Package com.itextpdf.signatures.cms
Class CMSContainer
- java.lang.Object
-
- com.itextpdf.signatures.cms.CMSContainer
-
public class CMSContainer extends java.lang.Object
The CMS container which represents SignedData structure from rfc5652 Cryptographic Message Syntax (CMS)
-
-
Field Summary
Fields Modifier and Type Field Description private static IBouncyCastleFactory
BC_FACTORY
private java.util.Collection<java.security.cert.X509Certificate>
certificates
Optional.private java.util.Collection<java.security.cert.CRL>
crls
Optional.private EncapsulatedContentInfo
encapContentInfo
This represents the signed content.private java.util.Collection<IBasicOCSPResponse>
ocsps
Optional.(package private) java.util.Collection<IASN1Sequence>
otherRevocationInfo
Collection to store revocation info other than OCSP and CRL responses, e.g.private SignerInfo
signerInfo
This class only supports one signer per signature field.private int
version
-
Constructor Summary
Constructors Constructor Description CMSContainer()
Creates an empty SignedData structure.CMSContainer(byte[] encodedCMSdata)
Creates a SignedData structure from a serialized ASN1 structure.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addCertificate(java.security.cert.X509Certificate cert)
Adds a certificate.void
addCertificates(java.security.cert.X509Certificate[] certs)
Adds a set of certificates.void
addCrl(java.security.cert.CRL crl)
Adds a CRL response to the CMS container.void
addOcsp(IBasicOCSPResponse ocspResponse)
Adds an OCSP response to the CMS container.java.util.Collection<java.security.cert.X509Certificate>
getCertificates()
Retrieves a copy of the list of certificates.int
getCmsVersion()
The version of the CMS container.java.util.Collection<java.security.cert.CRL>
getCrls()
Retrieves a copy of the list of CRLs.AlgorithmIdentifier
getDigestAlgorithm()
The digest algorithm OID and parameters used by the signer.EncapsulatedContentInfo
getEncapContentInfo()
This represents the signed content.java.util.Collection<IBasicOCSPResponse>
getOcsps()
Retrieves a copy of the list of OCSPs.byte[]
getSerializedSignedAttributes()
Retrieves the encoded signed attributes of the signer info.SignerInfo
getSignerInfo()
This class only supports one signer per signature field.long
getSizeEstimation()
When all fields except for signer.signedAttributes.digest and signer.signature are completed it is possible to calculate the eventual size of the signature by serializing except for the signature (that depends on the digest and cypher but is set at 1024 bytes) and later added unsigned attributes like timestamps.private void
processCertificates(IASN1Sequence signedData)
byte[]
serialize()
Serializes the SignedData structure and makes the signer infos signed attributes read only.private byte[]
serialize(boolean forEstimation)
void
setEncapContentInfo(EncapsulatedContentInfo encapContentInfo)
This represents the signed content.void
setSerializedSignedAttributes(byte[] signedAttributesData)
Sets the Signed Attributes of the signer info to this serialized version.void
setSignerInfo(SignerInfo signerInfo)
This class only supports one signer per signature field.
-
-
-
Field Detail
-
BC_FACTORY
private static final IBouncyCastleFactory BC_FACTORY
-
otherRevocationInfo
final java.util.Collection<IASN1Sequence> otherRevocationInfo
Collection to store revocation info other than OCSP and CRL responses, e.g. SCVP Request and Response.
-
crls
private final java.util.Collection<java.security.cert.CRL> crls
Optional.It is a collection of CRL revocation status information.
-
ocsps
private final java.util.Collection<IBasicOCSPResponse> ocsps
Optional.It is a collection of CRL revocation status information.
-
encapContentInfo
private EncapsulatedContentInfo encapContentInfo
This represents the signed content. In the case of a signed PDF document this will of type data with no content.
-
certificates
private java.util.Collection<java.security.cert.X509Certificate> certificates
Optional.It is intended to add all certificates to be able to validate the entire chain.
-
signerInfo
private SignerInfo signerInfo
This class only supports one signer per signature field.
-
version
private int version
-
-
Constructor Detail
-
CMSContainer
public CMSContainer()
Creates an empty SignedData structure.
-
CMSContainer
public CMSContainer(byte[] encodedCMSdata) throws java.io.IOException, java.security.cert.CertificateException, java.security.cert.CRLException
Creates a SignedData structure from a serialized ASN1 structure.- Parameters:
encodedCMSdata
- the serialized CMS container- Throws:
java.io.IOException
- if issues occur during ASN1 objects creation.java.security.cert.CertificateException
- if issues occur processing the embedded certificates.java.security.cert.CRLException
- if CRL encoding error occurs.
-
-
Method Detail
-
setSignerInfo
public void setSignerInfo(SignerInfo signerInfo)
This class only supports one signer per signature field.- Parameters:
signerInfo
- the singerInfo
-
getSignerInfo
public SignerInfo getSignerInfo()
This class only supports one signer per signature field.- Returns:
- the singerInfo
-
getSizeEstimation
public long getSizeEstimation() throws java.security.cert.CertificateEncodingException, java.io.IOException, java.security.cert.CRLException
When all fields except for signer.signedAttributes.digest and signer.signature are completed it is possible to calculate the eventual size of the signature by serializing except for the signature (that depends on the digest and cypher but is set at 1024 bytes) and later added unsigned attributes like timestamps.- Returns:
- the estimated size of the complete CMS container before signature is added, size for the signature is added, size for other attributes like timestamps is not.
- Throws:
java.security.cert.CertificateEncodingException
- if an encoding error occurs inX509Certificate
.java.io.IOException
- if an I/O error occurs.java.security.cert.CRLException
- if CRL encoding error occurs.
-
getCmsVersion
public int getCmsVersion()
The version of the CMS container.- Returns:
- version of the CMS container
-
getDigestAlgorithm
public AlgorithmIdentifier getDigestAlgorithm()
The digest algorithm OID and parameters used by the signer. This class only supports one signer for use in pdf signatures, so only one digest algorithm is supported.This field is set when adding the signerInfo.
- Returns:
AlgorithmIdentifier
digest algorithm.
-
getEncapContentInfo
public EncapsulatedContentInfo getEncapContentInfo()
This represents the signed content. In the case of a signed PDF document this will be of type data with no content.- Returns:
- a representation of the data to be signed.
-
setEncapContentInfo
public void setEncapContentInfo(EncapsulatedContentInfo encapContentInfo)
This represents the signed content. In the case of a signed PDF document this will be of type data with no content. Defaults to 1.2.840.113549.1.7.1 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7) id-data(1)}- Parameters:
encapContentInfo
- a representation of the data to be signed.
-
addCertificate
public void addCertificate(java.security.cert.X509Certificate cert)
Adds a certificate.- Parameters:
cert
- the certificate to be added
-
addCertificates
public void addCertificates(java.security.cert.X509Certificate[] certs)
Adds a set of certificates.- Parameters:
certs
- the certificates to be added
-
getCertificates
public java.util.Collection<java.security.cert.X509Certificate> getCertificates()
Retrieves a copy of the list of certificates.- Returns:
- the list of certificates to be used for signing and certificate validation
-
getCrls
public java.util.Collection<java.security.cert.CRL> getCrls()
Retrieves a copy of the list of CRLs.- Returns:
- the list of CRL revocation info.
-
addCrl
public void addCrl(java.security.cert.CRL crl)
Adds a CRL response to the CMS container.- Parameters:
crl
- the CRL response to be added.
-
getOcsps
public java.util.Collection<IBasicOCSPResponse> getOcsps()
Retrieves a copy of the list of OCSPs.- Returns:
- the list of OCSP revocation info.
-
addOcsp
public void addOcsp(IBasicOCSPResponse ocspResponse)
Adds an OCSP response to the CMS container.- Parameters:
ocspResponse
- the OCSP response to be added.
-
setSerializedSignedAttributes
public void setSerializedSignedAttributes(byte[] signedAttributesData)
Sets the Signed Attributes of the signer info to this serialized version. The signed attributes will become read-only.- Parameters:
signedAttributesData
- the serialized Signed Attributes
-
getSerializedSignedAttributes
public byte[] getSerializedSignedAttributes() throws java.io.IOException
Retrieves the encoded signed attributes of the signer info. This makes the signed attributes read only.- Returns:
- the encoded signed attributes of the signer info.
- Throws:
java.io.IOException
- if issues occur during ASN1 objects creation.
-
serialize
public byte[] serialize() throws java.security.cert.CertificateEncodingException, java.io.IOException, java.security.cert.CRLException
Serializes the SignedData structure and makes the signer infos signed attributes read only.- Returns:
- the encoded DignedData structure.
- Throws:
java.security.cert.CertificateEncodingException
- if errors occur during certificate processing.java.io.IOException
- if issues occur during ASN1 objects creation.java.security.cert.CRLException
- if CRL encoding error occurs.
-
serialize
private byte[] serialize(boolean forEstimation) throws java.security.cert.CertificateEncodingException, java.io.IOException, java.security.cert.CRLException
- Throws:
java.security.cert.CertificateEncodingException
java.io.IOException
java.security.cert.CRLException
-
processCertificates
private void processCertificates(IASN1Sequence signedData) throws java.security.cert.CertificateException, java.io.IOException
- Throws:
java.security.cert.CertificateException
java.io.IOException
-
-