Class PdfPKCS7

java.lang.Object
com.aowagie.text.pdf.PdfPKCS7
public final class PdfPKCS7 extends Object
This class does all the processing related to signing and verifying a PKCS#7 signature.

It's based in code found at org.bouncycastle.

  • Method Details

    • getPkcs1

      public byte[] getPkcs1()
      Obtiene el PKCS#1 de la firma PKCS#7 del PDF.
      Returns:
      PKCS#1 de la firma PKCS#7 del PDF.

    • getTimeStampToken

      public org.bouncycastle.tsp.TimeStampToken getTimeStampToken()
      Gets the timestamp token if there is one.
      Returns:
      the timestamp token or null
      Since:
      2.1.6

    • getTimeStampDate

      public Calendar getTimeStampDate()
      Gets the timestamp date
      Returns:
      a date
      Since:
      2.1.6

    • getOcsp

      public org.bouncycastle.cert.ocsp.BasicOCSPResp getOcsp()
      Gets the OCSP basic response if there is one.
      Returns:
      the OCSP basic response or null
      Since:
      2.1.6

    • getCertificates

      public Certificate[] getCertificates()
      Get all the X.509 certificates associated with this PKCS#7 object in no particular order. Other certificates, from OCSP for example, will also be included.
      Returns:
      the X.509 certificates associated with this PKCS#7 object

    • getSignCertificateChain

      public Certificate[] getSignCertificateChain()
      Get the X.509 sign certificate chain associated with this PKCS#7 object. Only the certificates used for the main signature will be returned, with the signing certificate first.
      Returns:
      the X.509 certificates associated with this PKCS#7 object
      Since:
      2.1.6

    • getCRLs

      public Collection<CRL> getCRLs()
      Get the X.509 certificate revocation lists associated with this PKCS#7 object
      Returns:
      the X.509 certificate revocation lists associated with this PKCS#7 object

    • getSigningCertificate

      public X509Certificate getSigningCertificate()
      Get the X.509 certificate actually used to sign the digest.
      Returns:
      the X.509 certificate actually used to sign the digest

    • getVersion

      public int getVersion()
      Get the version of the PKCS#7 object. Always 1
      Returns:
      the version of the PKCS#7 object. Always 1

    • getSigningInfoVersion

      public int getSigningInfoVersion()
      Get the version of the PKCS#7 "SignerInfo" object. Always 1
      Returns:
      the version of the PKCS#7 "SignerInfo" object. Always 1

    • getDigestAlgorithm

      public String getDigestAlgorithm()
      Get the algorithm used to calculate the message digest
      Returns:
      the algorithm used to calculate the message digest or null if it couldn't identify the encryption algorithm.

    • getHashAlgorithm

      public String getHashAlgorithm()
      Returns the algorithm.
      Returns:
      the digest algorithm

    • getStrictHashAlgorithm

      public String getStrictHashAlgorithm()
      Returns the algorithm de hash declarado.
      Returns:
      the digest algorithm or null is there isn't a valid hash algorithm.

    • isRevocationValid

      public boolean isRevocationValid()
      Checks if OCSP revocation refers to the document signing certificate.
      Returns:
      true if it checks false otherwise
      Since:
      2.1.6

    • getSubjectFields

      public static PdfPKCS7.X509Name getSubjectFields(X509Certificate cert)
      Get the subject fields from an X509 Certificate
      Parameters:
      cert - an X509Certificate
      Returns:
      an X509Name

    • getEncodedPKCS1

      public byte[] getEncodedPKCS1()
      Gets the bytes for the PKCS#1 object.
      Returns:
      a byte array

    • setExternalDigest

      public void setExternalDigest(byte[] digest, byte[] RSAdata, String digestEncryptionAlgorithm)
      Sets the digest/signature to an external calculated value.
      Parameters:
      digest - the digest. This is the actual signature
      RSAdata - the extra data that goes into the data tag in PKCS#7
      digestEncryptionAlgorithm - the encryption algorithm. It may must be null if the digest is also null. If the digest is not null then it may be "RSA" or "DSA"

    • getEncodedPKCS7

      public byte[] getEncodedPKCS7()
      Gets the bytes for the PKCS7SignedData object.
      Returns:
      the bytes for the PKCS7SignedData object

    • getReason

      public String getReason()
      Getter for property reason.
      Returns:
      Value of property reason.

    • setReason

      public void setReason(String reason)
      Setter for property reason.
      Parameters:
      reason - New value of property reason.

    • getLocation

      public String getLocation()
      Getter for property location.
      Returns:
      Value of property location.

    • setLocation

      public void setLocation(String location)
      Setter for property location.
      Parameters:
      location - New value of property location.

    • getSignDate

      public Calendar getSignDate()
      Getter for property signDate.
      Returns:
      Value of property signDate.

    • setSignDate

      public void setSignDate(Calendar signDate)
      Setter for property signDate.
      Parameters:
      signDate - New value of property signDate.

    • getSignName

      public String getSignName()
      Getter for property sigName.
      Returns:
      Value of property sigName.

    • setSignName

      public void setSignName(String signName)
      Setter for property sigName.
      Parameters:
      signName - New value of property sigName.

    • verify

      public boolean verify() throws SignatureException
      Verify the digest.
      Returns:
      true if the signature checks out, false otherwise.
      Throws:
      SignatureException - on error