org.mozilla.jss.pkix.cms

Class SignedData

Implemented Interfaces:
ASN1Value

public class SignedData
extends java.lang.Object
implements ASN1Value

A CMS SignedData structure.

The certificates field should only contain X.509 certificates. PKCS #6 extended certificates will fail to decode properly.

Nested Class Summary

static class
SignedData.Template
A template file for decoding a SignedData blob

Constructor Summary

SignedData(SET digestAlgorithms, EncapsulatedContentInfo contentInfo, SET certificates, SET crls, SET signerInfos)
Create a SignedData ASN1 object.

Method Summary

void
encode(OutputStream ostream)
void
encode(Tag tag, OutputStream ostream)
SET
getCertificates()
Returns the certificates field, which is a SET of X.509 certificates (org.mozilla.jss.pkix.cert.Certificate).
EncapsulatedContentInfo
getContentInfo()
Returns the EncapsulatedContentInfo containing the signed content.
SET
getCrls()
Returns the crls field, which contains a SET of certificate revocation lists represented by ANYs (org.mozilla.jss.asn1.ANY).
SET
getDigestAlgorithmIdentifiers()
Returns the digest algorithms used by the signers to digest the signed content.
SET
getSignerInfos()
Returns the signerInfos field, which is a SET of org.mozilla.jss.pkcs7.SignerInfo.
Tag
getTag()
static SignedData.Template
getTemplate()
INTEGER
getVersion()
Returns the version of this SignedData.
boolean
hasCertificates()
Returns true if the certificates field is present.
boolean
hasCrls()
Returns true if the crls field is present.

Constructor Details

SignedData

public SignedData(SET digestAlgorithms,
                  EncapsulatedContentInfo contentInfo,
                  SET certificates,
                  SET crls,
                  SET signerInfos)
Create a SignedData ASN1 object. Both certificates and crls are optional. If you pass in a null for either value, that parameter will not get written in the sequence.
Parameters:
digestAlgorithms - A SET of zero or more algorithm identifiers. The purpose of this item is to list the digest algorithms used by the various signers to digest the signed content. This field will also be updated by the addSigner method. If all the signers are added with addSigner, it is not necessary to list the digest algorithms here.

If null is passed in, the digestAlgorithms field will be initialized with an empty SET.

contentInfo - The content that is being signed. This parameter may not be null. However, the content field of the contentInfo may be omitted, in which case the signatures contained in the SignerInfo structures are presumed to be on externally-supplied data.
certificates - A SET of org.mozilla.jss.pkix.cert.Certificate, the certificates containing the public keys used to sign the content. It may also contain elements of the CA chain extending from the leaf certificates. It is not necessary to include the CA chain, or indeed to include any certificates, if the certificates are expected to already be possessed by the recipient. The recipient can use the issuer and serial number in the SignerInfo structure to search for the necessary certificates. If this parameter is null, the certificates field will be omitted.
crls - A SET of ASN1Values, which should encode to the ASN1 type CertificateRevocationList. This implementation does not interpret crls. If this parameter is null, the crls field will be omitted.
signerInfos - SignerInfo structures containing signatures of the content. Additional signerInfos can be added with the addSigner method. If this parameter is null, the field will be initialized with an empty SET.

Method Details

encode

public void encode(OutputStream ostream)
            throws IOException
Specified by:
encode in interface ASN1Value

encode

public void encode(Tag tag,
                   OutputStream ostream)
            throws IOException
Specified by:
encode in interface ASN1Value

getCertificates

public SET getCertificates()
Returns the certificates field, which is a SET of X.509 certificates (org.mozilla.jss.pkix.cert.Certificate). PKCS #6 Extended Certificates are not supported by this implementation. Returns null if this optional field is not present.

getContentInfo

public EncapsulatedContentInfo getContentInfo()
Returns the EncapsulatedContentInfo containing the signed content. The simple case is for the content to be of type data, although any content type can be signed.

getCrls

public SET getCrls()
Returns the crls field, which contains a SET of certificate revocation lists represented by ANYs (org.mozilla.jss.asn1.ANY).

getDigestAlgorithmIdentifiers

public SET getDigestAlgorithmIdentifiers()
Returns the digest algorithms used by the signers to digest the signed content. There may be more than one, if different signers use different digesting algorithms.

getSignerInfos

public SET getSignerInfos()
Returns the signerInfos field, which is a SET of org.mozilla.jss.pkcs7.SignerInfo.

getTag

public Tag getTag()
Specified by:
getTag in interface ASN1Value

getTemplate

public static SignedData.Template getTemplate()

getVersion

public INTEGER getVersion()
Returns the version of this SignedData. The current version of the spec is version 3.

hasCertificates

public boolean hasCertificates()
Returns true if the certificates field is present.

hasCrls

public boolean hasCrls()
Returns true if the crls field is present.