Package com.itextpdf.signatures.cms

Class CMSContainer

java.lang.Object
com.itextpdf.signatures.cms.CMSContainer
public class CMSContainer extends Object
The CMS container which represents SignedData structure from rfc5652 Cryptographic Message Syntax (CMS)

  • Constructor Details

    • CMSContainer

      public CMSContainer()
      Creates an empty SignedData structure.

    • CMSContainer

      public CMSContainer (byte[] encodedCMSdata) throws IOException, CertificateException, CRLException
      Creates a SignedData structure from a serialized ASN1 structure.
      Parameters:
      encodedCMSdata - the serialized CMS container
      Throws:
      IOException - if issues occur during ASN1 objects creation.
      CertificateException - if issues occur processing the embedded certificates.
      CRLException - if CRL encoding error occurs.

  • Method Details

    • setSignerInfo

      public void setSignerInfo (SignerInfo signerInfo)
      This class only supports one signer per signature field.
      Parameters:
      signerInfo - the singerInfo

    • getSignerInfo

      public SignerInfo getSignerInfo()
      This class only supports one signer per signature field.
      Returns:
      the singerInfo

    • getSizeEstimation

      public long getSizeEstimation() throws CertificateEncodingException, IOException, CRLException
      When all fields except for signer.signedAttributes.digest and signer.signature are completed it is possible to calculate the eventual size of the signature by serializing except for the signature (that depends on the digest and cypher but is set at 1024 bytes) and later added unsigned attributes like timestamps.
      Returns:
      the estimated size of the complete CMS container before signature is added, size for the signature is added, size for other attributes like timestamps is not.
      Throws:
      CertificateEncodingException - if an encoding error occurs in X509Certificate.
      IOException - if an I/O error occurs.
      CRLException - if CRL encoding error occurs.

    • getCmsVersion

      public int getCmsVersion()
      Only version 1 is supported by this class.
      Returns:
      1 as CMSversion

    • getDigestAlgorithm

      public AlgorithmIdentifier getDigestAlgorithm()
      The digest algorithm OID and parameters used by the signer. This class only supports one signer for use in pdf signatures, so only one digest algorithm is supported.

      This field is set when adding the signerInfo.

      Returns:
      AlgorithmIdentifier digest algorithm.

    • getEncapContentInfo

      public EncapsulatedContentInfo getEncapContentInfo()
      This represents the signed content. In the case of a signed PDF document this will be of type data with no content.
      Returns:
      a representation of the data to be signed.

    • setEncapContentInfo

      public void setEncapContentInfo (EncapsulatedContentInfo encapContentInfo)
      This represents the signed content. In the case of a signed PDF document this will be of type data with no content. Defaults to 1.2.840.113549.1.7.1 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7) id-data(1)}
      Parameters:
      encapContentInfo - a representation of the data to be signed.

    • addCertificate

      public void addCertificate (X509Certificate cert)
      Adds a certificate.
      Parameters:
      cert - the certificate to be added

    • addCertificates

      public void addCertificates (X509Certificate[] certs)
      Adds a set of certificates.
      Parameters:
      certs - the certificates to be added

    • getCertificates

      public Collection<X509Certificate> getCertificates()
      Retrieves a copy of the list of certificates.
      Returns:
      the list of certificates to be used for signing and certificate validation

    • getCrls

      public Collection<CRL> getCrls()
      Retrieves a copy of the list of CRLs.
      Returns:
      the list of CRL revocation info.

    • addCrl

      public void addCrl (CRL crl)
      Adds a CRL response to the CMS container.
      Parameters:
      crl - the CRL response to be added.

    • getOcsps

      public Collection<IBasicOCSPResponse> getOcsps()
      Retrieves a copy of the list of OCSPs.
      Returns:
      the list of OCSP revocation info.

    • addOcsp

      public void addOcsp (IBasicOCSPResponse ocspResponse)
      Adds an OCSP response to the CMS container.
      Parameters:
      ocspResponse - the OCSP response to be added.

    • setSerializedSignedAttributes

      public void setSerializedSignedAttributes (byte[] signedAttributesData)
      Sets the Signed Attributes of the signer info to this serialized version. The signed attributes will become read-only.
      Parameters:
      signedAttributesData - the serialized Signed Attributes

    • getSerializedSignedAttributes

      public byte[] getSerializedSignedAttributes() throws IOException
      Retrieves the encoded signed attributes of the signer info. This makes the signed attributes read only.
      Returns:
      the encoded signed attributes of the signer info.
      Throws:
      IOException - if issues occur during ASN1 objects creation.

    • serialize

      public byte[] serialize() throws CertificateEncodingException, IOException, CRLException
      Serializes the SignedData structure and makes the signer infos signed attributes read only.
      Returns:
      the encoded DignedData structure.
      Throws:
      CertificateEncodingException - if errors occur during certificate processing.
      IOException - if issues occur during ASN1 objects creation.
      CRLException - if CRL encoding error occurs.