java.lang.Object | ||
↳ | org.bouncycastle.cms.CMSContentInfoParser | |
↳ | org.bouncycastle.cms.CMSSignedDataParser |
Known Direct Subclasses |
Parsing class for an CMS Signed Data object from an input stream.
Note: that because we are in a streaming mode only one signer can be tried and it is important that the methods on the parser are called in the appropriate order.
A simple example of usage for an encapsulated signature.
Two notes: first, in the example below the validity of the certificate isn't verified, just the fact that one of the certs matches the given signer, and, second, because we are in a streaming mode the order of the operations is important.
CMSSignedDataParser sp = new CMSSignedDataParser(encapSigData); sp.getSignedContent().drain(); CertStore certs = sp.getCertificatesAndCRLs("Collection", "BC"); SignerInformationStore signers = sp.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation)it.next(); Collection certCollection = certStore.getMatches(signer.getSID()); Iterator certIt = certCollection.iterator(); X509CertificateHolder cert = (X509CertificateHolder)certIt.next(); System.out.println("verify returns: " + signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))); }Note also: this class does not introduce buffering - if you are processing large files you should create the parser with:
CMSSignedDataParser ep = new CMSSignedDataParser(new BufferedInputStream(encapSigData, bufSize));where bufSize is a suitably large buffer size.
[Expand]
Inherited Fields | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.bouncycastle.cms.CMSContentInfoParser
|
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
base constructor - with encapsulated content
| |||||||||||
base constructor
|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
return a X509Store containing the attribute certificates, if any, contained
in this message.
| |||||||||||
return a X509Store containing the attribute certificates, if any, contained
in this message.
| |||||||||||
This method is deprecated.
use getCRLs()
| |||||||||||
This method is deprecated.
use getCRLs()
| |||||||||||
This method is deprecated.
use getCertificates()
| |||||||||||
This method is deprecated.
use getCertificates()
| |||||||||||
This method is deprecated.
use getCertificates()
| |||||||||||
This method is deprecated.
use getCertificates()
| |||||||||||
Return the a string representation of the OID associated with the
encapsulated content info structure carried in the signed data.
| |||||||||||
return the collection of signers that are associated with the
signatures for the message.
| |||||||||||
Return the version number for the SignedData object
| |||||||||||
Replace the certificate and CRL information associated with this
CMSSignedData object with the new one passed in.
| |||||||||||
This method is deprecated.
use method that takes Store objects.
| |||||||||||
Replace the signerinformation store associated with the passed
in message contained in the stream original with the new one passed in.
|
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.bouncycastle.cms.CMSContentInfoParser
| |||||||||||
From class
java.lang.Object
|
base constructor - with encapsulated content
CMSException |
---|
base constructor
signedContent | the content that was signed. |
---|---|
sigData | the signature object stream. |
CMSException |
---|
return a X509Store containing the attribute certificates, if any, contained in this message.
type | type of store to create |
---|---|
provider | name of provider to use |
NoSuchProviderException | if the provider requested isn't available. |
---|---|
NoSuchStoreException | if the store type isn't available. |
CMSException | if a general exception prevents creation of the X509Store |
return a X509Store containing the attribute certificates, if any, contained in this message.
type | type of store to create |
---|---|
provider | provider to use |
NoSuchStoreException | if the store type isn't available. |
---|---|
CMSException | if a general exception prevents creation of the X509Store |
This method is deprecated.
use getCRLs()
return a X509Store containing CRLs, if any, contained in this message.
type | type of store to create |
---|---|
provider | provider to use |
NoSuchStoreException | if the store type isn't available. |
---|---|
CMSException | if a general exception prevents creation of the X509Store |
This method is deprecated.
use getCRLs()
return a X509Store containing CRLs, if any, contained in this message.
type | type of store to create |
---|---|
provider | name of provider to use |
NoSuchProviderException | if the provider requested isn't available. |
---|---|
NoSuchStoreException | if the store type isn't available. |
CMSException | if a general exception prevents creation of the X509Store |
This method is deprecated.
use getCertificates()
return a X509Store containing the public key certificates, if any, contained in this message.
type | type of store to create |
---|---|
provider | provider to use |
NoSuchStoreException | if the store type isn't available. |
---|---|
CMSException | if a general exception prevents creation of the X509Store |
This method is deprecated.
use getCertificates()
return a X509Store containing the public key certificates, if any, contained in this message.
type | type of store to create |
---|---|
provider | provider to use |
NoSuchProviderException | if the provider requested isn't available. |
---|---|
NoSuchStoreException | if the store type isn't available. |
CMSException | if a general exception prevents creation of the X509Store |
This method is deprecated.
use getCertificates()
return a CertStore containing the certificates and CRLs associated with this message.
NoSuchProviderException | if the provider requested isn't available. |
---|---|
NoSuchAlgorithmException | if the cert store isn't available. |
CMSException | if a general exception prevents creation of the CertStore |
This method is deprecated.
use getCertificates()
return a CertStore containing the certificates and CRLs associated with this message.
NoSuchProviderException | if the provider requested isn't available. |
---|---|
NoSuchAlgorithmException | if the cert store isn't available. |
CMSException | if a general exception prevents creation of the CertStore |
Return the a string representation of the OID associated with the encapsulated content info structure carried in the signed data.
return the collection of signers that are associated with the signatures for the message.
CMSException |
---|
Return the version number for the SignedData object
Replace the certificate and CRL information associated with this CMSSignedData object with the new one passed in.
The output stream is returned unclosed.
original | the signed data stream to be used as a base. |
---|---|
certs | new certificates to be used, if any. |
crls | new CRLs to be used, if any. |
attrCerts | new attribute certificates to be used, if any. |
out | the stream to write the new signed data object to. |
CMSException | if there is an error processing the CertStore |
---|---|
IOException |
This method is deprecated.
use method that takes Store objects.
Replace the certificate and CRL information associated with this CMSSignedData object with the new one passed in.
The output stream is returned unclosed.
original | the signed data stream to be used as a base. |
---|---|
certsAndCrls | the new certificates and CRLs to be used. |
out | the stream to write the new signed data object to. |
CMSException | if there is an error processing the CertStore |
---|---|
IOException |
Replace the signerinformation store associated with the passed in message contained in the stream original with the new one passed in. You would probably only want to do this if you wanted to change the unsigned attributes associated with a signer, or perhaps delete one.
The output stream is returned unclosed.
original | the signed data stream to be used as a base. |
---|---|
signerInformationStore | the new signer information store to use. |
out | the stream to write the new signed data object to. |
CMSException | |
---|---|
IOException |