Package com.itextpdf.signatures.cms

Class CMSContainer

    • Field Detail

      • otherRevocationInfo

        final java.util.Collection<IASN1Sequence> otherRevocationInfo
        Collection to store revocation info other than OCSP and CRL responses, e.g. SCVP Request and Response.

      • crls

        private final java.util.Collection<java.security.cert.CRL> crls
        Optional.

        It is a collection of CRL revocation status information.

      • ocsps

        private final java.util.Collection<IBasicOCSPResponse> ocsps
        Optional.

        It is a collection of CRL revocation status information.

      • encapContentInfo

        private EncapsulatedContentInfo encapContentInfo
        This represents the signed content. In the case of a signed PDF document this will of type data with no content.

      • certificates

        private java.util.Collection<java.security.cert.X509Certificate> certificates
        Optional.

        It is intended to add all certificates to be able to validate the entire chain.

      • signerInfo

        private SignerInfo signerInfo
        This class only supports one signer per signature field.

      • version

        private int version

    • Constructor Detail

      • CMSContainer

        public CMSContainer()
        Creates an empty SignedData structure.

      • CMSContainer

        public CMSContainer​(byte[] encodedCMSdata)
             throws java.io.IOException,
                    java.security.cert.CertificateException,
                    java.security.cert.CRLException
        Creates a SignedData structure from a serialized ASN1 structure.
        Parameters:
        encodedCMSdata - the serialized CMS container
        Throws:
        java.io.IOException - if issues occur during ASN1 objects creation.
        java.security.cert.CertificateException - if issues occur processing the embedded certificates.
        java.security.cert.CRLException - if CRL encoding error occurs.

    • Method Detail

      • setSignerInfo

        public void setSignerInfo​(SignerInfo signerInfo)
        This class only supports one signer per signature field.
        Parameters:
        signerInfo - the singerInfo

      • getSignerInfo

        public SignerInfo getSignerInfo()
        This class only supports one signer per signature field.
        Returns:
        the singerInfo

      • getSizeEstimation

        public long getSizeEstimation()
                       throws java.security.cert.CertificateEncodingException,
                              java.io.IOException,
                              java.security.cert.CRLException
        When all fields except for signer.signedAttributes.digest and signer.signature are completed it is possible to calculate the eventual size of the signature by serializing except for the signature (that depends on the digest and cypher but is set at 1024 bytes) and later added unsigned attributes like timestamps.
        Returns:
        the estimated size of the complete CMS container before signature is added, size for the signature is added, size for other attributes like timestamps is not.
        Throws:
        java.security.cert.CertificateEncodingException - if an encoding error occurs in X509Certificate.
        java.io.IOException - if an I/O error occurs.
        java.security.cert.CRLException - if CRL encoding error occurs.

      • getCmsVersion

        public int getCmsVersion()
        The version of the CMS container.
        Returns:
        version of the CMS container

      • getDigestAlgorithm

        public AlgorithmIdentifier getDigestAlgorithm()
        The digest algorithm OID and parameters used by the signer. This class only supports one signer for use in pdf signatures, so only one digest algorithm is supported.

        This field is set when adding the signerInfo.

        Returns:
        AlgorithmIdentifier digest algorithm.

      • getEncapContentInfo

        public EncapsulatedContentInfo getEncapContentInfo()
        This represents the signed content. In the case of a signed PDF document this will be of type data with no content.
        Returns:
        a representation of the data to be signed.

      • setEncapContentInfo

        public void setEncapContentInfo​(EncapsulatedContentInfo encapContentInfo)
        This represents the signed content. In the case of a signed PDF document this will be of type data with no content. Defaults to 1.2.840.113549.1.7.1 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7) id-data(1)}
        Parameters:
        encapContentInfo - a representation of the data to be signed.

      • addCertificate

        public void addCertificate​(java.security.cert.X509Certificate cert)
        Adds a certificate.
        Parameters:
        cert - the certificate to be added

      • addCertificates

        public void addCertificates​(java.security.cert.X509Certificate[] certs)
        Adds a set of certificates.
        Parameters:
        certs - the certificates to be added

      • getCertificates

        public java.util.Collection<java.security.cert.X509Certificate> getCertificates()
        Retrieves a copy of the list of certificates.
        Returns:
        the list of certificates to be used for signing and certificate validation

      • getCrls

        public java.util.Collection<java.security.cert.CRL> getCrls()
        Retrieves a copy of the list of CRLs.
        Returns:
        the list of CRL revocation info.

      • addCrl

        public void addCrl​(java.security.cert.CRL crl)
        Adds a CRL response to the CMS container.
        Parameters:
        crl - the CRL response to be added.

      • getOcsps

        public java.util.Collection<IBasicOCSPResponse> getOcsps()
        Retrieves a copy of the list of OCSPs.
        Returns:
        the list of OCSP revocation info.

      • addOcsp

        public void addOcsp​(IBasicOCSPResponse ocspResponse)
        Adds an OCSP response to the CMS container.
        Parameters:
        ocspResponse - the OCSP response to be added.

      • setSerializedSignedAttributes

        public void setSerializedSignedAttributes​(byte[] signedAttributesData)
        Sets the Signed Attributes of the signer info to this serialized version. The signed attributes will become read-only.
        Parameters:
        signedAttributesData - the serialized Signed Attributes

      • getSerializedSignedAttributes

        public byte[] getSerializedSignedAttributes()
                                     throws java.io.IOException
        Retrieves the encoded signed attributes of the signer info. This makes the signed attributes read only.
        Returns:
        the encoded signed attributes of the signer info.
        Throws:
        java.io.IOException - if issues occur during ASN1 objects creation.

      • serialize

        public byte[] serialize()
                 throws java.security.cert.CertificateEncodingException,
                        java.io.IOException,
                        java.security.cert.CRLException
        Serializes the SignedData structure and makes the signer infos signed attributes read only.
        Returns:
        the encoded DignedData structure.
        Throws:
        java.security.cert.CertificateEncodingException - if errors occur during certificate processing.
        java.io.IOException - if issues occur during ASN1 objects creation.
        java.security.cert.CRLException - if CRL encoding error occurs.

      • serialize

        private byte[] serialize​(boolean forEstimation)
                  throws java.security.cert.CertificateEncodingException,
                         java.io.IOException,
                         java.security.cert.CRLException
        Throws:
        java.security.cert.CertificateEncodingException
        java.io.IOException
        java.security.cert.CRLException

      • processCertificates

        private void processCertificates​(IASN1Sequence signedData)
                          throws java.security.cert.CertificateException,
                                 java.io.IOException
        Throws:
        java.security.cert.CertificateException
        java.io.IOException