Package com.itextpdf.signatures.cms
Class SignerInfo
java.lang.Object
com.itextpdf.signatures.cms.SignerInfo
This class represents the SignerInfo structure from rfc5652 Cryptographic Message Syntax (CMS)
-
Constructor Summary
ConstructorDescriptionCreates an empty SignerInfo structure.SignerInfo
(IASN1Encodable signerInfoStructure, Collection<X509Certificate> certificates) Creates a SignerInfo structure from an ASN1 structure. -
Method Summary
Modifier and TypeMethodDescriptionvoid
addSignedAttribute
(CmsAttribute attribute) Adds a new attribute to the signed attributes.void
addSignerCertificateToSignedAttributes
(X509Certificate cert, String digestAlgorithmOid) Adds the signer certificate to the signed attributes as a SigningCertificateV2 structure.void
addUnSignedAttribute
(CmsAttribute attribute) Optional.Serializes the SignerInfo structure and makes the signed attributes readonly.int
Value 0 when no signerIdentifier is available.Returns the algorithmId to create the digest of the data to sign.long
Calculates an estimate size for the SignerInfo structure.byte[]
Gets the signature data.Optional.Gets the certificate that is used to sign.Retrieves the optional unsigned attributes.void
Removes unsigned attribute from signer info object based on attribute type.byte[]
Retrieves the encoded signed attributes of the signer info.void
setCrlResponses
(Collection crlResponses) Adds a set of CRL responses as signed attributes.void
setDigestAlgorithm
(AlgorithmIdentifier algorithmId) Sets the algorithmId to create the digest of the data to sign.void
setMessageDigest
(byte[] digest) Adds or replaces the message digest signed attribute.void
setOcspResponses
(Collection ocspResponses) Adds a set of OCSP responses as signed attributes.final void
setSerializedSignedAttributes
(byte[] serializedSignedAttributes) Sets the signed attributes from a serialized version.void
setSignature
(byte[] signatureData) Sets the actual signature.void
setSignatureAlgorithm
(AlgorithmIdentifier algorithm) Optional.void
setSigningCertificate
(X509Certificate certificate) Sets the certificate that is used to sign.void
setSigningCertificateAndAddToSignedAttributes
(X509Certificate certificate, String digestAlgorithmOid) Sets the certificate that is used to sign a document and adds it to the signed attributes.
-
Constructor Details
-
SignerInfo
public SignerInfo()Creates an empty SignerInfo structure. -
SignerInfo
public SignerInfo(IASN1Encodable signerInfoStructure, Collection<X509Certificate> certificates) throws IOException Creates a SignerInfo structure from an ASN1 structure.- Parameters:
-
signerInfoStructure
- the ASN1 structure containing signerInfo -
certificates
- the certificates of the CMS, it should contain the signing certificate - Throws:
-
IOException
- if issues occur during ASN1 objects creation.
-
-
Method Details
-
getDigestAlgorithm
Returns the algorithmId to create the digest of the data to sign.- Returns:
- the OID of the digest algorithm.
-
setDigestAlgorithm
Sets the algorithmId to create the digest of the data to sign.- Parameters:
-
algorithmId
- the OID of the algorithm
-
setMessageDigest
public void setMessageDigest(byte[] digest) Adds or replaces the message digest signed attribute.- Parameters:
-
digest
- ASN.1 type MessageDigest
-
setSigningCertificate
Sets the certificate that is used to sign.- Parameters:
-
certificate
- the certificate that is used to sign - Throws:
-
CertificateEncodingException
- if an encoding error occurs.
-
getSigningCertificate
Gets the certificate that is used to sign.- Returns:
- the certificate that is used to sign.
-
getSignatureData
public byte[] getSignatureData()Gets the signature data.- Returns:
- the signature data.
-
setSigningCertificateAndAddToSignedAttributes
public void setSigningCertificateAndAddToSignedAttributes(X509Certificate certificate, String digestAlgorithmOid) throws CertificateEncodingException, NoSuchAlgorithmException, NoSuchProviderException Sets the certificate that is used to sign a document and adds it to the signed attributes.- Parameters:
-
certificate
- the certificate that is used to sign -
digestAlgorithmOid
- the oid of the digest algorithm to be added to the signed attributes - Throws:
-
CertificateEncodingException
- if an encoding error occurs. -
NoSuchAlgorithmException
- when the algorithm is unknown. -
NoSuchProviderException
- when provider is unknown.
-
setOcspResponses
Adds a set of OCSP responses as signed attributes.- Parameters:
-
ocspResponses
- a set of binary representations of OCSP responses.
-
setCrlResponses
Adds a set of CRL responses as signed attributes.- Parameters:
-
crlResponses
- a set of binary representations of CRL responses.
-
addSignerCertificateToSignedAttributes
public void addSignerCertificateToSignedAttributes(X509Certificate cert, String digestAlgorithmOid) throws NoSuchAlgorithmException, NoSuchProviderException, CertificateEncodingException Adds the signer certificate to the signed attributes as a SigningCertificateV2 structure.- Parameters:
-
cert
- the certificate to add -
digestAlgorithmOid
- the digest algorithm oid that will be used - Throws:
-
NoSuchAlgorithmException
- when the algorithm is unknown. -
NoSuchProviderException
- when the security provider is not known. -
CertificateEncodingException
- when there was a problem parsing th certificate.
-
setSignature
public void setSignature(byte[] signatureData) Sets the actual signature.- Parameters:
-
signatureData
- a byte array containing the signature
-
setSignatureAlgorithm
Optional. Sets the OID and parameters of the algorithm that will be used to create the signature. This will be overwritten when setting the signing certificate.- Parameters:
-
algorithm
- The OID and parameters of the algorithm that will be used to create the signature.
-
getCmsVersion
public int getCmsVersion()Value 0 when no signerIdentifier is available. Value 1 when signerIdentifier is of type issuerAndSerialNumber. Value 3 when signerIdentifier is of type subjectKeyIdentifier.- Returns:
- CMS version.
-
getSignedAttributes
Optional.Attributes that should be part of the signed content optional, but it MUST be present if the content type of the EncapsulatedContentInfo value being signed is not id-data. In that case it must at least contain the following two attributes:
A content-type attribute having as its value the content type of the EncapsulatedContentInfo value being signed. Section 11.1 defines the content-type attribute. However, the content-type attribute MUST NOT be used as part of a countersignature unsigned attribute as defined in Section 11.4.
A message-digest attribute, having as its value the message digest of the content. Section 11.2 defines the message-digest attribute.
- Returns:
- collection of the signed attributes.
-
addSignedAttribute
Adds a new attribute to the signed attributes. This become readonly after retrieving the serialized versionserializeSignedAttributes()
.- Parameters:
-
attribute
- the attribute to add
-
getUnSignedAttributes
Retrieves the optional unsigned attributes.- Returns:
- the optional unsigned attributes.
-
addUnSignedAttribute
Optional.Adds attribute that should not or can not be part of the signed content.
- Parameters:
-
attribute
- the attribute to add
-
removeUnSignedAttribute
Removes unsigned attribute from signer info object based on attribute type.- Parameters:
-
type
-String
attribute type
-
serializeSignedAttributes
Retrieves the encoded signed attributes of the signer info. This makes the signed attributes read only.- Returns:
- the encoded signed attributes of the signer info.
- Throws:
-
IOException
- if issues occur during ASN1 objects creation.
-
setSerializedSignedAttributes
public final void setSerializedSignedAttributes(byte[] serializedSignedAttributes) Sets the signed attributes from a serialized version. This makes the signed attributes read only.- Parameters:
-
serializedSignedAttributes
- the encoded signed attributes.
-
getEstimatedSize
Calculates an estimate size for the SignerInfo structure. This takes into account the values added including the signature, but does not account for unset items like a timestamp response added after actual signing.- Returns:
- the estimated size of the structure.
- Throws:
-
IOException
- if issues occur during ASN1 objects creation. -
CertificateEncodingException
- if issues occur during processing of certificates.
-
getAsDerSequence
Serializes the SignerInfo structure and makes the signed attributes readonly.- Returns:
- the encoded SignerInfo structure.
- Throws:
-
CertificateEncodingException
- if issues occur during processing of certificates.
-