Class PdfPadesSigner
- java.lang.Object
-
- com.itextpdf.signatures.PdfPadesSigner
-
public class PdfPadesSigner extends java.lang.Object
This class performs signing with PaDES related profiles using provided parameters.
-
-
Field Summary
Fields Modifier and Type Field Description private AccessPermissions
accessPermissions
private ICrlClient
crlClient
private static java.lang.String
DEFAULT_DIGEST_ALGORITHM
private int
estimatedSize
private IExternalDigest
externalDigest
private static IBouncyCastleFactory
FACTORY
private PdfSigFieldLock
fieldLock
private static long
increment
private IIssuingCertificateRetriever
issuingCertificateRetriever
private static java.lang.Object
LOCK_OBJECT
private IOcspClient
ocspClient
private java.io.OutputStream
outputStream
private PdfReader
reader
private StampingProperties
stampingProperties
private StampingProperties
stampingPropertiesWithMetaInfo
private static java.lang.String
TEMP_FILE_NAME
private java.io.File
tempFile
private java.util.Set<java.io.File>
tempFiles
private java.lang.String
temporaryDirectoryPath
private java.io.ByteArrayOutputStream
tempOutputStream
private java.lang.String
timestampSignatureName
-
Constructor Summary
Constructors Constructor Description PdfPadesSigner(PdfReader reader, java.io.OutputStream outputStream)
Create an instance of PdfPadesSigner class.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description (package private) java.io.InputStream
createInputStream()
(package private) java.io.OutputStream
createOutputStream()
(package private) PdfSigner
createPdfSigner(SignerProperties signerProperties, boolean isFinal)
(package private) void
createRevocationClients(java.security.cert.Certificate signingCert, boolean clientsRequired)
(package private) void
deleteTempFiles()
private java.lang.String
getDigestAlgorithm(java.security.PrivateKey privateKey)
private java.io.File
getNextTempFile()
(package private) void
performLtvVerification(PdfDocument pdfDocument, java.util.List<java.lang.String> signatureNames, LtvVerification.RevocationDataNecessity revocationDataNecessity)
private void
performSignDetached(SignerProperties signerProperties, boolean isFinal, IExternalSignature externalSignature, java.security.cert.Certificate[] chain, ITSAClient tsaClient)
(package private) void
performTimestamping(PdfDocument document, java.io.OutputStream outputStream, ITSAClient tsaClient)
void
prolongSignatures()
Add revocation information for all the signatures which could be found in the provided document.void
prolongSignatures(ITSAClient tsaClient)
Add revocation information for all the signatures which could be found in the provided document.PdfPadesSigner
setCertificationLevel(AccessPermissions accessPermissions)
Set certification level which specifies DocMDP level which is expected to be set.PdfPadesSigner
setCrlClient(ICrlClient crlClient)
SetICrlClient
to be used for LTV Verification.PdfPadesSigner
setEstimatedSize(int estimatedSize)
Set estimated size of a signature to be applied.PdfPadesSigner
setExternalDigest(IExternalDigest externalDigest)
SetIExternalDigest
to be used for main signing operation.PdfPadesSigner
setIssuingCertificateRetriever(IIssuingCertificateRetriever issuingCertificateRetriever)
SetIIssuingCertificateRetriever
to be used before main signing operation.PdfPadesSigner
setOcspClient(IOcspClient ocspClient)
SetIOcspClient
to be used for LTV Verification.PdfPadesSigner
setSignatureFieldLock(PdfSigFieldLock fieldLock)
Set FieldMDP rules to be applied for this signature.PdfPadesSigner
setStampingProperties(StampingProperties stampingProperties)
Set stamping properties to be used during main signing operation.PdfPadesSigner
setTemporaryDirectoryPath(java.lang.String temporaryDirectoryPath)
Set temporary directory to be used for temporary files creation.PdfPadesSigner
setTimestampSignatureName(java.lang.String timestampSignatureName)
Set the name to be used for timestamp signature creation.PdfPadesSigner
setTrustedCertificates(java.util.List<java.security.cert.Certificate> certificateList)
Set certificate list to be used by theIIssuingCertificateRetriever
to retrieve missing certificates.void
signWithBaselineBProfile(SignerProperties signerProperties, java.security.cert.Certificate[] chain, IExternalSignature externalSignature)
Sign the document provided inPdfSigner
instance with PaDES Baseline-B Profile.void
signWithBaselineBProfile(SignerProperties signerProperties, java.security.cert.Certificate[] chain, java.security.PrivateKey privateKey)
Sign the document provided inPdfSigner
instance with PaDES Baseline-B Profile.void
signWithBaselineLTAProfile(SignerProperties signerProperties, java.security.cert.Certificate[] chain, IExternalSignature externalSignature, ITSAClient tsaClient)
Sign the document provided inPdfSigner
instance with PaDES Baseline-LTA Profile.void
signWithBaselineLTAProfile(SignerProperties signerProperties, java.security.cert.Certificate[] chain, java.security.PrivateKey privateKey, ITSAClient tsaClient)
Sign the document provided inPdfSigner
instance with PaDES Baseline-LTA Profile.void
signWithBaselineLTProfile(SignerProperties signerProperties, java.security.cert.Certificate[] chain, IExternalSignature externalSignature, ITSAClient tsaClient)
Sign the document provided inPdfSigner
instance with PaDES Baseline-LT Profile.void
signWithBaselineLTProfile(SignerProperties signerProperties, java.security.cert.Certificate[] chain, java.security.PrivateKey privateKey, ITSAClient tsaClient)
Sign the document provided inPdfSigner
instance with PaDES Baseline-LT Profile.void
signWithBaselineTProfile(SignerProperties signerProperties, java.security.cert.Certificate[] chain, IExternalSignature externalSignature, ITSAClient tsaClient)
Sign the document provided inPdfSigner
instance with PaDES Baseline-T Profile.void
signWithBaselineTProfile(SignerProperties signerProperties, java.security.cert.Certificate[] chain, java.security.PrivateKey privateKey, ITSAClient tsaClient)
Sign the document provided inPdfSigner
instance with PaDES Baseline-T Profile.
-
-
-
Field Detail
-
TEMP_FILE_NAME
private static final java.lang.String TEMP_FILE_NAME
- See Also:
- Constant Field Values
-
FACTORY
private static final IBouncyCastleFactory FACTORY
-
DEFAULT_DIGEST_ALGORITHM
private static final java.lang.String DEFAULT_DIGEST_ALGORITHM
- See Also:
- Constant Field Values
-
LOCK_OBJECT
private static final java.lang.Object LOCK_OBJECT
-
increment
private static long increment
-
ocspClient
private IOcspClient ocspClient
-
crlClient
private ICrlClient crlClient
-
issuingCertificateRetriever
private IIssuingCertificateRetriever issuingCertificateRetriever
-
estimatedSize
private int estimatedSize
-
timestampSignatureName
private java.lang.String timestampSignatureName
-
temporaryDirectoryPath
private java.lang.String temporaryDirectoryPath
-
accessPermissions
private AccessPermissions accessPermissions
-
fieldLock
private PdfSigFieldLock fieldLock
-
externalDigest
private IExternalDigest externalDigest
-
stampingProperties
private StampingProperties stampingProperties
-
stampingPropertiesWithMetaInfo
private StampingProperties stampingPropertiesWithMetaInfo
-
tempOutputStream
private java.io.ByteArrayOutputStream tempOutputStream
-
tempFile
private java.io.File tempFile
-
tempFiles
private final java.util.Set<java.io.File> tempFiles
-
reader
private final PdfReader reader
-
outputStream
private final java.io.OutputStream outputStream
-
-
Constructor Detail
-
PdfPadesSigner
public PdfPadesSigner(PdfReader reader, java.io.OutputStream outputStream)
Create an instance of PdfPadesSigner class. One instance shall be used for one signing operation.- Parameters:
reader
-PdfReader
instance to read original PDF fileoutputStream
-OutputStream
output stream to write the resulting PDF file into
-
-
Method Detail
-
signWithBaselineBProfile
public void signWithBaselineBProfile(SignerProperties signerProperties, java.security.cert.Certificate[] chain, IExternalSignature externalSignature) throws java.security.GeneralSecurityException, java.io.IOException
Sign the document provided inPdfSigner
instance with PaDES Baseline-B Profile.- Parameters:
signerProperties
-SignerProperties
properties to be used for main signing operationchain
- the chain of certificates to be used for signing operationexternalSignature
-IExternalSignature
instance to be used for main signing operation- Throws:
java.security.GeneralSecurityException
- in case of signing related exceptionsjava.io.IOException
- in case of files related exceptions
-
signWithBaselineBProfile
public void signWithBaselineBProfile(SignerProperties signerProperties, java.security.cert.Certificate[] chain, java.security.PrivateKey privateKey) throws java.security.GeneralSecurityException, java.io.IOException
Sign the document provided inPdfSigner
instance with PaDES Baseline-B Profile.- Parameters:
signerProperties
-SignerProperties
properties to be used for main signing operationchain
- the chain of certificates to be used for signing operationprivateKey
-PrivateKey
instance to be used for main signing operation- Throws:
java.security.GeneralSecurityException
- in case of signing related exceptionsjava.io.IOException
- in case of files related exceptions
-
signWithBaselineTProfile
public void signWithBaselineTProfile(SignerProperties signerProperties, java.security.cert.Certificate[] chain, IExternalSignature externalSignature, ITSAClient tsaClient) throws java.security.GeneralSecurityException, java.io.IOException
Sign the document provided inPdfSigner
instance with PaDES Baseline-T Profile.- Parameters:
signerProperties
-SignerProperties
properties to be used for main signing operationchain
- the chain of certificates to be used for signing operationexternalSignature
-IExternalSignature
instance to be used for main signing operationtsaClient
-ITSAClient
instance to be used for timestamp creation- Throws:
java.security.GeneralSecurityException
- in case of signing related exceptionsjava.io.IOException
- in case of files related exceptions
-
signWithBaselineTProfile
public void signWithBaselineTProfile(SignerProperties signerProperties, java.security.cert.Certificate[] chain, java.security.PrivateKey privateKey, ITSAClient tsaClient) throws java.security.GeneralSecurityException, java.io.IOException
Sign the document provided inPdfSigner
instance with PaDES Baseline-T Profile.- Parameters:
signerProperties
-SignerProperties
properties to be used for main signing operationchain
- the chain of certificates to be used for signing operationprivateKey
-PrivateKey
instance to be used for main signing operationtsaClient
-ITSAClient
instance to be used for timestamp creation- Throws:
java.security.GeneralSecurityException
- in case of signing related exceptionsjava.io.IOException
- in case of files related exceptions
-
signWithBaselineLTProfile
public void signWithBaselineLTProfile(SignerProperties signerProperties, java.security.cert.Certificate[] chain, IExternalSignature externalSignature, ITSAClient tsaClient) throws java.security.GeneralSecurityException, java.io.IOException
Sign the document provided inPdfSigner
instance with PaDES Baseline-LT Profile.- Parameters:
signerProperties
-SignerProperties
properties to be used for main signing operationchain
- the chain of certificates to be used for signing operationexternalSignature
-IExternalSignature
instance to be used for main signing operationtsaClient
-ITSAClient
instance to be used for timestamp creation- Throws:
java.security.GeneralSecurityException
- in case of signing related exceptionsjava.io.IOException
- in case of files related exceptions
-
signWithBaselineLTProfile
public void signWithBaselineLTProfile(SignerProperties signerProperties, java.security.cert.Certificate[] chain, java.security.PrivateKey privateKey, ITSAClient tsaClient) throws java.security.GeneralSecurityException, java.io.IOException
Sign the document provided inPdfSigner
instance with PaDES Baseline-LT Profile.- Parameters:
signerProperties
-SignerProperties
properties to be used for main signing operationchain
- the chain of certificates to be used for signing operationprivateKey
-PrivateKey
instance to be used for main signing operationtsaClient
-ITSAClient
instance to be used for timestamp creation- Throws:
java.security.GeneralSecurityException
- in case of signing related exceptionsjava.io.IOException
- in case of files related exceptions
-
signWithBaselineLTAProfile
public void signWithBaselineLTAProfile(SignerProperties signerProperties, java.security.cert.Certificate[] chain, IExternalSignature externalSignature, ITSAClient tsaClient) throws java.io.IOException, java.security.GeneralSecurityException
Sign the document provided inPdfSigner
instance with PaDES Baseline-LTA Profile.- Parameters:
signerProperties
-SignerProperties
properties to be used for main signing operationchain
- the chain of certificates to be used for signing operationexternalSignature
-IExternalSignature
instance to be used for main signing operationtsaClient
-ITSAClient
instance to be used for timestamp creation- Throws:
java.security.GeneralSecurityException
- in case of signing related exceptionsjava.io.IOException
- in case of files related exceptions
-
signWithBaselineLTAProfile
public void signWithBaselineLTAProfile(SignerProperties signerProperties, java.security.cert.Certificate[] chain, java.security.PrivateKey privateKey, ITSAClient tsaClient) throws java.security.GeneralSecurityException, java.io.IOException
Sign the document provided inPdfSigner
instance with PaDES Baseline-LTA Profile.- Parameters:
signerProperties
-SignerProperties
properties to be used for main signing operationchain
- the chain of certificates to be used for signing operationprivateKey
-PrivateKey
instance to be used for main signing operationtsaClient
-ITSAClient
instance to be used for timestamp creation- Throws:
java.security.GeneralSecurityException
- in case of signing related exceptionsjava.io.IOException
- in case of files related exceptions
-
prolongSignatures
public void prolongSignatures(ITSAClient tsaClient) throws java.io.IOException, java.security.GeneralSecurityException
Add revocation information for all the signatures which could be found in the provided document. Also add timestamp signature on top of that.- Parameters:
tsaClient
-ITSAClient
TSA Client to be used for timestamp signature creation- Throws:
java.io.IOException
- in case of files related exceptionsjava.security.GeneralSecurityException
- in case of signing related exceptions
-
prolongSignatures
public void prolongSignatures() throws java.io.IOException, java.security.GeneralSecurityException
Add revocation information for all the signatures which could be found in the provided document.- Throws:
java.io.IOException
- in case of files related exceptionsjava.security.GeneralSecurityException
- in case of signing related exceptions
-
setTemporaryDirectoryPath
public PdfPadesSigner setTemporaryDirectoryPath(java.lang.String temporaryDirectoryPath)
Set temporary directory to be used for temporary files creation.If none is set, temporary documents will be created in memory.
- Parameters:
temporaryDirectoryPath
-String
representing relative or absolute path to the directory- Returns:
- same instance of
PdfPadesSigner
-
setCertificationLevel
public PdfPadesSigner setCertificationLevel(AccessPermissions accessPermissions)
Set certification level which specifies DocMDP level which is expected to be set.- Parameters:
accessPermissions
-AccessPermissions
certification level- Returns:
- same instance of
PdfPadesSigner
-
setSignatureFieldLock
public PdfPadesSigner setSignatureFieldLock(PdfSigFieldLock fieldLock)
Set FieldMDP rules to be applied for this signature.- Parameters:
fieldLock
-PdfSigFieldLock
field lock dictionary.- Returns:
- same instance of
PdfPadesSigner
-
setTimestampSignatureName
public PdfPadesSigner setTimestampSignatureName(java.lang.String timestampSignatureName)
Set the name to be used for timestamp signature creation.This setter is only relevant if
signWithBaselineLTAProfile(com.itextpdf.signatures.SignerProperties, java.security.cert.Certificate[], com.itextpdf.signatures.IExternalSignature, com.itextpdf.signatures.ITSAClient)
orprolongSignatures(com.itextpdf.signatures.ITSAClient)
methods are used.If none is set, randomly generated signature name will be used.
- Parameters:
timestampSignatureName
-String
representing the name of a timestamp signature to be applied- Returns:
- same instance of
PdfPadesSigner
-
setStampingProperties
public PdfPadesSigner setStampingProperties(StampingProperties stampingProperties)
Set stamping properties to be used during main signing operation.If none is set, stamping properties with append mode enabled will be used
- Parameters:
stampingProperties
-StampingProperties
instance to be used during main signing operation- Returns:
- same instance of
PdfPadesSigner
-
setEstimatedSize
public PdfPadesSigner setEstimatedSize(int estimatedSize)
Set estimated size of a signature to be applied.This parameter represents estimated amount of bytes to be preserved for the signature.
If none is set, 0 will be used and the required space will be calculated during the signing.
- Parameters:
estimatedSize
- amount of bytes to be used as estimated value- Returns:
- same instance of
PdfPadesSigner
-
setOcspClient
public PdfPadesSigner setOcspClient(IOcspClient ocspClient)
SetIOcspClient
to be used for LTV Verification.This setter is only relevant if Baseline-LT Profile level or higher is used.
If none is set, there will be an attempt to create default OCSP Client instance using the certificate chain.
- Parameters:
ocspClient
-IOcspClient
instance to be used for LTV Verification- Returns:
- same instance of
PdfPadesSigner
-
setCrlClient
public PdfPadesSigner setCrlClient(ICrlClient crlClient)
SetICrlClient
to be used for LTV Verification.This setter is only relevant if Baseline-LT Profile level or higher is used.
If none is set, there will be an attempt to create default CRL Client instance using the certificate chain.
- Parameters:
crlClient
-ICrlClient
instance to be used for LTV Verification- Returns:
- same instance of
PdfPadesSigner
-
setExternalDigest
public PdfPadesSigner setExternalDigest(IExternalDigest externalDigest)
SetIExternalDigest
to be used for main signing operation.If none is set,
BouncyCastleDigest
instance will be used instead.- Parameters:
externalDigest
-IExternalDigest
to be used for main signing operation.- Returns:
- same instance of
PdfPadesSigner
-
setIssuingCertificateRetriever
public PdfPadesSigner setIssuingCertificateRetriever(IIssuingCertificateRetriever issuingCertificateRetriever)
SetIIssuingCertificateRetriever
to be used before main signing operation.If none is set,
IssuingCertificateRetriever
instance will be used instead.- Parameters:
issuingCertificateRetriever
-IIssuingCertificateRetriever
instance to be used for getting missing certificates in chain or CRL response issuer certificates.- Returns:
- same instance of
PdfPadesSigner
.
-
setTrustedCertificates
public PdfPadesSigner setTrustedCertificates(java.util.List<java.security.cert.Certificate> certificateList)
Set certificate list to be used by theIIssuingCertificateRetriever
to retrieve missing certificates.- Parameters:
certificateList
- certificate list for getting missing certificates in chain or CRL response issuer certificates.- Returns:
- same instance of
PdfPadesSigner
.
-
performTimestamping
void performTimestamping(PdfDocument document, java.io.OutputStream outputStream, ITSAClient tsaClient) throws java.io.IOException, java.security.GeneralSecurityException
- Throws:
java.io.IOException
java.security.GeneralSecurityException
-
createPdfSigner
PdfSigner createPdfSigner(SignerProperties signerProperties, boolean isFinal) throws java.io.IOException
- Throws:
java.io.IOException
-
performLtvVerification
void performLtvVerification(PdfDocument pdfDocument, java.util.List<java.lang.String> signatureNames, LtvVerification.RevocationDataNecessity revocationDataNecessity) throws java.io.IOException, java.security.GeneralSecurityException
- Throws:
java.io.IOException
java.security.GeneralSecurityException
-
deleteTempFiles
void deleteTempFiles()
-
createOutputStream
java.io.OutputStream createOutputStream() throws java.io.FileNotFoundException
- Throws:
java.io.FileNotFoundException
-
createInputStream
java.io.InputStream createInputStream() throws java.io.IOException
- Throws:
java.io.IOException
-
createRevocationClients
void createRevocationClients(java.security.cert.Certificate signingCert, boolean clientsRequired)
-
performSignDetached
private void performSignDetached(SignerProperties signerProperties, boolean isFinal, IExternalSignature externalSignature, java.security.cert.Certificate[] chain, ITSAClient tsaClient) throws java.security.GeneralSecurityException, java.io.IOException
- Throws:
java.security.GeneralSecurityException
java.io.IOException
-
getNextTempFile
private java.io.File getNextTempFile()
-
getDigestAlgorithm
private java.lang.String getDigestAlgorithm(java.security.PrivateKey privateKey)
-
-