/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* PKCS7 as defined in RSA Laboratories PKCS7 Technical Note. Profile
* Supports only <tt>SignedData</tt> ContentInfo
* type, where to the type of data signed is plain Data.
* For signedData, <tt>crls</tt>, <tt>attributes</tt> and
* PKCS#6 Extended Certificates are not supported.
*
* @author Benjamin Renaud
*/
public class PKCS7 {
// the ASN.1 members for a signedData (and other) contentTypes
/**
* Unmarshals a PKCS7 block from its encoded form, parsing the
* encoded bytes from the InputStream.
*
* @param in an input stream holding at least one PKCS7 block.
* @exception ParsingException on parsing errors.
* @exception IOException on other errors.
*/
}
/**
* Unmarshals a PKCS7 block from its encoded form, parsing the
* encoded bytes from the DerInputStream.
*
* @param derin a DerInputStream holding at least one PKCS7 block.
* @exception ParsingException on parsing errors.
*/
}
/**
* Unmarshals a PKCS7 block from its encoded form, parsing the
* encoded bytes.
*
* @param bytes the encoded bytes.
* @exception ParsingException on parsing errors.
*/
try {
} catch (IOException ioe1) {
"Unable to parse the encoded bytes");
throw pe;
}
}
/*
* Parses a PKCS#7 block.
*/
throws ParsingException
{
try {
// try new (i.e., JDK1.2) style
} catch (IOException ioe) {
try {
// try old (i.e., JDK1.1.x) style
oldStyle = true;
} catch (IOException ioe1) {
ioe1.getMessage());
throw pe;
}
}
}
/**
* Parses a PKCS#7 block.
*
* @param derin the ASN.1 encoding of the PKCS#7 block.
* @param oldStyle flag indicating whether or not the given PKCS#7 block
* is encoded according to JDK1.1.x.
*/
throws IOException
{
// This is for backwards compatibility with JDK 1.1.x
} else {
" not supported.");
}
}
/**
* Construct an initialized PKCS7 block.
*
* @param digestAlgorithmIds the message digest algorithm identifiers.
* @param contentInfo the content information.
* @param certificates an array of X.509 certificates.
* @param crls an array of CRLs
* @param signerInfos an array of signer information.
*/
SignerInfo[] signerInfos) {
this.digestAlgorithmIds = digestAlgorithmIds;
this.contentInfo = contentInfo;
this.certificates = certificates;
this.signerInfos = signerInfos;
}
SignerInfo[] signerInfos) {
}
throws ParsingException, IOException {
try {
} catch (CertificateException ce) {
// do nothing
}
try {
else {
certificates[i] =
}
} catch (CertificateException ce) {
throw pe;
} catch (IOException ioe) {
throw pe;
} finally {
}
}
}
throws ParsingException, IOException {
// Version
// digestAlgorithmIds
try {
for (int i = 0; i < len; i++) {
}
} catch (IOException e) {
new ParsingException("Error parsing digest AlgorithmId IDs: " +
e.getMessage());
throw pe;
}
// contentInfo
try {
} catch (CertificateException ce) {
// do nothing
}
/*
* check if certificates (implicit tag) are provided
* (certificates are OPTIONAL)
*/
int count = 0;
for (int i = 0; i < len; i++) {
try {
// We only parse the normal certificate. Other types of
// CertificateChoices ignored.
} else {
}
count++;
}
} catch (CertificateException ce) {
throw pe;
} catch (IOException ioe) {
throw pe;
} finally {
}
}
}
}
// check if crls (implicit tag) are provided (crls are OPTIONAL)
for (int i = 0; i < len; i++) {
try {
else {
}
} catch (CRLException e) {
new ParsingException(e.getMessage());
throw pe;
} finally {
}
}
}
// signerInfos
for (int i = 0; i < len; i++) {
}
}
/*
* Parses an old-style SignedData encoding (for backwards
* compatibility with JDK1.1.x).
*/
throws ParsingException, IOException
{
// Version
// digestAlgorithmIds
try {
for (int i = 0; i < len; i++) {
}
} catch (IOException e) {
throw new ParsingException("Error parsing digest AlgorithmId IDs");
}
// contentInfo
// certificates
try {
} catch (CertificateException ce) {
// do nothing
}
for (int i = 0; i < len; i++) {
try {
else {
certificates[i] =
}
} catch (CertificateException ce) {
throw pe;
} catch (IOException ioe) {
throw pe;
} finally {
}
}
// crls are ignored.
// signerInfos
for (int i = 0; i < len; i++) {
}
}
/**
* Encodes the signed data to an output stream.
*
* @param out the output stream to write the encoded data to.
* @exception IOException on encoding errors.
*/
}
/**
* Encodes the signed data to a DerOutputStream.
*
* @param out the DerOutputStream to write the encoded data to.
* @exception IOException on encoding errors.
*/
throws IOException
{
// version
// digestAlgorithmIds
// contentInfo
// certificates (optional)
// cast to X509CertImpl[] since X509CertImpl implements DerEncoder
if (certificates[i] instanceof X509CertImpl)
else {
try {
} catch (CertificateException ce) {
throw ie;
}
}
}
// Add the certificate set (tagged with [0] IMPLICIT)
// to the signed data
}
// CRLs (optional)
// cast to X509CRLImpl[] since X509CRLImpl implements DerEncoder
if (crl instanceof X509CRLImpl)
else {
try {
} catch (CRLException ce) {
throw ie;
}
}
}
// Add the CRL set (tagged with [1] IMPLICIT)
// to the signed data
}
// signerInfos
// making it a signed data block
// making it a content info sequence
// writing out the contentInfo sequence
}
/**
* This verifies a given SignerInfo.
*
* @param info the signer information.
* @param bytes the DER encoded content information.
*
* @exception NoSuchAlgorithmException on unrecognized algorithms.
* @exception SignatureException on signature handling errors.
*/
throws NoSuchAlgorithmException, SignatureException {
}
/**
* Returns all signerInfos which self-verify.
*
* @param bytes the DER encoded content information.
*
* @exception NoSuchAlgorithmException on unrecognized algorithms.
* @exception SignatureException on signature handling errors.
*/
throws NoSuchAlgorithmException, SignatureException {
if (signerInfo != null) {
}
}
return result;
}
return null;
}
/**
* Returns all signerInfos which self-verify.
*
* @exception NoSuchAlgorithmException on unrecognized algorithms.
* @exception SignatureException on signature handling errors.
*/
throws NoSuchAlgorithmException, SignatureException {
}
/**
* Returns the version number of this PKCS7 block.
* @return the version or null if version is not specified
* for the content type.
*/
return version;
}
/**
* Returns the message digest algorithms specified in this PKCS7 block.
* @return the array of Digest Algorithms or null if none are specified
* for the content type.
*/
return digestAlgorithmIds;
}
/**
* Returns the content information specified in this PKCS7 block.
*/
return contentInfo;
}
/**
* Returns the X.509 certificates listed in this PKCS7 block.
* @return a clone of the array of X.509 certificates or null if
* none are specified for the content type.
*/
if (certificates != null)
return certificates.clone();
else
return null;
}
/**
* Returns the X.509 crls listed in this PKCS7 block.
* @return a clone of the array of X.509 crls or null if none
* are specified for the content type.
*/
else
return null;
}
/**
* Returns the signer's information specified in this PKCS7 block.
* @return the array of Signer Infos or null if none are specified
* for the content type.
*/
return signerInfos;
}
/**
* Returns the X.509 certificate listed in this PKCS7 block
* which has a matching serial number and Issuer name, or
* null if one is not found.
*
* @param serial the serial number of the certificate to retrieve.
* @param issuerName the Distinguished Name of the Issuer.
*/
if (certificates != null) {
if (certIssuerNames == null)
{
return cert;
}
}
}
return null;
}
/**
* Populate array of Issuer DNs from certificates and convert
* each Principal to type X500Name if necessary.
*/
private void populateCertIssuerNames() {
if (certificates == null)
return;
if (!(certIssuerName instanceof X500Name)) {
// must extract the original encoded form of DN for
// subsequent name comparison checks (converting to a
// String and back to an encoded DN could cause the
// types of String attribute values to be changed)
try {
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.
}
}
}
}
/**
* Returns the PKCS7 block in a printable string form.
*/
if (digestAlgorithmIds != null) {
out += "PKCS7 :: digest AlgorithmIds: \n";
}
if (certificates != null) {
out += "PKCS7 :: certificates: \n";
}
out += "PKCS7 :: crls: \n";
}
if (signerInfos != null) {
out += "PKCS7 :: signer infos: \n";
}
return out;
}
/**
* Returns true if this is a JDK1.1.x-style PKCS#7 block, and false
* otherwise.
*/
public boolean isOldStyle() {
return this.oldStyle;
}
}