com.lowagie.text.pdf
public class PdfPKCS7 extends Object
It's based in code found at org.bouncycastle.
Nested Class Summary | |
---|---|
static class | PdfPKCS7.X509Name
a class that holds an X509 name |
static class | PdfPKCS7.X509NameTokenizer
class for breaking up an X500 Name into it's component tokens, ala
java.util.StringTokenizer. |
Field Summary | |
---|---|
Collection | certs |
Collection | crls |
byte[] | digest |
String | digestAlgorithm |
byte[] | digestAttr |
Set | digestalgos |
String | digestEncryptionAlgorithm |
byte[] | externalDigest |
byte[] | externalRSAdata |
static String | ID_ADBE_REVOCATION |
static String | ID_CONTENT_TYPE |
static String | ID_DSA |
static String | ID_MD2 |
static String | ID_MD2RSA |
static String | ID_MD5 |
static String | ID_MD5RSA |
static String | ID_MESSAGE_DIGEST |
static String | ID_PKCS7_DATA |
static String | ID_PKCS7_SIGNED_DATA |
static String | ID_RSA |
static String | ID_SHA1 |
static String | ID_SHA1RSA |
static String | ID_SIGNING_TIME |
String | location
Holds value of property location. |
MessageDigest | messageDigest |
PrivateKey | privKey |
String | reason
Holds value of property reason. |
byte[] | RSAdata |
Signature | sig |
byte[] | sigAttr |
X509Certificate | signCert |
Calendar | signDate
Holds value of property signDate. |
int | signerversion |
String | signName
Holds value of property signName. |
boolean | verified |
boolean | verifyResult |
int | version |
Constructor Summary | |
---|---|
PdfPKCS7(byte[] contentsKey, byte[] certsKey, String provider)
Verifies a signature using the sub-filter adbe.x509.rsa_sha1. | |
PdfPKCS7(byte[] contentsKey, String provider)
Verifies a signature using the sub-filter adbe.pkcs7.detached or
adbe.pkcs7.sha1. | |
PdfPKCS7(PrivateKey privKey, Certificate[] certChain, CRL[] crlList, String hashAlgorithm, String provider, boolean hasRSAdata)
Generates a signature. |
Method Summary | |
---|---|
byte[] | getAuthenticatedAttributeBytes(byte[] secondDigest, Calendar signingTime)
When using authenticatedAttributes the authentication process is different.
|
Certificate[] | getCertificates()
Get the X.509 certificates associated with this PKCS#7 object |
Collection | getCRLs()
Get the X.509 certificate revocation lists associated with this PKCS#7 object |
String | getDigestAlgorithm()
Get the algorithm used to calculate the message digest |
byte[] | getEncodedPKCS1()
Gets the bytes for the PKCS#1 object. |
byte[] | getEncodedPKCS7()
Gets the bytes for the PKCS7SignedData object. |
byte[] | getEncodedPKCS7(byte[] secondDigest, Calendar signingTime)
Gets the bytes for the PKCS7SignedData object. |
String | getHashAlgorithm()
Returns the algorithm. |
static DERObject | getIssuer(byte[] enc)
Get the "issuer" from the TBSCertificate bytes that are passed in |
static PdfPKCS7.X509Name | getIssuerFields(X509Certificate cert)
Get the issuer fields from an X509 Certificate |
String | getLocation()
Getter for property location. |
String | getReason()
Getter for property reason. |
Calendar | getSignDate()
Getter for property signDate. |
X509Certificate | getSigningCertificate()
Get the X.509 certificate actually used to sign the digest. |
int | getSigningInfoVersion()
Get the version of the PKCS#7 "SignerInfo" object. |
String | getSignName()
Getter for property sigName. |
static DERObject | getSubject(byte[] enc)
Get the "subject" from the TBSCertificate bytes that are passed in |
static PdfPKCS7.X509Name | getSubjectFields(X509Certificate cert)
Get the subject fields from an X509 Certificate |
int | getVersion()
Get the version of the PKCS#7 object. |
static KeyStore | loadCacertsKeyStore()
Loads the default root certificates at <java.home>/lib/security/cacerts
with the default provider. |
static KeyStore | loadCacertsKeyStore(String provider)
Loads the default root certificates at <java.home>/lib/security/cacerts. |
void | setExternalDigest(byte[] digest, byte[] RSAdata, String digestEncryptionAlgorithm)
Sets the digest/signature to an external calculated value. |
void | setLocation(String location)
Setter for property location. |
void | setReason(String reason)
Setter for property reason. |
void | setSignDate(Calendar signDate)
Setter for property signDate. |
void | setSignName(String signName)
Setter for property sigName. |
void | update(byte[] buf, int off, int len)
Update the digest with the specified bytes. |
boolean | verify()
Verify the digest. |
static String | verifyCertificate(X509Certificate cert, Collection crls, Calendar calendar)
Verifies a single certificate. |
static Object[] | verifyCertificates(Certificate[] certs, KeyStore keystore, Collection crls, Calendar calendar)
Verifies a certificate chain against a KeyStore. |
Parameters: contentsKey the /Contents key certsKey the /Cert key provider the provider or null
for the default provider
Throws: SecurityException on error InvalidKeyException on error CertificateException on error NoSuchProviderException on error NoSuchAlgorithmException on error IOException on error
Parameters: contentsKey the /Contents key provider the provider or null
for the default provider
Throws: SecurityException on error CRLException on error InvalidKeyException on error CertificateException on error NoSuchProviderException on error NoSuchAlgorithmException on error
Parameters: privKey the private key certChain the certificate chain crlList the certificate revocation list hashAlgorithm the hash algorithm provider the provider or null
for the default provider hasRSAdata true
if the sub-filter is adbe.pkcs7.sha1
Throws: SecurityException on error InvalidKeyException on error NoSuchProviderException on error NoSuchAlgorithmException on error
(byte[],Calendar)
.
A simple example:
Calendar cal = Calendar.getInstance(); PdfPKCS7 pk7 = new PdfPKCS7(key, chain, null, "SHA1", null, false); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); byte buf[] = new byte[8192]; int n; InputStream inp = sap.getRangeStream(); while ((n = inp.read(buf)) > 0) { messageDigest.update(buf, 0, n); } byte hash[] = messageDigest.digest(); byte sh[] = pk7.getAuthenticatedAttributeBytes(hash, cal); pk7.update(sh, 0, sh.length); byte sg[] = pk7.getEncodedPKCS7(hash, cal);
Parameters: secondDigest the content digest signingTime the signing time
Returns: the byte array representation of the authenticatedAttributes ready to be signed
Returns: the X.509 certificates associated with this PKCS#7 object
Returns: the X.509 certificate revocation lists associated with this PKCS#7 object
Returns: the algorithm used to calculate the message digest
Returns: a byte array
Returns: the bytes for the PKCS7SignedData object
null
, none will be used.Parameters: secondDigest the digest in the authenticatedAttributes signingTime the signing time in the authenticatedAttributes
Returns: the bytes for the PKCS7SignedData object
Returns: the digest algorithm
Parameters: enc a TBSCertificate in a byte array
Returns: a DERObject
Parameters: cert an X509Certificate
Returns: an X509Name
Returns: Value of property location.
Returns: Value of property reason.
Returns: Value of property signDate.
Returns: the X.509 certificate actually used to sign the digest
Returns: the version of the PKCS#7 "SignerInfo" object. Always 1
Returns: Value of property sigName.
Parameters: enc A TBSCertificate in a byte array
Returns: a DERObject
Parameters: cert an X509Certificate
Returns: an X509Name
Returns: the version of the PKCS#7 object. Always 1
Returns: a KeyStore
Parameters: provider the provider or null
for the default provider
Returns: a KeyStore
Parameters: digest the digest. This is the actual signature RSAdata the extra data that goes into the data tag in PKCS#7 digestEncryptionAlgorithm the encryption algorithm. It may must be null
if the digest
is also null
. If the digest
is not null
then it may be "RSA" or "DSA"
Parameters: location New value of property location.
Parameters: reason New value of property reason.
Parameters: signDate New value of property signDate.
Parameters: signName New value of property sigName.
Parameters: buf the data buffer off the offset in the data buffer len the data length
Throws: SignatureException on error
Returns: true
if the signature checks out, false
otherwise
Throws: SignatureException on error
Parameters: cert the certificate to verify crls the certificate revocation list or null
calendar the date or null
for the current date
Returns: a String
with the error description or null
if no error
Parameters: certs the certificate chain keystore the KeyStore
crls the certificate revocation list or null
calendar the date or null
for the current date
Returns: null
if the certificate chain could be validade or a
Object[]{cert,error}
where cert
is the
failed certificate and error
is the error message