Scripting Server

CMSGenerator - Reference Documentation

Class for CMS generation according to RFC 3852

Index of Methods

Constants

Type Name Description
Number TYPE_SIGNED_DATA Indicator for signed data content
Number TYPE_ENVELOPED_DATA Indictator for enveloped data
String TYPE_DIGESTED_DATA Indicator for digested data
String TYPE_ENCRYPTED_DATA Indicator for encrypted data
String TYPE_AUTHENTICATED_DATA Indicator for authenticated data

Constructor

Prototype

CMSGenerator(Number type)

Description

Create a CMS generator object for the specified type

Note: The current implementation only supports signed data

Arguments

Type Name Description
Number type Type of CMS object that should be generated

Exceptions

Name Value Description
GPError GPError.GPError.INVALID_TYPE Argument type is invalid
GPError GPError.INVALID_DATA Argument contains no valid encoded CMS signed data object

Example


try {
	var gen = new CMSGenerator(CMSGenerator.TYPE_ENVELOPED_DATA);
} catch (e) {
	assert(e instanceof GPError);
}

try {
	var gen = new CMSGenerator(CMSGenerator.TYPE_DIGESTED_DATA);
} catch (e) {
	assert(e instanceof GPError);
}

try {
	var gen = new CMSGenerator(CMSGenerator.TYPE_ENCRYPTED_DATA);
} catch (e) {
	assert(e instanceof GPError);
}

try {
	var gen = new CMSGenerator(CMSGenerator.TYPE_AUTHENTICATED_DATA);
} catch (e) {
	assert(e instanceof GPError);
}

var gen = new CMSGenerator(CMSGenerator.TYPE_SIGNED_DATA);
assert(gen != null);

setDataContent()

Prototype

void setDataContent(ByteString data)

Description

Set the data content of the CMS object.

Arguments

Type Name Description
ByteString data Data content

Return

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many or missing arguments in call

Example


var content = new ByteString("Hello World!", ASCII);
gen.setDataContent(content);

addSigner()

Prototype

void addSigner(Key privateKey, X509 certificate, String digestOID)

void addSigner(Key privateKey, X509 certificate, String digestOID, includeSignerInCMS)

void addSigner(Key privateKey, ByteString keyIdentifier, String digestOID)

Description

Add a signer key for the object.

Arguments

Type Name Description
Key privateKey Private key of the signer
X509 certificate Certificate of the signer
ByteString keyIdentifier The signer key identifier
ByteString digestOID OID of the corresponding digest algorithm
Boolean includeSignerInCMS Include signer certificate

Return

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many or missing arguments in call

Example


var crypto = new Crypto();

// Generate an asymmetric key pair and a certificate for A
print("Generating generating key pair and X509 certificate for Signer A...\n");

var privKeyA = new Key();
privKeyA.setType(Key.PRIVATE);

var pubKeyA = new Key();
pubKeyA.setType(Key.PUBLIC);
pubKeyA.setSize(2048);
	
crypto.generateKeyPair(Crypto.RSA, pubKeyA, privKeyA);
	
var x = new X509CertificateGenerator(crypto);

x.reset();
x.setSerialNumber(new ByteString("01", HEX));
x.setSignatureAlgorithm(Crypto.RSA);
var issuer = { C:"UT", O:"ACME Corporation", CN:"Test-CA" };
x.setIssuer(issuer);
x.setNotBefore("060825120000Z");
x.setNotAfter("160825120000Z");
var subject = { C:"UT", O:"Utopia CA", OU:"ACME Corporation", CN:"Signer #A" };
x.setSubject(subject);
x.setPublicKey(pubKeyA);
x.addKeyUsageExtension(	X509CertificateGenerator.digitalSignature |
							X509CertificateGenerator.keyCertSign |
							X509CertificateGenerator.cRLSign );
							
x.addBasicConstraintsExtension(true, 0);
x.addSubjectKeyIdentifierExtension();
x.addAuthorityKeyIdentifierExtension(pubKeyA);

var certA = x.generateX509Certificate(privKeyA);

var keyid = certA.getNative().getExtensionValue("2.5.29.14").bytes(4);

gen.addCertificate(certA);

gen.addSigner(privKeyA, certA, new ByteString("id-sha256", OID));

gen.addSigner(privKeyA, keyid, new ByteString("id-sha256", OID));

addCertificate()

Prototype

void addCertificate(X509 certificate)

Description

Add a certificate to the CMS object.

Arguments

Type Name Description
X509 certificate Certificate of the signer or associated CA

Return

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many or missing arguments in call

Example


// see addSigner()

generate()

Prototype

ByteString generate()

ByteString generate(ByteString contentOID)

Description

Generate the CMS object

Return

ByteString The ASN.1 encoded cms object

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many or missing arguments in call

Example


var contentOID = new ByteString("0.4.0.127.0.7.3.2.2", OID);

var cms = gen.generate(contentOID);

print(new ASN1(cms));

var t = new CMSSignedData(cms);

var contentTypeOID = t.getEContentType();
assert(contentTypeOID.equals(contentOID));

certs = t.getSignedDataCertificates();

assert(certs != null);

print("Number of certificates: " + certs.length);

for (i = 0; i < certs.length; i++) {
	print("#" + i+ ": " + certs[i].toString());
}

print("Signed content: " + t.getSignedContent().toString(ASCII));


ns = t.getNumberOfSigners();
for (i = 0; i < ns; i++) {

	signature = t.getSignerInfoSignature(i);
	assert(signature != null);
	print("Signature [" + i + "]: " + signature.toString());
}

ns = t.getNumberOfSigners();
assert(ns != null);

print("Number of signers:" + ns);

for (i = 0; i < ns; i++) {
	print("SignerIdentifier Type: " + t.getSignerInfoSIDType(i));
	valid = t.isSignerInfoSignatureValid(i);
	assert(valid != null);
	print("Signer information signature [" + i + "]: " + (valid == true ? "valid" : "invalid"));
}