Package com.itextpdf.signatures
Class SignUtils
java.lang.Object
com.itextpdf.signatures.SignUtils
-
Nested Class Summary
Nested Classes -
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescription(package private) static Date
(package private) static boolean
checkIfIssuersMatch
(ICertificateID certID, X509Certificate issuerCert) (package private) static Certificate
generateCertificate
(InputStream data, Provider provider) (package private) static ICertificateID
generateCertificateId
(X509Certificate issuerCert, BigInteger serialNumber, IASN1ObjectIdentifier identifier) (package private) static ICertificateID
generateCertificateId
(X509Certificate issuerCert, BigInteger serialNumber, IAlgorithmIdentifier digestAlgorithmIdentifier) (package private) static IOCSPReq
(package private) static Iterable
<X509Certificate> getCertificates
(KeyStore keyStore) (package private) static Iterable
<X509Certificate> getCertsFromOcspResponse
(IBasicOCSPResp ocspResp) (package private) static byte[]
getExtensionValueByOid
(CRL crl, String oid) (package private) static byte[]
getExtensionValueByOid
(X509Certificate certificate, String oid) (package private) static <T> T
getFirstElement
(Iterable<T> iterable) (package private) static InputStream
getHttpResponse
(URL urlt) (package private) static InputStream
getHttpResponseForOcspRequest
(byte[] request, URL urlt) (package private) static X500Principal
getIssuerX500Principal
(IASN1Sequence issuerAndSerialNumber) (package private) static MessageDigest
getMessageDigest
(String hashAlgorithm) (package private) static MessageDigest
getMessageDigest
(String hashAlgorithm, IExternalDigest externalDigest) (package private) static MessageDigest
getMessageDigest
(String hashAlgorithm, String provider) (package private) static String
(package private) static Signature
getSignatureHelper
(String algorithm, String provider) (package private) static Calendar
getTimeStampDate
(ITSTInfo timeStampTokenInfo) (package private) static SignUtils.TsaResponse
getTsaResponseForUserRequest
(String tsaUrl, byte[] requestBytes, String tsaUsername, String tsaPassword) (package private) static boolean
Deprecated.this behavior is different in Java and .NET, because in Java we use this two-step check: first via #hasUnsupportedCriticalExtension method, and then additionally allowing standard critical extensions; in .NET there's only second step.(package private) static boolean
isSignatureValid
(IBasicOCSPResp validator, Certificate certStoreX509, String provider) (package private) static void
isSignatureValid
(ITimeStampToken validator, X509Certificate certStoreX509, String provider) (package private) static CRL
parseCrlFromStream
(InputStream input) Parses a CRL from an InputStream.(package private) static Collection
<Certificate> readAllCerts
(byte[] contentsKey) (package private) static Collection
<Certificate> readAllCerts
(InputStream contentsKey, Provider provider) (package private) static Collection
<CRL> readAllCRLs
(byte[] contentsKey) (package private) static void
setRSASSAPSSParamsWithMGF1
(Signature signature, String digestAlgoName, int saltLen, int trailerField) static void
updateVerifier
(Signature signature, byte[] attr) (package private) static boolean
verifyCertificateSignature
(X509Certificate certificate, PublicKey issuerPublicKey, String provider)
-
Field Details
-
FACTORY
-
-
Constructor Details
-
SignUtils
SignUtils()
-
-
Method Details
-
getPrivateKeyAlgorithm
-
parseCrlFromStream
Parses a CRL from an InputStream.- Parameters:
input
- The InputStream holding the unparsed CRL.- Returns:
- the parsed CRL object
- Throws:
CertificateException
- thrown when no provider has been found for X509CRLException
- thrown during parsing the CRL
-
getExtensionValueByOid
-
getExtensionValueByOid
-
getMessageDigest
- Throws:
GeneralSecurityException
-
getMessageDigest
static MessageDigest getMessageDigest(String hashAlgorithm, IExternalDigest externalDigest) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
getMessageDigest
static MessageDigest getMessageDigest(String hashAlgorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderException -
getHttpResponse
- Throws:
IOException
-
generateCertificateId
static ICertificateID generateCertificateId(X509Certificate issuerCert, BigInteger serialNumber, IAlgorithmIdentifier digestAlgorithmIdentifier) throws AbstractOperatorCreationException, CertificateEncodingException, AbstractOCSPException -
generateCertificateId
static ICertificateID generateCertificateId(X509Certificate issuerCert, BigInteger serialNumber, IASN1ObjectIdentifier identifier) throws AbstractOperatorCreationException, CertificateEncodingException, AbstractOCSPException -
generateOcspRequestWithNonce
static IOCSPReq generateOcspRequestWithNonce(ICertificateID id) throws IOException, AbstractOCSPException - Throws:
IOException
AbstractOCSPException
-
getHttpResponseForOcspRequest
- Throws:
IOException
-
isSignatureValid
static boolean isSignatureValid(IBasicOCSPResp validator, Certificate certStoreX509, String provider) throws AbstractOperatorCreationException, AbstractOCSPException -
isSignatureValid
static void isSignatureValid(ITimeStampToken validator, X509Certificate certStoreX509, String provider) throws AbstractOperatorCreationException, AbstractTSPException -
checkIfIssuersMatch
static boolean checkIfIssuersMatch(ICertificateID certID, X509Certificate issuerCert) throws CertificateEncodingException, IOException, AbstractOCSPException, AbstractOperatorCreationException -
add180Sec
-
getCertsFromOcspResponse
-
readAllCerts
- Throws:
CertificateException
-
readAllCerts
static Collection<Certificate> readAllCerts(InputStream contentsKey, Provider provider) throws CertificateException - Throws:
CertificateException
-
generateCertificate
static Certificate generateCertificate(InputStream data, Provider provider) throws CertificateException - Throws:
CertificateException
-
readAllCRLs
- Throws:
CertificateException
CRLException
-
getFirstElement
-
getIssuerX500Principal
- Throws:
IOException
-
getTsaResponseForUserRequest
static SignUtils.TsaResponse getTsaResponseForUserRequest(String tsaUrl, byte[] requestBytes, String tsaUsername, String tsaPassword) throws IOException - Throws:
IOException
-
hasUnsupportedCriticalExtension
Deprecated.this behavior is different in Java and .NET, because in Java we use this two-step check: first via #hasUnsupportedCriticalExtension method, and then additionally allowing standard critical extensions; in .NET there's only second step. However, removing first step in Java can be a breaking change for some users and moreover we don't have any means of providing customization for unsupported extensions check as of right now.During major release I'd suggest changing java unsupported extensions check logic to the same as in .NET, but only if it is possible to customize this logic.
Check if the provided certificate has a critical extension that iText doesn't support.- Parameters:
cert
- X509Certificate instance to check- Returns:
- true if there are unsupported critical extensions, false if there are none
-
getTimeStampDate
-
getSignatureHelper
static Signature getSignatureHelper(String algorithm, String provider) throws NoSuchProviderException, NoSuchAlgorithmException -
setRSASSAPSSParamsWithMGF1
static void setRSASSAPSSParamsWithMGF1(Signature signature, String digestAlgoName, int saltLen, int trailerField) throws InvalidAlgorithmParameterException -
updateVerifier
- Throws:
SignatureException
-
verifyCertificateSignature
static boolean verifyCertificateSignature(X509Certificate certificate, PublicKey issuerPublicKey, String provider) -
getCertificates
- Throws:
KeyStoreException
-