5-22 Oracle Fusion Middleware Reference for Oracle Security Developer Tools

5.3.3 Constructing CMS Objects using the CMSStream and CMSConnector Classes

The CMSDataContentInfo classes provide the same functionality as the CMSStream classes. The primary advantage of the CMSStream classes over the CMSDataContentInfo classes is that CMS objects can be created or read in one pass without having to accumulate all the necessary information. Table 5–10 lists the content types of the CMSStream classes: Table 5–11 lists the content types of the CMSConnector classes:

5.3.3.1 Limitations of the CMSStream and CMSConnector Classes

There are some limitations to CMSStream and CMSConnector classes when processing objects: 1. They cannot verify the digest of a detached CMS id-digestedData object. 2. They cannot verify the signature of a detached CMS id-signedData object. 3. They cannot verify the MAC of a detached CMS id-ct-authData object. Table 5–10 The CMSStream Classes Class Content Type CMSDigestedDataInputStream, CMSDigestedDataOutputStream CMS.id_digestedData CMSSignedDataInputStream, CMSSignedDataOutputStream CMS.id_signedData CMSEncryptedDataInputStream, CMSEncryptedDataOutputStream CMS.id_encryptedData CMSEnvelopedDataInputStream, CMSEnvelopedDataOutputStream CMS.id_envelopedData CMSAuthenticatedDataInputStream, CMSAuthenticatedDataOutputStream CMS.id_ct_authData Table 5–11 The CMSConnector Classes Class Content Type CMSDigestedDataInputConnector, CMSDigestedDataOutputConnector CMS.id_digestedData CMSSignedDataInputConnector, CMSSignedDataOutputConnector CMS.id_signedData CMSEncryptedDataInputConnector, CMSEncryptedDataOutputConnector CMS.id_encryptedData CMSEnvelopedDataInputConnector, CMSEnvelopedDataOutputConnector CMS.id_envelopedData CMSAuthenticatedDataInputConnector, CMSAuthenticatedDataOutputConnector CMS.id_ct_authData Caution: Always use the CMSDataContentInfo classes when processing detached objects. Oracle CMS 5-23

5.3.3.2 Difference between CMSStream and CMSConnector Classes

The CMSOutputStream class is an output stream filter which wraps the data written to it within a CMS RFC-2630 ContentInfo structure, whose BER encoding is then written to the underlying output stream. The CMSOutputConnector class is an output stream filter which likewise wraps the data written to it within a CMS RFC-2630 ContentInfo structure, except that only the values octets of the Content field of the ContentInfo structure minus the explicit [0] tag are written to the underlying output stream. The CMSInputStream class is an input stream filter which reads in a BER encoding of a CMS RFC-2630 ContentInfo structure from the underlying output stream. The CMSInputConnector class is an input stream filter that expects the underlying input stream to be positioned at the start of the value octets of the Content field of the ContentInfo structure after the explicit [0] tag. CMSConnectors are useful in creating and reading nested objects.

5.3.3.3 Using the CMSOutputStream and CMSInputStream Classes