com.rsa.certj.pkcs7

Class SignerInfo

java.lang.Object
  |
  +--com.rsa.certj.pkcs7.SignerInfo

All Implemented Interfaces:

Cloneable, Serializable

public class SignerInfo

extends Object

implements Cloneable, Serializable

This class defines the SignerInfo structure that represents per-signer information.

The ASN.1 definition is as follows:

 SignerInfo ::= SEQUENCE {
   version Version,
   issuerAndSeralNumber IssuerAndSerialNumber,
   digestAlgorithm DigestAlgorithmIdentifier,
   authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
   digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
   encryptedDigest EncryptedDigest,
   unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL }
 
 Version ::= INTEGER                        -- a syntax version number
 
 EncryptedDigest ::= OCTET STRING

 IssuerAndSerialNumber ::= SEQUENCE {
    issuer Name,
    serialNumber CertificateSerialNumber }
       -- identifies a certificate (and thereby an entity and a public key)
          by the distinguished name of the certificate issuer and an 
          issuer-specific certificate serial number.

 DigestAlgorithmIdentifier ::= AlgorithmIdentifier
                                             -- a message-digest algorithm.
 
 DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier 
              -- a digest-encryption algorithm under which a message digest 
                 can be encrypted.

The authenticatedAttributes field is a set of attributes that are signed (that is, authenticated) by the signer. This field is optional; however, it must be present if the content type of the ContentInfo value being signed is not Data.

If the authenticatedAttributes field is present, it must contain, at a minimum, two attributes:

• A PKCS #9 content-type attribute; its value must be the content type of the ContentInfo value being signed.

• A PKCS #9 message digest attribute; its value must be the message digest of the content. unauthenticatedAttributes is a set of attributes that are not signed (that is, unauthenticated) by the signer. This field is optional. Attribute types that might be useful here, such as countersignatures, are defined in PKCS #9.

Copyright © RSA Security Inc., 1999-2001. All rights reserved.

See Also

Serialized Form

Constructor Summary

SignerInfo()

Constructs an empty SignerInfo object.

Method Summary

Object	clone() Overrides the default clone method to get a deeper clone.
boolean	equals(Object obj) Returns true if this object and obj contain the same SignerInfo; returns false otherwise.
X501Attributes	getAuthenticatedAttrs() Gets the authenticated attributes.
String	getDigestAlgorithmName() Gets the digest algorithm name.
byte[]	getDigestAlgorithmOID() Gets the digest algorithm identifier.
byte[]	getEncryptedDigest() Gets the encrypted digest.
String	getEncryptionAlgorithmName() Gets the digest-encryption algorithm name.
byte[]	getEncryptionAlgorithmOID() Gets the digest-encryption algorithm identifier.
byte[]	getIssuerAndSerialNumber() Gets the issuer name and serial number as a single entity.
X500Name	getIssuerName() Gets the issuer name of the signer's certificate.
byte[]	getSerialNumber() Gets the serial number of the signer's certificate.
X501Attributes	getUnauthenticatedAttrs() Gets the unauthenticated attributes.
int	getVersionNumber() Gets the version number.
void	setAuthenticatedAttrs(X501Attributes attrs) Sets authenticated attributes.
void	setDigestAlgorithm(byte[] digestOID, int offset, int len) Sets the digest algorithm identifier.
void	setDigestAlgorithm(String algName) Sets the digest algorithm identifier.
void	setEncryptionAlgorithm(byte[] encryptOID, int offset, int len) Sets the digest-encryption algorithm identifier.
void	setEncryptionAlgorithm(String algName) Sets the digest-encryption algorithm identifier; for example; RSA.
void	setIssuerAndSerialNumber(X500Name name, byte[] number, int offset, int length) Sets the issuer and serial number that specifies the signer's certificate.
void	setUnauthenticatedAttrs(X501Attributes attrs) Sets the unauthenticated attributes.
void	setVersionNumber(int version) Sets the version number.

Methods inherited from class java.lang.Object

getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SignerInfo

public SignerInfo()

Constructs an empty SignerInfo object.

Method Detail

setVersionNumber

public void setVersionNumber(int version)

Sets the version number.

Parameters

version

The version number to set.

getVersionNumber

public int getVersionNumber()

Gets the version number.

Returns

The syntax version number.

setIssuerAndSerialNumber

public void setIssuerAndSerialNumber(X500Name name,
                                     byte[] number,
                                     int offset,
                                     int length)
                              throws PKCS7Exception

Sets the issuer and serial number that specifies the signer's certificate. It also sets the signer's distinguished name and public key.

Parameters

	issuer		An X500Name object that contains the issuer distinguished name.
	number		A byte array that contains the issuer-specific serial number.
	offset		The offset into the number array.
	length		The length of the data in the number array.

Throws

PKCS7Exception - If there is an error in setting the issuer and serial number or the values are null.

getIssuerName

public X500Name getIssuerName()
                       throws PKCS7Exception

Gets the issuer name of the signer's certificate.

Returns

An X500Name object that contains a copy of the issuer distinguished name.

Throws

PKCS7Exception - If there is an error getting a copy of the issuer distinguished name.

getSerialNumber

public byte[] getSerialNumber()

Gets the serial number of the signer's certificate.

Returns

A byte array that contains the issuer-specific serial number.

getIssuerAndSerialNumber

public byte[] getIssuerAndSerialNumber()
                                throws PKCS7Exception

Gets the issuer name and serial number as a single entity. This is useful for uniquely identifying a certificate. This method returns the result in a new byte array. This array contains the DER encoding of the following ASN.1 definition:

 IssuerAndSerialNumber ::= SEQUENCE {
   issuer        Name,
   serialNumber  CertificateSerialNumber }

 CertificateSerialNumber ::= INTEGER

See the X500Name class for the ASN.1 definition of Name.

Returns

A new byte array that contains the DER encoding of the issuer name and serial number.

Throws

PKCS7Exception - If the certificate is not set with an issuer name or serial number.

setDigestAlgorithm

public void setDigestAlgorithm(String algName)
                        throws PKCS7Exception

Sets the digest algorithm identifier.

Parameters

algName

A String identifying the DigestAlgorithm; for example SHA.1.

Throws

PKCS7Exception - If algName is an invalid digest algorithm name.

setDigestAlgorithm

public void setDigestAlgorithm(byte[] digestOID,
                               int offset,
                               int len)
                        throws PKCS7Exception

Sets the digest algorithm identifier.

Parameters

	digestOID		The message-digest algorithm (and any associated parameters) under which the content and authenticated attributes (if present) are digested.
	offset		The offset into digestOID.
	len		The length of the data in digestOID.

Throws

PKCS7Exception - If the digest algorithm OID is null.

getDigestAlgorithmOID

public byte[] getDigestAlgorithmOID()

Gets the digest algorithm identifier.

Returns

The digest algorithm OID.

getDigestAlgorithmName

public String getDigestAlgorithmName()
                              throws PKCS7Exception

Gets the digest algorithm name.

Returns

The message-disgest algorithm name; for example SHA1.

Throws

PKCS7Exception - If the algorithm name cannot be obtained.

setAuthenticatedAttrs

public void setAuthenticatedAttrs(X501Attributes attrs)
                           throws PKCS7Exception

Sets authenticated attributes.

Parameters

attrs

An X501Attributes object that contains unsigned attributes; that is, the attributes are unauthenticated by the signer.

Throws

PKCS7Exception - If the attributes are invalid or null.

getAuthenticatedAttrs

public X501Attributes getAuthenticatedAttrs()
                                     throws PKCS7Exception

Gets the authenticated attributes.

Returns

An X501Attributes object that contains signed attributes; that is, attributes are authenticated by the signer. It returns null if there is no authenticated attributes.

Throws

PKCS7Exception - If there is a cloning error.

setEncryptionAlgorithm

public void setEncryptionAlgorithm(String algName)
                            throws PKCS7Exception

Sets the digest-encryption algorithm identifier; for example; RSA.

Parameters

algName

The digest-encryption algorithm identifier.

Throws

PKCS7Exception - If algName is an invalid name or null.

setEncryptionAlgorithm

public void setEncryptionAlgorithm(byte[] encryptOID,
                                   int offset,
                                   int len)
                            throws PKCS7Exception

Sets the digest-encryption algorithm identifier.

Parameters

	encryptOID		The digest-encryption algorithm (and any associated parameters) under which the message digest and associated information are encrypted with the signer's private key.
	offset		The offset into the encryptOID array.
	len		The length of the data in the encryptOID array.

Throws

PKCS7Exception - If the specified OID is null.

getEncryptionAlgorithmOID

public byte[] getEncryptionAlgorithmOID()

Gets the digest-encryption algorithm identifier.

Returns

The digest-encryption algorithm OID.

getEncryptionAlgorithmName

public String getEncryptionAlgorithmName()
                                  throws PKCS7Exception

Gets the digest-encryption algorithm name.

Returns

The digest-encryption algorithm name.

Throws

PKCS7Exception - If the digest-encryption algorithm name cannot be obtained.

getEncryptedDigest

public byte[] getEncryptedDigest()

Gets the encrypted digest.

Returns

A copy of the message digest encrypted with signer's private key.

setUnauthenticatedAttrs

public void setUnauthenticatedAttrs(X501Attributes attrs)
                             throws PKCS7Exception

Sets the unauthenticated attributes.

Parameters

attrs

An X501Attributes object that contains unsigned attributes, that is the attributes are not authenticated by the signer.

Throws

PKCS7Exception - If there is an error in setting the unauthenticated attributes or the values are null.

getUnauthenticatedAttrs

public X501Attributes getUnauthenticatedAttrs()
                                       throws PKCS7Exception

Gets the unauthenticated attributes.

Returns

An X501Attributes object that contains unsigned attributes, that is, the attributes are unauthenticated by the signer. It returns null if there is no unauthenticated attributes.

Throws

PKCS7Exception - If there is an error getting a copy of the unauthenticated attributes.

equals

public boolean equals(Object obj)

Returns true if this object and obj contain the same SignerInfo; returns false otherwise.

Overrides

equals in class Object

Parameters

obj

An instance of the SignerInfo class.

Returns

A boolean indicating whether these objects are equal.

clone

public Object clone()
             throws CloneNotSupportedException

Overrides the default clone method to get a deeper clone.

Returns

A new SignerInfo object, a copy of this object.

Throws

CloneNotSupportedException - If the cloning operation is not successful.