Class PdfPadesSigner

java.lang.Object

com.itextpdf.signatures.PdfPadesSigner

public class PdfPadesSigner
extends Object

This class performs signing with PaDES related profiles using provided parameters.

Field Summary

Fields

Modifier and Type	Field	Description
private ICrlClient	crlClient
private static final String	DEFAULT_DIGEST_ALGORITHM
private int	estimatedSize
private IExternalDigest	externalDigest
private static final IBouncyCastleFactory	FACTORY
private static long	increment
private IIssuingCertificateRetriever	issuingCertificateRetriever
private static final Object	LOCK_OBJECT
private IOcspClient	ocspClient
private final OutputStream	outputStream
private final PdfReader	reader
private StampingProperties	stampingProperties
private StampingProperties	stampingPropertiesWithMetaInfo
private static final String	TEMP_FILE_NAME
private File	tempFile
private final Set<File>	tempFiles
private String	temporaryDirectoryPath
private ByteArrayOutputStream	tempOutputStream
private String	timestampSignatureName

Constructor Summary

Constructors

Constructor	Description
PdfPadesSigner(PdfReader reader, OutputStream outputStream)	Create an instance of PdfPadesSigner class.

Method Summary

Modifier and Type	Method	Description
(package private) InputStream	createInputStream()
(package private) OutputStream	createOutputStream()
(package private) PdfSigner	createPdfSigner(SignerProperties signerProperties, boolean isFinal)
(package private) void	createRevocationClients(Certificate signingCert, boolean clientsRequired)
(package private) void	deleteTempFiles()
private String	getDigestAlgorithm(PrivateKey privateKey)
private File	getNextTempFile()
(package private) void	performLtvVerification(PdfDocument pdfDocument, List<String> signatureNames, LtvVerification.RevocationDataNecessity revocationDataNecessity)
private void	performSignDetached(SignerProperties signerProperties, boolean isFinal, IExternalSignature externalSignature, Certificate[] chain, ITSAClient tsaClient)
(package private) void	performTimestamping(PdfDocument document, OutputStream outputStream, ITSAClient tsaClient)
void	prolongSignatures()	Add revocation information for all the signatures which could be found in the provided document.
void	prolongSignatures(ITSAClient tsaClient)	Add revocation information for all the signatures which could be found in the provided document.
PdfPadesSigner	setCrlClient(ICrlClient crlClient)	Set ICrlClient to be used for LTV Verification.
PdfPadesSigner	setEstimatedSize(int estimatedSize)	Set estimated size of a signature to be applied.
PdfPadesSigner	setExternalDigest(IExternalDigest externalDigest)	Set IExternalDigest to be used for main signing operation.
PdfPadesSigner	setIssuingCertificateRetriever(IIssuingCertificateRetriever issuingCertificateRetriever)	Set IIssuingCertificateRetriever to be used before main signing operation.
PdfPadesSigner	setOcspClient(IOcspClient ocspClient)	Set IOcspClient to be used for LTV Verification.
PdfPadesSigner	setStampingProperties(StampingProperties stampingProperties)	Set stamping properties to be used during main signing operation.
PdfPadesSigner	setTemporaryDirectoryPath(String temporaryDirectoryPath)	Set temporary directory to be used for temporary files creation.
PdfPadesSigner	setTimestampSignatureName(String timestampSignatureName)	Set the name to be used for timestamp signature creation.
PdfPadesSigner	setTrustedCertificates(List<Certificate> certificateList)	Set certificate list to be used by the IIssuingCertificateRetriever to retrieve missing certificates.
void	signWithBaselineBProfile(SignerProperties signerProperties, Certificate[] chain, IExternalSignature externalSignature)	Sign the document provided in PdfSigner instance with PaDES Baseline-B Profile.
void	signWithBaselineBProfile(SignerProperties signerProperties, Certificate[] chain, PrivateKey privateKey)	Sign the document provided in PdfSigner instance with PaDES Baseline-B Profile.
void	signWithBaselineLTAProfile(SignerProperties signerProperties, Certificate[] chain, IExternalSignature externalSignature, ITSAClient tsaClient)	Sign the document provided in PdfSigner instance with PaDES Baseline-LTA Profile.
void	signWithBaselineLTAProfile(SignerProperties signerProperties, Certificate[] chain, PrivateKey privateKey, ITSAClient tsaClient)	Sign the document provided in PdfSigner instance with PaDES Baseline-LTA Profile.
void	signWithBaselineLTProfile(SignerProperties signerProperties, Certificate[] chain, IExternalSignature externalSignature, ITSAClient tsaClient)	Sign the document provided in PdfSigner instance with PaDES Baseline-LT Profile.
void	signWithBaselineLTProfile(SignerProperties signerProperties, Certificate[] chain, PrivateKey privateKey, ITSAClient tsaClient)	Sign the document provided in PdfSigner instance with PaDES Baseline-LT Profile.
void	signWithBaselineTProfile(SignerProperties signerProperties, Certificate[] chain, IExternalSignature externalSignature, ITSAClient tsaClient)	Sign the document provided in PdfSigner instance with PaDES Baseline-T Profile.
void	signWithBaselineTProfile(SignerProperties signerProperties, Certificate[] chain, PrivateKey privateKey, ITSAClient tsaClient)	Sign the document provided in PdfSigner instance with PaDES Baseline-T Profile.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

TEMP_FILE_NAME

private static final String TEMP_FILE_NAME

See Also:

• Constant Field Values

FACTORY

private static final IBouncyCastleFactory FACTORY

DEFAULT_DIGEST_ALGORITHM

private static final String DEFAULT_DIGEST_ALGORITHM

See Also:

• Constant Field Values

LOCK_OBJECT

private static final Object LOCK_OBJECT

increment

private static long increment

ocspClient

private IOcspClient ocspClient

crlClient

private ICrlClient crlClient

issuingCertificateRetriever

private IIssuingCertificateRetriever issuingCertificateRetriever

estimatedSize

private int estimatedSize

timestampSignatureName

private String timestampSignatureName

temporaryDirectoryPath

private String temporaryDirectoryPath

externalDigest

private IExternalDigest externalDigest

stampingProperties

private StampingProperties stampingProperties

stampingPropertiesWithMetaInfo

private StampingProperties stampingPropertiesWithMetaInfo

tempOutputStream

private ByteArrayOutputStream tempOutputStream

tempFile

private File tempFile

tempFiles

private final Set<File> tempFiles

reader

private final PdfReader reader

outputStream

private final OutputStream outputStream

Constructor Details

PdfPadesSigner

public PdfPadesSigner(PdfReader reader,
 OutputStream outputStream)

Create an instance of PdfPadesSigner class. One instance shall be used for one signing operation.

Parameters:

reader - PdfReader instance to read original PDF file

outputStream - OutputStream output stream to write the resulting PDF file into

Method Details

signWithBaselineBProfile

public void signWithBaselineBProfile(SignerProperties signerProperties,
 Certificate[] chain,
 IExternalSignature externalSignature)
                              throws GeneralSecurityException,
IOException

Sign the document provided in PdfSigner instance with PaDES Baseline-B Profile.

Parameters:

signerProperties - SignerProperties properties to be used for main signing operation

chain - the chain of certificates to be used for signing operation

externalSignature - IExternalSignature instance to be used for main signing operation

Throws:

GeneralSecurityException - in case of signing related exceptions

IOException - in case of files related exceptions

signWithBaselineBProfile

public void signWithBaselineBProfile(SignerProperties signerProperties,
 Certificate[] chain,
 PrivateKey privateKey)
                              throws GeneralSecurityException,
IOException

Sign the document provided in PdfSigner instance with PaDES Baseline-B Profile.

Parameters:

signerProperties - SignerProperties properties to be used for main signing operation

chain - the chain of certificates to be used for signing operation

privateKey - PrivateKey instance to be used for main signing operation

Throws:

GeneralSecurityException - in case of signing related exceptions

IOException - in case of files related exceptions

signWithBaselineTProfile

public void signWithBaselineTProfile(SignerProperties signerProperties,
 Certificate[] chain,
 IExternalSignature externalSignature,
 ITSAClient tsaClient)
                              throws GeneralSecurityException,
IOException

Sign the document provided in PdfSigner instance with PaDES Baseline-T Profile.

Parameters:

signerProperties - SignerProperties properties to be used for main signing operation

chain - the chain of certificates to be used for signing operation

externalSignature - IExternalSignature instance to be used for main signing operation

tsaClient - ITSAClient instance to be used for timestamp creation

Throws:

GeneralSecurityException - in case of signing related exceptions

IOException - in case of files related exceptions

signWithBaselineTProfile

public void signWithBaselineTProfile(SignerProperties signerProperties,
 Certificate[] chain,
 PrivateKey privateKey,
 ITSAClient tsaClient)
                              throws GeneralSecurityException,
IOException

Sign the document provided in PdfSigner instance with PaDES Baseline-T Profile.

Parameters:

signerProperties - SignerProperties properties to be used for main signing operation

chain - the chain of certificates to be used for signing operation

privateKey - PrivateKey instance to be used for main signing operation

tsaClient - ITSAClient instance to be used for timestamp creation

Throws:

GeneralSecurityException - in case of signing related exceptions

IOException - in case of files related exceptions

signWithBaselineLTProfile

public void signWithBaselineLTProfile(SignerProperties signerProperties,
 Certificate[] chain,
 IExternalSignature externalSignature,
 ITSAClient tsaClient)
                               throws GeneralSecurityException,
IOException

Sign the document provided in PdfSigner instance with PaDES Baseline-LT Profile.

Parameters:

signerProperties - SignerProperties properties to be used for main signing operation

chain - the chain of certificates to be used for signing operation

externalSignature - IExternalSignature instance to be used for main signing operation

tsaClient - ITSAClient instance to be used for timestamp creation

Throws:

GeneralSecurityException - in case of signing related exceptions

IOException - in case of files related exceptions

signWithBaselineLTProfile

public void signWithBaselineLTProfile(SignerProperties signerProperties,
 Certificate[] chain,
 PrivateKey privateKey,
 ITSAClient tsaClient)
                               throws GeneralSecurityException,
IOException

Sign the document provided in PdfSigner instance with PaDES Baseline-LT Profile.

Parameters:

signerProperties - SignerProperties properties to be used for main signing operation

chain - the chain of certificates to be used for signing operation

privateKey - PrivateKey instance to be used for main signing operation

tsaClient - ITSAClient instance to be used for timestamp creation

Throws:

GeneralSecurityException - in case of signing related exceptions

IOException - in case of files related exceptions

signWithBaselineLTAProfile

public void signWithBaselineLTAProfile(SignerProperties signerProperties,
 Certificate[] chain,
 IExternalSignature externalSignature,
 ITSAClient tsaClient)
                                throws IOException,
GeneralSecurityException

Sign the document provided in PdfSigner instance with PaDES Baseline-LTA Profile.

Parameters:

signerProperties - SignerProperties properties to be used for main signing operation

chain - the chain of certificates to be used for signing operation

externalSignature - IExternalSignature instance to be used for main signing operation

tsaClient - ITSAClient instance to be used for timestamp creation

Throws:

GeneralSecurityException - in case of signing related exceptions

IOException - in case of files related exceptions

signWithBaselineLTAProfile

public void signWithBaselineLTAProfile(SignerProperties signerProperties,
 Certificate[] chain,
 PrivateKey privateKey,
 ITSAClient tsaClient)
                                throws GeneralSecurityException,
IOException

Sign the document provided in PdfSigner instance with PaDES Baseline-LTA Profile.

Parameters:

signerProperties - SignerProperties properties to be used for main signing operation

chain - the chain of certificates to be used for signing operation

privateKey - PrivateKey instance to be used for main signing operation

tsaClient - ITSAClient instance to be used for timestamp creation

Throws:

GeneralSecurityException - in case of signing related exceptions

IOException - in case of files related exceptions

prolongSignatures

public void prolongSignatures(ITSAClient tsaClient)
                       throws IOException,
GeneralSecurityException

Add revocation information for all the signatures which could be found in the provided document. Also add timestamp signature on top of that.

Parameters:

tsaClient - ITSAClient TSA Client to be used for timestamp signature creation

Throws:

IOException - in case of files related exceptions

GeneralSecurityException - in case of signing related exceptions

prolongSignatures

public void prolongSignatures()
                       throws IOException,
GeneralSecurityException

Add revocation information for all the signatures which could be found in the provided document.

Throws:

IOException - in case of files related exceptions

GeneralSecurityException - in case of signing related exceptions

setTemporaryDirectoryPath

public PdfPadesSigner setTemporaryDirectoryPath(String temporaryDirectoryPath)

Set temporary directory to be used for temporary files creation.

If none is set, temporary documents will be created in memory.

Parameters:

temporaryDirectoryPath - String representing relative or absolute path to the directory

Returns:

same instance of PdfPadesSigner

setTimestampSignatureName

public PdfPadesSigner setTimestampSignatureName(String timestampSignatureName)

Set the name to be used for timestamp signature creation.

This setter is only relevant if signWithBaselineLTAProfile(SignerProperties, Certificate[], IExternalSignature, ITSAClient) or prolongSignatures(ITSAClient) methods are used.

If none is set, randomly generated signature name will be used.

Parameters:

timestampSignatureName - String representing the name of a timestamp signature to be applied

Returns:

same instance of PdfPadesSigner

setStampingProperties

public PdfPadesSigner setStampingProperties(StampingProperties stampingProperties)

Set stamping properties to be used during main signing operation.

If none is set, stamping properties with append mode enabled will be used

Parameters:

stampingProperties - StampingProperties instance to be used during main signing operation

Returns:

same instance of PdfPadesSigner

setEstimatedSize

public PdfPadesSigner setEstimatedSize(int estimatedSize)

Set estimated size of a signature to be applied.

This parameter represents estimated amount of bytes to be preserved for the signature.

If none is set, 0 will be used and the required space will be calculated during the signing.

Parameters:

estimatedSize - amount of bytes to be used as estimated value

Returns:

same instance of PdfPadesSigner

setOcspClient

public PdfPadesSigner setOcspClient(IOcspClient ocspClient)

Set IOcspClient to be used for LTV Verification.

This setter is only relevant if Baseline-LT Profile level or higher is used.

If none is set, there will be an attempt to create default OCSP Client instance using the certificate chain.

Parameters:

ocspClient - IOcspClient instance to be used for LTV Verification

Returns:

same instance of PdfPadesSigner

setCrlClient

public PdfPadesSigner setCrlClient(ICrlClient crlClient)

Set ICrlClient to be used for LTV Verification.

This setter is only relevant if Baseline-LT Profile level or higher is used.

If none is set, there will be an attempt to create default CRL Client instance using the certificate chain.

Parameters:

crlClient - ICrlClient instance to be used for LTV Verification

Returns:

same instance of PdfPadesSigner

setExternalDigest

public PdfPadesSigner setExternalDigest(IExternalDigest externalDigest)

Set IExternalDigest to be used for main signing operation.

If none is set, BouncyCastleDigest instance will be used instead.

Parameters:

externalDigest - IExternalDigest to be used for main signing operation.

Returns:

same instance of PdfPadesSigner

setIssuingCertificateRetriever

public PdfPadesSigner setIssuingCertificateRetriever(IIssuingCertificateRetriever issuingCertificateRetriever)

Set IIssuingCertificateRetriever to be used before main signing operation.

If none is set, IssuingCertificateRetriever instance will be used instead.

Parameters:

issuingCertificateRetriever - IIssuingCertificateRetriever instance to be used for getting missing certificates in chain or CRL response issuer certificates.

Returns:

same instance of PdfPadesSigner.

setTrustedCertificates

public PdfPadesSigner setTrustedCertificates(List<Certificate> certificateList)

Set certificate list to be used by the IIssuingCertificateRetriever to retrieve missing certificates.

Parameters:

certificateList - certificate list for getting missing certificates in chain or CRL response issuer certificates.

Returns:

same instance of PdfPadesSigner.

performTimestamping

void performTimestamping(PdfDocument document,
 OutputStream outputStream,
 ITSAClient tsaClient)
                  throws IOException,
GeneralSecurityException

Throws:

IOException

GeneralSecurityException

createPdfSigner

PdfSigner createPdfSigner(SignerProperties signerProperties,
 boolean isFinal)
                   throws IOException

Throws:

IOException

performLtvVerification

void performLtvVerification(PdfDocument pdfDocument,
 List<String> signatureNames,
 LtvVerification.RevocationDataNecessity revocationDataNecessity)
                     throws IOException,
GeneralSecurityException

Throws:

IOException

GeneralSecurityException

deleteTempFiles

void deleteTempFiles()

createOutputStream

OutputStream createOutputStream()
                         throws IOException

Throws:

IOException

createInputStream

InputStream createInputStream()
                       throws IOException

Throws:

IOException

createRevocationClients

void createRevocationClients(Certificate signingCert,
 boolean clientsRequired)

performSignDetached

private void performSignDetached(SignerProperties signerProperties,
 boolean isFinal,
 IExternalSignature externalSignature,
 Certificate[] chain,
 ITSAClient tsaClient)
                          throws GeneralSecurityException,
IOException

Throws:

GeneralSecurityException

IOException

getNextTempFile

private File getNextTempFile()

getDigestAlgorithm

private String getDigestAlgorithm(PrivateKey privateKey)