iaik.jades

Class JWSStreamedSigningData

java.lang.Object

iaik.jades.JWSStreamedSigningData

public class JWSStreamedSigningData
extends Object

In contrast to JWSSignedData, this class creates a JWS from a stream of bytes. This may be necessary, if the payload is either too large for keeping it in the RAM or if a caller does not know the size of the payload beforehand. This class is NOT able to create detached signatures. If you want to sign something with a SigDHeader mechanism, use JWSSignedData.

You can obtain an instance of this class with the associated JWSStreamedSigningData.Builder. With the builder, it is possible to configure the serialization type, the base 64 url encoding of the payload, add JWSSigners, and specify the target OutputStream. After obtaining an instance of this class, you can use the update(byte[]) methods to feed octets to the payload stream. Depending on the specified configuration, the update methods base 64 url encode the octets before processing them or not. A call to sign() or sign(byte[]) will invoke the signing process of all registered signers and finalizes the serialization of the JWS.

To give an example:

 OutputStream out = ...
 JWSSigner signer1 = JWSSigner.getInstance(JWA.RS256, RSA_PRIV_KEY);
 signer1.addUnprotectedHeader(new KidHeader("2010-12-29"));

 JWSSigner signer2 = JWSSigner.getInstance(JWA.ES256, EC_PRIV_KEY);
 signer2.addUnprotectedHeader(new KidHeader("e9bc097a-ce51"));

 JWSStreamedSigningData signedData = new JWSStreamedSigningData.Builder()
              .compact(false)
              .b64(true)
              .addSigner(signer1)
              .addSigner(signer2)
              .build(out);
 InputStream in = ...
 byte[] buf = new byte[1024];
 int read;
 while ((read = in.read(buf))  > -1) {
      signedData.update(buf, 0, buf.length);
 }
 signedData.sign();
 

In this example, the implementation will create a JWS with two signers in General Json Serialization and a base 64 url encoded payload string. It is important to note, that this class does not keep the octets in RAM. The class will forward all (possibly encoded) octets to an internal instance of MessageDigest and writes them to the specified OutputStream. It is important to note that the implementation will NOT call OutputStream.close() of the provided stream.

To validate a signature, get an instance from JWSValidationData via the JAdESParser.

See Also:

JWSSigner

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	JWSStreamedSigningData.Builder Builder class for JWSStreamedSigningData.

Method Summary

Modifier and Type	Method and Description
void	sign() This method invokes the signing process of all previously added signers.
void	sign(byte[] payload) This method invokes the signing process of all previously added signers after calling update(byte[]) with the provided byte array.
void	update(byte[] payload) Adds all provided octets to the payload stream.
void	update(byte[] payload, int off, int len) Adds the specified octets to the payload stream.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

sign

public void sign(byte[] payload)
          throws IOException,
                 JWSException

This method invokes the signing process of all previously added signers after calling update(byte[]) with the provided byte array. Any further calls to update or sign will result in undefined behaviour.

After finishing the signature computation, the implementation writes the JWS to the specified OutputStream using the specified serialization type. Note that the method will not close the OutputStream.

Parameters:

payload - last remaining octets to add to payload

Throws:

IOException - if there is an error writing to the output stream

JWSException - if there is an error during signing

sign

public void sign()
          throws IOException,
                 JWSException

This method invokes the signing process of all previously added signers. Any further calls to update or sign will result in undefined behaviour.

After finishing the signature computation, the implementation writes the JWS to the specified OutputStream using the specified serialization type. Note that the method will not close the OutputStream.

Throws:

IOException - if there is an error writing to the output stream

JWSException - if there is an error during signing

update

public void update(byte[] payload)
            throws IOException

Adds all provided octets to the payload stream. The method may bas b64 url encode the buffer before adding it to payload.

Parameters:

payload - octets to add to the payload stream

Throws:

IOException - if there is an error writing to the output stream

update

public void update(byte[] payload,
                   int off,
                   int len)
            throws IOException

Adds the specified octets to the payload stream. The method may bas b64 url encode the buffer before adding it to payload.

Parameters:

payload - octets to add to the payload stream

off - the offset to start from in the array of payload.

len - the number of bytes to use, starting at offset.

Throws:

IOException - if there is an error writing to the output stream