureException
Verifies the counter signature of the given signature value with the given public key.

The given signature value may be the one of the SignerInfo that has been counter signed, e.g.:

 try {
   if (counterSignature.verify(counterCert.getPublicKey(), signerInfo.getSignatureValue())) {
     System.out.println("Signature OK from counter signer: "+counterSignature.getSignerIdentifier());  
   } else {
     System.out.println("Signature ERROR from counter signer: "+counterSignature.getSignerIdentifier());  
   }  
 } catch (SignatureException ex) {
   System.out.println("Signature ERROR from counter signer: "+counterSignature.getSignerIdentifier());  
 }  
 

Parameters:
publicKey - the public key of the counter signer
signatureThatWasCounterSigned - the siganture that has been counter signed
Returns:
true if the signature verifies, false if not
Throws:
java.security.SignatureException - if the signature verification process fails for some reason
InvalidContentHashException - if the signature verification process fails because the content hash does not match to value of the included MessageDigest attribute
InvalidContentTypeException - if the signed attributes contain a ContentType attribute (not allowed for CounterSignature)

This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).

IAIK-CMS 6.0, (c) 2002 IAIK, (c) 2003, 2023 SIC