Package com.itextpdf.signatures

Class PadesTwoPhaseSigningHelper

java.lang.Object

com.itextpdf.signatures.PadesTwoPhaseSigningHelper

public class PadesTwoPhaseSigningHelper
extends java.lang.Object

Helper class to perform signing operation in two steps.

Firstly createCMSContainerWithoutSignature(java.security.cert.Certificate[], java.lang.String, com.itextpdf.kernel.pdf.PdfReader, java.io.OutputStream, com.itextpdf.signatures.SignerProperties) prepares document and placeholder for future signature without actual signing process.

Secondly follow-up step signs prepared document with corresponding PAdES Baseline profile.

Field Summary

Fields

Modifier and Type	Field	Description
private ICrlClient	crlClient
private int	estimatedSize
private static IBouncyCastleFactory	FACTORY
private IIssuingCertificateRetriever	issuingCertificateRetriever
private IOcspClient	ocspClient
private StampingProperties	stampingProperties
private StampingProperties	stampingPropertiesWithMetaInfo
private java.lang.String	temporaryDirectoryPath
private java.lang.String	timestampSignatureName
private ITSAClient	tsaClient

Constructor Summary

Constructors

Constructor	Description
PadesTwoPhaseSigningHelper()	Create instance of PadesTwoPhaseSigningHelper.

Method Summary

Modifier and Type	Method	Description
CMSContainer	createCMSContainerWithoutSignature(java.security.cert.Certificate[] certificates, java.lang.String digestAlgorithm, PdfReader inputDocument, java.io.OutputStream outputStream, SignerProperties signerProperties)	Creates CMS container compliant with PAdES level.
private PdfPadesSigner	createPadesSigner(PdfReader inputDocument, java.io.OutputStream outputStream)
PadesTwoPhaseSigningHelper	setCrlClient(ICrlClient crlClient)	Set ICrlClient to be used for LTV Verification.
PadesTwoPhaseSigningHelper	setEstimatedSize(int estimatedSize)	Set estimated size of a signature to be applied.
PadesTwoPhaseSigningHelper	setIssuingCertificateRetriever(IIssuingCertificateRetriever issuingCertificateRetriever)	Set IIssuingCertificateRetriever to be used before main signing operation.
PadesTwoPhaseSigningHelper	setOcspClient(IOcspClient ocspClient)	Set IOcspClient to be used for LTV Verification.
private byte[]	setSignatureAlgorithmAndSignature(IExternalSignature externalSignature, CMSContainer cmsContainer)
PadesTwoPhaseSigningHelper	setStampingProperties(StampingProperties stampingProperties)	Set stamping properties to be used during main signing operation.
PadesTwoPhaseSigningHelper	setTemporaryDirectoryPath(java.lang.String temporaryDirectoryPath)	Set temporary directory to be used for temporary files creation.
PadesTwoPhaseSigningHelper	setTimestampSignatureName(java.lang.String timestampSignatureName)	Set the name to be used for timestamp signature creation.
PadesTwoPhaseSigningHelper	setTrustedCertificates(java.util.List<java.security.cert.Certificate> certificateList)	Set certificate list to be used by the IIssuingCertificateRetriever to retrieve missing certificates.
PadesTwoPhaseSigningHelper	setTSAClient(ITSAClient tsaClient)	Set ITSAClient to be used for timestamp signature creation.
void	signCMSContainerWithBaselineBProfile(IExternalSignature externalSignature, PdfReader inputDocument, java.io.OutputStream outputStream, java.lang.String signatureFieldName, CMSContainer cmsContainer)	Follow-up step that signs prepared document with PAdES Baseline-B profile.
void	signCMSContainerWithBaselineLTAProfile(IExternalSignature externalSignature, PdfReader inputDocument, java.io.OutputStream outputStream, java.lang.String signatureFieldName, CMSContainer cmsContainer)	Follow-up step that signs prepared document with PAdES Baseline-LTA profile.
void	signCMSContainerWithBaselineLTProfile(IExternalSignature externalSignature, PdfReader inputDocument, java.io.OutputStream outputStream, java.lang.String signatureFieldName, CMSContainer cmsContainer)	Follow-up step that signs prepared document with PAdES Baseline-LT profile.
void	signCMSContainerWithBaselineTProfile(IExternalSignature externalSignature, PdfReader inputDocument, java.io.OutputStream outputStream, java.lang.String signatureFieldName, CMSContainer cmsContainer)	Follow-up step that signs prepared document with PAdES Baseline-T profile.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

FACTORY

private static final IBouncyCastleFactory FACTORY

ocspClient

private IOcspClient ocspClient

crlClient

private ICrlClient crlClient

tsaClient

private ITSAClient tsaClient

temporaryDirectoryPath

private java.lang.String temporaryDirectoryPath

timestampSignatureName

private java.lang.String timestampSignatureName

stampingProperties

private StampingProperties stampingProperties

stampingPropertiesWithMetaInfo

private StampingProperties stampingPropertiesWithMetaInfo

issuingCertificateRetriever

private IIssuingCertificateRetriever issuingCertificateRetriever

estimatedSize

private int estimatedSize

Constructor Detail

PadesTwoPhaseSigningHelper

public PadesTwoPhaseSigningHelper()

Create instance of PadesTwoPhaseSigningHelper.

Same instance shall not be used for different signing operations, but can be used for both createCMSContainerWithoutSignature(java.security.cert.Certificate[], java.lang.String, com.itextpdf.kernel.pdf.PdfReader, java.io.OutputStream, com.itextpdf.signatures.SignerProperties) and follow-up signing.

Method Detail

setOcspClient

public PadesTwoPhaseSigningHelper setOcspClient(IOcspClient ocspClient)

Set IOcspClient to be used for LTV Verification.

This setter is only relevant if Baseline-LT Profile level or higher is used.

If none is set, there will be an attempt to create default OCSP Client instance using the certificate chain.

Parameters:

ocspClient - IOcspClient instance to be used for LTV Verification

Returns:

same instance of PadesTwoPhaseSigningHelper

setTrustedCertificates

public PadesTwoPhaseSigningHelper setTrustedCertificates(java.util.List<java.security.cert.Certificate> certificateList)

Set certificate list to be used by the IIssuingCertificateRetriever to retrieve missing certificates.

Parameters:

certificateList - certificate list for getting missing certificates in chain or CRL response issuer certificates.

Returns:

same instance of PadesTwoPhaseSigningHelper.

setCrlClient

public PadesTwoPhaseSigningHelper setCrlClient(ICrlClient crlClient)

Set ICrlClient to be used for LTV Verification.

This setter is only relevant if Baseline-LT Profile level or higher is used.

If none is set, there will be an attempt to create default CRL Client instance using the certificate chain.

Parameters:

crlClient - ICrlClient instance to be used for LTV Verification

Returns:

same instance of PadesTwoPhaseSigningHelper

setTSAClient

public PadesTwoPhaseSigningHelper setTSAClient(ITSAClient tsaClient)

Set ITSAClient to be used for timestamp signature creation.

This client has to be set for Baseline-T Profile level and higher.

Parameters:

tsaClient - ITSAClient instance to be used for timestamp signature creation.

Returns:

same instance of PadesTwoPhaseSigningHelper

setIssuingCertificateRetriever

public PadesTwoPhaseSigningHelper setIssuingCertificateRetriever(IIssuingCertificateRetriever issuingCertificateRetriever)

Set IIssuingCertificateRetriever to be used before main signing operation.

If none is set, IssuingCertificateRetriever instance will be used instead.

Parameters:

issuingCertificateRetriever - IIssuingCertificateRetriever instance to be used for getting missing certificates in chain or CRL response issuer certificates.

Returns:

same instance of PadesTwoPhaseSigningHelper.

setEstimatedSize

public PadesTwoPhaseSigningHelper setEstimatedSize(int estimatedSize)

Set estimated size of a signature to be applied.

This parameter represents estimated amount of bytes to be preserved for the signature.

If none is set, 0 will be used and the required space will be calculated during the signing.

Parameters:

estimatedSize - amount of bytes to be used as estimated value

Returns:

same instance of PadesTwoPhaseSigningHelper

setTemporaryDirectoryPath

public PadesTwoPhaseSigningHelper setTemporaryDirectoryPath(java.lang.String temporaryDirectoryPath)

Set temporary directory to be used for temporary files creation.

If none is set, temporary documents will be created in memory.

Parameters:

temporaryDirectoryPath - String representing relative or absolute path to the directory

Returns:

same instance of PadesTwoPhaseSigningHelper

setTimestampSignatureName

public PadesTwoPhaseSigningHelper setTimestampSignatureName(java.lang.String timestampSignatureName)

Set the name to be used for timestamp signature creation.

This setter is only relevant if PdfPadesSigner.signWithBaselineLTAProfile(com.itextpdf.signatures.SignerProperties, java.security.cert.Certificate[], com.itextpdf.signatures.IExternalSignature, com.itextpdf.signatures.ITSAClient) or PdfPadesSigner.prolongSignatures(com.itextpdf.signatures.ITSAClient) methods are used.

If none is set, randomly generated signature name will be used.

Parameters:

timestampSignatureName - String representing the name of a timestamp signature to be applied

Returns:

same instance of PadesTwoPhaseSigningHelper

setStampingProperties

public PadesTwoPhaseSigningHelper setStampingProperties(StampingProperties stampingProperties)

Set stamping properties to be used during main signing operation.

If none is set, stamping properties with append mode enabled will be used

Parameters:

stampingProperties - StampingProperties instance to be used during main signing operation

Returns:

same instance of PadesTwoPhaseSigningHelper

createCMSContainerWithoutSignature

public CMSContainer createCMSContainerWithoutSignature(java.security.cert.Certificate[] certificates,
                                                       java.lang.String digestAlgorithm,
                                                       PdfReader inputDocument,
                                                       java.io.OutputStream outputStream,
                                                       SignerProperties signerProperties)
                                                throws java.io.IOException,
                                                       java.security.GeneralSecurityException

Creates CMS container compliant with PAdES level. Prepares document and placeholder for the future signature without actual signing process.

Parameters:

certificates - certificates to be added to the CMS container

digestAlgorithm - the algorithm to generate the digest with

inputDocument - reader PdfReader instance to read original PDF file

outputStream - OutputStream output stream to write the resulting PDF file into

signerProperties - properties to be used in the signing operations

Returns:

prepared CMS container without signature.

Throws:

java.io.IOException - if an I/O error occurs.

java.security.GeneralSecurityException - if some problem with signature or security occur.

signCMSContainerWithBaselineBProfile

public void signCMSContainerWithBaselineBProfile(IExternalSignature externalSignature,
                                                 PdfReader inputDocument,
                                                 java.io.OutputStream outputStream,
                                                 java.lang.String signatureFieldName,
                                                 CMSContainer cmsContainer)
                                          throws java.lang.Exception

Follow-up step that signs prepared document with PAdES Baseline-B profile.

Parameters:

externalSignature - external signature to do the actual signing

inputDocument - reader PdfReader instance to read prepared document

outputStream - the output PDF

signatureFieldName - the field to sign

cmsContainer - the finalized CMS container (e.g. created in the first step)

Throws:

java.lang.Exception - if some exception occur.

signCMSContainerWithBaselineTProfile

public void signCMSContainerWithBaselineTProfile(IExternalSignature externalSignature,
                                                 PdfReader inputDocument,
                                                 java.io.OutputStream outputStream,
                                                 java.lang.String signatureFieldName,
                                                 CMSContainer cmsContainer)
                                          throws java.lang.Exception

Follow-up step that signs prepared document with PAdES Baseline-T profile.

Parameters:

externalSignature - external signature to do the actual signing

inputDocument - reader PdfReader instance to read prepared document

outputStream - the output PDF

signatureFieldName - the field to sign

cmsContainer - the finalized CMS container (e.g. created in the first step)

Throws:

java.lang.Exception - if some exception occur.

signCMSContainerWithBaselineLTProfile

public void signCMSContainerWithBaselineLTProfile(IExternalSignature externalSignature,
                                                  PdfReader inputDocument,
                                                  java.io.OutputStream outputStream,
                                                  java.lang.String signatureFieldName,
                                                  CMSContainer cmsContainer)
                                           throws java.lang.Exception

Follow-up step that signs prepared document with PAdES Baseline-LT profile.

Parameters:

externalSignature - external signature to do the actual signing

inputDocument - reader PdfReader instance to read prepared document

outputStream - the output PDF

signatureFieldName - the field to sign

cmsContainer - the finalized CMS container (e.g. created in the first step)

Throws:

java.lang.Exception - if some exception occur.

signCMSContainerWithBaselineLTAProfile

public void signCMSContainerWithBaselineLTAProfile(IExternalSignature externalSignature,
                                                   PdfReader inputDocument,
                                                   java.io.OutputStream outputStream,
                                                   java.lang.String signatureFieldName,
                                                   CMSContainer cmsContainer)
                                            throws java.lang.Exception

Follow-up step that signs prepared document with PAdES Baseline-LTA profile.

Parameters:

externalSignature - external signature to do the actual signing

inputDocument - reader PdfReader instance to read prepared document

outputStream - the output PDF

signatureFieldName - the field to sign

cmsContainer - the finalized CMS container (e.g. created in the first step)

Throws:

java.lang.Exception - if some exception occur.

setSignatureAlgorithmAndSignature

private byte[] setSignatureAlgorithmAndSignature(IExternalSignature externalSignature,
                                                 CMSContainer cmsContainer)
                                          throws java.io.IOException,
                                                 java.security.GeneralSecurityException

Throws:

java.io.IOException

java.security.GeneralSecurityException

createPadesSigner

private PdfPadesSigner createPadesSigner(PdfReader inputDocument,
                                         java.io.OutputStream outputStream)