com.rsa.certj.pkcs7

Class SignedData

java.lang.Object
  |
  +--com.rsa.certj.pkcs7.ContentInfo
        |
        +--com.rsa.certj.pkcs7.SignedData

All Implemented Interfaces:

Cloneable, Serializable

public class SignedData

extends ContentInfo

implements Cloneable, Serializable

This class encodes and decodes the PKCS #7 SignedData type. The signed-data content type consists of content of any type and encrypted message digests of the content for zero or more signers. The encrypted digest for a signer is a digital signature on the content for that signer. Any type of content can be signed by any number of signers, in parallel.

The ASN.1 definition is as follows:

 SignedData ::= SEQUENCE {
  version Version,
  digestAlgorithms DigestAlgorithmIdentifiers,
  contentInfo ContentInfo,
  certificates
    [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL,
 crls
    [1] IMPLICIT CertificateRevocationLists OPTIONAL,
 signerInfos SignerInfos }

 DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier

 SignerInfos ::= SET OF SignerInfo
 

The fields of type SignedData have the following meanings:

version – The syntax version number. It is 1 for this version.

digestAlgorithms – A collection of message-digest algorithm identifiers. There can be any number of elements in the collection, including zero. Each element identifies the message-digest algorithm (and any associated parameters), under which the content is digested for a some signer. The collection is intended to list the message-digest algorithms employed by all of the signers, in any order, to facilitate one-pass signature verification.

contentInfo – The content that is signed. It can have any of the defined content types.

certificates – A set of X.509 certificates. It is intended that the set be sufficient to contain chains from a recognized root or top-level certification authority to all of the signers in the signerInfos field.

There might be more certificates than necessary, and there might be enough certificates to contain chains from two or more independent top-level certification authorities. There might also be fewer certificates than necessary, if it is expected that those verifying the signatures have an alternate means of obtaining the necessary certificates (for example, from a previous set of certificates).

crls – A set of certificate-revocation lists. It is intended that the set contain enough information to determine whether or not the certificates in the certificates field are revoked, but such correspondence is not necessary. There can be more CRLs than necessary, and there can be fewer CRLs than necessary.

signerInfos – A collection of per-signer information. There might be any number of elements in the collection, including zero.

Copyright © RSA Security Inc., 1999-2001. All rights reserved.

See Also

Serialized Form

Fields inherited from class com.rsa.certj.pkcs7.ContentInfo

DATA, DIGESTED_DATA, ENCRYPTED_DATA, ENVELOPED_DATA, NO_CONTENT, PKCS7_VERSION_NUMBER_0, PKCS7_VERSION_NUMBER_1, SIGNED_DATA

Constructor Summary

SignedData(CertJ certJ, CertPathCtx pathCtx)

Creates a new object to encode or decode PKCS #7 SignedData.

Method Summary

void	addCertificate(X509Certificate cert) Adds an X.509 certificate to the list of certificates.
void	addCRL(X509CRL crl) Adds an X.509 CRL to the list of CRLs.
void	addSignerInfo(SignerInfo info) Adds the signer information to the list of signers.
void	clearSensitiveData() Clears any sensitive data.
Object	clone() Overrides the default clone method to get a deeper clone.
void	createDetachedSignature() Sets a flag to create the detached signature.
boolean	equals(Object obj) Returns true if this object and obj contain the same SignedData; returns false otherwise.
Vector	getCertificates() Gets a Vector of certificates.
Vector	getCRLs() Gets a Vector of CRLs.
Vector	getFailedCertPathSigners() Returns the list of signers that failed the building of the valid cert path.
Vector	getFailedSigners() Returns the list of signers that failed the signature verification.
Vector	getSignerInfos() Gets the signer information structures as a Vector.
int	getVersionNumber() Gets the PKCS #7 syntax version number.
void	setContentInfo(ContentInfo content) Sets the content data of this SignedData object.
void	setVersionNumber(int versionNumber) Sets the PKCS #7 syntax version number.

Methods inherited from class com.rsa.certj.pkcs7.ContentInfo

bytesRead, clearInternalContentBuffer, endOfMessage, getContent, getContentInfoDERLen, getContentInfoDERLen, getContentType, getDevice, getDeviceList, getInstance, getInstance, getMessageType, getMessageType, getUnprocessedDataLen, readFinal, readInit, readInit, readInit, readUpdate, setCertJ, setCertPath, setDevice, writeMessage, writeMessage

Methods inherited from class java.lang.Object

getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SignedData

public SignedData(CertJ certJ,
                  CertPathCtx pathCtx)

Creates a new object to encode or decode PKCS #7 SignedData.

Parameters

	certJ		A CertJ object that contains environment information.
	pathCtx		A CertPathCtx object that contains certificate path validation information. Most certification path providers require the trusted certificate component of this object to be non-empty to be able to perform certification path validation.

Method Detail

setContentInfo

public void setContentInfo(ContentInfo content)
                    throws PKCS7Exception

Sets the content data of this SignedData object.

Parameters

content

A ContentInfo object that is to be signed. It can have any of the PKCS #7-defined content types, previously defined in the object.

Throws

PKCS7Exception - If this ContentInfo object cannot be cloned.

setVersionNumber

public void setVersionNumber(int versionNumber)

Sets the PKCS #7 syntax version number.

Parameters

versionNumber

The PKCS #7 syntax version number.

getVersionNumber

public int getVersionNumber()

Gets the PKCS #7 syntax version number.

Returns

The syntax version number.

addCertificate

public void addCertificate(X509Certificate cert)
                    throws PKCS7Exception

Adds an X.509 certificate to the list of certificates.

Parameters

cert

An X509Certificate object to add to the certificate list.

Throws

PKCS7Exception - If the certificate is null.

getCertificates

public Vector getCertificates()
                       throws PKCS7Exception

Gets a Vector of certificates.

Returns

A list of certificates.

Throws

PKCS7Exception - If this certificate vector cannot be cloned.

getCRLs

public Vector getCRLs()
               throws PKCS7Exception

Gets a Vector of CRLs.

Returns

A list of CRLs.

Throws

PKCS7Exception - If this CRL vector cannot be cloned.

addCRL

public void addCRL(X509CRL crl)
            throws PKCS7Exception

Adds an X.509 CRL to the list of CRLs.

Parameters

crl

An X509CRL object to add to CRL list.

Throws

PKCS7Exception - If crl is null.

addSignerInfo

public void addSignerInfo(SignerInfo info)
                   throws PKCS7Exception

Adds the signer information to the list of signers.

Parameters

info

The per-signer information.

Throws

PKCS7Exception - If the SignerInfo cannot be added.

createDetachedSignature

public void createDetachedSignature()

Sets a flag to create the detached signature. The data and its signature must be sent separately.

getSignerInfos

public Vector getSignerInfos()

Gets the signer information structures as a Vector.

Returns

A list of per-signer information structures.

getFailedSigners

public Vector getFailedSigners()

Returns the list of signers that failed the signature verification.

Returns

The list of failed signers. If no signer failed the signature verification, returns null.

getFailedCertPathSigners

public Vector getFailedCertPathSigners()

Returns the list of signers that failed the building of the valid cert path.

Returns

The list of signers with no valid Cert Path. If no signer failed the cert path validation, returns null.

clone

public Object clone()
             throws CloneNotSupportedException

Overrides the default clone method to get a deeper clone.

Overrides

clone in class ContentInfo

Returns

A new SignedData object, a copy of this object.

Throws

CloneNotSupportedException - If the cloning operation is not successful.

equals

public boolean equals(Object obj)

Returns true if this object and obj contain the same SignedData; returns false otherwise.

Overrides

equals in class Object

Parameters

obj

An instance of the SignedData class.

Returns

A boolean indicating whether these objects are equal.

clearSensitiveData

public void clearSensitiveData()

Clears any sensitive data. The finalizer will clear the data, but it is not known when the garbage collector will call the finalizer. This method clears all sensitive data as soon as possible.

Overrides

clearSensitiveData in class ContentInfo