CMSSignedDataParser (Bouncy Castle Library 1.37 API Specification)

Parsing class for an CMS Signed Data object from an input stream.

Note: that because we are in a streaming mode only one signer can be tried and it is important that the methods on the parser are called in the appropriate order.

A simple example of usage for an encapsulated signature.

Two notes: first, in the example below the validity of the certificate isn't verified, just the fact that one of the certs matches the given signer, and, second, because we are in a streaming mode the order of the operations is important.

      CMSSignedDataParser     sp = new CMSSignedDataParser(encapSigData);

      sp.getSignedContent().drain();

      CertStore               certs = sp.getCertificatesAndCRLs("Collection", "BC");
      SignerInformationStore  signers = sp.getSignerInfos();
      
      Collection              c = signers.getSigners();
      Iterator                it = c.iterator();

      while (it.hasNext())
      {
          SignerInformation   signer = (SignerInformation)it.next();
          Collection          certCollection = certs.getCertificates(signer.getSID());

          Iterator        certIt = certCollection.iterator();
          X509Certificate cert = (X509Certificate)certIt.next();

          System.out.println("verify returns: " + signer.verify(cert, "BC"));
      }

Note also: this class does not introduce buffering - if you are processing large files you should create the parser with:

          CMSSignedDataParser     ep = new CMSSignedDataParser(new BufferedInputStream(encapSigData, bufSize));

where bufSize is a suitably large buffer size.

Constructor Summary
	CMSSignedDataParser(byte[] sigBlock)
	CMSSignedDataParser(CMSTypedStream signedContent, byte[] sigBlock)
	CMSSignedDataParser(InputStream sigData) base constructor - with encapsulated content
	CMSSignedDataParser(CMSTypedStream signedContent, InputStream sigData) base constructor

Method Summary
X509Store	getAttributeCertificates(String type, String provider) return a X509Store containing the attribute certificates, if any, contained in this message.
X509Store	getCertificates(String type, String provider) return a X509Store containing the public key certificates, if any, contained in this message.
CertStore	getCertificatesAndCRLs(String type, String provider) return a CertStore containing the certificates and CRLs associated with this message.
X509Store	getCRLs(String type, String provider) return a X509Store containing CRLs, if any, contained in this message.
CMSTypedStream	getSignedContent()
SignerInformationStore	getSignerInfos() return the collection of signers that are associated with the signatures for the message.
int	getVersion() Return the version number for the SignedData object
static OutputStream	replaceCertificatesAndCRLs(InputStream original, CertStore certsAndCrls, OutputStream out) Replace the certificate and CRL information associated with this CMSSignedData object with the new one passed in.
static OutputStream	replaceSigners(InputStream original, SignerInformationStore signerInformationStore, OutputStream out) Replace the signerinformation store associated with the passed in message contained in the stream original with the new one passed in.

Constructor Detail

CMSSignedDataParser

Method Detail

getAttributeCertificates

return a X509Store containing the attribute certificates, if any, contained in this message.

Parameters: type type of store to create provider provider to use

Returns: a store of attribute certificates

Throws: NoSuchProviderException if the provider requested isn't available. org.bouncycastle.x509.NoSuchStoreException if the store type isn't available. CMSException if a general exception prevents creation of the X509Store

getCertificates

return a X509Store containing the public key certificates, if any, contained in this message.

Parameters: type type of store to create provider provider to use

Returns: a store of public key certificates

Throws: NoSuchProviderException if the provider requested isn't available. NoSuchStoreException if the store type isn't available. CMSException if a general exception prevents creation of the X509Store

getCertificatesAndCRLs

getCRLs

return a X509Store containing CRLs, if any, contained in this message.

Parameters: type type of store to create provider provider to use

Returns: a store of CRLs

getSignedContent

getSignerInfos

getVersion

replaceCertificatesAndCRLs

Replace the certificate and CRL information associated with this CMSSignedData object with the new one passed in.

The output stream is returned unclosed.

Parameters: original the signed data stream to be used as a base. certsAndCrls the new certificates and CRLs to be used. out the stream to write the new signed data object to.

Returns: out.

Throws: CMSException if there is an error processing the CertStore

replaceSigners

Replace the signerinformation store associated with the passed in message contained in the stream original with the new one passed in. You would probably only want to do this if you wanted to change the unsigned attributes associated with a signer, or perhaps delete one.

The output stream is returned unclosed.

Parameters: original the signed data stream to be used as a base. signerInformationStore the new signer information store to use. out the stream to write the new signed data object to.

Returns: out.

Class CMSSignedDataParser