Class SignUtils


  • final class SignUtils
    extends java.lang.Object
    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      (package private) static class  SignUtils.TsaResponse  
    • Constructor Summary

      Constructors 
      Constructor Description
      SignUtils()  
    • Method Summary

      All Methods Static Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      (package private) static java.util.Date add180Sec​(java.util.Date date)  
      (package private) static boolean checkIfIssuersMatch​(ICertificateID certID, java.security.cert.X509Certificate issuerCert)  
      (package private) static java.security.cert.Certificate generateCertificate​(java.io.InputStream data, java.security.Provider provider)  
      (package private) static ICertificateID generateCertificateId​(java.security.cert.X509Certificate issuerCert, java.math.BigInteger serialNumber, IASN1ObjectIdentifier identifier)  
      (package private) static ICertificateID generateCertificateId​(java.security.cert.X509Certificate issuerCert, java.math.BigInteger serialNumber, IAlgorithmIdentifier digestAlgorithmIdentifier)  
      (package private) static IOCSPReq generateOcspRequestWithNonce​(ICertificateID id)  
      (package private) static java.lang.Iterable<java.security.cert.X509Certificate> getCertificates​(java.security.KeyStore keyStore)  
      (package private) static java.lang.Iterable<java.security.cert.X509Certificate> getCertsFromOcspResponse​(IBasicOCSPResp ocspResp)  
      (package private) static byte[] getExtensionValueByOid​(java.security.cert.CRL crl, java.lang.String oid)  
      (package private) static byte[] getExtensionValueByOid​(java.security.cert.X509Certificate certificate, java.lang.String oid)  
      (package private) static <T> T getFirstElement​(java.lang.Iterable<T> iterable)  
      (package private) static java.io.InputStream getHttpResponse​(java.net.URL urlt)  
      (package private) static java.io.InputStream getHttpResponseForOcspRequest​(byte[] request, java.net.URL urlt)  
      (package private) static javax.security.auth.x500.X500Principal getIssuerX500Principal​(IASN1Sequence issuerAndSerialNumber)  
      (package private) static java.security.MessageDigest getMessageDigest​(java.lang.String hashAlgorithm)  
      (package private) static java.security.MessageDigest getMessageDigest​(java.lang.String hashAlgorithm, IExternalDigest externalDigest)  
      (package private) static java.security.MessageDigest getMessageDigest​(java.lang.String hashAlgorithm, java.lang.String provider)  
      (package private) static java.lang.String getPrivateKeyAlgorithm​(java.security.PrivateKey pk)  
      (package private) static java.security.Signature getSignatureHelper​(java.lang.String algorithm, java.lang.String provider)  
      (package private) static java.util.Calendar getTimeStampDate​(ITSTInfo timeStampTokenInfo)  
      (package private) static SignUtils.TsaResponse getTsaResponseForUserRequest​(java.lang.String tsaUrl, byte[] requestBytes, java.lang.String tsaUsername, java.lang.String tsaPassword)  
      (package private) static boolean hasUnsupportedCriticalExtension​(java.security.cert.X509Certificate cert)
      Deprecated.
      this behavior is different in Java and .NET, because in Java we use this two-step check: first via #hasUnsupportedCriticalExtension method, and then additionally allowing standard critical extensions; in .NET there's only second step.
      (package private) static boolean isSignatureValid​(IBasicOCSPResp validator, java.security.cert.Certificate certStoreX509, java.lang.String provider)  
      (package private) static void isSignatureValid​(ITimeStampToken validator, java.security.cert.X509Certificate certStoreX509, java.lang.String provider)  
      (package private) static java.security.cert.CRL parseCrlFromStream​(java.io.InputStream input)
      Parses a CRL from an InputStream.
      (package private) static java.util.Collection<java.security.cert.Certificate> readAllCerts​(byte[] contentsKey)  
      (package private) static java.util.Collection<java.security.cert.Certificate> readAllCerts​(java.io.InputStream contentsKey, java.security.Provider provider)  
      (package private) static java.util.Collection<java.security.cert.CRL> readAllCRLs​(byte[] contentsKey)  
      (package private) static void setRSASSAPSSParamsWithMGF1​(java.security.Signature signature, java.lang.String digestAlgoName, int saltLen, int trailerField)  
      static void updateVerifier​(java.security.Signature signature, byte[] attr)  
      (package private) static boolean verifyCertificateSignature​(java.security.cert.X509Certificate certificate, java.security.PublicKey issuerPublicKey, java.lang.String provider)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • SignUtils

        SignUtils()
    • Method Detail

      • getPrivateKeyAlgorithm

        static java.lang.String getPrivateKeyAlgorithm​(java.security.PrivateKey pk)
      • parseCrlFromStream

        static java.security.cert.CRL parseCrlFromStream​(java.io.InputStream input)
                                                  throws java.security.cert.CertificateException,
                                                         java.security.cert.CRLException
        Parses a CRL from an InputStream.
        Parameters:
        input - The InputStream holding the unparsed CRL.
        Returns:
        the parsed CRL object
        Throws:
        java.security.cert.CertificateException - thrown when no provider has been found for X509
        java.security.cert.CRLException - thrown during parsing the CRL
      • getExtensionValueByOid

        static byte[] getExtensionValueByOid​(java.security.cert.X509Certificate certificate,
                                             java.lang.String oid)
      • getExtensionValueByOid

        static byte[] getExtensionValueByOid​(java.security.cert.CRL crl,
                                             java.lang.String oid)
      • getMessageDigest

        static java.security.MessageDigest getMessageDigest​(java.lang.String hashAlgorithm)
                                                     throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException
      • getMessageDigest

        static java.security.MessageDigest getMessageDigest​(java.lang.String hashAlgorithm,
                                                            IExternalDigest externalDigest)
                                                     throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException
      • getMessageDigest

        static java.security.MessageDigest getMessageDigest​(java.lang.String hashAlgorithm,
                                                            java.lang.String provider)
                                                     throws java.security.NoSuchAlgorithmException,
                                                            java.security.NoSuchProviderException
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.NoSuchProviderException
      • getHttpResponse

        static java.io.InputStream getHttpResponse​(java.net.URL urlt)
                                            throws java.io.IOException
        Throws:
        java.io.IOException
      • getHttpResponseForOcspRequest

        static java.io.InputStream getHttpResponseForOcspRequest​(byte[] request,
                                                                 java.net.URL urlt)
                                                          throws java.io.IOException
        Throws:
        java.io.IOException
      • add180Sec

        static java.util.Date add180Sec​(java.util.Date date)
      • getCertsFromOcspResponse

        static java.lang.Iterable<java.security.cert.X509Certificate> getCertsFromOcspResponse​(IBasicOCSPResp ocspResp)
      • readAllCerts

        static java.util.Collection<java.security.cert.Certificate> readAllCerts​(byte[] contentsKey)
                                                                          throws java.security.cert.CertificateException
        Throws:
        java.security.cert.CertificateException
      • readAllCerts

        static java.util.Collection<java.security.cert.Certificate> readAllCerts​(java.io.InputStream contentsKey,
                                                                                 java.security.Provider provider)
                                                                          throws java.security.cert.CertificateException
        Throws:
        java.security.cert.CertificateException
      • generateCertificate

        static java.security.cert.Certificate generateCertificate​(java.io.InputStream data,
                                                                  java.security.Provider provider)
                                                           throws java.security.cert.CertificateException
        Throws:
        java.security.cert.CertificateException
      • readAllCRLs

        static java.util.Collection<java.security.cert.CRL> readAllCRLs​(byte[] contentsKey)
                                                                 throws java.security.cert.CertificateException,
                                                                        java.security.cert.CRLException
        Throws:
        java.security.cert.CertificateException
        java.security.cert.CRLException
      • getFirstElement

        static <T> T getFirstElement​(java.lang.Iterable<T> iterable)
      • getIssuerX500Principal

        static javax.security.auth.x500.X500Principal getIssuerX500Principal​(IASN1Sequence issuerAndSerialNumber)
                                                                      throws java.io.IOException
        Throws:
        java.io.IOException
      • getTsaResponseForUserRequest

        static SignUtils.TsaResponse getTsaResponseForUserRequest​(java.lang.String tsaUrl,
                                                                  byte[] requestBytes,
                                                                  java.lang.String tsaUsername,
                                                                  java.lang.String tsaPassword)
                                                           throws java.io.IOException
        Throws:
        java.io.IOException
      • hasUnsupportedCriticalExtension

        @Deprecated
        static boolean hasUnsupportedCriticalExtension​(java.security.cert.X509Certificate cert)
        Deprecated.
        this behavior is different in Java and .NET, because in Java we use this two-step check: first via #hasUnsupportedCriticalExtension method, and then additionally allowing standard critical extensions; in .NET there's only second step. However, removing first step in Java can be a breaking change for some users and moreover we don't have any means of providing customization for unsupported extensions check as of right now.

        During major release I'd suggest changing java unsupported extensions check logic to the same as in .NET, but only if it is possible to customize this logic.

        Check if the provided certificate has a critical extension that iText doesn't support.
        Parameters:
        cert - X509Certificate instance to check
        Returns:
        true if there are unsupported critical extensions, false if there are none
      • getTimeStampDate

        static java.util.Calendar getTimeStampDate​(ITSTInfo timeStampTokenInfo)
      • getSignatureHelper

        static java.security.Signature getSignatureHelper​(java.lang.String algorithm,
                                                          java.lang.String provider)
                                                   throws java.security.NoSuchProviderException,
                                                          java.security.NoSuchAlgorithmException
        Throws:
        java.security.NoSuchProviderException
        java.security.NoSuchAlgorithmException
      • setRSASSAPSSParamsWithMGF1

        static void setRSASSAPSSParamsWithMGF1​(java.security.Signature signature,
                                               java.lang.String digestAlgoName,
                                               int saltLen,
                                               int trailerField)
                                        throws java.security.InvalidAlgorithmParameterException
        Throws:
        java.security.InvalidAlgorithmParameterException
      • updateVerifier

        public static void updateVerifier​(java.security.Signature signature,
                                          byte[] attr)
                                   throws java.security.SignatureException
        Throws:
        java.security.SignatureException
      • verifyCertificateSignature

        static boolean verifyCertificateSignature​(java.security.cert.X509Certificate certificate,
                                                  java.security.PublicKey issuerPublicKey,
                                                  java.lang.String provider)
      • getCertificates

        static java.lang.Iterable<java.security.cert.X509Certificate> getCertificates​(java.security.KeyStore keyStore)
                                                                               throws java.security.KeyStoreException
        Throws:
        java.security.KeyStoreException