|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--demo.pkcs.PKCS7Stream
This class shows some PKCS#7 examples and uses the stream interface for processing large amounts of data.
All keys and certificates are read from a keystore created by the SetupKeyStore program.
This class tests the following PKCS#7 content type implementations:
Additionally, a SignedAndEncryptedData test is performed, which
is a sequential combination of signed and enveloped data and should be
prefered to the SignedAndEnvelopedData
content type.
All sub-tests use the same proceeding: A test message is properly processed to give the requested content type object, which subsequently is DER encoded to be "sent" to some recipient, who parses it for the inherent structures.
Constructor Summary | |
PKCS7Stream()
Setup the demo certificate chains. |
Method Summary | |
ASN1Object |
createData(byte[] message)
Creates a PKCS#7 Data object.
|
byte[] |
createDataStream(byte[] message)
Creates a PKCS#7 Data object.
|
ASN1Object |
createDigestedData(byte[] message)
Creates a PKCS#7 DigestedData object.
|
ASN1Object |
createDigestedData(byte[] message,
int mode)
Creates a PKCS#7 DigestedData object.
|
byte[] |
createDigestedDataStream(byte[] message,
int mode)
Creates a PKCS#7 DigestedData object.
|
ASN1Object |
createEncryptedData(byte[] message,
AlgorithmID pbeAlgorithm,
char[] password)
Creates a PKCS#7 EncryptedData message.
|
byte[] |
createEncryptedDataStream(byte[] message,
AlgorithmID pbeAlgorithm,
char[] password)
Creates a PKCS#7 EncryptedDataStream message.
|
ASN1Object |
createEnvelopedData(byte[] message)
Creates a PKCS#7 EnvelopedData message.
|
byte[] |
createEnvelopedDataStream(byte[] message)
Creates a PKCS#7 EnvelopedDataStream message.
|
ASN1Object |
createSignedAndEncryptedData(byte[] message)
Creates a SignedAndEncrypted (i.e. sequential combination of
SignedData and EnvelopedData ) object as suggested in
the
PKCS#7 specification.
|
byte[] |
createSignedAndEncryptedDataStream(byte[] message)
Creates a SignedAndEncrypted (i.e. sequential combination of
SignedData and EnvelopedData ) object as suggested in
the
PKCS#7 specification.
|
ASN1Object |
createSignedAndEnvelopedData(byte[] message)
Creates a PKCS#7 SignedAndEnvelopedData object for one recipient
signed by one signer.
|
byte[] |
createSignedAndEnvelopedDataStream(byte[] message)
Creates a PKCS#7 SignedAndEnvelopedData object for one recipient
signed by one signer.
|
ASN1Object |
createSignedData(byte[] message,
int mode)
Creates a PKCS#7 SignedData object.
|
byte[] |
createSignedDataStream(byte[] message,
int mode)
Creates a PKCS#7 SignedData object.
|
byte[] |
getData(ASN1Object asn1Object)
Parses a PKCS#7 Data object. |
byte[] |
getDataStream(byte[] data)
Parses a PKCS#7 Data object. |
byte[] |
getDigestedData(ASN1Object asn1Obj)
Parses a PKCS#7 DigestedData object and verifies the hash. |
byte[] |
getDigestedData(ASN1Object obj,
byte[] message)
Parses a PKCS#7 DigestedData object and verifies the hash value. |
byte[] |
getDigestedDataStream(byte[] digestedData,
byte[] message)
Parses a PKCS#7 DigestedData object and verifies the hash. |
byte[] |
getEncryptedData(ASN1Object asn1Object,
char[] password)
Decrypts the PBE-encrypted content of the given EncryptedData object
using the specified password and returns the decrypted (= original) message. |
byte[] |
getEncryptedDataStream(byte[] encoding,
char[] password)
Decrypts the PBE-encrypted content of the given EncryptedData object
using the specified password and returns the decrypted (= original) message. |
byte[] |
getEnvelopedData(ASN1Object obj,
PrivateKey privateKey,
int recipientInfoIndex)
Decrypts the encrypted content of the given EnvelopedData object for the
specified recipient and returns the decrypted (= original) message. |
byte[] |
getEnvelopedDataStream(byte[] encoding,
PrivateKey privateKey,
int recipientInfoIndex)
Decrypts the encrypted content of the given EnvelopedData object for the
specified recipient and returns the decrypted (= original) message. |
byte[] |
getSignedAndEncryptedData(ASN1Object obj)
Recovers the original message and verifies the signature. |
byte[] |
getSignedAndEncryptedDataStream(byte[] in)
Recovers the original message and verifies the signature. |
byte[] |
getSignedAndEnvelopedData(ASN1Object obj)
Decrypts the encrypted content of the given SignedAndEnvelopedData
object and returns the decrypted (= original) message.
|
byte[] |
getSignedAndEnvelopedDataStream(byte[] encoding)
Decrypts the encrypted content of the given SignedAndEnvelopedData
object and returns the decrypted (= original) message.
|
byte[] |
getSignedData(ASN1Object obj,
byte[] message)
Parses a PKCS#7 SignedData object and verifies the signatures
for all participated signers. |
byte[] |
getSignedDataStream(byte[] signedData,
byte[] message)
Parses a PKCS#7 SignedData object and verifies the signatures
for all participated signers. |
static void |
main(String[] argv)
Starts the PKCS#7 content type implementation tests. |
void |
start()
Tests the PKCS#7 content type implementations Data ,
EnvelopedData , SignedData ,
SignedAndEnvelopedData , DigestedData
and EncryptedData .
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public PKCS7Stream() throws IOException
IOException
- if an file read error occursMethod Detail |
public byte[] createDataStream(byte[] message) throws PKCSException, IOException
Data
object.
message
- the message to be sent, as byte representationData
object just createdPKCSException
- if the Data
object cannot
be createdpublic byte[] getDataStream(byte[] data) throws PKCSException, IOException
Data
object.data
- the Data
object as DER encoded byte arraynull
if there
is no message included into the supplied data
objectIOException
- if an IOException occursPKCSException
- if an parsing exception occurspublic byte[] createEnvelopedDataStream(byte[] message) throws PKCSException, IOException
EnvelopedDataStream
message.
The enveloped-data content type consists of encrypted content of any type and encrypted content-encryption keys for one or more recipients. The combination of encrypted content and encrypted content-encryption key for a recipient is a "digital envelope" for that recipient. Any type of content can be enveloped for any number of recipients in parallel.
message
- the message to be enveloped, as byte representationEnvelopedData
object just createdPKCSException
- if the EnvelopedData
object cannot
be createdpublic byte[] getEnvelopedDataStream(byte[] encoding, PrivateKey privateKey, int recipientInfoIndex) throws PKCSException, IOException
EnvelopedData
object for the
specified recipient and returns the decrypted (= original) message.encoding
- the EnvelopedData
object as DER encoded byte arrayprivateKey
- the private key to decrypt the messagerecipientInfoIndex
- the index into the RecipientInfo
array
to which the specified private key belongsPKCSException
- if the message cannot be recoveredpublic byte[] createSignedDataStream(byte[] message, int mode) throws PKCSException, IOException
SignedData
object.
The signed-data content type consists of content of any type and encrypted message digests of the content for zero or more signers. The encrypted digest for a signer is a "digital signature" on the content for that signer. Any type of content can be signed by any number of signers in parallel. Furthermore, the syntax has a degenerate case in which there are no signers on the content. The degenerate case provides a means for disseminating certificates and certificate-revocation lists.
message
- the message to be signed, as byte representationmode
- the transmission mode, either IMPLICIT or EXPLICITSignedData
object just createdPKCSException
- if the SignedData
object cannot
be createdpublic byte[] getSignedDataStream(byte[] signedData, byte[] message) throws PKCSException, IOException
SignedData
object and verifies the signatures
for all participated signers.signedData
- SignedData
object as DER encoded byte arraymessage
- the the message which was transmitted out-of-band (explicit signed)PKCSException
- if any signature does not verifypublic byte[] createSignedAndEnvelopedDataStream(byte[] message) throws PKCSException, IOException
SignedAndEnvelopedData
object for one recipient
signed by one signer.
The signed-and-enveloped-data content type consists of encrypted content of any type, encrypted content-encryption keys for one or more recipients, and doubly encrypted message digests for one or more signers. The "double encryption" consists of an encryption with a signer's private key followed by an encryption with the content-encryption key.
The combination of encrypted content and encrypted content-encryption key for a recipient is a "digital envelope" for that recipient. The recovered singly encrypted message digest for a signer is a "digital signature" on the recovered content for that signer. Any type of content can be enveloped for any number of recipients and signed by any number of signers in parallel.
message
- the message to be signed and enveloped, as byte representationSignedAndEnvelopedData
object
just createdPKCSException
- if the SignedAndEnvelopedData
object cannot
be createdpublic byte[] getSignedAndEnvelopedDataStream(byte[] encoding) throws PKCSException, IOException
SignedAndEnvelopedData
object and returns the decrypted (= original) message.
The SignedAndEnvelopedData
is given as DER encoded byte array
hoding an encrypted message for one recipient, signed by one signer. This
method recovers and returns the original message for the recipient and
verifies the signature of the signer.
encoding
- the SignedAndEnvelopedData
object as DER encoded byte
arrayPKCSException
- if the message cannot be recoveredpublic byte[] createSignedAndEncryptedDataStream(byte[] message) throws PKCSException, IOException
SignedData
and EnvelopedData
) object as suggested in
the
PKCS#7 specification.
PKCS#7 specification:
Note. The signed-and-enveloped-data content type provides cryptographic enhancements similar to those resulting from the sequential combination of signed-data and enveloped-data content types. However, since the signed-and-enveloped-data content type does not have authenticated or unauthenticated attributes, nor does it provide enveloping of signer information other than the signature, the sequential combination of signed-data and enveloped-data content types is generally preferable to the SignedAndEnvelopedData content type, except when compatibility with the ENCRYPTED process type in Privacy-Enhanced Mail in intended.
message
- the message to be signed and encrypted, as byte representationPKCSException
- if the the SignedData
or
EnvelopedData
object cannot be createdpublic byte[] getSignedAndEncryptedDataStream(byte[] in) throws PKCSException, IOException
PKCSException
- if the message cannot be recoveredpublic byte[] createDigestedDataStream(byte[] message, int mode) throws PKCSException, IOException
DigestedData
object.
message
- the message to be digested, as byte representationDigestedData
object just createdPKCSException
- if the DigestedData
object cannot
be createdpublic byte[] getDigestedDataStream(byte[] digestedData, byte[] message) throws PKCSException, IOException
DigestedData
object and verifies the hash.digestedData
- DigestedData
object as DER encoded byte arraymessage
- the the message which was transmitted out-of-bandPKCSException
- if any signature does not verifypublic byte[] createEncryptedDataStream(byte[] message, AlgorithmID pbeAlgorithm, char[] password) throws PKCSException, IOException
EncryptedDataStream
message.
The supplied content is PBE-encrypted using the specified password.
message
- the message to be encrypted, as byte representationpbeAlgorithm
- the PBE algorithm to be usedpassword
- the passwordEncryptedData
object just createdPKCSException
- if the EncryptedData
object cannot
be createdpublic byte[] getEncryptedDataStream(byte[] encoding, char[] password) throws PKCSException, IOException
EncryptedData
object
using the specified password and returns the decrypted (= original) message.encoding
- the EncryptedData
object as DER encoded byte arraypassword
- the password to decrypt the messagePKCSException
- if the message cannot be recoveredpublic ASN1Object createData(byte[] message) throws PKCSException, IOException
Data
object.
message
- the message to be sent, as byte representationData
object just createdPKCSException
- if the Data
object cannot
be createdpublic byte[] getData(ASN1Object asn1Object) throws PKCSException, IOException
Data
object.asn1Object
- the Data
object as ASN.1 objectIOException
- if an IOException occursPKCSException
- if an parsing exception occurspublic ASN1Object createEnvelopedData(byte[] message) throws PKCSException, IOException
EnvelopedData
message.
The enveloped-data content type consists of encrypted content of any type and encrypted content-encryption keys for one or more recipients. The combination of encrypted content and encrypted content-encryption key for a recipient is a "digital envelope" for that recipient. Any type of content can be enveloped for any number of recipients in parallel.
message
- the message to be enveloped, as byte representationEnvelopedData
as ASN.1 objectPKCSException
- if the EnvelopedData
object cannot
be createdpublic byte[] getEnvelopedData(ASN1Object obj, PrivateKey privateKey, int recipientInfoIndex) throws PKCSException, IOException
EnvelopedData
object for the
specified recipient and returns the decrypted (= original) message.obj
- the EnvelopedData
as ASN.1 objectprivateKey
- the private key to decrypt the messagerecipientInfoIndex
- the index into the RecipientInfo
array
to which the specified private key belongsPKCSException
- if the message cannot be recoveredpublic ASN1Object createSignedData(byte[] message, int mode) throws PKCSException, IOException
SignedData
object.
The signed-data content type consists of content of any type and encrypted message digests of the content for zero or more signers. The encrypted digest for a signer is a "digital signature" on the content for that signer. Any type of content can be signed by any number of signers in parallel. Furthermore, the syntax has a degenerate case in which there are no signers on the content. The degenerate case provides a means for disseminating certificates and certificate-revocation lists.
message
- the message to be signed, as byte representationSignedData
object as ASN.1 objectPKCSException
- if the SignedData
object cannot
be createdpublic byte[] getSignedData(ASN1Object obj, byte[] message) throws PKCSException, IOException
SignedData
object and verifies the signatures
for all participated signers.obj
- SignedData
object in ASN.1 representationmessage
- the the message which was transmitted out-of-band (explicit signed)PKCSException
- if any signature does not verifypublic ASN1Object createSignedAndEnvelopedData(byte[] message) throws PKCSException, IOException
SignedAndEnvelopedData
object for one recipient
signed by one signer.
The signed-and-enveloped-data content type consists of encrypted content of any type, encrypted content-encryption keys for one or more recipients, and doubly encrypted message digests for one or more signers. The "double encryption" consists of an encryption with a signer's private key followed by an encryption with the content-encryption key.
The combination of encrypted content and encrypted content-encryption key for a recipient is a "digital envelope" for that recipient. The recovered singly encrypted message digest for a signer is a "digital signature" on the recovered content for that signer. Any type of content can be enveloped for any number of recipients and signed by any number of signers in parallel.
message
- the message to be signed and enveloped, as byte representationSignedAndEnvelopedData
as ASN.1 objectPKCSException
- if the SignedAndEnvelopedData
object cannot
be createdpublic byte[] getSignedAndEnvelopedData(ASN1Object obj) throws PKCSException, IOException
SignedAndEnvelopedData
object and returns the decrypted (= original) message.
The SignedAndEnvelopedData
is given as DER encoded byte array
hoding an encrypted message for one recipient, signed by one signer. This
method recovers and returns the original message for the recipient and
verifies the signature of the signer.
obj
- the SignedAndEnvelopedData
object in ASN.1 representationPKCSException
- if the message cannot be recoveredpublic ASN1Object createSignedAndEncryptedData(byte[] message) throws PKCSException, IOException
SignedData
and EnvelopedData
) object as suggested in
the
PKCS#7 specification.
PKCS#7 specification:
Note. The signed-and-enveloped-data content type provides cryptographic enhancements similar to those resulting from the sequential combination of signed-data and enveloped-data content types. However, since the signed-and-enveloped-data content type does not have authenticated or unauthenticated attributes, nor does it provide enveloping of signer information other than the signature, the sequential combination of signed-data and enveloped-data content types is generally preferable to the SignedAndEnvelopedData content type, except when compatibility with the ENCRYPTED process type in Privacy-Enhanced Mail in intended.
message
- the message to be signed and encrypted, as byte representationPKCSException
- if the the SignedData
or
EnvelopedData
object cannot be createdpublic byte[] getSignedAndEncryptedData(ASN1Object obj) throws PKCSException, IOException
PKCSException
- if the message cannot be recoveredpublic ASN1Object createDigestedData(byte[] message) throws Exception
DigestedData
object.
message
- the message to be digested, as byte representationDigestedData
as ASN.1 objectException
- if the DigestedData
object cannot
be createdpublic byte[] getDigestedData(ASN1Object asn1Obj) throws PKCSException, IOException, NoSuchAlgorithmException
DigestedData
object and verifies the hash.asn1Obj
- the DigestedData
as ASN.1 objectPKCSException
- if any signature does not verifypublic ASN1Object createDigestedData(byte[] message, int mode) throws PKCSException, IOException
DigestedData
object.
message
- the message to be digested, as byte representationDigestedData
as ASN.1 objectPKCSException
- if the DigestedData
object cannot
be createdpublic byte[] getDigestedData(ASN1Object obj, byte[] message) throws PKCSException, IOException
DigestedData
object and verifies the hash value.obj
- DigestedData
object in ASN.1 representationmessage
- the the message which was transmitted out-of-band (explicit digested)PKCSException
- if some parsing exception occurspublic ASN1Object createEncryptedData(byte[] message, AlgorithmID pbeAlgorithm, char[] password) throws PKCSException, IOException
EncryptedData
message.
The supplied content is PBE-encrypted using the specified password.
message
- the message to be encrypted, as byte representationpbeAlgorithm
- the PBE algorithm to be usedpassword
- the passwordEncryptedData
object just createdPKCSException
- if the EncryptedData
object cannot
be createdpublic byte[] getEncryptedData(ASN1Object asn1Object, char[] password) throws PKCSException, IOException
EncryptedData
object
using the specified password and returns the decrypted (= original) message.asn1Object
- the EncryptedData
object as ASN1Objectpassword
- the password to decrypt the messagePKCSException
- if the message cannot be recoveredpublic void start()
Data
,
EnvelopedData
, SignedData
,
SignedAndEnvelopedData
, DigestedData
and EncryptedData
.
An additional SignedAndEncryptedData test sequentially combines
signed and enveloped data, which should be prefered to the
SignedAndEnvelopedData
content type.public static void main(String[] argv) throws Exception
IOException
- if an I/O error occurs when reading required keys
and certificates from files
|
This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note). | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |