Package com.itextpdf.signatures

Class PdfPadesSigner

  • public class PdfPadesSigner
extends java.lang.Object
    This class performs signing with PaDES related profiles using provided parameters.

    • Field Detail

      • DEFAULT_DIGEST_ALGORITHM

        private static final java.lang.String DEFAULT_DIGEST_ALGORITHM
        See Also:
        Constant Field Values

      • LOCK_OBJECT

        private static final java.lang.Object LOCK_OBJECT

      • increment

        private static long increment

      • estimatedSize

        private int estimatedSize

      • timestampSignatureName

        private java.lang.String timestampSignatureName

      • temporaryDirectoryPath

        private java.lang.String temporaryDirectoryPath

      • stampingPropertiesWithMetaInfo

        private StampingProperties stampingPropertiesWithMetaInfo

      • tempOutputStream

        private java.io.ByteArrayOutputStream tempOutputStream

      • tempFile

        private java.io.File tempFile

      • tempFiles

        private final java.util.Set<java.io.File> tempFiles

      • outputStream

        private final java.io.OutputStream outputStream

    • Constructor Detail

      • PdfPadesSigner

        public PdfPadesSigner​(PdfReader reader,
                      java.io.OutputStream outputStream)
        Create an instance of PdfPadesSigner class. One instance shall be used for one signing operation.
        Parameters:
        reader - PdfReader instance to read original PDF file
        outputStream - OutputStream output stream to write the resulting PDF file into

    • Method Detail

      • signWithBaselineBProfile

        public void signWithBaselineBProfile​(SignerProperties signerProperties,
                                     java.security.cert.Certificate[] chain,
                                     IExternalSignature externalSignature)
                              throws java.security.GeneralSecurityException,
                                     java.io.IOException
        Sign the document provided in PdfSigner instance with PaDES Baseline-B Profile.
        Parameters:
        signerProperties - SignerProperties properties to be used for main signing operation
        chain - the chain of certificates to be used for signing operation
        externalSignature - IExternalSignature instance to be used for main signing operation
        Throws:
        java.security.GeneralSecurityException - in case of signing related exceptions
        java.io.IOException - in case of files related exceptions

      • signWithBaselineBProfile

        public void signWithBaselineBProfile​(SignerProperties signerProperties,
                                     java.security.cert.Certificate[] chain,
                                     java.security.PrivateKey privateKey)
                              throws java.security.GeneralSecurityException,
                                     java.io.IOException
        Sign the document provided in PdfSigner instance with PaDES Baseline-B Profile.
        Parameters:
        signerProperties - SignerProperties properties to be used for main signing operation
        chain - the chain of certificates to be used for signing operation
        privateKey - PrivateKey instance to be used for main signing operation
        Throws:
        java.security.GeneralSecurityException - in case of signing related exceptions
        java.io.IOException - in case of files related exceptions

      • signWithBaselineTProfile

        public void signWithBaselineTProfile​(SignerProperties signerProperties,
                                     java.security.cert.Certificate[] chain,
                                     IExternalSignature externalSignature,
                                     ITSAClient tsaClient)
                              throws java.security.GeneralSecurityException,
                                     java.io.IOException
        Sign the document provided in PdfSigner instance with PaDES Baseline-T Profile.
        Parameters:
        signerProperties - SignerProperties properties to be used for main signing operation
        chain - the chain of certificates to be used for signing operation
        externalSignature - IExternalSignature instance to be used for main signing operation
        tsaClient - ITSAClient instance to be used for timestamp creation
        Throws:
        java.security.GeneralSecurityException - in case of signing related exceptions
        java.io.IOException - in case of files related exceptions

      • signWithBaselineTProfile

        public void signWithBaselineTProfile​(SignerProperties signerProperties,
                                     java.security.cert.Certificate[] chain,
                                     java.security.PrivateKey privateKey,
                                     ITSAClient tsaClient)
                              throws java.security.GeneralSecurityException,
                                     java.io.IOException
        Sign the document provided in PdfSigner instance with PaDES Baseline-T Profile.
        Parameters:
        signerProperties - SignerProperties properties to be used for main signing operation
        chain - the chain of certificates to be used for signing operation
        privateKey - PrivateKey instance to be used for main signing operation
        tsaClient - ITSAClient instance to be used for timestamp creation
        Throws:
        java.security.GeneralSecurityException - in case of signing related exceptions
        java.io.IOException - in case of files related exceptions

      • signWithBaselineLTProfile

        public void signWithBaselineLTProfile​(SignerProperties signerProperties,
                                      java.security.cert.Certificate[] chain,
                                      IExternalSignature externalSignature,
                                      ITSAClient tsaClient)
                               throws java.security.GeneralSecurityException,
                                      java.io.IOException
        Sign the document provided in PdfSigner instance with PaDES Baseline-LT Profile.
        Parameters:
        signerProperties - SignerProperties properties to be used for main signing operation
        chain - the chain of certificates to be used for signing operation
        externalSignature - IExternalSignature instance to be used for main signing operation
        tsaClient - ITSAClient instance to be used for timestamp creation
        Throws:
        java.security.GeneralSecurityException - in case of signing related exceptions
        java.io.IOException - in case of files related exceptions

      • signWithBaselineLTProfile

        public void signWithBaselineLTProfile​(SignerProperties signerProperties,
                                      java.security.cert.Certificate[] chain,
                                      java.security.PrivateKey privateKey,
                                      ITSAClient tsaClient)
                               throws java.security.GeneralSecurityException,
                                      java.io.IOException
        Sign the document provided in PdfSigner instance with PaDES Baseline-LT Profile.
        Parameters:
        signerProperties - SignerProperties properties to be used for main signing operation
        chain - the chain of certificates to be used for signing operation
        privateKey - PrivateKey instance to be used for main signing operation
        tsaClient - ITSAClient instance to be used for timestamp creation
        Throws:
        java.security.GeneralSecurityException - in case of signing related exceptions
        java.io.IOException - in case of files related exceptions

      • signWithBaselineLTAProfile

        public void signWithBaselineLTAProfile​(SignerProperties signerProperties,
                                       java.security.cert.Certificate[] chain,
                                       IExternalSignature externalSignature,
                                       ITSAClient tsaClient)
                                throws java.io.IOException,
                                       java.security.GeneralSecurityException
        Sign the document provided in PdfSigner instance with PaDES Baseline-LTA Profile.
        Parameters:
        signerProperties - SignerProperties properties to be used for main signing operation
        chain - the chain of certificates to be used for signing operation
        externalSignature - IExternalSignature instance to be used for main signing operation
        tsaClient - ITSAClient instance to be used for timestamp creation
        Throws:
        java.security.GeneralSecurityException - in case of signing related exceptions
        java.io.IOException - in case of files related exceptions

      • signWithBaselineLTAProfile

        public void signWithBaselineLTAProfile​(SignerProperties signerProperties,
                                       java.security.cert.Certificate[] chain,
                                       java.security.PrivateKey privateKey,
                                       ITSAClient tsaClient)
                                throws java.security.GeneralSecurityException,
                                       java.io.IOException
        Sign the document provided in PdfSigner instance with PaDES Baseline-LTA Profile.
        Parameters:
        signerProperties - SignerProperties properties to be used for main signing operation
        chain - the chain of certificates to be used for signing operation
        privateKey - PrivateKey instance to be used for main signing operation
        tsaClient - ITSAClient instance to be used for timestamp creation
        Throws:
        java.security.GeneralSecurityException - in case of signing related exceptions
        java.io.IOException - in case of files related exceptions

      • prolongSignatures

        public void prolongSignatures​(ITSAClient tsaClient)
                       throws java.io.IOException,
                              java.security.GeneralSecurityException
        Add revocation information for all the signatures which could be found in the provided document. Also add timestamp signature on top of that.
        Parameters:
        tsaClient - ITSAClient TSA Client to be used for timestamp signature creation
        Throws:
        java.io.IOException - in case of files related exceptions
        java.security.GeneralSecurityException - in case of signing related exceptions

      • prolongSignatures

        public void prolongSignatures()
                       throws java.io.IOException,
                              java.security.GeneralSecurityException
        Add revocation information for all the signatures which could be found in the provided document.
        Throws:
        java.io.IOException - in case of files related exceptions
        java.security.GeneralSecurityException - in case of signing related exceptions

      • setTemporaryDirectoryPath

        public PdfPadesSigner setTemporaryDirectoryPath​(java.lang.String temporaryDirectoryPath)
        Set temporary directory to be used for temporary files creation.

        If none is set, temporary documents will be created in memory.

        Parameters:
        temporaryDirectoryPath - String representing relative or absolute path to the directory
        Returns:
        same instance of PdfPadesSigner

      • setStampingProperties

        public PdfPadesSigner setStampingProperties​(StampingProperties stampingProperties)
        Set stamping properties to be used during main signing operation.

        If none is set, stamping properties with append mode enabled will be used

        Parameters:
        stampingProperties - StampingProperties instance to be used during main signing operation
        Returns:
        same instance of PdfPadesSigner

      • setEstimatedSize

        public PdfPadesSigner setEstimatedSize​(int estimatedSize)
        Set estimated size of a signature to be applied.

        This parameter represents estimated amount of bytes to be preserved for the signature.

        If none is set, 0 will be used and the required space will be calculated during the signing.

        Parameters:
        estimatedSize - amount of bytes to be used as estimated value
        Returns:
        same instance of PdfPadesSigner

      • setOcspClient

        public PdfPadesSigner setOcspClient​(IOcspClient ocspClient)
        Set IOcspClient to be used for LTV Verification.

        This setter is only relevant if Baseline-LT Profile level or higher is used.

        If none is set, there will be an attempt to create default OCSP Client instance using the certificate chain.

        Parameters:
        ocspClient - IOcspClient instance to be used for LTV Verification
        Returns:
        same instance of PdfPadesSigner

      • setCrlClient

        public PdfPadesSigner setCrlClient​(ICrlClient crlClient)
        Set ICrlClient to be used for LTV Verification.

        This setter is only relevant if Baseline-LT Profile level or higher is used.

        If none is set, there will be an attempt to create default CRL Client instance using the certificate chain.

        Parameters:
        crlClient - ICrlClient instance to be used for LTV Verification
        Returns:
        same instance of PdfPadesSigner

      • setTrustedCertificates

        public PdfPadesSigner setTrustedCertificates​(java.util.List<java.security.cert.Certificate> certificateList)
        Set certificate list to be used by the IIssuingCertificateRetriever to retrieve missing certificates.
        Parameters:
        certificateList - certificate list for getting missing certificates in chain or CRL response issuer certificates.
        Returns:
        same instance of PdfPadesSigner.

      • performTimestamping

        void performTimestamping​(PdfDocument document,
                         java.io.OutputStream outputStream,
                         ITSAClient tsaClient)
                  throws java.io.IOException,
                         java.security.GeneralSecurityException
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException

      • createPdfSigner

        PdfSigner createPdfSigner​(SignerProperties signerProperties,
                          boolean isFinal)
                   throws java.io.IOException
        Throws:
        java.io.IOException

      • performLtvVerification

        void performLtvVerification​(PdfDocument pdfDocument,
                            java.util.List<java.lang.String> signatureNames,
                            LtvVerification.RevocationDataNecessity revocationDataNecessity)
                     throws java.io.IOException,
                            java.security.GeneralSecurityException
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException

      • deleteTempFiles

        void deleteTempFiles()

      • createOutputStream

        java.io.OutputStream createOutputStream()
                                 throws java.io.IOException
        Throws:
        java.io.IOException

      • createInputStream

        java.io.InputStream createInputStream()
                               throws java.io.IOException
        Throws:
        java.io.IOException

      • createRevocationClients

        void createRevocationClients​(java.security.cert.Certificate signingCert,
                             boolean clientsRequired)

      • performSignDetached

        private void performSignDetached​(SignerProperties signerProperties,
                                 boolean isFinal,
                                 IExternalSignature externalSignature,
                                 java.security.cert.Certificate[] chain,
                                 ITSAClient tsaClient)
                          throws java.security.GeneralSecurityException,
                                 java.io.IOException
        Throws:
        java.security.GeneralSecurityException
        java.io.IOException

      • getNextTempFile

        private java.io.File getNextTempFile()

      • getDigestAlgorithm

        private java.lang.String getDigestAlgorithm​(java.security.PrivateKey privateKey)