CMSGenerator - Reference Documentation
Class for CMS generation according to RFC 3852
Index of Methods
Constants
Type |
Name |
Description |
Number |
TYPE_SIGNED_DATA |
Indicator for signed data content |
Number |
TYPE_ENVELOPED_DATA |
Indictator for enveloped data |
String |
TYPE_DIGESTED_DATA |
Indicator for digested data |
String |
TYPE_ENCRYPTED_DATA |
Indicator for encrypted data |
String |
TYPE_AUTHENTICATED_DATA |
Indicator for authenticated data |
Constructor
Prototype
CMSGenerator(Number type)
Description
Create a CMS generator object for the specified type
Note: The current implementation only supports signed data and enveloped data
Arguments
Type |
Name |
Description |
Number
|
type |
Type of CMS object that should be generated |
Exceptions
Name |
Value |
Description |
GPError |
GPError.GPError.INVALID_TYPE |
Argument type is invalid |
GPError |
GPError.INVALID_DATA |
Argument contains no valid encoded CMS signed data object |
Example
try {
var gen = new CMSGenerator(CMSGenerator.TYPE_ENVELOPED_DATA);
} catch (e) {
assert(e instanceof GPError);
}
try {
var gen = new CMSGenerator(CMSGenerator.TYPE_DIGESTED_DATA);
} catch (e) {
assert(e instanceof GPError);
}
try {
var gen = new CMSGenerator(CMSGenerator.TYPE_ENCRYPTED_DATA);
} catch (e) {
assert(e instanceof GPError);
}
try {
var gen = new CMSGenerator(CMSGenerator.TYPE_AUTHENTICATED_DATA);
} catch (e) {
assert(e instanceof GPError);
}
var gen = new CMSGenerator(CMSGenerator.TYPE_SIGNED_DATA);
assert(gen != null);
var edGen = new CMSGenerator(CMSGenerator.TYPE_ENVELOPED_DATA);
assert(edGen != null);
setDataContent()
Prototype
void setDataContent(ByteString data)
Description
Set the data content of the CMS object.
Arguments
Type |
Name |
Description |
ByteString
|
data |
Data content |
Return
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many or missing arguments in call |
Example
var content = new ByteString("Hello World!", ASCII);
gen.setDataContent(content);
edGen.setDataContent(content);
addSigner()
Prototype
void addSigner(Key privateKey, X509 certificate, String signingAlgorithm)
void addSigner(Key privateKey, X509 certificate, String signingAlgorithm, includeSignerInCMS)
void addSigner(Key privateKey, ByteString keyIdentifier, String signingAlgorithm)
Description
Add a signer key for the object.
Starting with 3.15, the API has changed, replacing the ByteString digestOID with String signingAlgorithm.
Arguments
Type |
Name |
Description |
Key
|
privateKey |
Private key of the signer |
X509
|
certificate |
Certificate of the signer |
ByteString
|
keyIdentifier |
The signer key identifier |
String
|
signingAlgorithm |
Java algorithm name for hashing and signing (e.g. "SHA256withRSA") |
Boolean
|
includeSignerInCMS |
Include signer certificate |
Return
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many or missing arguments in call |
Example
var crypto = new Crypto();
// Generate an asymmetric key pair and a certificate for A
print("Generating generating key pair and X509 certificate for Signer A...\n");
var privKeyA = new Key();
privKeyA.setType(Key.PRIVATE);
var pubKeyA = new Key();
pubKeyA.setType(Key.PUBLIC);
pubKeyA.setSize(2048);
crypto.generateKeyPair(Crypto.RSA, pubKeyA, privKeyA);
var x = new X509CertificateGenerator(crypto);
x.reset();
x.setSerialNumber(new ByteString("01", HEX));
x.setSignatureAlgorithm(Crypto.RSA);
var issuer = { C:"UT", O:"ACME Corporation", CN:"Test-CA" };
x.setIssuer(issuer);
x.setNotBefore("060825120000Z");
x.setNotAfter("260825120000Z");
var subject = { C:"UT", O:"Utopia CA", OU:"ACME Corporation", CN:"Signer #A" };
x.setSubject(subject);
x.setPublicKey(pubKeyA);
x.addKeyUsageExtension( X509CertificateGenerator.digitalSignature |
X509CertificateGenerator.keyCertSign |
X509CertificateGenerator.cRLSign );
x.addBasicConstraintsExtension(true, 0);
x.addSubjectKeyIdentifierExtension();
x.addAuthorityKeyIdentifierExtension(pubKeyA);
var certA = x.generateX509Certificate(privKeyA);
var keyid = certA.getNative().getExtensionValue("2.5.29.14").bytes(4);
gen.addCertificate(certA);
gen.addSigner(privKeyA, certA, "SHA256withRSA");
gen.addSigner(privKeyA, keyid, "SHA256withRSA");
addCertificate()
Prototype
void addCertificate(X509 certificate)
Description
Add a certificate to the CMS object.
Arguments
Type |
Name |
Description |
X509
|
certificate |
Certificate of the signer or associated CA |
Return
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many or missing arguments in call |
Example
// see addSigner() for Signed Data example
addRecipient()
Prototype
void addRecipient(X509 certificate)
Description
Add a recipient to the CMS object.
Arguments
Type |
Name |
Description |
X509
|
certificate |
Certificate of the recipient |
Return
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many or missing arguments in call |
Example
print("Generating generating key pair and X509 certificate for Recipient B...\n");
var privKeyB = new Key();
privKeyB.setType(Key.PRIVATE);
var pubKeyB = new Key();
pubKeyB.setType(Key.PUBLIC);
pubKeyB.setSize(2048);
crypto.generateKeyPair(Crypto.RSA, pubKeyB, privKeyB);
var x = new X509CertificateGenerator(crypto);
x.reset();
x.setSerialNumber(new ByteString("01", HEX));
x.setSignatureAlgorithm(Crypto.RSA);
var issuer = { C:"UT", O:"ACME Corporation", CN:"Test-CA" };
x.setIssuer(issuer);
x.setNotBefore("060825120000Z");
x.setNotAfter("260825120000Z");
var subject = { C:"UT", O:"Utopia CA", OU:"ACME Corporation", CN:"Recipient #B" };
x.setSubject(subject);
x.setPublicKey(pubKeyB);
x.addKeyUsageExtension( X509CertificateGenerator.digitalSignature |
X509CertificateGenerator.keyCertSign |
X509CertificateGenerator.dataEncipherment |
X509CertificateGenerator.cRLSign );
x.addBasicConstraintsExtension(true, 0);
x.addSubjectKeyIdentifierExtension();
x.addAuthorityKeyIdentifierExtension(pubKeyB);
var certB = x.generateX509Certificate(privKeyB);
edGen.addRecipient(certA);
edGen.addRecipient(certB);
generate()
Prototype
ByteString generate()
ByteString generate(ByteString contentOID)
Description
Generate the CMS object
Return
ByteString
|
The ASN.1 encoded cms object |
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many or missing arguments in call |
Example
// Generate Signed Data
var contentOID = new ByteString("0.4.0.127.0.7.3.2.2", OID);
var cms = gen.generate(contentOID);
print(new ASN1(cms));
var t = new CMSSignedData(cms);
var contentTypeOID = t.getEContentType();
assert(contentTypeOID.equals(contentOID));
certs = t.getSignedDataCertificates();
assert(certs != null);
print("Number of certificates: " + certs.length);
for (i = 0; i < certs.length; i++) {
print("#" + i+ ": " + certs[i].toString());
}
print("Signed content: " + t.getSignedContent().toString(ASCII));
ns = t.getNumberOfSigners();
for (i = 0; i < ns; i++) {
signature = t.getSignerInfoSignature(i);
assert(signature != null);
print("Signature [" + i + "]: " + signature.toString());
}
ns = t.getNumberOfSigners();
assert(ns != null);
print("Number of signers:" + ns);
for (i = 0; i < ns; i++) {
print("SignerIdentifier Type: " + t.getSignerInfoSIDType(i));
valid = t.isSignerInfoSignatureValid(i);
assert(valid != null);
print("Signer information signature [" + i + "]: " + (valid == true ? "valid" : "invalid"));
}
// Generate Enveloped Data
var cms = edGen.generate(contentOID);
print(new ASN1(cms));
var t = new CMSEnvelopedData(cms);
var contentA = t.getContent(privKeyA, certA);
var contentB = t.getContent(privKeyB, certB);
assert(content.equals(contentA));
assert(contentA.equals(contentB));
© Copyright 2003 - 2024 CardContact Systems GmbH
, Minden, Germany