Package com.itextpdf.signatures.cms

Class SignerInfo

    • Field Detail

      • DEFAULT_SIGNATURE_SIZE

        private static final int DEFAULT_SIGNATURE_SIZE
        See Also:
        Constant Field Values

      • signedAttributes

        private final java.util.Collection<CmsAttribute> signedAttributes

      • unSignedAttributes

        private final java.util.Collection<CmsAttribute> unSignedAttributes

      • serializedSignedAttributes

        private byte[] serializedSignedAttributes

      • ocspResponses

        private java.util.Collection<byte[]> ocspResponses

      • crlResponses

        private java.util.Collection<byte[]> crlResponses

      • signatureData

        private byte[] signatureData

      • signedAttributesReadOnly

        private boolean signedAttributesReadOnly

      • signerCertificate

        private java.security.cert.X509Certificate signerCertificate

    • Constructor Detail

      • SignerInfo

        public SignerInfo()
        Creates an empty SignerInfo structure.

      • SignerInfo

        public SignerInfo​(IASN1Encodable signerInfoStructure,
                  java.util.Collection<java.security.cert.X509Certificate> certificates)
           throws java.io.IOException
        Creates a SignerInfo structure from an ASN1 structure.
        Parameters:
        signerInfoStructure - the ASN1 structure containing signerInfo
        certificates - the certificates of the CMS, it should contain the signing certificate
        Throws:
        java.io.IOException - if issues occur during ASN1 objects creation.

    • Method Detail

      • getDigestAlgorithm

        public AlgorithmIdentifier getDigestAlgorithm()
        Returns the algorithmId to create the digest of the data to sign.
        Returns:
        the OID of the digest algorithm.

      • setDigestAlgorithm

        public void setDigestAlgorithm​(AlgorithmIdentifier algorithmId)
        Sets the algorithmId to create the digest of the data to sign.
        Parameters:
        algorithmId - the OID of the algorithm

      • setMessageDigest

        public void setMessageDigest​(byte[] digest)
        Adds or replaces the message digest signed attribute.
        Parameters:
        digest - ASN.1 type MessageDigest

      • setSigningCertificate

        public void setSigningCertificate​(java.security.cert.X509Certificate certificate)
                           throws java.security.cert.CertificateEncodingException
        Sets the certificate that is used to sign.
        Parameters:
        certificate - the certificate that is used to sign
        Throws:
        java.security.cert.CertificateEncodingException - if an encoding error occurs.

      • getSigningCertificate

        public java.security.cert.X509Certificate getSigningCertificate()
        Gets the certificate that is used to sign.
        Returns:
        the certificate that is used to sign.

      • getSignatureData

        public byte[] getSignatureData()
        Gets the signature data.
        Returns:
        the signature data.

      • setSigningCertificateAndAddToSignedAttributes

        public void setSigningCertificateAndAddToSignedAttributes​(java.security.cert.X509Certificate certificate,
                                                          java.lang.String digestAlgorithmOid)
                                                   throws java.security.cert.CertificateEncodingException,
                                                          java.security.NoSuchAlgorithmException,
                                                          java.security.NoSuchProviderException
        Sets the certificate that is used to sign a document and adds it to the signed attributes.
        Parameters:
        certificate - the certificate that is used to sign
        digestAlgorithmOid - the oid of the digest algorithm to be added to the signed attributes
        Throws:
        java.security.cert.CertificateEncodingException - if an encoding error occurs.
        java.security.NoSuchAlgorithmException - when the algorithm is unknown.
        java.security.NoSuchProviderException - when provider is unknown.

      • setOcspResponses

        public void setOcspResponses​(java.util.Collection<byte[]> ocspResponses)
        Adds a set of OCSP responses as signed attributes.
        Parameters:
        ocspResponses - a set of binary representations of OCSP responses.

      • setCrlResponses

        public void setCrlResponses​(java.util.Collection<byte[]> crlResponses)
        Adds a set of CRL responses as signed attributes.
        Parameters:
        crlResponses - a set of binary representations of CRL responses.

      • addSignerCertificateToSignedAttributes

        public void addSignerCertificateToSignedAttributes​(java.security.cert.X509Certificate cert,
                                                   java.lang.String digestAlgorithmOid)
                                            throws java.security.NoSuchAlgorithmException,
                                                   java.security.NoSuchProviderException,
                                                   java.security.cert.CertificateEncodingException
        Adds the signer certificate to the signed attributes as a SigningCertificateV2 structure.
        Parameters:
        cert - the certificate to add
        digestAlgorithmOid - the digest algorithm oid that will be used
        Throws:
        java.security.NoSuchAlgorithmException - when the algorithm is unknown.
        java.security.NoSuchProviderException - when the security provider is not known.
        java.security.cert.CertificateEncodingException - when there was a problem parsing th certificate.

      • setSignature

        public void setSignature​(byte[] signatureData)
        Sets the actual signature.
        Parameters:
        signatureData - a byte array containing the signature

      • setSignatureAlgorithm

        public void setSignatureAlgorithm​(AlgorithmIdentifier algorithm)
        Optional. Sets the OID and parameters of the algorithm that will be used to create the signature. This will be overwritten when setting the signing certificate.
        Parameters:
        algorithm - The OID and parameters of the algorithm that will be used to create the signature.

      • getCmsVersion

        public int getCmsVersion()
        Value 0 when no signerIdentifier is available. Value 1 when signerIdentifier is of type issuerAndSerialNumber. Value 3 when signerIdentifier is of type subjectKeyIdentifier.
        Returns:
        CMS version.

      • getSignedAttributes

        public java.util.Collection<CmsAttribute> getSignedAttributes()
        Optional.

        Attributes that should be part of the signed content optional, but it MUST be present if the content type of the EncapsulatedContentInfo value being signed is not id-data. In that case it must at least contain the following two attributes:

        A content-type attribute having as its value the content type of the EncapsulatedContentInfo value being signed. Section 11.1 defines the content-type attribute. However, the content-type attribute MUST NOT be used as part of a countersignature unsigned attribute as defined in Section 11.4.

        A message-digest attribute, having as its value the message digest of the content. Section 11.2 defines the message-digest attribute.

        Returns:
        collection of the signed attributes.

      • addSignedAttribute

        public void addSignedAttribute​(CmsAttribute attribute)
        Adds a new attribute to the signed attributes. This become readonly after retrieving the serialized version serializeSignedAttributes().
        Parameters:
        attribute - the attribute to add

      • getUnSignedAttributes

        public java.util.Collection<CmsAttribute> getUnSignedAttributes()
        Retrieves the optional unsigned attributes.
        Returns:
        the optional unsigned attributes.

      • addUnSignedAttribute

        public void addUnSignedAttribute​(CmsAttribute attribute)
        Optional.

        Adds attribute that should not or can not be part of the signed content.

        Parameters:
        attribute - the attribute to add

      • removeUnSignedAttribute

        public void removeUnSignedAttribute​(java.lang.String type)
        Removes unsigned attribute from signer info object based on attribute type.
        Parameters:
        type - String attribute type

      • serializeSignedAttributes

        public byte[] serializeSignedAttributes()
                                 throws java.io.IOException
        Retrieves the encoded signed attributes of the signer info. This makes the signed attributes read only.
        Returns:
        the encoded signed attributes of the signer info.
        Throws:
        java.io.IOException - if issues occur during ASN1 objects creation.

      • setSerializedSignedAttributes

        public final void setSerializedSignedAttributes​(byte[] serializedSignedAttributes)
        Sets the signed attributes from a serialized version. This makes the signed attributes read only.
        Parameters:
        serializedSignedAttributes - the encoded signed attributes.

      • getEstimatedSize

        public long getEstimatedSize()
                      throws java.io.IOException,
                             java.security.cert.CertificateEncodingException
        Calculates an estimate size for the SignerInfo structure. This takes into account the values added including the signature, but does not account for unset items like a timestamp response added after actual signing.
        Returns:
        the estimated size of the structure.
        Throws:
        java.io.IOException - if issues occur during ASN1 objects creation.
        java.security.cert.CertificateEncodingException - if issues occur during processing of certificates.

      • getAsDerSequence

        public IDERSequence getAsDerSequence()
                              throws java.security.cert.CertificateEncodingException
        Serializes the SignerInfo structure and makes the signed attributes readonly.
        Returns:
        the encoded SignerInfo structure.
        Throws:
        java.security.cert.CertificateEncodingException - if issues occur during processing of certificates.

      • getAsDerSequence

        IDERSequence getAsDerSequence​(boolean estimationRun)
                       throws java.security.cert.CertificateEncodingException
        Serializes the SignerInfo structure and makes the signed attributes readonly. With the possibility to skip making the signed attributes read only for estimation purposes.
        Parameters:
        estimationRun - set to true to not make signed attributes read only
        Returns:
        the encoded SignerInfo structure.
        Throws:
        java.security.cert.CertificateEncodingException - if issues occur during processing of certificates.

      • processSubjectKeyIdentifierSignerCertificate

        private void processSubjectKeyIdentifierSignerCertificate​(IASN1Encodable asnStruct,
                                                          java.util.Collection<java.security.cert.X509Certificate> certificates)
                                                   throws java.io.IOException
        Throws:
        java.io.IOException

      • processIssuerAndSerialNumberSignerCertificate

        private void processIssuerAndSerialNumberSignerCertificate​(IASN1Encodable asnStruct,
                                                           java.util.Collection<java.security.cert.X509Certificate> certificates)

      • setRevocationInfo

        private void setRevocationInfo()

      • containsRevocationData

        private boolean containsRevocationData()

      • getAttributesAsDERSet

        private static IDERSet getAttributesAsDERSet​(java.util.Collection<CmsAttribute> attributeSet)