public class PdfPKCS7 extends Object
Constructor and Description |
---|
PdfPKCS7(byte[] contentsKey, byte[] certsKey, String provider)
Use this constructor if you want to verify a signature using the sub-filter adbe.x509.rsa_sha1.
|
PdfPKCS7(byte[] contentsKey, PdfName filterSubtype, String provider)
Use this constructor if you want to verify a signature.
|
PdfPKCS7(PrivateKey privKey, Certificate[] certChain, String hashAlgorithm, String provider, ExternalDigest interfaceDigest, boolean hasRSAdata)
Assembles all the elements needed to create a signature, except for the data.
|
Modifier and Type | Method and Description |
---|---|
byte[] |
getAuthenticatedAttributeBytes(byte[] secondDigest, byte[] ocsp, Collection
When using authenticatedAttributes the authentication process is different.
|
Certificate[] |
getCertificates()
Get all the X.509 certificates associated with this PKCS#7 object in no particular order.
|
Collection<CRL> |
getCRLs()
Get the X.509 certificate revocation lists associated with this PKCS#7 object
|
String |
getDigestAlgorithm()
Get the algorithm used to calculate the message digest, e.g.
|
String |
getDigestAlgorithmOid()
Getter for the ID of the digest algorithm, e.g.
|
String |
getDigestEncryptionAlgorithmOid()
Getter for the digest encryption algorithm
|
byte[] |
getEncodedPKCS1()
Gets the bytes for the PKCS#1 object.
|
byte[] |
getEncodedPKCS7()
Gets the bytes for the PKCS7SignedData object.
|
byte[] |
getEncodedPKCS7(byte[] secondDigest)
Gets the bytes for the PKCS7SignedData object.
|
byte[] |
getEncodedPKCS7(byte[] secondDigest, TSAClient tsaClient, byte[] ocsp, Collection
Gets the bytes for the PKCS7SignedData object.
|
String |
getEncryptionAlgorithm()
Returns the encryption algorithm
|
PdfName |
getFilterSubtype()
Returns the filter subtype.
|
String |
getHashAlgorithm()
Returns the name of the digest algorithm, e.g.
|
String |
getLocation()
Getter for property location.
|
org.bouncycastle.cert.ocsp.BasicOCSPResp |
getOcsp()
Gets the OCSP basic response if there is one.
|
String |
getReason()
Getter for property reason.
|
Certificate[] |
getSignCertificateChain()
Get the X.509 sign certificate chain associated with this PKCS#7 object.
|
Calendar |
getSignDate()
Getter for property signDate.
|
X509Certificate |
getSigningCertificate()
Get the X.509 certificate actually used to sign the digest.
|
int |
getSigningInfoVersion()
Get the version of the PKCS#7 "SignerInfo" object.
|
String |
getSignName()
Getter for property sigName.
|
Calendar |
getTimeStampDate()
Gets the timestamp date
|
org.bouncycastle.tsp.TimeStampToken |
getTimeStampToken()
Gets the timestamp token if there is one.
|
int |
getVersion()
Get the version of the PKCS#7 object.
|
boolean |
isRevocationValid()
Checks if OCSP revocation refers to the document signing certificate.
|
boolean |
isTsp()
Check if it's a PAdES-LTV time stamp.
|
void |
setExternalDigest(byte[] digest, byte[] RSAdata, String digestEncryptionAlgorithm)
Sets the digest/signature to an external calculated value.
|
void |
setLocation(String location)
Setter for property location.
|
void |
setReason(String reason)
Setter for property reason.
|
void |
setSignaturePolicy(org.bouncycastle.asn1.esf.SignaturePolicyIdentifier signaturePolicy) |
void |
setSignaturePolicy(SignaturePolicyInfo signaturePolicy) |
void |
setSignDate(Calendar signDate)
Setter for property signDate.
|
void |
setSignName(String signName)
Setter for property sigName.
|
void |
update(byte[] buf, int off, int len)
Update the digest with the specified bytes.
|
boolean |
verify()
Verify the digest.
|
boolean |
verifyTimestampImprint()
Checks if the timestamp refers to this document.
|
public PdfPKCS7(PrivateKey privKey, Certificate[] certChain, String hashAlgorithm, String provider, ExternalDigest interfaceDigest, boolean hasRSAdata) throws InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException
privKey
- the private key
certChain
- the certificate chain
interfaceDigest
- the interface digest
hashAlgorithm
- the hash algorithm
provider
- the provider or null
for the default provider
hasRSAdata
- true
if the sub-filter is adbe.pkcs7.sha1
InvalidKeyException
- on error
NoSuchProviderException
- on error
NoSuchAlgorithmException
- on error
public PdfPKCS7(byte[] contentsKey, byte[] certsKey, String provider)
contentsKey
- the /Contents key
certsKey
- the /Cert key
provider
- the provider or null
for the default provider
public void setSignaturePolicy(SignaturePolicyInfo signaturePolicy)
public void setSignaturePolicy(org.bouncycastle.asn1.esf.SignaturePolicyIdentifier signaturePolicy)
public String getSignName()
public void setSignName(String signName)
signName
- New value of property sigName.
public String getReason()
public void setReason(String reason)
reason
- New value of property reason.
public String getLocation()
public void setLocation(String location)
location
- New value of property location.
public Calendar getSignDate()
public void setSignDate(Calendar signDate)
signDate
- New value of property signDate.
public int getVersion()
public int getSigningInfoVersion()
public String getDigestAlgorithmOid()
public String getHashAlgorithm()
public String getDigestEncryptionAlgorithmOid()
public String getDigestAlgorithm()
public void setExternalDigest(byte[] digest, byte[] RSAdata, String digestEncryptionAlgorithm)
digest
- the digest. This is the actual signature
RSAdata
- the extra data that goes into the data tag in PKCS#7
digestEncryptionAlgorithm
- the encryption algorithm. It may must be null
if the digest
is also null
. If the digest
is not null
then it may be "RSA" or "DSA"
public void update(byte[] buf, int off, int len) throws SignatureException
buf
- the data buffer
off
- the offset in the data buffer
len
- the data length
SignatureException
- on error
public byte[] getEncodedPKCS1()
public byte[] getEncodedPKCS7()
public byte[] getEncodedPKCS7(byte[] secondDigest)
null
, none will be used.
secondDigest
- the digest in the authenticatedAttributes
public byte[] getEncodedPKCS7(byte[] secondDigest, TSAClient tsaClient, byte[] ocsp, CollectioncrlBytes, MakeSignature.CryptoStandard sigtype)
secondDigest
- the digest in the authenticatedAttributes
tsaClient
- TSAClient - null or an optional time stamp authority client
public byte[] getAuthenticatedAttributeBytes(byte[] secondDigest, byte[] ocsp, CollectioncrlBytes, MakeSignature.CryptoStandard sigtype)
getEncodedPKCS7(byte[])
.
A simple example:
Calendar cal = Calendar.getInstance(); PdfPKCS7 pk7 = new PdfPKCS7(key, chain, null, "SHA1", null, false); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); byte buf[] = new byte[8192]; int n; InputStream inp = sap.getRangeStream(); while ((n = inp.read(buf)) > 0) { messageDigest.update(buf, 0, n); } byte hash[] = messageDigest.digest(); byte sh[] = pk7.getAuthenticatedAttributeBytes(hash, cal); pk7.update(sh, 0, sh.length); byte sg[] = pk7.getEncodedPKCS7(hash, cal);
secondDigest
- the content digest
public boolean verify() throws GeneralSecurityException
true
if the signature checks out, false
otherwise
SignatureException
- on error
GeneralSecurityException
public boolean verifyTimestampImprint() throws GeneralSecurityException
GeneralSecurityException
- on error
public Certificate[] getCertificates()
public Certificate[] getSignCertificateChain()
public X509Certificate getSigningCertificate()
public Collection<CRL> getCRLs()
public org.bouncycastle.cert.ocsp.BasicOCSPResp getOcsp()
public boolean isRevocationValid()
public boolean isTsp()
public org.bouncycastle.tsp.TimeStampToken getTimeStampToken()
public Calendar getTimeStampDate()
public PdfName getFilterSubtype()
public String getEncryptionAlgorithm()
Copyright © 1998–2022. All rights reserved.