Smart Card Shell

CMSGenerator - Reference Documentation

Class for CMS generation according to RFC 3852

Index of Methods

Constants

Type Name Description
Number TYPE_SIGNED_DATA Indicator for signed data content
Number TYPE_ENVELOPED_DATA Indictator for enveloped data
String TYPE_DIGESTED_DATA Indicator for digested data
String TYPE_ENCRYPTED_DATA Indicator for encrypted data
String TYPE_AUTHENTICATED_DATA Indicator for authenticated data

Constructor

Prototype

CMSGenerator(Number type)

Description

Create a CMS generator object for the specified type

Note: The current implementation only supports signed data and enveloped data

Arguments

Type Name Description
Number type Type of CMS object that should be generated

Exceptions

Name Value Description
GPError GPError.GPError.INVALID_TYPE Argument type is invalid
GPError GPError.INVALID_DATA Argument contains no valid encoded CMS signed data object

Example


try {
	var gen = new CMSGenerator(CMSGenerator.TYPE_ENVELOPED_DATA);
} catch (e) {
	assert(e instanceof GPError);
}

try {
	var gen = new CMSGenerator(CMSGenerator.TYPE_DIGESTED_DATA);
} catch (e) {
	assert(e instanceof GPError);
}

try {
	var gen = new CMSGenerator(CMSGenerator.TYPE_ENCRYPTED_DATA);
} catch (e) {
	assert(e instanceof GPError);
}

try {
	var gen = new CMSGenerator(CMSGenerator.TYPE_AUTHENTICATED_DATA);
} catch (e) {
	assert(e instanceof GPError);
}

var gen = new CMSGenerator(CMSGenerator.TYPE_SIGNED_DATA);
assert(gen != null);

var edGen = new CMSGenerator(CMSGenerator.TYPE_ENVELOPED_DATA);
assert(edGen != null);

setDataContent()

Prototype

void setDataContent(ByteString data)

Description

Set the data content of the CMS object.

Arguments

Type Name Description
ByteString data Data content

Return

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many or missing arguments in call

Example


var content = new ByteString("Hello World!", ASCII);
gen.setDataContent(content);
edGen.setDataContent(content);

addSigner()

Prototype

void addSigner(Key privateKey, X509 certificate, String signingAlgorithm)

void addSigner(Key privateKey, X509 certificate, String signingAlgorithm, includeSignerInCMS)

void addSigner(Key privateKey, ByteString keyIdentifier, String signingAlgorithm)

Description

Add a signer key for the object.

Starting with 3.15, the API has changed, replacing the ByteString digestOID with String signingAlgorithm.

Arguments

Type Name Description
Key privateKey Private key of the signer
X509 certificate Certificate of the signer
ByteString keyIdentifier The signer key identifier
String signingAlgorithm Java algorithm name for hashing and signing (e.g. "SHA256withRSA")
Boolean includeSignerInCMS Include signer certificate

Return

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many or missing arguments in call

Example


var crypto = new Crypto();

// Generate an asymmetric key pair and a certificate for A
print("Generating generating key pair and X509 certificate for Signer A...\n");

var privKeyA = new Key();
privKeyA.setType(Key.PRIVATE);

var pubKeyA = new Key();
pubKeyA.setType(Key.PUBLIC);
pubKeyA.setSize(2048);

crypto.generateKeyPair(Crypto.RSA, pubKeyA, privKeyA);

var x = new X509CertificateGenerator(crypto);

x.reset();
x.setSerialNumber(new ByteString("01", HEX));
x.setSignatureAlgorithm(Crypto.RSA);
var issuer = { C:"UT", O:"ACME Corporation", CN:"Test-CA" };
x.setIssuer(issuer);
x.setNotBefore("060825120000Z");
x.setNotAfter("260825120000Z");
var subject = { C:"UT", O:"Utopia CA", OU:"ACME Corporation", CN:"Signer #A" };
x.setSubject(subject);
x.setPublicKey(pubKeyA);
x.addKeyUsageExtension(	X509CertificateGenerator.digitalSignature |
							X509CertificateGenerator.keyCertSign |
							X509CertificateGenerator.cRLSign );

x.addBasicConstraintsExtension(true, 0);
x.addSubjectKeyIdentifierExtension();
x.addAuthorityKeyIdentifierExtension(pubKeyA);

var certA = x.generateX509Certificate(privKeyA);

var keyid = certA.getNative().getExtensionValue("2.5.29.14").bytes(4);

gen.addCertificate(certA);

gen.addSigner(privKeyA, certA, "SHA256withRSA");

gen.addSigner(privKeyA, keyid, "SHA256withRSA");

addCertificate()

Prototype

void addCertificate(X509 certificate)

Description

Add a certificate to the CMS object.

Arguments

Type Name Description
X509 certificate Certificate of the signer or associated CA

Return

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many or missing arguments in call

Example


// see addSigner() for Signed Data example

addRecipient()

Prototype

void addRecipient(X509 certificate)

Description

Add a recipient to the CMS object.

Arguments

Type Name Description
X509 certificate Certificate of the recipient

Return

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many or missing arguments in call

Example

print("Generating generating key pair and X509 certificate for Recipient B...\n");

var privKeyB = new Key();
privKeyB.setType(Key.PRIVATE);

var pubKeyB = new Key();
pubKeyB.setType(Key.PUBLIC);
pubKeyB.setSize(2048);

crypto.generateKeyPair(Crypto.RSA, pubKeyB, privKeyB);

var x = new X509CertificateGenerator(crypto);

x.reset();
x.setSerialNumber(new ByteString("01", HEX));
x.setSignatureAlgorithm(Crypto.RSA);
var issuer = { C:"UT", O:"ACME Corporation", CN:"Test-CA" };
x.setIssuer(issuer);
x.setNotBefore("060825120000Z");
x.setNotAfter("260825120000Z");
var subject = { C:"UT", O:"Utopia CA", OU:"ACME Corporation", CN:"Recipient #B" };
x.setSubject(subject);
x.setPublicKey(pubKeyB);
x.addKeyUsageExtension(	X509CertificateGenerator.digitalSignature |
							X509CertificateGenerator.keyCertSign |
							X509CertificateGenerator.dataEncipherment |
							X509CertificateGenerator.cRLSign );

x.addBasicConstraintsExtension(true, 0);
x.addSubjectKeyIdentifierExtension();
x.addAuthorityKeyIdentifierExtension(pubKeyB);

var certB = x.generateX509Certificate(privKeyB);

edGen.addRecipient(certA);
edGen.addRecipient(certB);

generate()

Prototype

ByteString generate()

ByteString generate(ByteString contentOID)

Description

Generate the CMS object

Return

ByteString The ASN.1 encoded cms object

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many or missing arguments in call

Example


// Generate Signed Data

var contentOID = new ByteString("0.4.0.127.0.7.3.2.2", OID);

var cms = gen.generate(contentOID);

print(new ASN1(cms));

var t = new CMSSignedData(cms);

var contentTypeOID = t.getEContentType();
assert(contentTypeOID.equals(contentOID));

certs = t.getSignedDataCertificates();

assert(certs != null);

print("Number of certificates: " + certs.length);

for (i = 0; i < certs.length; i++) {
	print("#" + i+ ": " + certs[i].toString());
}

print("Signed content: " + t.getSignedContent().toString(ASCII));


ns = t.getNumberOfSigners();
for (i = 0; i < ns; i++) {

	signature = t.getSignerInfoSignature(i);
	assert(signature != null);
	print("Signature [" + i + "]: " + signature.toString());
}

ns = t.getNumberOfSigners();
assert(ns != null);

print("Number of signers:" + ns);

for (i = 0; i < ns; i++) {
	print("SignerIdentifier Type: " + t.getSignerInfoSIDType(i));
	valid = t.isSignerInfoSignatureValid(i);
	assert(valid != null);
	print("Signer information signature [" + i + "]: " + (valid == true ? "valid" : "invalid"));
}

// Generate Enveloped Data

var cms = edGen.generate(contentOID);

print(new ASN1(cms));

var t = new CMSEnvelopedData(cms);

var contentA = t.getContent(privKeyA, certA);
var contentB = t.getContent(privKeyB, certB);

assert(content.equals(contentA));
assert(contentA.equals(contentB));