com.aowagie.text.pdf

Class PdfPKCS7

java.lang.Object

com.aowagie.text.pdf.PdfPKCS7

public final class PdfPKCS7
extends Object

This class does all the processing related to signing and verifying a PKCS#7 signature.

It's based in code found at org.spongycastle.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	PdfPKCS7.X509Name a class that holds an X509 name

Method Summary

Modifier and Type	Method and Description
Certificate[]	getCertificates() Get all the X.509 certificates associated with this PKCS#7 object in no particular order.
Collection<CRL>	getCRLs() Get the X.509 certificate revocation lists associated with this PKCS#7 object
String	getDigestAlgorithm() Get the algorithm used to calculate the message digest
byte[]	getEncodedPKCS1() Gets the bytes for the PKCS#1 object.
byte[]	getEncodedPKCS7() Gets the bytes for the PKCS7SignedData object.
String	getHashAlgorithm() Returns the algorithm.
String	getLocation() Getter for property location.
org.spongycastle.cert.ocsp.BasicOCSPResp	getOcsp() Gets the OCSP basic response if there is one.
byte[]	getPkcs1() Obtiene el PKCS#1 de la firma PKCS#7 del PDF.
String	getReason() Getter for property reason.
Certificate[]	getSignCertificateChain() Get the X.509 sign certificate chain associated with this PKCS#7 object.
Calendar	getSignDate() Getter for property signDate.
X509Certificate	getSigningCertificate() Get the X.509 certificate actually used to sign the digest.
int	getSigningInfoVersion() Get the version of the PKCS#7 "SignerInfo" object.
String	getSignName() Getter for property sigName.
static PdfPKCS7.X509Name	getSubjectFields(X509Certificate cert) Get the subject fields from an X509 Certificate
Calendar	getTimeStampDate() Gets the timestamp date
org.spongycastle.tsp.TimeStampToken	getTimeStampToken() Gets the timestamp token if there is one.
int	getVersion() Get the version of the PKCS#7 object.
boolean	isRevocationValid() Checks if OCSP revocation refers to the document signing certificate.
void	setExternalDigest(byte[] digest, byte[] RSAdata, String digestEncryptionAlgorithm) Sets the digest/signature to an external calculated value.
void	setLocation(String location) Setter for property location.
void	setReason(String reason) Setter for property reason.
void	setSignDate(Calendar signDate) Setter for property signDate.
void	setSignName(String signName) Setter for property sigName.
boolean	verify() Verify the digest.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getPkcs1

public byte[] getPkcs1()

Obtiene el PKCS#1 de la firma PKCS#7 del PDF.

Returns:

PKCS#1 de la firma PKCS#7 del PDF.

getTimeStampToken

public org.spongycastle.tsp.TimeStampToken getTimeStampToken()

Gets the timestamp token if there is one.

Returns:

the timestamp token or null

Since:

2.1.6

getTimeStampDate

public Calendar getTimeStampDate()

Gets the timestamp date

Returns:

a date

Since:

2.1.6

getOcsp

public org.spongycastle.cert.ocsp.BasicOCSPResp getOcsp()

Gets the OCSP basic response if there is one.

Returns:

the OCSP basic response or null

Since:

2.1.6

getCertificates

public Certificate[] getCertificates()

Get all the X.509 certificates associated with this PKCS#7 object in no particular order. Other certificates, from OCSP for example, will also be included.

Returns:

the X.509 certificates associated with this PKCS#7 object

getSignCertificateChain

public Certificate[] getSignCertificateChain()

Get the X.509 sign certificate chain associated with this PKCS#7 object. Only the certificates used for the main signature will be returned, with the signing certificate first.

Returns:

the X.509 certificates associated with this PKCS#7 object

Since:

2.1.6

getCRLs

public Collection<CRL> getCRLs()

Get the X.509 certificate revocation lists associated with this PKCS#7 object

Returns:

the X.509 certificate revocation lists associated with this PKCS#7 object

getSigningCertificate

public X509Certificate getSigningCertificate()

Get the X.509 certificate actually used to sign the digest.

Returns:

the X.509 certificate actually used to sign the digest

getVersion

public int getVersion()

Get the version of the PKCS#7 object. Always 1

Returns:

the version of the PKCS#7 object. Always 1

getSigningInfoVersion

public int getSigningInfoVersion()

Get the version of the PKCS#7 "SignerInfo" object. Always 1

Returns:

the version of the PKCS#7 "SignerInfo" object. Always 1

getDigestAlgorithm

public String getDigestAlgorithm()

Get the algorithm used to calculate the message digest

Returns:

the algorithm used to calculate the message digest or null if it couldn't identify the encryption algorithm.

getHashAlgorithm

public String getHashAlgorithm()

Returns the algorithm.

Returns:

the digest algorithm

isRevocationValid

public boolean isRevocationValid()

Checks if OCSP revocation refers to the document signing certificate.

Returns:

true if it checks false otherwise

Since:

2.1.6

getSubjectFields

public static PdfPKCS7.X509Name getSubjectFields(X509Certificate cert)

Get the subject fields from an X509 Certificate

Parameters:

cert - an X509Certificate

Returns:

an X509Name

getEncodedPKCS1

public byte[] getEncodedPKCS1()

Gets the bytes for the PKCS#1 object.

Returns:

a byte array

setExternalDigest

public void setExternalDigest(byte[] digest,
                              byte[] RSAdata,
                              String digestEncryptionAlgorithm)

Sets the digest/signature to an external calculated value.

Parameters:

digest - the digest. This is the actual signature

RSAdata - the extra data that goes into the data tag in PKCS#7

digestEncryptionAlgorithm - the encryption algorithm. It may must be null if the digest is also null. If the digest is not null then it may be "RSA" or "DSA"

getEncodedPKCS7

public byte[] getEncodedPKCS7()

Gets the bytes for the PKCS7SignedData object.

Returns:

the bytes for the PKCS7SignedData object

getReason

public String getReason()

Getter for property reason.

Returns:

Value of property reason.

setReason

public void setReason(String reason)

Setter for property reason.

Parameters:

reason - New value of property reason.

getLocation

public String getLocation()

Getter for property location.

Returns:

Value of property location.

setLocation

public void setLocation(String location)

Setter for property location.

Parameters:

location - New value of property location.

getSignDate

public Calendar getSignDate()

Getter for property signDate.

Returns:

Value of property signDate.

setSignDate

public void setSignDate(Calendar signDate)

Setter for property signDate.

Parameters:

signDate - New value of property signDate.

getSignName

public String getSignName()

Getter for property sigName.

Returns:

Value of property sigName.

setSignName

public void setSignName(String signName)

Setter for property sigName.

Parameters:

signName - New value of property sigName.

verify

public boolean verify()
               throws SignatureException

Verify the digest.

Returns:

true if the signature checks out, false otherwise.

Throws:

SignatureException - on error