PKCS7 as defined in RSA Laboratories PKCS7 Technical Note. Profile
Supports only
ContentInfo
type, where to the type of data signed is plain Data.
For signedData,
and
PKCS#6 Extended Certificates are not supported.
| Constructor: |
|---|
 public PKCS7(InputStream in) throws ParsingException, IOException {
DataInputStream dis = new DataInputStream(in);
byte[] data = new byte[dis.available()];
dis.readFully(data);
parse(new DerInputStream(data));
}
Unmarshals a PKCS7 block from its encoded form, parsing the
encoded bytes from the InputStream. Parameters:
in - an input stream holding at least one PKCS7 block.
ParsingException - on parsing errors.
IOException - on other errors.
- exception:
ParsingException - on parsing errors.
- exception:
IOException - on other errors.
|
public PKCS7(DerInputStream derin) throws ParsingException {
parse(derin);
} Unmarshals a PKCS7 block from its encoded form, parsing the
encoded bytes from the DerInputStream. Parameters:
derin - a DerInputStream holding at least one PKCS7 block.
ParsingException - on parsing errors.
- exception:
ParsingException - on parsing errors.
|
public PKCS7(byte[] bytes) throws ParsingException {
try {
DerInputStream derin = new DerInputStream(bytes);
parse(derin);
} catch (IOException ioe1) {
ParsingException pe = new ParsingException(
"Unable to parse the encoded bytes");
pe.initCause(ioe1);
throw pe;
}
} Unmarshals a PKCS7 block from its encoded form, parsing the
encoded bytes. Parameters:
bytes - the encoded bytes.
ParsingException - on parsing errors.
- exception:
ParsingException - on parsing errors.
|
public PKCS7(AlgorithmId[] digestAlgorithmIds,
ContentInfo contentInfo,
X509Certificate[] certificates,
SignerInfo[] signerInfos) {
this(digestAlgorithmIds, contentInfo, certificates, null, signerInfos);
} |
public PKCS7(AlgorithmId[] digestAlgorithmIds,
ContentInfo contentInfo,
X509Certificate[] certificates,
X509CRL[] crls,
SignerInfo[] signerInfos) {
version = BigInteger.ONE;
this.digestAlgorithmIds = digestAlgorithmIds;
this.contentInfo = contentInfo;
this.certificates = certificates;
this.crls = crls;
this.signerInfos = signerInfos;
} Construct an initialized PKCS7 block. Parameters:
digestAlgorithmIds - the message digest algorithm identifiers.
contentInfo - the content information.
certificates - an array of X.509 certificates.
crls - an array of CRLs
signerInfos - an array of signer information.
|
| Method from sun.security.pkcs.PKCS7 Detail: |
|---|
public void encodeSignedData(OutputStream out) throws IOException {
DerOutputStream derout = new DerOutputStream();
encodeSignedData(derout);
out.write(derout.toByteArray());
} Encodes the signed data to an output stream. |
public void encodeSignedData(DerOutputStream out) throws IOException {
DerOutputStream signedData = new DerOutputStream();
// version
signedData.putInteger(version);
// digestAlgorithmIds
signedData.putOrderedSetOf(DerValue.tag_Set, digestAlgorithmIds);
// contentInfo
contentInfo.encode(signedData);
// certificates (optional)
if (certificates != null && certificates.length != 0) {
// cast to X509CertImpl[] since X509CertImpl implements DerEncoder
X509CertImpl implCerts[] = new X509CertImpl[certificates.length];
for (int i = 0; i < certificates.length; i++) {
if (certificates[i] instanceof X509CertImpl)
implCerts[i] = (X509CertImpl) certificates[i];
else {
try {
byte[] encoded = certificates[i].getEncoded();
implCerts[i] = new X509CertImpl(encoded);
} catch (CertificateException ce) {
IOException ie = new IOException(ce.getMessage());
ie.initCause(ce);
throw ie;
}
}
}
// Add the certificate set (tagged with [0] IMPLICIT)
// to the signed data
signedData.putOrderedSetOf((byte)0xA0, implCerts);
}
// CRLs (optional)
if (crls != null && crls.length != 0) {
// cast to X509CRLImpl[] since X509CRLImpl implements DerEncoder
Set< X509CRLImpl > implCRLs = new HashSet< X509CRLImpl >(crls.length);
for (X509CRL crl: crls) {
if (crl instanceof X509CRLImpl)
implCRLs.add((X509CRLImpl) crl);
else {
try {
byte[] encoded = crl.getEncoded();
implCRLs.add(new X509CRLImpl(encoded));
} catch (CRLException ce) {
IOException ie = new IOException(ce.getMessage());
ie.initCause(ce);
throw ie;
}
}
}
// Add the CRL set (tagged with [1] IMPLICIT)
// to the signed data
signedData.putOrderedSetOf((byte)0xA1,
implCRLs.toArray(new X509CRLImpl[implCRLs.size()]));
}
// signerInfos
signedData.putOrderedSetOf(DerValue.tag_Set, signerInfos);
// making it a signed data block
DerValue signedDataSeq = new DerValue(DerValue.tag_Sequence,
signedData.toByteArray());
// making it a content info sequence
ContentInfo block = new ContentInfo(ContentInfo.SIGNED_DATA_OID,
signedDataSeq);
// writing out the contentInfo sequence
block.encode(out);
} Encodes the signed data to a DerOutputStream. |
public X509CRL[] getCRLs() {
if (crls != null)
return crls.clone();
else
return null;
} Returns the X.509 crls listed in this PKCS7 block. |
public X509Certificate getCertificate(BigInteger serial,
X500Name issuerName) {
if (certificates != null) {
if (certIssuerNames == null)
populateCertIssuerNames();
for (int i = 0; i < certificates.length; i++) {
X509Certificate cert = certificates[i];
BigInteger thisSerial = cert.getSerialNumber();
if (serial.equals(thisSerial)
&& issuerName.equals(certIssuerNames[i]))
{
return cert;
}
}
}
return null;
} Returns the X.509 certificate listed in this PKCS7 block
which has a matching serial number and Issuer name, or
null if one is not found. |
public X509Certificate[] getCertificates() {
if (certificates != null)
return certificates.clone();
else
return null;
} Returns the X.509 certificates listed in this PKCS7 block. |
public ContentInfo getContentInfo() {
return contentInfo;
} Returns the content information specified in this PKCS7 block. |
public AlgorithmId[] getDigestAlgorithmIds() {
return digestAlgorithmIds;
} Returns the message digest algorithms specified in this PKCS7 block. |
public SignerInfo[] getSignerInfos() {
return signerInfos;
} Returns the signer's information specified in this PKCS7 block. |
public BigInteger getVersion() {
return version;
} Returns the version number of this PKCS7 block. |
public boolean isOldStyle() {
return this.oldStyle;
} Returns true if this is a JDK1.1.x-style PKCS#7 block, and false
otherwise. |
public String toString() {
String out = "";
out += contentInfo + "\n";
if (version != null)
out += "PKCS7 :: version: " + Debug.toHexString(version) + "\n";
if (digestAlgorithmIds != null) {
out += "PKCS7 :: digest AlgorithmIds: \n";
for (int i = 0; i < digestAlgorithmIds.length; i++)
out += "\t" + digestAlgorithmIds[i] + "\n";
}
if (certificates != null) {
out += "PKCS7 :: certificates: \n";
for (int i = 0; i < certificates.length; i++)
out += "\t" + i + ". " + certificates[i] + "\n";
}
if (crls != null) {
out += "PKCS7 :: crls: \n";
for (int i = 0; i < crls.length; i++)
out += "\t" + i + ". " + crls[i] + "\n";
}
if (signerInfos != null) {
out += "PKCS7 :: signer infos: \n";
for (int i = 0; i < signerInfos.length; i++)
out += ("\t" + i + ". " + signerInfos[i] + "\n");
}
return out;
} Returns the PKCS7 block in a printable string form. |
public SignerInfo[] verify() throws NoSuchAlgorithmException, SignatureException {
return verify(null);
} Returns all signerInfos which self-verify. |
public SignerInfo[] verify(byte[] bytes) throws NoSuchAlgorithmException, SignatureException {
Vector< SignerInfo > intResult = new Vector< SignerInfo >();
for (int i = 0; i < signerInfos.length; i++) {
SignerInfo signerInfo = verify(signerInfos[i], bytes);
if (signerInfo != null) {
intResult.addElement(signerInfo);
}
}
if (intResult.size() != 0) {
SignerInfo[] result = new SignerInfo[intResult.size()];
intResult.copyInto(result);
return result;
}
return null;
} Returns all signerInfos which self-verify. |
public SignerInfo verify(SignerInfo info,
byte[] bytes) throws NoSuchAlgorithmException, SignatureException {
return info.verify(this, bytes);
} This verifies a given SignerInfo. |
sun.security.pkcs.PKCS7
Save This Page