|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.lowagie.text.pdf.PdfPKCS7
public class PdfPKCS7
This class does all the processing related to signing and verifying a PKCS#7 signature.
It's based in code found at org.bouncycastle.
Nested Class Summary | |
---|---|
static class |
PdfPKCS7.X509Name
a class that holds an X509 name |
static class |
PdfPKCS7.X509NameTokenizer
class for breaking up an X500 Name into it's component tokens, ala java.util.StringTokenizer. |
Constructor Summary | |
---|---|
PdfPKCS7(byte[] contentsKey,
byte[] certsKey,
java.lang.String provider)
Verifies a signature using the sub-filter adbe.x509.rsa_sha1. |
|
PdfPKCS7(byte[] contentsKey,
java.lang.String provider)
Verifies a signature using the sub-filter adbe.pkcs7.detached or adbe.pkcs7.sha1. |
|
PdfPKCS7(java.security.PrivateKey privKey,
java.security.cert.Certificate[] certChain,
java.security.cert.CRL[] crlList,
java.lang.String hashAlgorithm,
java.lang.String provider,
boolean hasRSAdata)
Generates a signature. |
Method Summary | |
---|---|
static java.lang.String |
getAlgorithm(java.lang.String oid)
Gets the algorithm name for a certain id. |
byte[] |
getAuthenticatedAttributeBytes(byte[] secondDigest,
java.util.Calendar signingTime,
byte[] ocsp)
When using authenticatedAttributes the authentication process is different. |
java.security.cert.Certificate[] |
getCertificates()
Get all the X.509 certificates associated with this PKCS#7 object in no particular order. |
java.util.Collection |
getCRLs()
Get the X.509 certificate revocation lists associated with this PKCS#7 object |
static java.lang.String |
getDigest(java.lang.String oid)
Gets the digest name for a certain id |
java.lang.String |
getDigestAlgorithm()
Get the algorithm used to calculate the message digest |
byte[] |
getEncodedPKCS1()
Gets the bytes for the PKCS#1 object. |
byte[] |
getEncodedPKCS7()
Gets the bytes for the PKCS7SignedData object. |
byte[] |
getEncodedPKCS7(byte[] secondDigest,
java.util.Calendar signingTime)
Gets the bytes for the PKCS7SignedData object. |
byte[] |
getEncodedPKCS7(byte[] secondDigest,
java.util.Calendar signingTime,
TSAClient tsaClient,
byte[] ocsp)
Gets the bytes for the PKCS7SignedData object. |
java.lang.String |
getHashAlgorithm()
Returns the algorithm. |
static PdfPKCS7.X509Name |
getIssuerFields(java.security.cert.X509Certificate cert)
Get the issuer fields from an X509 Certificate |
java.lang.String |
getLocation()
Getter for property location. |
org.bouncycastle.ocsp.BasicOCSPResp |
getOcsp()
Gets the OCSP basic response if there is one. |
static java.lang.String |
getOCSPURL(java.security.cert.X509Certificate certificate)
Retrieves the OCSP URL from the given certificate. |
java.lang.String |
getReason()
Getter for property reason. |
java.security.cert.Certificate[] |
getSignCertificateChain()
Get the X.509 sign certificate chain associated with this PKCS#7 object. |
java.util.Calendar |
getSignDate()
Getter for property signDate. |
java.security.cert.X509Certificate |
getSigningCertificate()
Get the X.509 certificate actually used to sign the digest. |
int |
getSigningInfoVersion()
Get the version of the PKCS#7 "SignerInfo" object. |
java.lang.String |
getSignName()
Getter for property sigName. |
static PdfPKCS7.X509Name |
getSubjectFields(java.security.cert.X509Certificate cert)
Get the subject fields from an X509 Certificate |
java.util.Calendar |
getTimeStampDate()
Gets the timestamp date |
TimeStampToken |
getTimeStampToken()
Gets the timestamp token if there is one. |
int |
getVersion()
Get the version of the PKCS#7 object. |
boolean |
isRevocationValid()
Checks if OCSP revocation refers to the document signing certificate. |
static java.security.KeyStore |
loadCacertsKeyStore()
Loads the default root certificates at <java.home>/lib/security/cacerts with the default provider. |
static java.security.KeyStore |
loadCacertsKeyStore(java.lang.String provider)
Loads the default root certificates at <java.home>/lib/security/cacerts. |
void |
setExternalDigest(byte[] digest,
byte[] RSAdata,
java.lang.String digestEncryptionAlgorithm)
Sets the digest/signature to an external calculated value. |
void |
setLocation(java.lang.String location)
Setter for property location. |
void |
setReason(java.lang.String reason)
Setter for property reason. |
void |
setSignDate(java.util.Calendar signDate)
Setter for property signDate. |
void |
setSignName(java.lang.String signName)
Setter for property sigName. |
void |
update(byte[] buf,
int off,
int len)
Update the digest with the specified bytes. |
boolean |
verify()
Verify the digest. |
static java.lang.String |
verifyCertificate(java.security.cert.X509Certificate cert,
java.util.Collection crls,
java.util.Calendar calendar)
Verifies a single certificate. |
static java.lang.Object[] |
verifyCertificates(java.security.cert.Certificate[] certs,
java.security.KeyStore keystore,
java.util.Collection crls,
java.util.Calendar calendar)
Verifies a certificate chain against a KeyStore. |
static boolean |
verifyOcspCertificates(org.bouncycastle.ocsp.BasicOCSPResp ocsp,
java.security.KeyStore keystore,
java.lang.String provider)
Verifies an OCSP response against a KeyStore. |
static boolean |
verifyTimestampCertificates(TimeStampToken ts,
java.security.KeyStore keystore,
java.lang.String provider)
Verifies a timestamp against a KeyStore. |
boolean |
verifyTimestampImprint()
Checks if the timestamp refers to this document. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public PdfPKCS7(byte[] contentsKey, byte[] certsKey, java.lang.String provider)
contentsKey
- the /Contents keycertsKey
- the /Cert keyprovider
- the provider or null
for the default providerpublic PdfPKCS7(byte[] contentsKey, java.lang.String provider)
contentsKey
- the /Contents keyprovider
- the provider or null
for the default providerpublic PdfPKCS7(java.security.PrivateKey privKey, java.security.cert.Certificate[] certChain, java.security.cert.CRL[] crlList, java.lang.String hashAlgorithm, java.lang.String provider, boolean hasRSAdata) throws java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.NoSuchAlgorithmException
privKey
- the private keycertChain
- the certificate chaincrlList
- the certificate revocation listhashAlgorithm
- the hash algorithmprovider
- the provider or null
for the default providerhasRSAdata
- true
if the sub-filter is adbe.pkcs7.sha1
java.security.InvalidKeyException
- on error
java.security.NoSuchProviderException
- on error
java.security.NoSuchAlgorithmException
- on errorMethod Detail |
---|
public static java.lang.String getDigest(java.lang.String oid)
oid
- an id (for instance "1.2.840.113549.2.5")
public static java.lang.String getAlgorithm(java.lang.String oid)
oid
- an id (for instance "1.2.840.113549.1.1.1")
public TimeStampToken getTimeStampToken()
public java.util.Calendar getTimeStampDate()
public org.bouncycastle.ocsp.BasicOCSPResp getOcsp()
public void update(byte[] buf, int off, int len) throws java.security.SignatureException
buf
- the data bufferoff
- the offset in the data bufferlen
- the data length
java.security.SignatureException
- on errorpublic boolean verify() throws java.security.SignatureException
true
if the signature checks out, false
otherwise
java.security.SignatureException
- on errorpublic boolean verifyTimestampImprint() throws java.security.NoSuchAlgorithmException
java.security.NoSuchAlgorithmException
- on errorpublic java.security.cert.Certificate[] getCertificates()
public java.security.cert.Certificate[] getSignCertificateChain()
public java.util.Collection getCRLs()
public java.security.cert.X509Certificate getSigningCertificate()
public int getVersion()
public int getSigningInfoVersion()
public java.lang.String getDigestAlgorithm()
public java.lang.String getHashAlgorithm()
public static java.security.KeyStore loadCacertsKeyStore()
KeyStore
public static java.security.KeyStore loadCacertsKeyStore(java.lang.String provider)
provider
- the provider or null
for the default provider
KeyStore
public static java.lang.String verifyCertificate(java.security.cert.X509Certificate cert, java.util.Collection crls, java.util.Calendar calendar)
cert
- the certificate to verifycrls
- the certificate revocation list or null
calendar
- the date or null
for the current date
String
with the error description or null
if no errorpublic static java.lang.Object[] verifyCertificates(java.security.cert.Certificate[] certs, java.security.KeyStore keystore, java.util.Collection crls, java.util.Calendar calendar)
certs
- the certificate chainkeystore
- the KeyStore
crls
- the certificate revocation list or null
calendar
- the date or null
for the current date
null
if the certificate chain could be validated or a
Object[]{cert,error}
where cert
is the
failed certificate and error
is the error messagepublic static boolean verifyOcspCertificates(org.bouncycastle.ocsp.BasicOCSPResp ocsp, java.security.KeyStore keystore, java.lang.String provider)
ocsp
- the OCSP responsekeystore
- the KeyStore
provider
- the provider or null
to use the BouncyCastle provider
true
is a certificate was foundpublic static boolean verifyTimestampCertificates(TimeStampToken ts, java.security.KeyStore keystore, java.lang.String provider)
ts
- the timestampkeystore
- the KeyStore
provider
- the provider or null
to use the BouncyCastle provider
true
is a certificate was foundpublic static java.lang.String getOCSPURL(java.security.cert.X509Certificate certificate) throws java.security.cert.CertificateParsingException
certificate
- the certificate
java.security.cert.CertificateParsingException
- on errorpublic boolean isRevocationValid()
public static PdfPKCS7.X509Name getIssuerFields(java.security.cert.X509Certificate cert)
cert
- an X509Certificate
public static PdfPKCS7.X509Name getSubjectFields(java.security.cert.X509Certificate cert)
cert
- an X509Certificate
public byte[] getEncodedPKCS1()
public void setExternalDigest(byte[] digest, byte[] RSAdata, java.lang.String digestEncryptionAlgorithm)
digest
- the digest. This is the actual signatureRSAdata
- the extra data that goes into the data tag in PKCS#7digestEncryptionAlgorithm
- the encryption algorithm. It may must be null
if the digest
is also null
. If the digest
is not null
then it may be "RSA" or "DSA"public byte[] getEncodedPKCS7()
public byte[] getEncodedPKCS7(byte[] secondDigest, java.util.Calendar signingTime)
null
, none will be used.
secondDigest
- the digest in the authenticatedAttributessigningTime
- the signing time in the authenticatedAttributes
public byte[] getEncodedPKCS7(byte[] secondDigest, java.util.Calendar signingTime, TSAClient tsaClient, byte[] ocsp)
secondDigest
- the digest in the authenticatedAttributessigningTime
- the signing time in the authenticatedAttributestsaClient
- TSAClient - null or an optional time stamp authority client
public byte[] getAuthenticatedAttributeBytes(byte[] secondDigest, java.util.Calendar signingTime, byte[] ocsp)
getEncodedPKCS7(byte[],Calendar)
.
A simple example:
Calendar cal = Calendar.getInstance(); PdfPKCS7 pk7 = new PdfPKCS7(key, chain, null, "SHA1", null, false); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); byte buf[] = new byte[8192]; int n; InputStream inp = sap.getRangeStream(); while ((n = inp.read(buf)) > 0) { messageDigest.update(buf, 0, n); } byte hash[] = messageDigest.digest(); byte sh[] = pk7.getAuthenticatedAttributeBytes(hash, cal); pk7.update(sh, 0, sh.length); byte sg[] = pk7.getEncodedPKCS7(hash, cal);
secondDigest
- the content digestsigningTime
- the signing time
public java.lang.String getReason()
public void setReason(java.lang.String reason)
reason
- New value of property reason.public java.lang.String getLocation()
public void setLocation(java.lang.String location)
location
- New value of property location.public java.util.Calendar getSignDate()
public void setSignDate(java.util.Calendar signDate)
signDate
- New value of property signDate.public java.lang.String getSignName()
public void setSignName(java.lang.String signName)
signName
- New value of property sigName.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |