org.gudy.bouncycastle.jce
Class PKCS7SignedData

java.lang.Object
  extended by org.gudy.bouncycastle.jce.PKCS7SignedData
All Implemented Interfaces:
PKCSObjectIdentifiers

public class PKCS7SignedData
extends Object
implements PKCSObjectIdentifiers

Represents a PKCS#7 object - specifically the "Signed Data" type.

How to use it? To verify a signature, do:

 PKCS7SignedData pkcs7 = new PKCS7SignedData(der_bytes);                // Create it
 pkcs7.update(bytes, 0, bytes.length);  // Update checksum
 boolean verified = pkcs7.verify();             // Does it add up?

 To sign, do this:
 PKCS7SignedData pkcs7 = new PKCS7SignedData(privKey, certChain, "MD5");
 pkcs7.update(bytes, 0, bytes.length);  // Update checksum
 pkcs7.sign();                          // Create digest

 bytes = pkcs7.getEncoded();                    // Write it somewhere
 

This class is pretty close to obsolete, for a much better (and more complete) implementation of PKCS7 have a look at the org.gudy.bouncycastle.cms package.


Field Summary
 
Fields inherited from interface org.gudy.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers
bagtypes, canNotDecryptAny, certBag, crlBag, data, des_EDE3_CBC, dhKeyAgreement, digestedData, encryptedData, encryptionAlgorithm, envelopedData, id_aa, id_aa_encrypKeyPref, id_alg_PWRI_KEK, id_ct_compressedData, id_PBES2, id_PBKDF2, keyBag, md2, md2WithRSAEncryption, md4WithRSAEncryption, md5, md5WithRSAEncryption, pkcs_1, pkcs_12, pkcs_3, pkcs_5, pkcs_7, pkcs_9, pkcs_9_at_challengePassword, pkcs_9_at_contentType, pkcs_9_at_counterSignature, pkcs_9_at_emailAddress, pkcs_9_at_extendedCertificateAttributes, pkcs_9_at_extensionRequest, pkcs_9_at_friendlyName, pkcs_9_at_localKeyId, pkcs_9_at_messageDigest, pkcs_9_at_signingDescription, pkcs_9_at_signingTime, pkcs_9_at_smimeCapabilities, pkcs_9_at_unstructuredAddress, pkcs_9_at_unstructuredName, pkcs8ShroudedKeyBag, preferSignedData, RC2_CBC, rsaEncryption, safeContentsBag, secretBag, sha1WithRSAEncryption, sha256WithRSAEncryption, sha384WithRSAEncryption, sha512WithRSAEncryption, signedAndEnvelopedData, signedData, sMIMECapabilitiesVersions, srsaOAEPEncryptionSET, x509certType
 
Constructor Summary
PKCS7SignedData(byte[] in)
          Read an existing PKCS#7 object from a DER encoded byte array using the BC provider.
PKCS7SignedData(byte[] in, String provider)
          Read an existing PKCS#7 object from a DER encoded byte array
PKCS7SignedData(PrivateKey privKey, Certificate[] certChain, CRL[] crlList, String hashAlgorithm, String provider)
          Create a new PKCS#7 object from the specified key.
PKCS7SignedData(PrivateKey privKey, Certificate[] certChain, String hashAlgorithm)
          Create a new PKCS#7 object from the specified key using the BC provider.
PKCS7SignedData(PrivateKey privKey, Certificate[] certChain, String hashAlgorithm, String provider)
          Create a new PKCS#7 object from the specified key.
 
Method Summary
 Certificate[] getCertificates()
          Get the X.509 certificates associated with this PKCS#7 object
 Collection getCRLs()
          Get the X.509 certificate revocation lists associated with this PKCS#7 object
 String getDigestAlgorithm()
          Get the algorithm used to calculate the message digest
 byte[] getEncoded()
          return the bytes for the PKCS7SignedData object.
 X509Certificate getSigningCertificate()
          Get the X.509 certificate actually used to sign the digest.
 int getSigningInfoVersion()
          Get the version of the PKCS#7 "SignerInfo" object.
 int getVersion()
          Get the version of the PKCS#7 object.
 void reset()
          Resets the PKCS7SignedData object to it's initial state, ready to sign or verify a new buffer.
 void update(byte buf)
          Update the digest with the specified byte.
 void update(byte[] buf, int off, int len)
          Update the digest with the specified bytes.
 boolean verify()
          Verify the digest
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PKCS7SignedData

public PKCS7SignedData(byte[] in)
                throws SecurityException,
                       CRLException,
                       InvalidKeyException,
                       CertificateException,
                       NoSuchProviderException,
                       NoSuchAlgorithmException
Read an existing PKCS#7 object from a DER encoded byte array using the BC provider.

Throws:
SecurityException
CRLException
InvalidKeyException
CertificateException
NoSuchProviderException
NoSuchAlgorithmException

PKCS7SignedData

public PKCS7SignedData(byte[] in,
                       String provider)
                throws SecurityException,
                       CRLException,
                       InvalidKeyException,
                       CertificateException,
                       NoSuchProviderException,
                       NoSuchAlgorithmException
Read an existing PKCS#7 object from a DER encoded byte array

Throws:
SecurityException
CRLException
InvalidKeyException
CertificateException
NoSuchProviderException
NoSuchAlgorithmException

PKCS7SignedData

public PKCS7SignedData(PrivateKey privKey,
                       Certificate[] certChain,
                       String hashAlgorithm)
                throws SecurityException,
                       InvalidKeyException,
                       NoSuchProviderException,
                       NoSuchAlgorithmException
Create a new PKCS#7 object from the specified key using the BC provider.

Parameters:
the - private key to be used for signing.
the - certifiacate chain associated with the private key.
hashAlgorithm - the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA"
Throws:
SecurityException
InvalidKeyException
NoSuchProviderException
NoSuchAlgorithmException

PKCS7SignedData

public PKCS7SignedData(PrivateKey privKey,
                       Certificate[] certChain,
                       String hashAlgorithm,
                       String provider)
                throws SecurityException,
                       InvalidKeyException,
                       NoSuchProviderException,
                       NoSuchAlgorithmException
Create a new PKCS#7 object from the specified key.

Parameters:
privKey - the private key to be used for signing.
certChain - the certificate chain associated with the private key.
hashAlgorithm - the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA"
provider - the provider to use.
Throws:
SecurityException
InvalidKeyException
NoSuchProviderException
NoSuchAlgorithmException

PKCS7SignedData

public PKCS7SignedData(PrivateKey privKey,
                       Certificate[] certChain,
                       CRL[] crlList,
                       String hashAlgorithm,
                       String provider)
                throws SecurityException,
                       InvalidKeyException,
                       NoSuchProviderException,
                       NoSuchAlgorithmException
Create a new PKCS#7 object from the specified key.

Parameters:
privKey - the private key to be used for signing.
certChain - the certificate chain associated with the private key.
crlList - the crl list associated with the private key.
hashAlgorithm - the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA"
provider - the provider to use.
Throws:
SecurityException
InvalidKeyException
NoSuchProviderException
NoSuchAlgorithmException
Method Detail

getDigestAlgorithm

public String getDigestAlgorithm()
Get the algorithm used to calculate the message digest


reset

public void reset()
Resets the PKCS7SignedData object to it's initial state, ready to sign or verify a new buffer.


getCertificates

public Certificate[] getCertificates()
Get the X.509 certificates associated with this PKCS#7 object


getCRLs

public Collection getCRLs()
Get the X.509 certificate revocation lists associated with this PKCS#7 object


getSigningCertificate

public X509Certificate getSigningCertificate()
Get the X.509 certificate actually used to sign the digest.


getVersion

public int getVersion()
Get the version of the PKCS#7 object. Always 1


getSigningInfoVersion

public int getSigningInfoVersion()
Get the version of the PKCS#7 "SignerInfo" object. Always 1


update

public void update(byte buf)
            throws SignatureException
Update the digest with the specified byte. This method is used both for signing and verifying

Throws:
SignatureException

update

public void update(byte[] buf,
                   int off,
                   int len)
            throws SignatureException
Update the digest with the specified bytes. This method is used both for signing and verifying

Throws:
SignatureException

verify

public boolean verify()
               throws SignatureException
Verify the digest

Throws:
SignatureException

getEncoded

public byte[] getEncoded()
return the bytes for the PKCS7SignedData object.