public class

CMSSignedDataParser

extends CMSContentInfoParser
java.lang.Object
   ↳ org.bouncycastle.cms.CMSContentInfoParser
     ↳ org.bouncycastle.cms.CMSSignedDataParser
Known Direct Subclasses

Class Overview

Parsing class for an CMS Signed Data object from an input stream.

Note: that because we are in a streaming mode only one signer can be tried and it is important that the methods on the parser are called in the appropriate order.

A simple example of usage for an encapsulated signature.

Two notes: first, in the example below the validity of the certificate isn't verified, just the fact that one of the certs matches the given signer, and, second, because we are in a streaming mode the order of the operations is important. 

      CMSSignedDataParser     sp = new CMSSignedDataParser(encapSigData);

      sp.getSignedContent().drain();

      CertStore               certs = sp.getCertificatesAndCRLs("Collection", "BC");
      SignerInformationStore  signers = sp.getSignerInfos();
      
      Collection              c = signers.getSigners();
      Iterator                it = c.iterator();

      while (it.hasNext())
      {
          SignerInformation   signer = (SignerInformation)it.next();
          Collection          certCollection = certStore.getMatches(signer.getSID());

          Iterator        certIt = certCollection.iterator();
          X509CertificateHolder cert = (X509CertificateHolder)certIt.next();

          System.out.println("verify returns: " + signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)));
      }
Note also: this class does not introduce buffering - if you are processing large files you should create the parser with: 
          CMSSignedDataParser     ep = new CMSSignedDataParser(new BufferedInputStream(encapSigData, bufSize));
where bufSize is a suitably large buffer size.

Summary

[Expand]
Inherited Fields
From class org.bouncycastle.cms.CMSContentInfoParser
Public Constructors
CMSSignedDataParser(byte[] sigBlock)
CMSSignedDataParser(CMSTypedStream signedContent, byte[] sigBlock)
CMSSignedDataParser(InputStream sigData)
base constructor - with encapsulated content
CMSSignedDataParser(CMSTypedStream signedContent, InputStream sigData)
base constructor
Public Methods
Store getAttributeCertificates()
X509Store getAttributeCertificates(String type, String provider)
return a X509Store containing the attribute certificates, if any, contained in this message.
X509Store getAttributeCertificates(String type, Provider provider)
return a X509Store containing the attribute certificates, if any, contained in this message.
X509Store getCRLs(String type, Provider provider)
This method is deprecated. use getCRLs()
Store getCRLs()
X509Store getCRLs(String type, String provider)
This method is deprecated. use getCRLs()
Store getCertificates()
X509Store getCertificates(String type, Provider provider)
This method is deprecated. use getCertificates()
X509Store getCertificates(String type, String provider)
This method is deprecated. use getCertificates()
CertStore getCertificatesAndCRLs(String type, Provider provider)
This method is deprecated. use getCertificates()
CertStore getCertificatesAndCRLs(String type, String provider)
This method is deprecated. use getCertificates()
CMSTypedStream getSignedContent()
String getSignedContentTypeOID()
Return the a string representation of the OID associated with the encapsulated content info structure carried in the signed data.
SignerInformationStore getSignerInfos()
return the collection of signers that are associated with the signatures for the message.
int getVersion()
Return the version number for the SignedData object
static OutputStream replaceCertificatesAndCRLs(InputStream original, Store certs, Store crls, Store attrCerts, OutputStream out)
Replace the certificate and CRL information associated with this CMSSignedData object with the new one passed in.
static OutputStream replaceCertificatesAndCRLs(InputStream original, CertStore certsAndCrls, OutputStream out)
This method is deprecated. use method that takes Store objects.
static OutputStream replaceSigners(InputStream original, SignerInformationStore signerInformationStore, OutputStream out)
Replace the signerinformation store associated with the passed in message contained in the stream original with the new one passed in.
[Expand]
Inherited Methods
From class org.bouncycastle.cms.CMSContentInfoParser
From class java.lang.Object

Public Constructors

public CMSSignedDataParser (byte[] sigBlock)

Throws
CMSException

public CMSSignedDataParser (CMSTypedStream signedContent, byte[] sigBlock)

Throws
CMSException

public CMSSignedDataParser (InputStream sigData)

base constructor - with encapsulated content

Throws
CMSException

public CMSSignedDataParser (CMSTypedStream signedContent, InputStream sigData)

base constructor

Parameters
signedContent the content that was signed.
sigData the signature object stream.
Throws
CMSException

Public Methods

public Store getAttributeCertificates ()

Throws
CMSException

public X509Store getAttributeCertificates (String type, String provider)

return a X509Store containing the attribute certificates, if any, contained in this message.

Parameters
type type of store to create
provider name of provider to use
Returns
  • a store of attribute certificates
Throws
NoSuchProviderException if the provider requested isn't available.
NoSuchStoreException if the store type isn't available.
CMSException if a general exception prevents creation of the X509Store

public X509Store getAttributeCertificates (String type, Provider provider)

return a X509Store containing the attribute certificates, if any, contained in this message.

Parameters
type type of store to create
provider provider to use
Returns
  • a store of attribute certificates
Throws
NoSuchStoreException if the store type isn't available.
CMSException if a general exception prevents creation of the X509Store

public X509Store getCRLs (String type, Provider provider)

This method is deprecated.
use getCRLs()

return a X509Store containing CRLs, if any, contained in this message.

Parameters
type type of store to create
provider provider to use
Returns
  • a store of CRLs
Throws
NoSuchStoreException if the store type isn't available.
CMSException if a general exception prevents creation of the X509Store

public Store getCRLs ()

Throws
CMSException

public X509Store getCRLs (String type, String provider)

This method is deprecated.
use getCRLs()

return a X509Store containing CRLs, if any, contained in this message.

Parameters
type type of store to create
provider name of provider to use
Returns
  • a store of CRLs
Throws
NoSuchProviderException if the provider requested isn't available.
NoSuchStoreException if the store type isn't available.
CMSException if a general exception prevents creation of the X509Store

public Store getCertificates ()

Throws
CMSException

public X509Store getCertificates (String type, Provider provider)

This method is deprecated.
use getCertificates()

return a X509Store containing the public key certificates, if any, contained in this message.

Parameters
type type of store to create
provider provider to use
Returns
  • a store of public key certificates
Throws
NoSuchStoreException if the store type isn't available.
CMSException if a general exception prevents creation of the X509Store

public X509Store getCertificates (String type, String provider)

This method is deprecated.
use getCertificates()

return a X509Store containing the public key certificates, if any, contained in this message.

Parameters
type type of store to create
provider provider to use
Returns
  • a store of public key certificates
Throws
NoSuchProviderException if the provider requested isn't available.
NoSuchStoreException if the store type isn't available.
CMSException if a general exception prevents creation of the X509Store

public CertStore getCertificatesAndCRLs (String type, Provider provider)

This method is deprecated.
use getCertificates()

return a CertStore containing the certificates and CRLs associated with this message.

Throws
NoSuchProviderException if the provider requested isn't available.
NoSuchAlgorithmException if the cert store isn't available.
CMSException if a general exception prevents creation of the CertStore

public CertStore getCertificatesAndCRLs (String type, String provider)

This method is deprecated.
use getCertificates()

return a CertStore containing the certificates and CRLs associated with this message.

Throws
NoSuchProviderException if the provider requested isn't available.
NoSuchAlgorithmException if the cert store isn't available.
CMSException if a general exception prevents creation of the CertStore

public CMSTypedStream getSignedContent ()

public String getSignedContentTypeOID ()

Return the a string representation of the OID associated with the encapsulated content info structure carried in the signed data.

Returns
  • the OID for the content type.

public SignerInformationStore getSignerInfos ()

return the collection of signers that are associated with the signatures for the message.

Throws
CMSException

public int getVersion ()

Return the version number for the SignedData object

Returns
  • the version number

public static OutputStream replaceCertificatesAndCRLs (InputStream original, Store certs, Store crls, Store attrCerts, OutputStream out)

Replace the certificate and CRL information associated with this CMSSignedData object with the new one passed in.

The output stream is returned unclosed.

Parameters
original the signed data stream to be used as a base.
certs new certificates to be used, if any.
crls new CRLs to be used, if any.
attrCerts new attribute certificates to be used, if any.
out the stream to write the new signed data object to.
Returns
  • out.
Throws
CMSException if there is an error processing the CertStore
IOException

public static OutputStream replaceCertificatesAndCRLs (InputStream original, CertStore certsAndCrls, OutputStream out)

This method is deprecated.
use method that takes Store objects.

Replace the certificate and CRL information associated with this CMSSignedData object with the new one passed in.

The output stream is returned unclosed.

Parameters
original the signed data stream to be used as a base.
certsAndCrls the new certificates and CRLs to be used.
out the stream to write the new signed data object to.
Returns
  • out.
Throws
CMSException if there is an error processing the CertStore
IOException

public static OutputStream replaceSigners (InputStream original, SignerInformationStore signerInformationStore, OutputStream out)

Replace the signerinformation store associated with the passed in message contained in the stream original with the new one passed in. You would probably only want to do this if you wanted to change the unsigned attributes associated with a signer, or perhaps delete one.

The output stream is returned unclosed.

Parameters
original the signed data stream to be used as a base.
signerInformationStore the new signer information store to use.
out the stream to write the new signed data object to.
Returns
  • out.
Throws
CMSException
IOException