Package org.mozilla.jss.pkcs7

Class SignedData

java.lang.Object
org.mozilla.jss.pkcs7.SignedData
All Implemented Interfaces:
ASN1Value
public class SignedData extends Object implements ASN1Value
A PKCS #7 SignedData structure. This class implements version 1 of the spec.

The certificates field should only contain X.509 certificates. PKCS #6 extended certificates will fail to decode properly.

  • Field Details

    • version

      private INTEGER version

    • digestAlgorithms

      private SET digestAlgorithms

    • contentInfo

      private ContentInfo contentInfo

    • certificates

      private SET certificates

    • crls

      private SET crls

    • signerInfos

      private SET signerInfos

    • VERSION

      private static final INTEGER VERSION

    • TAG

      static final Tag TAG

  • Constructor Details

    • SignedData

      public SignedData(SET digestAlgorithms, ContentInfo contentInfo, SET certificates, SET crls, SET signerInfos)
      Create a SignedData ASN1 object. Both certificates and CRLs are optional. If you pass in a null for either value, that parameter will not get written in the sequence.
      Parameters:
      digestAlgorithms - A SET of zero or more algorithm identifiers. The purpose of this item is to list the digest algorithms used by the various signers to digest the signed content. This field will also be updated by the addSigner method. If all the signers are added with addSigner, it is not necessary to list the digest algorithms here.

      If null is passed in, the digestAlgorithms field will be initialized with an empty SET.

      contentInfo - The content that is being signed. This parameter may not be null. However, the content field of the contentInfo may be omitted, in which case the signatures contained in the SignerInfo structures are presumed to be on externally-supplied data.
      certificates - A SET of org.mozilla.jss.pkix.cert.Certificate, the certificates containing the public keys used to sign the content. It may also contain elements of the CA chain extending from the leaf certificates. It is not necessary to include the CA chain, or indeed to include any certificates, if the certificates are expected to already be possessed by the recipient. The recipient can use the issuer and serial number in the SignerInfo structure to search for the necessary certificates. If this parameter is null, the certificates field will be omitted.
      crls - A SET of ASN1Values, which should encode to the ASN1 type CertificateRevocationList. This implementation does not interpret CRLs. If this parameter is null, the crls field will be omitted.
      signerInfos - SignerInfo structures containing signatures of the content. Additional signerInfos can be added with the addSigner method. If this parameter is null, the field will be initialized with an empty SET.

    • SignedData

      SignedData(INTEGER version, SET digestAlgorithms, ContentInfo contentInfo, SET certificates, SET crls, SET signerInfos)
      Constructor for creating a SignedData from its encoding.

  • Method Details

    • verifyNotNull

      private static void verifyNotNull(Object obj)

    • getVersion

      public INTEGER getVersion()
      Returns the version of this SignedData. The current version of the spec is version 1.

    • getDigestAlgorithmIdentifiers

      public SET getDigestAlgorithmIdentifiers()
      Returns the digest algorithms used by the signers to digest the signed content. There may be more than one, if different signers use different digesting algorithms.

    • getContentInfo

      public ContentInfo getContentInfo()
      Returns the ContentInfo containing the signed content. The simple case is for the content to be of type data, although any content type can be signed.

    • getCertificates

      public SET getCertificates()
      Returns the certificates field, which is a SET of X.509 certificates (org.mozilla.jss.pkix.cert.Certificate). PKCS #6 Extended Certificates are not supported by this implementation. Returns null if this optional field is not present.

    • hasCertificates

      public boolean hasCertificates()
      Returns true if the certificates field is present.

    • getCrls

      public SET getCrls()
      Returns the crls field, which contains a SET of certificate revocation lists represented by ANYs (org.mozilla.jss.asn1.ANY).

    • hasCrls

      public boolean hasCrls()
      Returns true if the crls field is present.

    • getSignerInfos

      public SET getSignerInfos()
      Returns the signerInfos field, which is a SET of org.mozilla.jss.pkcs7.SignerInfo.

    • getTag

      public Tag getTag()
      Description copied from interface: ASN1Value
      Returns the base tag for this type, not counting any tags that may be imposed on it by its context.
      Specified by:
      getTag in interface ASN1Value
      Returns:
      Base tag.

    • encode

      public void encode(OutputStream ostream) throws IOException
      Description copied from interface: ASN1Value
      Write this value's DER encoding to an output stream using its own base tag.
      Specified by:
      encode in interface ASN1Value
      Parameters:
      ostream - Output stream.
      Throws:
      IOException - If an error occurred.

    • encode

      public void encode(Tag tag, OutputStream ostream) throws IOException
      Description copied from interface: ASN1Value
      Write this value's DER encoding to an output stream using an implicit tag.
      Specified by:
      encode in interface ASN1Value
      Parameters:
      tag - Implicit tag.
      ostream - Output stream.
      Throws:
      IOException - If an error occurred.