5212N/A * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * A SignerInfo, as defined in PKCS#7's signedData type. 0N/A * @author Benjamin Renaud 0N/A * Parses a PKCS#7 signer info. 0N/A * Parses a PKCS#7 signer info. 0N/A * <p>This constructor is used only for backwards compatibility with 0N/A * PKCS#7 blocks that were generated using JDK1.1.x. 0N/A * @param derin the ASN.1 encoding of the signer info. 0N/A * @param oldStyle flag indicating whether or not the given signer info 0N/A * is encoded according to JDK1.1.x. 0N/A // issuerAndSerialNumber 0N/A // digestAlgorithmId 0N/A // authenticatedAttributes 0N/A // In JDK1.1.x, the authenticatedAttributes are always present, 0N/A // encoded as an empty Set (Set of length zero) 0N/A // check if set of auth attributes (implicit tag) is provided 0N/A // (auth attributes are OPTIONAL) 0N/A // digestEncryptionAlgorithmId - little RSA naming scheme - 0N/A // signature == encryption... 0N/A // unauthenticatedAttributes 0N/A // In JDK1.1.x, the unauthenticatedAttributes are always present, 0N/A // encoded as an empty Set (Set of length zero) 0N/A // check if set of unauth attributes (implicit tag) is provided 0N/A // (unauth attributes are OPTIONAL) 0N/A * DER encode this object onto an output stream. 0N/A * Implements the <code>DerEncoder</code> interface. 0N/A * the output stream on which to write the DER encoding. 0N/A * @exception IOException on encoding error. 0N/A // encode authenticated attributes if there are any 0N/A // encode unauthenticated attributes if there are any 0N/A * Returns the (user) certificate pertaining to this SignerInfo. 0N/A * Returns the certificate chain pertaining to this SignerInfo. 0N/A // next cert in chain found 0N/A // if selected cert is self-signed, we're done 0N/A // constructing the chain 5212N/A // Copied from com.sun.crypto.provider.OAEPParameters. 0N/A /* Returns null if verify fails, this signerInfo if 4046N/A // if there are authenticate attributes, get the message 4046N/A // digest and compare it with the digest of data 4046N/A // first, check content type 4046N/A return null;
// contentType does not match, bad SignerInfo 4046N/A // now, check message digest 4046N/A // message digest attribute matched 4046N/A // the data actually signed is the DER encoding of 4046N/A // the authenticated attributes (tagged with 4046N/A // the "SET OF" tag, not 0xA0). 4046N/A // put together digest algorithm and encryption algorithm 4046N/A // to form signing algorithm 4046N/A // Workaround: sometimes the encryptionAlgname is actually 4046N/A +
"critical extension(s)");
4046N/A // Make sure that if the usage of the key in the certificate is 4046N/A // restricted, it can be used for digital signatures. 4046N/A // XXX We may want to check for additional extensions in the 4046N/A // We don't care whether or not this extension was marked 4046N/A // critical in the certificate. 4046N/A // We're interested only in its value (i.e., the bits set) 4046N/A // and treat the extension as critical. 0N/A /* Verify the content of the pkcs7 block. */ 0N/A out +=
"\tcertificateSerialNumber: " +
0N/A out +=
"\tencryptedDigest: " +
"\n" +
0N/A out +=
"\tunauthenticatedAttributes: " +