Package com.itextpdf.signatures.cms

Class SignerInfo

java.lang.Object
com.itextpdf.signatures.cms.SignerInfo
public class SignerInfo extends Object
This class represents the SignerInfo structure from rfc5652 Cryptographic Message Syntax (CMS)

  • Constructor Details

    • SignerInfo

      public SignerInfo()
      Creates an empty SignerInfo structure.

    • SignerInfo

      public SignerInfo (IASN1Encodable signerInfoStructure, Collection<X509Certificate> certificates) throws IOException
      Creates a SignerInfo structure from an ASN1 structure.
      Parameters:
      signerInfoStructure - the ASN1 structure containing signerInfo
      certificates - the certificates of the CMS, it should contain the signing certificate
      Throws:
      IOException - if issues occur during ASN1 objects creation.

  • Method Details

    • getDigestAlgorithm

      public AlgorithmIdentifier getDigestAlgorithm()
      Returns the algorithmId to create the digest of the data to sign.
      Returns:
      the OID of the digest algorithm.

    • setDigestAlgorithm

      public void setDigestAlgorithm (AlgorithmIdentifier algorithmId)
      Sets the algorithmId to create the digest of the data to sign.
      Parameters:
      algorithmId - the OID of the algorithm

    • setMessageDigest

      public void setMessageDigest (byte[] digest)
      Adds or replaces the message digest signed attribute.
      Parameters:
      digest - ASN.1 type MessageDigest

    • setSigningCertificate

      public void setSigningCertificate (X509Certificate certificate) throws CertificateEncodingException
      Sets the certificate that is used to sign.
      Parameters:
      certificate - the certificate that is used to sign
      Throws:
      CertificateEncodingException - if an encoding error occurs.

    • getSigningCertificate

      public X509Certificate getSigningCertificate()
      Gets the certificate that is used to sign.
      Returns:
      the certificate that is used to sign.

    • setSigningCertificateAndAddToSignedAttributes

      public void setSigningCertificateAndAddToSignedAttributes (X509Certificate certificate, String digestAlgorithmOid) throws CertificateEncodingException, NoSuchAlgorithmException, NoSuchProviderException
      Sets the certificate that is used to sign a document and adds it to the signed attributes.
      Parameters:
      certificate - the certificate that is used to sign
      digestAlgorithmOid - the oid of the digest algorithm to be added to the signed attributes
      Throws:
      CertificateEncodingException - if an encoding error occurs.
      NoSuchAlgorithmException - when the algorithm is unknown.
      NoSuchProviderException - when provider is unknown.

    • setOcspResponses

      public void setOcspResponses (Collection ocspResponses)
      Adds a set of OCSP responses as signed attributes.
      Parameters:
      ocspResponses - a set of binary representations of OCSP responses.

    • setCrlResponses

      public void setCrlResponses (Collection crlResponses)
      Adds a set of CRL responses as signed attributes.
      Parameters:
      crlResponses - a set of binary representations of CRL responses.

    • addSignerCertificateToSignedAttributes

      public void addSignerCertificateToSignedAttributes (X509Certificate cert, String digestAlgorithmOid) throws NoSuchAlgorithmException, NoSuchProviderException, CertificateEncodingException
      Adds the signer certificate to the signed attributes as a SigningCertificateV2 structure.
      Parameters:
      cert - the certificate to add
      digestAlgorithmOid - the digest algorithm oid that will be used
      Throws:
      NoSuchAlgorithmException - when the algorithm is unknown.
      NoSuchProviderException - when the security provider is not known.
      CertificateEncodingException - when there was a problem parsing th certificate.

    • setSignature

      public void setSignature (byte[] signatureData)
      Sets the actual signature.
      Parameters:
      signatureData - a byte array containing the signature

    • setSignatureAlgorithm

      public void setSignatureAlgorithm (AlgorithmIdentifier algorithm)
      Optional. Sets the OID and parameters of the algorithm that will be used to create the signature. This will be overwritten when setting the signing certificate.
      Parameters:
      algorithm - The OID and parameters of the algorithm that will be used to create the signature.

    • getCmsVersion

      public int getCmsVersion()
      Value 0 when no signerIdentifier is available. Value 1 when signerIdentifier is of type issuerAndSerialNumber. Value 3 when signerIdentifier is of type subjectKeyIdentifier.
      Returns:
      CMS version.

    • getSignedAttributes

      public Collection<CmsAttribute> getSignedAttributes()
      Optional.

      Attributes that should be part of the signed content optional, but it MUST be present if the content type of the EncapsulatedContentInfo value being signed is not id-data. In that case it must at least contain the following two attributes:

      A content-type attribute having as its value the content type of the EncapsulatedContentInfo value being signed. Section 11.1 defines the content-type attribute. However, the content-type attribute MUST NOT be used as part of a countersignature unsigned attribute as defined in Section 11.4.

      A message-digest attribute, having as its value the message digest of the content. Section 11.2 defines the message-digest attribute.

      Returns:
      collection of the signed attributes.

    • addSignedAttribute

      public void addSignedAttribute (CmsAttribute attribute)
      Adds a new attribute to the signed attributes. This become readonly after retrieving the serialized version serializeSignedAttributes().
      Parameters:
      attribute - the attribute to add

    • getUnSignedAttributes

      public Collection<CmsAttribute> getUnSignedAttributes()
      Retrieves the optional unsigned attributes.
      Returns:
      the optional unsigned attributes.

    • addUnSignedAttribute

      public void addUnSignedAttribute (CmsAttribute attribute)
      Optional.

      Adds attribute that should not or can not be part of the signed content.

      Parameters:
      attribute - the attribute to add

    • serializeSignedAttributes

      public byte[] serializeSignedAttributes() throws IOException
      Retrieves the encoded signed attributes of the signer info. This makes the signed attributes read only.
      Returns:
      the encoded signed attributes of the signer info.
      Throws:
      IOException - if issues occur during ASN1 objects creation.

    • setSerializedSignedAttributes

      public final void setSerializedSignedAttributes (byte[] serializedSignedAttributes)
      Sets the signed attributes from a serialized version. This makes the signed attributes read only.
      Parameters:
      serializedSignedAttributes - the encoded signed attributes.

    • getEstimatedSize

      public long getEstimatedSize() throws IOException, CertificateEncodingException
      Calculates an estimate size for the SignerInfo structure. This takes into account the values added including the signature, but does not account for unset items like a timestamp response added after actual signing.
      Returns:
      the estimated size of the structure.
      Throws:
      IOException - if issues occur during ASN1 objects creation.
      CertificateEncodingException - if issues occur during processing of certificates.

    • getAsDerSequence

      public IDERSequence getAsDerSequence() throws CertificateEncodingException
      Serializes the SignerInfo structure and makes the signed attributes readonly.
      Returns:
      the encoded SignerInfo structure.
      Throws:
      CertificateEncodingException - if issues occur during processing of certificates.