package org.bouncycastle.asn1.cms; import java.util.Enumeration; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.BERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; /** * RFC 5652 section 9.1: * The AuthenticatedData carries AuthAttributes and other data * which define what really is being signed. *
*
* AuthenticatedData ::= SEQUENCE { * version CMSVersion, * originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, * recipientInfos RecipientInfos, * macAlgorithm MessageAuthenticationCodeAlgorithm, * digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL, * encapContentInfo EncapsulatedContentInfo, * authAttrs [2] IMPLICIT AuthAttributes OPTIONAL, * mac MessageAuthenticationCode, * unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL } * * AuthAttributes ::= SET SIZE (1..MAX) OF Attribute * * UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute * * MessageAuthenticationCode ::= OCTET STRING **/ public class AuthenticatedData extends ASN1Object { private ASN1Integer version; private OriginatorInfo originatorInfo; private ASN1Set recipientInfos; private AlgorithmIdentifier macAlgorithm; private AlgorithmIdentifier digestAlgorithm; private ContentInfo encapsulatedContentInfo; private ASN1Set authAttrs; private ASN1OctetString mac; private ASN1Set unauthAttrs; public AuthenticatedData( OriginatorInfo originatorInfo, ASN1Set recipientInfos, AlgorithmIdentifier macAlgorithm, AlgorithmIdentifier digestAlgorithm, ContentInfo encapsulatedContent, ASN1Set authAttrs, ASN1OctetString mac, ASN1Set unauthAttrs) { if (digestAlgorithm != null || authAttrs != null) { if (digestAlgorithm == null || authAttrs == null) { throw new IllegalArgumentException("digestAlgorithm and authAttrs must be set together"); } } version = new ASN1Integer(calculateVersion(originatorInfo)); this.originatorInfo = originatorInfo; this.macAlgorithm = macAlgorithm; this.digestAlgorithm = digestAlgorithm; this.recipientInfos = recipientInfos; this.encapsulatedContentInfo = encapsulatedContent; this.authAttrs = authAttrs; this.mac = mac; this.unauthAttrs = unauthAttrs; } /** * @deprecated use getInstance() */ public AuthenticatedData( ASN1Sequence seq) { int index = 0; version = (ASN1Integer)seq.getObjectAt(index++); Object tmp = seq.getObjectAt(index++); if (tmp instanceof ASN1TaggedObject) { originatorInfo = OriginatorInfo.getInstance((ASN1TaggedObject)tmp, false); tmp = seq.getObjectAt(index++); } recipientInfos = ASN1Set.getInstance(tmp); macAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(index++)); tmp = seq.getObjectAt(index++); if (tmp instanceof ASN1TaggedObject) { digestAlgorithm = AlgorithmIdentifier.getInstance((ASN1TaggedObject)tmp, false); tmp = seq.getObjectAt(index++); } encapsulatedContentInfo = ContentInfo.getInstance(tmp); tmp = seq.getObjectAt(index++); if (tmp instanceof ASN1TaggedObject) { authAttrs = ASN1Set.getInstance((ASN1TaggedObject)tmp, false); tmp = seq.getObjectAt(index++); } mac = ASN1OctetString.getInstance(tmp); if (seq.size() > index) { unauthAttrs = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(index), false); } } /** * Return an AuthenticatedData object from a tagged object. * * @param obj the tagged object holding the object we want. * @param explicit true if the object is meant to be explicitly * tagged false otherwise. * @throws IllegalArgumentException if the object held by the * tagged object cannot be converted. */ public static AuthenticatedData getInstance( ASN1TaggedObject obj, boolean explicit) { return getInstance(ASN1Sequence.getInstance(obj, explicit)); } /** * Return an AuthenticatedData object from the given object. *
* Accepted inputs: *