org.bouncycastle.jce
Class PKCS7SignedData
java.lang.Object
org.bouncycastle.jce.PKCS7SignedData
- PKCSObjectIdentifiers
public class PKCS7SignedData
extends java.lang.Object
Represents a PKCS#7 object - specifically the "Signed Data"
type.
How to use it? To verify a signature, do:
PKCS7SignedData pkcs7 = new PKCS7SignedData(der_bytes); // Create it
pkcs7.update(bytes, 0, bytes.length); // Update checksum
boolean verified = pkcs7.verify(); // Does it add up?
To sign, do this:
PKCS7SignedData pkcs7 = new PKCS7SignedData(privKey, certChain, "MD5");
pkcs7.update(bytes, 0, bytes.length); // Update checksum
pkcs7.sign(); // Create digest
bytes = pkcs7.getEncoded(); // Write it somewhere
This class is pretty close to obsolete, for a much better (and more complete)
implementation of PKCS7 have a look at the org.bouncycastle.cms package.
RC2_CBC , bagtypes , canNotDecryptAny , certBag , crlBag , data , des_EDE3_CBC , dhKeyAgreement , digestAlgorithm , digestedData , encryptedData , encryptionAlgorithm , envelopedData , id_PBES2 , id_PBKDF2 , id_RSAES_OAEP , id_RSASSA_PSS , id_aa , id_aa_commitmentType , id_aa_contentHint , id_aa_contentIdentifier , id_aa_encrypKeyPref , id_aa_otherSigCert , id_aa_receiptRequest , id_aa_sigPolicyId , id_aa_signatureTimeStampToken , id_aa_signerLocation , id_aa_signingCertificate , id_alg_CMS3DESwrap , id_alg_CMSRC2wrap , id_alg_PWRI_KEK , id_ct , id_ct_TSTInfo , id_ct_compressedData , id_cti , id_cti_ets_proofOfApproval , id_cti_ets_proofOfCreation , id_cti_ets_proofOfDelivery , id_cti_ets_proofOfOrigin , id_cti_ets_proofOfReceipt , id_cti_ets_proofOfSender , id_hmacWithSHA1 , id_hmacWithSHA224 , id_hmacWithSHA256 , id_hmacWithSHA384 , id_hmacWithSHA512 , id_mgf1 , id_pSpecified , keyBag , md2 , md2WithRSAEncryption , md4 , md4WithRSAEncryption , md5 , md5WithRSAEncryption , pbeWithMD2AndDES_CBC , pbeWithMD2AndRC2_CBC , pbeWithMD5AndDES_CBC , pbeWithMD5AndRC2_CBC , pbeWithSHA1AndDES_CBC , pbeWithSHA1AndRC2_CBC , pbeWithSHAAnd128BitRC2_CBC , pbeWithSHAAnd128BitRC4 , pbeWithSHAAnd2_KeyTripleDES_CBC , pbeWithSHAAnd3_KeyTripleDES_CBC , pbeWithSHAAnd40BitRC4 , pbewithSHAAnd40BitRC2_CBC , pkcs8ShroudedKeyBag , pkcs_1 , pkcs_12 , pkcs_12PbeIds , pkcs_3 , pkcs_5 , pkcs_7 , pkcs_9 , pkcs_9_at_challengePassword , pkcs_9_at_contentType , pkcs_9_at_counterSignature , pkcs_9_at_emailAddress , pkcs_9_at_extendedCertificateAttributes , pkcs_9_at_extensionRequest , pkcs_9_at_friendlyName , pkcs_9_at_localKeyId , pkcs_9_at_messageDigest , pkcs_9_at_signingDescription , pkcs_9_at_signingTime , pkcs_9_at_smimeCapabilities , pkcs_9_at_unstructuredAddress , pkcs_9_at_unstructuredName , preferSignedData , rsaEncryption , sMIMECapabilitiesVersions , safeContentsBag , secretBag , sha1WithRSAEncryption , sha224WithRSAEncryption , sha256WithRSAEncryption , sha384WithRSAEncryption , sha512WithRSAEncryption , signedAndEnvelopedData , signedData , srsaOAEPEncryptionSET , x509certType |
PKCS7SignedData(PrivateKey privKey, Certificate[] certChain, CRL[] crlList, String hashAlgorithm, String provider) - Create a new PKCS#7 object from the specified key.
|
PKCS7SignedData(PrivateKey privKey, Certificate[] certChain, String hashAlgorithm) - Create a new PKCS#7 object from the specified key using the BC provider.
|
PKCS7SignedData(PrivateKey privKey, Certificate[] certChain, String hashAlgorithm, String provider) - Create a new PKCS#7 object from the specified key.
|
PKCS7SignedData(byte[] in) - Read an existing PKCS#7 object from a DER encoded byte array using
the BC provider.
|
PKCS7SignedData(byte[] in, String provider) - Read an existing PKCS#7 object from a DER encoded byte array
|
Collection | getCRLs() - Get the X.509 certificate revocation lists associated with this PKCS#7 object
|
Certificate[] | getCertificates() - Get the X.509 certificates associated with this PKCS#7 object
|
String | getDigestAlgorithm() - Get the algorithm used to calculate the message digest
|
byte[] | getEncoded() - return the bytes for the PKCS7SignedData object.
|
X509Certificate | getSigningCertificate() - Get the X.509 certificate actually used to sign the digest.
|
int | getSigningInfoVersion() - Get the version of the PKCS#7 "SignerInfo" object.
|
int | getVersion() - Get the version of the PKCS#7 object.
|
void | reset() - Resets the PKCS7SignedData object to it's initial state, ready
to sign or verify a new buffer.
|
void | update(byte buf) - Update the digest with the specified byte.
|
void | update(byte[] buf, int off, int len) - Update the digest with the specified bytes.
|
boolean | verify() - Verify the digest
|
PKCS7SignedData
public PKCS7SignedData(PrivateKey privKey,
Certificate[] certChain,
CRL[] crlList,
String hashAlgorithm,
String provider)
throws SecurityException,
InvalidKeyException,
NoSuchProviderException,
NoSuchAlgorithmException
Create a new PKCS#7 object from the specified key.
privKey
- the private key to be used for signing.certChain
- the certificate chain associated with the private key.crlList
- the crl list associated with the private key.hashAlgorithm
- the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA"provider
- the provider to use.
PKCS7SignedData
public PKCS7SignedData(PrivateKey privKey,
Certificate[] certChain,
String hashAlgorithm)
throws SecurityException,
InvalidKeyException,
NoSuchProviderException,
NoSuchAlgorithmException
Create a new PKCS#7 object from the specified key using the BC provider.
privKey
- the private key to be used for signing.certChain
- the certificate chain associated with the private key.hashAlgorithm
- the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA"
PKCS7SignedData
public PKCS7SignedData(PrivateKey privKey,
Certificate[] certChain,
String hashAlgorithm,
String provider)
throws SecurityException,
InvalidKeyException,
NoSuchProviderException,
NoSuchAlgorithmException
Create a new PKCS#7 object from the specified key.
privKey
- the private key to be used for signing.certChain
- the certificate chain associated with the private key.hashAlgorithm
- the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA"provider
- the provider to use.
PKCS7SignedData
public PKCS7SignedData(byte[] in)
throws SecurityException,
CRLException,
InvalidKeyException,
NoSuchProviderException,
NoSuchAlgorithmException
Read an existing PKCS#7 object from a DER encoded byte array using
the BC provider.
PKCS7SignedData
public PKCS7SignedData(byte[] in,
String provider)
throws SecurityException,
CRLException,
InvalidKeyException,
NoSuchProviderException,
NoSuchAlgorithmException
Read an existing PKCS#7 object from a DER encoded byte array
getCRLs
public Collection getCRLs()
Get the X.509 certificate revocation lists associated with this PKCS#7 object
getCertificates
public Certificate[] getCertificates()
Get the X.509 certificates associated with this PKCS#7 object
getDigestAlgorithm
public String getDigestAlgorithm()
Get the algorithm used to calculate the message digest
getEncoded
public byte[] getEncoded()
return the bytes for the PKCS7SignedData object.
getSigningCertificate
public X509Certificate getSigningCertificate()
Get the X.509 certificate actually used to sign the digest.
getSigningInfoVersion
public int getSigningInfoVersion()
Get the version of the PKCS#7 "SignerInfo" object. Always 1
getVersion
public int getVersion()
Get the version of the PKCS#7 object. Always 1
reset
public void reset()
Resets the PKCS7SignedData object to it's initial state, ready
to sign or verify a new buffer.
update
public void update(byte buf)
throws SignatureException
Update the digest with the specified byte. This method is used both for signing and verifying
update
public void update(byte[] buf,
int off,
int len)
throws SignatureException
Update the digest with the specified bytes. This method is used both for signing and verifying
verify
public boolean verify()
throws SignatureException
Verify the digest