Module jpms_dss_pades
Package eu.europa.esig.dss.pades.signature

Class ExternalCMSService

java.lang.Object
eu.europa.esig.dss.pades.signature.ExternalCMSService
public class ExternalCMSService extends Object
This service is used to generate a CMSSignedData used for incorporation within a PDF document for a PAdES signature creation.

To create a CMS with the current class, please follow the algorithm: 1) Compute DTBS using message-digest of the PDF signature's ByteRange: ToBeSigned toBeSigned = getDataToSign(Digest messageDigest, PAdESSignatureParameters parameters); 2) Create signature value using private-key signing: SignatureValue signatureValue = *sign toBeSigned data*; 3) Create CMS signature signing the message-digest: CMSSignedDocument cmsSignature = signMessageDigest( Digest messageDigest, PAdESSignatureParameters parameters, SignatureValue signatureValue);

NOTE : This class does not create CAdES-BASELINE signatures, but CAdES-Extended signatures as per ETSI EN 319 122-2, suitable for a PAdES-BASELINE creation.

  • Constructor Summary

    Constructors
    Constructor
    Description
    ExternalCMSService(eu.europa.esig.dss.validation.CertificateVerifier certificateVerifier)
    This is the default constructor for PAdESCMSGeneratorService.

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    assertConfigurationValid(eu.europa.esig.dss.model.DSSMessageDigest messageDigest, PAdESSignatureParameters parameters)
    This method verifies whether the provided parameters are valid for the external CMS creation process
    protected void
    assertSigningCertificateValid(eu.europa.esig.dss.AbstractSignatureParameters<?> parameters)
    This method raises an exception if the signing rules forbid the use the certificate.
    protected org.bouncycastle.cms.CMSSignedData
    buildCMSSignedData(eu.europa.esig.dss.model.DSSMessageDigest messageDigest, PAdESSignatureParameters parameters, eu.europa.esig.dss.model.SignatureValue signatureValue)
    This method builds a CMSSignedData without executing additional checks on provided configuration
    protected eu.europa.esig.dss.model.ToBeSigned
    buildToBeSignedData(eu.europa.esig.dss.model.DSSMessageDigest messageDigest, PAdESSignatureParameters parameters)
    This method builds a CMSSignedData without executing additional checks on provided configuration
    eu.europa.esig.dss.model.ToBeSigned
    getDataToSign(eu.europa.esig.dss.model.DSSMessageDigest messageDigest, PAdESSignatureParameters parameters)
    This method is used to compute signed-attributes of a CMSSignedData to be used for a private-key signing.
    void
    setTspSource(eu.europa.esig.dss.spi.x509.tsp.TSPSource tspSource)
    This setter allows to define the TSP (timestamp provider) source for T-level signature creation.
    eu.europa.esig.dss.cades.signature.CMSSignedDocument
    signMessageDigest(eu.europa.esig.dss.model.DSSMessageDigest messageDigest, PAdESSignatureParameters parameters, eu.europa.esig.dss.model.SignatureValue signatureValue)
    This method is used to create a signed CMSSignedData to be used for incorporation within a PDF document for a PAdES signature creation

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • ExternalCMSService

      public ExternalCMSService(eu.europa.esig.dss.validation.CertificateVerifier certificateVerifier)
      This is the default constructor for PAdESCMSGeneratorService.
      Parameters:
      certificateVerifier - CertificateVerifier provides information on the sources to be used in the validation process in the context of a signature.

  • Method Details

    • setTspSource

      public void setTspSource(eu.europa.esig.dss.spi.x509.tsp.TSPSource tspSource)
      This setter allows to define the TSP (timestamp provider) source for T-level signature creation.
      Parameters:
      tspSource - The time stamp source which is used when timestamping the signature.

    • getDataToSign

      public eu.europa.esig.dss.model.ToBeSigned getDataToSign(eu.europa.esig.dss.model.DSSMessageDigest messageDigest, PAdESSignatureParameters parameters)
      This method is used to compute signed-attributes of a CMSSignedData to be used for a private-key signing.
      Parameters:
      messageDigest - DSSMessageDigest representing message-digest of a ByteRange content prepared for a PDF signature creation
      parameters - PAdESSignatureParameters containing configuration for CMS creation
      Returns:
      ToBeSigned representing the data to be cryptographically signed (used to compute SignatureValue)

    • buildToBeSignedData

      protected eu.europa.esig.dss.model.ToBeSigned buildToBeSignedData(eu.europa.esig.dss.model.DSSMessageDigest messageDigest, PAdESSignatureParameters parameters)
      This method builds a CMSSignedData without executing additional checks on provided configuration
      Parameters:
      messageDigest - DSSMessageDigest representing message-digest of a ByteRange content prepared for a PDF signature creation
      parameters - PAdESSignatureParameters
      Returns:
      CMSSignedData

    • signMessageDigest

      public eu.europa.esig.dss.cades.signature.CMSSignedDocument signMessageDigest(eu.europa.esig.dss.model.DSSMessageDigest messageDigest, PAdESSignatureParameters parameters, eu.europa.esig.dss.model.SignatureValue signatureValue)
      This method is used to create a signed CMSSignedData to be used for incorporation within a PDF document for a PAdES signature creation
      Parameters:
      messageDigest - DSSMessageDigest representing digest of a ByteRange content prepared for a PDF signature creation
      parameters - PAdESSignatureParameters containing configuration for CMS creation
      signatureValue - SignatureValue representing private-key signing of the DTBS
      Returns:
      CMSSignedDocument representing a CMS signature suitable for PAdES signature creation

    • buildCMSSignedData

      protected org.bouncycastle.cms.CMSSignedData buildCMSSignedData(eu.europa.esig.dss.model.DSSMessageDigest messageDigest, PAdESSignatureParameters parameters, eu.europa.esig.dss.model.SignatureValue signatureValue)
      This method builds a CMSSignedData without executing additional checks on provided configuration
      Parameters:
      messageDigest - DSSMessageDigest representing digest of PDF ByteRange to be signed
      parameters - PAdESSignatureParameters
      signatureValue - SignatureValue
      Returns:
      CMSSignedData

    • assertConfigurationValid

      protected void assertConfigurationValid(eu.europa.esig.dss.model.DSSMessageDigest messageDigest, PAdESSignatureParameters parameters)
      This method verifies whether the provided parameters are valid for the external CMS creation process
      Parameters:
      messageDigest - DSSMessageDigest representing message-digest computed on PDF signature byte range
      parameters - PAdESSignatureParameters to be checked

    • assertSigningCertificateValid

      protected void assertSigningCertificateValid(eu.europa.esig.dss.AbstractSignatureParameters<?> parameters)
      This method raises an exception if the signing rules forbid the use the certificate.
      Parameters:
      parameters - set of driving signing parameters