Class PadesTwoPhaseSigningHelper
- java.lang.Object
-
- com.itextpdf.signatures.PadesTwoPhaseSigningHelper
-
public class PadesTwoPhaseSigningHelper extends java.lang.Object
Helper class to perform signing operation in two steps.Firstly
createCMSContainerWithoutSignature(java.security.cert.Certificate[], java.lang.String, com.itextpdf.kernel.pdf.PdfReader, java.io.OutputStream, com.itextpdf.signatures.SignerProperties)
prepares document and placeholder for future signature without actual signing process.Secondly follow-up step signs prepared document with corresponding PAdES Baseline profile.
-
-
Field Summary
Fields Modifier and Type Field Description private ICrlClient
crlClient
private int
estimatedSize
private static IBouncyCastleFactory
FACTORY
private IIssuingCertificateRetriever
issuingCertificateRetriever
private IOcspClient
ocspClient
private StampingProperties
stampingProperties
private StampingProperties
stampingPropertiesWithMetaInfo
private java.lang.String
temporaryDirectoryPath
private java.lang.String
timestampSignatureName
private ITSAClient
tsaClient
-
Constructor Summary
Constructors Constructor Description PadesTwoPhaseSigningHelper()
Create instance ofPadesTwoPhaseSigningHelper
.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description CMSContainer
createCMSContainerWithoutSignature(java.security.cert.Certificate[] certificates, java.lang.String digestAlgorithm, PdfReader inputDocument, java.io.OutputStream outputStream, SignerProperties signerProperties)
Creates CMS container compliant with PAdES level.private PdfPadesSigner
createPadesSigner(PdfReader inputDocument, java.io.OutputStream outputStream)
PadesTwoPhaseSigningHelper
setCrlClient(ICrlClient crlClient)
SetICrlClient
to be used for LTV Verification.PadesTwoPhaseSigningHelper
setEstimatedSize(int estimatedSize)
Set estimated size of a signature to be applied.PadesTwoPhaseSigningHelper
setIssuingCertificateRetriever(IIssuingCertificateRetriever issuingCertificateRetriever)
SetIIssuingCertificateRetriever
to be used before main signing operation.PadesTwoPhaseSigningHelper
setOcspClient(IOcspClient ocspClient)
SetIOcspClient
to be used for LTV Verification.private byte[]
setSignatureAlgorithmAndSignature(IExternalSignature externalSignature, CMSContainer cmsContainer)
PadesTwoPhaseSigningHelper
setStampingProperties(StampingProperties stampingProperties)
Set stamping properties to be used during main signing operation.PadesTwoPhaseSigningHelper
setTemporaryDirectoryPath(java.lang.String temporaryDirectoryPath)
Set temporary directory to be used for temporary files creation.PadesTwoPhaseSigningHelper
setTimestampSignatureName(java.lang.String timestampSignatureName)
Set the name to be used for timestamp signature creation.PadesTwoPhaseSigningHelper
setTrustedCertificates(java.util.List<java.security.cert.Certificate> certificateList)
Set certificate list to be used by theIIssuingCertificateRetriever
to retrieve missing certificates.PadesTwoPhaseSigningHelper
setTSAClient(ITSAClient tsaClient)
SetITSAClient
to be used for timestamp signature creation.void
signCMSContainerWithBaselineBProfile(IExternalSignature externalSignature, PdfReader inputDocument, java.io.OutputStream outputStream, java.lang.String signatureFieldName, CMSContainer cmsContainer)
Follow-up step that signs prepared document with PAdES Baseline-B profile.void
signCMSContainerWithBaselineLTAProfile(IExternalSignature externalSignature, PdfReader inputDocument, java.io.OutputStream outputStream, java.lang.String signatureFieldName, CMSContainer cmsContainer)
Follow-up step that signs prepared document with PAdES Baseline-LTA profile.void
signCMSContainerWithBaselineLTProfile(IExternalSignature externalSignature, PdfReader inputDocument, java.io.OutputStream outputStream, java.lang.String signatureFieldName, CMSContainer cmsContainer)
Follow-up step that signs prepared document with PAdES Baseline-LT profile.void
signCMSContainerWithBaselineTProfile(IExternalSignature externalSignature, PdfReader inputDocument, java.io.OutputStream outputStream, java.lang.String signatureFieldName, CMSContainer cmsContainer)
Follow-up step that signs prepared document with PAdES Baseline-T profile.
-
-
-
Field Detail
-
FACTORY
private static final IBouncyCastleFactory FACTORY
-
ocspClient
private IOcspClient ocspClient
-
crlClient
private ICrlClient crlClient
-
tsaClient
private ITSAClient tsaClient
-
temporaryDirectoryPath
private java.lang.String temporaryDirectoryPath
-
timestampSignatureName
private java.lang.String timestampSignatureName
-
stampingProperties
private StampingProperties stampingProperties
-
stampingPropertiesWithMetaInfo
private StampingProperties stampingPropertiesWithMetaInfo
-
issuingCertificateRetriever
private IIssuingCertificateRetriever issuingCertificateRetriever
-
estimatedSize
private int estimatedSize
-
-
Constructor Detail
-
PadesTwoPhaseSigningHelper
public PadesTwoPhaseSigningHelper()
Create instance ofPadesTwoPhaseSigningHelper
.Same instance shall not be used for different signing operations, but can be used for both
createCMSContainerWithoutSignature(java.security.cert.Certificate[], java.lang.String, com.itextpdf.kernel.pdf.PdfReader, java.io.OutputStream, com.itextpdf.signatures.SignerProperties)
and follow-up signing.
-
-
Method Detail
-
setOcspClient
public PadesTwoPhaseSigningHelper setOcspClient(IOcspClient ocspClient)
SetIOcspClient
to be used for LTV Verification.This setter is only relevant if Baseline-LT Profile level or higher is used.
If none is set, there will be an attempt to create default OCSP Client instance using the certificate chain.
- Parameters:
ocspClient
-IOcspClient
instance to be used for LTV Verification- Returns:
- same instance of
PadesTwoPhaseSigningHelper
-
setTrustedCertificates
public PadesTwoPhaseSigningHelper setTrustedCertificates(java.util.List<java.security.cert.Certificate> certificateList)
Set certificate list to be used by theIIssuingCertificateRetriever
to retrieve missing certificates.- Parameters:
certificateList
- certificate list for getting missing certificates in chain or CRL response issuer certificates.- Returns:
- same instance of
PadesTwoPhaseSigningHelper
.
-
setCrlClient
public PadesTwoPhaseSigningHelper setCrlClient(ICrlClient crlClient)
SetICrlClient
to be used for LTV Verification.This setter is only relevant if Baseline-LT Profile level or higher is used.
If none is set, there will be an attempt to create default CRL Client instance using the certificate chain.
- Parameters:
crlClient
-ICrlClient
instance to be used for LTV Verification- Returns:
- same instance of
PadesTwoPhaseSigningHelper
-
setTSAClient
public PadesTwoPhaseSigningHelper setTSAClient(ITSAClient tsaClient)
SetITSAClient
to be used for timestamp signature creation.This client has to be set for Baseline-T Profile level and higher.
- Parameters:
tsaClient
-ITSAClient
instance to be used for timestamp signature creation.- Returns:
- same instance of
PadesTwoPhaseSigningHelper
-
setIssuingCertificateRetriever
public PadesTwoPhaseSigningHelper setIssuingCertificateRetriever(IIssuingCertificateRetriever issuingCertificateRetriever)
SetIIssuingCertificateRetriever
to be used before main signing operation.If none is set,
IssuingCertificateRetriever
instance will be used instead.- Parameters:
issuingCertificateRetriever
-IIssuingCertificateRetriever
instance to be used for getting missing certificates in chain or CRL response issuer certificates.- Returns:
- same instance of
PadesTwoPhaseSigningHelper
.
-
setEstimatedSize
public PadesTwoPhaseSigningHelper setEstimatedSize(int estimatedSize)
Set estimated size of a signature to be applied.This parameter represents estimated amount of bytes to be preserved for the signature.
If none is set, 0 will be used and the required space will be calculated during the signing.
- Parameters:
estimatedSize
- amount of bytes to be used as estimated value- Returns:
- same instance of
PadesTwoPhaseSigningHelper
-
setTemporaryDirectoryPath
public PadesTwoPhaseSigningHelper setTemporaryDirectoryPath(java.lang.String temporaryDirectoryPath)
Set temporary directory to be used for temporary files creation.If none is set, temporary documents will be created in memory.
- Parameters:
temporaryDirectoryPath
-String
representing relative or absolute path to the directory- Returns:
- same instance of
PadesTwoPhaseSigningHelper
-
setTimestampSignatureName
public PadesTwoPhaseSigningHelper setTimestampSignatureName(java.lang.String timestampSignatureName)
Set the name to be used for timestamp signature creation.This setter is only relevant if
PdfPadesSigner.signWithBaselineLTAProfile(com.itextpdf.signatures.SignerProperties, java.security.cert.Certificate[], com.itextpdf.signatures.IExternalSignature, com.itextpdf.signatures.ITSAClient)
orPdfPadesSigner.prolongSignatures(com.itextpdf.signatures.ITSAClient)
methods are used.If none is set, randomly generated signature name will be used.
- Parameters:
timestampSignatureName
-String
representing the name of a timestamp signature to be applied- Returns:
- same instance of
PadesTwoPhaseSigningHelper
-
setStampingProperties
public PadesTwoPhaseSigningHelper setStampingProperties(StampingProperties stampingProperties)
Set stamping properties to be used during main signing operation.If none is set, stamping properties with append mode enabled will be used
- Parameters:
stampingProperties
-StampingProperties
instance to be used during main signing operation- Returns:
- same instance of
PadesTwoPhaseSigningHelper
-
createCMSContainerWithoutSignature
public CMSContainer createCMSContainerWithoutSignature(java.security.cert.Certificate[] certificates, java.lang.String digestAlgorithm, PdfReader inputDocument, java.io.OutputStream outputStream, SignerProperties signerProperties) throws java.io.IOException, java.security.GeneralSecurityException
Creates CMS container compliant with PAdES level. Prepares document and placeholder for the future signature without actual signing process.- Parameters:
certificates
- certificates to be added to the CMS containerdigestAlgorithm
- the algorithm to generate the digest withinputDocument
- readerPdfReader
instance to read original PDF fileoutputStream
-OutputStream
output stream to write the resulting PDF file intosignerProperties
- properties to be used in the signing operations- Returns:
- prepared CMS container without signature.
- Throws:
java.io.IOException
- if an I/O error occurs.java.security.GeneralSecurityException
- if some problem with signature or security occur.
-
signCMSContainerWithBaselineBProfile
public void signCMSContainerWithBaselineBProfile(IExternalSignature externalSignature, PdfReader inputDocument, java.io.OutputStream outputStream, java.lang.String signatureFieldName, CMSContainer cmsContainer) throws java.lang.Exception
Follow-up step that signs prepared document with PAdES Baseline-B profile.- Parameters:
externalSignature
- external signature to do the actual signinginputDocument
- readerPdfReader
instance to read prepared documentoutputStream
- the output PDFsignatureFieldName
- the field to signcmsContainer
- the finalized CMS container (e.g. created in the first step)- Throws:
java.lang.Exception
- if some exception occur.
-
signCMSContainerWithBaselineTProfile
public void signCMSContainerWithBaselineTProfile(IExternalSignature externalSignature, PdfReader inputDocument, java.io.OutputStream outputStream, java.lang.String signatureFieldName, CMSContainer cmsContainer) throws java.lang.Exception
Follow-up step that signs prepared document with PAdES Baseline-T profile.- Parameters:
externalSignature
- external signature to do the actual signinginputDocument
- readerPdfReader
instance to read prepared documentoutputStream
- the output PDFsignatureFieldName
- the field to signcmsContainer
- the finalized CMS container (e.g. created in the first step)- Throws:
java.lang.Exception
- if some exception occur.
-
signCMSContainerWithBaselineLTProfile
public void signCMSContainerWithBaselineLTProfile(IExternalSignature externalSignature, PdfReader inputDocument, java.io.OutputStream outputStream, java.lang.String signatureFieldName, CMSContainer cmsContainer) throws java.lang.Exception
Follow-up step that signs prepared document with PAdES Baseline-LT profile.- Parameters:
externalSignature
- external signature to do the actual signinginputDocument
- readerPdfReader
instance to read prepared documentoutputStream
- the output PDFsignatureFieldName
- the field to signcmsContainer
- the finalized CMS container (e.g. created in the first step)- Throws:
java.lang.Exception
- if some exception occur.
-
signCMSContainerWithBaselineLTAProfile
public void signCMSContainerWithBaselineLTAProfile(IExternalSignature externalSignature, PdfReader inputDocument, java.io.OutputStream outputStream, java.lang.String signatureFieldName, CMSContainer cmsContainer) throws java.lang.Exception
Follow-up step that signs prepared document with PAdES Baseline-LTA profile.- Parameters:
externalSignature
- external signature to do the actual signinginputDocument
- readerPdfReader
instance to read prepared documentoutputStream
- the output PDFsignatureFieldName
- the field to signcmsContainer
- the finalized CMS container (e.g. created in the first step)- Throws:
java.lang.Exception
- if some exception occur.
-
setSignatureAlgorithmAndSignature
private byte[] setSignatureAlgorithmAndSignature(IExternalSignature externalSignature, CMSContainer cmsContainer) throws java.io.IOException, java.security.GeneralSecurityException
- Throws:
java.io.IOException
java.security.GeneralSecurityException
-
createPadesSigner
private PdfPadesSigner createPadesSigner(PdfReader inputDocument, java.io.OutputStream outputStream)
-
-