| java.lang.Object
 com.lowagie.text.pdf.PdfPKCS7
| PdfPKCS7 | | public class PdfPKCS7 (Code) | | This class does all the processing related to signing and verifying a PKCS#7
signature.
It's based in code found at org.bouncycastle.
|
| Inner Class :public static class X509Name | |
| Inner Class :public static class X509NameTokenizer | |
| Constructor Summary | |
| public | PdfPKCS7(byte[] contentsKey, byte[] certsKey, String provider)
Verifies a signature using the sub-filter adbe.x509.rsa_sha1. | | public | PdfPKCS7(byte[] contentsKey, String provider)
Verifies a signature using the sub-filter adbe.pkcs7.detached or
adbe.pkcs7.sha1. | | public | PdfPKCS7(PrivateKey privKey, Certificate[] certChain, CRL[] crlList, String hashAlgorithm, String provider, boolean hasRSAdata)
Generates a signature. |
| Method Summary | |
| public byte[] | getAuthenticatedAttributeBytes(byte secondDigest, Calendar signingTime)
When using authenticatedAttributes the authentication process is different.
The document digest is generated and put inside the attribute. | | public Collection | getCRLs()
| | public Certificate[] | getCertificates()
| | public String | getDigestAlgorithm()
| | public byte[] | getEncodedPKCS1()
Gets the bytes for the PKCS#1 object. | | public byte[] | getEncodedPKCS7()
Gets the bytes for the PKCS7SignedData object. | | public byte[] | getEncodedPKCS7(byte secondDigest, Calendar signingTime)
Gets the bytes for the PKCS7SignedData object. | | public String | getHashAlgorithm()
Returns the algorithm. | | public static X509Name | getIssuerFields(X509Certificate cert)
| | public String | getLocation()
Getter for property location. | | public String | getReason()
Getter for property reason. | | public Calendar | getSignDate()
Getter for property signDate. | | public String | getSignName()
Getter for property sigName. | | public X509Certificate | getSigningCertificate()
Get the X.509 certificate actually used to sign the digest. | | public int | getSigningInfoVersion()
Get the version of the PKCS#7 "SignerInfo" object. | | public static X509Name | getSubjectFields(X509Certificate cert)
| | public int | getVersion()
Get the version of the PKCS#7 object. | | public static KeyStore | loadCacertsKeyStore()
Loads the default root certificates at <java.home>/lib/security/cacerts
with the default provider. | | public static KeyStore | loadCacertsKeyStore(String provider)
Loads the default root certificates at <java.home>/lib/security/cacerts. | | public void | setExternalDigest(byte digest, byte RSAdata, String digestEncryptionAlgorithm)
Sets the digest/signature to an external calculated value.
Parameters:
digest - the digest. | | public void | setLocation(String location)
Setter for property location. | | public void | setReason(String reason)
Setter for property reason. | | public void | setSignDate(Calendar signDate)
Setter for property signDate. | | public void | setSignName(String signName)
Setter for property sigName. | | public void | update(byte[] buf, int off, int len)
Update the digest with the specified bytes. | | public boolean | verify()
Verify the digest. | | public static String | verifyCertificate(X509Certificate cert, Collection crls, Calendar calendar)
Verifies a single certificate. | | public static Object[] | verifyCertificates(Certificate certs, KeyStore keystore, Collection crls, Calendar calendar)
Verifies a certificate chain against a KeyStore. |
| getAuthenticatedAttributeBytes | | public byte[] getAuthenticatedAttributeBytes(byte secondDigest, Calendar signingTime)(Code) | | When using authenticatedAttributes the authentication process is different.
The document digest is generated and put inside the attribute. The signing is done over the DER encoded
authenticatedAttributes. This method provides that encoding and the parameters must be
exactly the same as in
PdfPKCS7.getEncodedPKCS7(byte[],Calendar) .
A simple example:
Calendar cal = Calendar.getInstance();
PdfPKCS7 pk7 = new PdfPKCS7(key, chain, null, "SHA1", null, false);
MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
byte buf[] = new byte[8192];
int n;
InputStream inp = sap.getRangeStream();
while ((n = inp.read(buf)) > 0) {
messageDigest.update(buf, 0, n);
}
byte hash[] = messageDigest.digest();
byte sh[] = pk7.getAuthenticatedAttributeBytes(hash, cal);
pk7.update(sh, 0, sh.length);
byte sg[] = pk7.getEncodedPKCS7(hash, cal);
Parameters:
secondDigest - the content digest
Parameters:
signingTime - the signing time the byte array representation of the authenticatedAttributes ready to be signed |
| getCRLs | | public Collection getCRLs()(Code) | | Get the X.509 certificate revocation lists associated with this PKCS#7 object
the X.509 certificate revocation lists associated with this PKCS#7 object |
| getCertificates | | public Certificate[] getCertificates()(Code) | | Get the X.509 certificates associated with this PKCS#7 object
the X.509 certificates associated with this PKCS#7 object |
| getDigestAlgorithm | | public String getDigestAlgorithm()(Code) | | Get the algorithm used to calculate the message digest
the algorithm used to calculate the message digest |
| getEncodedPKCS1 | | public byte[] getEncodedPKCS1()(Code) | | Gets the bytes for the PKCS#1 object.
a byte array |
| getEncodedPKCS7 | | public byte[] getEncodedPKCS7()(Code) | | Gets the bytes for the PKCS7SignedData object.
the bytes for the PKCS7SignedData object |
| getEncodedPKCS7 | | public byte[] getEncodedPKCS7(byte secondDigest, Calendar signingTime)(Code) | | Gets the bytes for the PKCS7SignedData object. Optionally the authenticatedAttributes
in the signerInfo can also be set. If either of the parameters is null, none will be used.
Parameters:
secondDigest - the digest in the authenticatedAttributes
Parameters:
signingTime - the signing time in the authenticatedAttributes the bytes for the PKCS7SignedData object |
| getHashAlgorithm | | public String getHashAlgorithm()(Code) | | Returns the algorithm.
the digest algorithm |
| getIssuerFields | | public static X509Name getIssuerFields(X509Certificate cert)(Code) | | Get the issuer fields from an X509 Certificate
Parameters:
cert - an X509Certificate an X509Name |
| getLocation | | public String getLocation()(Code) | | Getter for property location.
Value of property location. |
| getReason | | public String getReason()(Code) | | Getter for property reason.
Value of property reason. |
| getSignDate | | public Calendar getSignDate()(Code) | | Getter for property signDate.
Value of property signDate. |
| getSignName | | public String getSignName()(Code) | | Getter for property sigName.
Value of property sigName. |
| getSigningCertificate | | public X509Certificate getSigningCertificate()(Code) | | Get the X.509 certificate actually used to sign the digest.
the X.509 certificate actually used to sign the digest |
| getSigningInfoVersion | | public int getSigningInfoVersion()(Code) | | Get the version of the PKCS#7 "SignerInfo" object. Always 1
the version of the PKCS#7 "SignerInfo" object. Always 1 |
| getSubjectFields | | public static X509Name getSubjectFields(X509Certificate cert)(Code) | | Get the subject fields from an X509 Certificate
Parameters:
cert - an X509Certificate an X509Name |
| getVersion | | public int getVersion()(Code) | | Get the version of the PKCS#7 object. Always 1
the version of the PKCS#7 object. Always 1 |
| loadCacertsKeyStore | | public static KeyStore loadCacertsKeyStore()(Code) | | Loads the default root certificates at <java.home>/lib/security/cacerts
with the default provider.
a KeyStore |
| loadCacertsKeyStore | | public static KeyStore loadCacertsKeyStore(String provider)(Code) | | Loads the default root certificates at <java.home>/lib/security/cacerts.
Parameters:
provider - the provider or null for the default provider a KeyStore |
| setExternalDigest | | public void setExternalDigest(byte digest, byte RSAdata, String digestEncryptionAlgorithm)(Code) | | Sets the digest/signature to an external calculated value.
Parameters:
digest - the digest. This is the actual signature
Parameters:
RSAdata - the extra data that goes into the data tag in PKCS#7
Parameters:
digestEncryptionAlgorithm - the encryption algorithm. It may must be null if the digestis also null. If the digest is not nullthen it may be "RSA" or "DSA" |
| setLocation | | public void setLocation(String location)(Code) | | Setter for property location.
Parameters:
location - New value of property location. |
| setReason | | public void setReason(String reason)(Code) | | Setter for property reason.
Parameters:
reason - New value of property reason. |
| setSignDate | | public void setSignDate(Calendar signDate)(Code) | | Setter for property signDate.
Parameters:
signDate - New value of property signDate. |
| setSignName | | public void setSignName(String signName)(Code) | | Setter for property sigName.
Parameters:
signName - New value of property sigName. |
| update | | public void update(byte[] buf, int off, int len) throws SignatureException(Code) | | Update the digest with the specified bytes. This method is used both for signing and verifying
Parameters:
buf - the data buffer
Parameters:
off - the offset in the data buffer
Parameters:
len - the data length
throws:
SignatureException - on error |
| verifyCertificate | | public static String verifyCertificate(X509Certificate cert, Collection crls, Calendar calendar)(Code) | | Verifies a single certificate.
Parameters:
cert - the certificate to verify
Parameters:
crls - the certificate revocation list or null
Parameters:
calendar - the date or null for the current date a String with the error description or nullif no error |
| verifyCertificates | | public static Object[] verifyCertificates(Certificate certs, KeyStore keystore, Collection crls, Calendar calendar)(Code) | | Verifies a certificate chain against a KeyStore.
Parameters:
certs - the certificate chain
Parameters:
keystore - the KeyStore
Parameters:
crls - the certificate revocation list or null
Parameters:
calendar - the date or null for the current date null if the certificate chain could be validade or aObject[]{cert,error} where cert is thefailed certificate and error is the error message |
|
|