|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object | +--codec.pkcs7.Verifier
Verifies a given SignedData object.
ATTENTION : to use the srtict mode of the DER Encoder, call the function
setStrict(true) right after instantiating the Verifier object.
| Field Summary | |
static int |
BUFFER_SIZE
The size of the buffer allocated for reading and verifying data in case this is a detached signature file. |
protected X509Certificate |
cert_
The certificate of the signer whose signature verification is in progress. |
protected MessageDigest |
digest_
The message digest engine that is used while verification is in progress. |
protected SignerInfo |
info_
The SignerInfo of the signer whose signature
verification is in progress. |
protected byte[] |
md_
The PKCS#9 MessageDigest Attribute value when verifying in two-step mode. |
protected Signable |
target_
The SignedData that is verified. |
protected boolean |
twostep_
true if verification is done with authenticated
attributes. |
| Constructor Summary | |
Verifier(Signable sigdat,
SignerInfo info,
X509Certificate cert)
Creates an instance ready for signature verification. |
|
| Method Summary | |
void |
setStrict(boolean strictness)
sets the strictness variable with the given value. |
void |
update()
Update operation. |
void |
update(byte[] b)
Update operation. |
void |
update(byte[] b,
int offset,
int len)
Update operation. |
void |
update(InputStream in)
Update operation for signing or verification. |
X509Certificate |
verify()
Completes the verification. |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
public static final int BUFFER_SIZE
protected Signable target_
SignedData that is verified.protected MessageDigest digest_
protected X509Certificate cert_
protected SignerInfo info_
SignerInfo of the signer whose signature
verification is in progress.protected byte[] md_
protected boolean twostep_
true if verification is done with authenticated
attributes.| Constructor Detail |
public Verifier(Signable sigdat,
SignerInfo info,
X509Certificate cert)
throws GeneralSecurityException
SignerInfo or the certificate must be given. If either one
is null then the missing part is retrieved from the given
SignedData. If not both values can be established then an
exception is raised.
All declared exception are of type
GeneralSecurityException
and can be catched by declaring the latter. In case fine-grained control
is required, one of the exception described below can be caught.
sigdat - The Signable instance that is verified.info - The SignerInfo whose signature shall be
verified, or null if it shall be retrieved
from sigdat automatically by means of the
given certificate.cert - The certificate of the signer or null
if it
shall be retrieved from sigdat
automatically by means of info.NoSuchAlgorithmException - if some required algorithm implementation cannot be
found.InvalidAlgorithmParameterException - if some parameters do not match the required algorithms.InvalidKeyException - if the public key does not match the signature algorithm.NoSuchSignerException - if no SignerInfo
was given and no matching
the given certificate was found in the corresponding
SignedData.CertificateException - if no certificate was given and no certificate matching
the given
SignerInfo was found in the
corresponding
SignedData.IllegalArgumentException - if no certificate and no SignerInfo was
given, or the given SignerInfo and
certificate do not have equivalent issuer distinguished
names and serial numbers.NoSuchAttributeException - if a required PKCS#9 attribute was not found in the given
SignerInfo
.InvalidAttributeException - if the PKCS#9 ContentType attribute in the given
SignerInfo
does not match the content type
of the corresponding SignedData.| Method Detail |
public void setStrict(boolean strictness)
public void update(InputStream in)
throws SignatureException,
IOException
in - The input data to be signed or verified.IOException - if an I/O error occurs while reading from the given
stream.SignatureException - if this instance is not properly initialized.IOException - if an I/O exception occurs while reading from the input
stream.
public void update()
throws GeneralSecurityException
SignedData specified at creation
time. If the SignedData has no content then no updating
takes place.
Note: updating must be done on the contents octets of the content
only, no identifier and length octets are hashed or signed (Verison 1.5).
Because the contents are already decoded by the
ContentInfo
we have to re-encode them according to DER. Unfortunately we cannot tell
how many identifier and length octets we have to skip without decoding
them first. There is a trick, though. We can briefly modify the tagging
of the contents to IMPLICIT tagging while encoding them. That way, the
identifier and length octets won't be encoded.
Note: Remember, the tagging will be changed for re-encoding
purposes. Custom content type instances must support this (it's supported
by default in all codec.asn1.* types).
If the content type is Data then there is no problem
because we can simply grab the contents octets from it.
public void update(byte[] b)
throws SignatureException
b - The input bytes.
public void update(byte[] b,
int offset,
int len)
throws SignatureException
b - The input bytes.offset - The offset into b at which the data to be
signed starts.len - The number of bytes starting with offset
to
be signed.
public X509Certificate verify()
throws GeneralSecurityException
SignedData
instance if no certificate was given initially.null
if the
signature is not valid.GeneralSecurityException - if something's wrong with the signature engine or the
ciphers involved in the verification process.
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||