iaik.pdf.cmscades

Class AbstractCadesSignature

java.lang.Object

iaik.pdf.cmscades.AbstractCadesSignature

Direct Known Subclasses:

CadesSignature, CadesSignatureStream

public abstract class AbstractCadesSignature
extends java.lang.Object

Basic methods to handle CMS signatures according to CAdES or PAdES profiles.

Constructor Summary

Constructors

Constructor and Description
AbstractCadesSignature()

Method Summary

Modifier and Type	Method and Description
void	addArchiveTimeStamp(int signerInfoIndex, CadesLTAParameters params) Adds an archive timestamp to this signature for the given signer.
void	addArchiveTimeStamp(iaik.x509.X509Certificate signerCert, CadesLTAParameters params) Adds an archive timestamp to this signature for the given signer.
void	addSignerInfo(java.security.PrivateKey privateKey, iaik.x509.X509Certificate[] certChain, SignatureParameters params) Adds SignerInfo containing all required attributes as given by the parameters.
void	encodeUpgradedSignature() Writes the encoding of the upgraded CMS signature to the previously specified output stream.
ArchiveTimeStampv3[]	getArchiveTimeStamps(int signerInfoIndex) Returns all archive timestamps included in this signature for the given signer.
ArchiveTimeStampv3[]	getArchiveTimeStamps(iaik.x509.X509Certificate signerCert) Returns all archive timestamps included in this signature for the given signer.
ContentTimeStamp[]	getContentTimeStamps(int signerInfoIndex) Return all content timestamps included in this signature for the given signer.
ContentTimeStamp[]	getContentTimeStamps(iaik.x509.X509Certificate signerCert) Return all content timestamps included in this signature for the given signer.
static iaik.x509.X509CRL	getCRL(iaik.x509.X509Certificate certificate) Extract corresponding CRL of certificate, if an URL to the CRL is included.
SignatureTimeStamp[]	getSignatureTimeStamps(int signerInfoIndex) Return all signature timestamps included in this signature for the given signer.
SignatureTimeStamp[]	getSignatureTimeStamps(iaik.x509.X509Certificate signerCert) Return all signature timestamps included in this signature for the given signer.
iaik.tsp.TimeStampToken	getSignatureTimeStampToken(int signerInfoIndex) Extract signature timestamp token if included.
iaik.tsp.TimeStampToken	getSignatureTimeStampToken(iaik.x509.X509Certificate signerCert) Extract signature timestamp token if included.
iaik.cms.SignedDataStream	getSignedDataObject() Get the SignedData object of type SignedData or SignedDataStream
iaik.cms.SignerInfo[]	getSignerInfos() Extract all SignerInfos included in this CAdES signature.
void	verifySignatureTimestampImprint(int signerInfoIndex) Verify signature timestamp if included.
void	verifySignatureTimestampImprint(int signerInfoIndex, iaik.x509.X509Certificate tsaCertificate) Verify signature timestamp if included.
void	verifySignatureTimestampImprint(iaik.x509.X509Certificate signerCertificate) Verify signature timestamp if included.
void	verifySignatureTimestampImprint(iaik.x509.X509Certificate signerCertificate, iaik.x509.X509Certificate tsaCertificate) Verify signature timestamp if included.
iaik.x509.X509Certificate	verifySignatureValue(int signerInfoIndex) Verifies the signature that has been created by the signer at signerInfoIndex.
void	verifySignatureValue(java.security.PublicKey signerPublicKey, int signerInfoIndex) Uses the provided public key to verify the signature that has been created by the signer at signerInfoIndex.
iaik.cms.SignerInfo	verifySignatureValue(iaik.x509.X509Certificate signerCertificate) Verifies the signature that has been created by the signer corresponding to the given signerCertificate.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractCadesSignature

public AbstractCadesSignature()

Method Detail

addSignerInfo

public void addSignerInfo(java.security.PrivateKey privateKey,
                          iaik.x509.X509Certificate[] certChain,
                          SignatureParameters params)
                   throws java.io.IOException,
                          java.security.NoSuchAlgorithmException,
                          CmsCadesException

Adds SignerInfo containing all required attributes as given by the parameters.

Parameters:

privateKey - the signer's private key

certChain - corresponding certificate chain

params - parameters containing details about the required signature

Throws:

java.io.IOException - If the data, that shall be signed, can't be read

java.security.NoSuchAlgorithmException - If the digest algorithm, specified in the parameters, is invalid or not available

CmsCadesException - If the attributes can't be created

encodeUpgradedSignature

public void encodeUpgradedSignature()
                             throws java.io.IOException,
                                    CmsCadesException

Writes the encoding of the upgraded CMS signature to the previously specified output stream. Use this method to get the encoding of an upgraded signature (i.e. if the CadesSignatureStream or CadesSignature has been instantiated with an existing signature). If no output stream has previously been specified with the constructor, an IOException is thrown. Example usage: OutputStream archivedSignature = new ByteArrayOutputStream(); CadesSignatureStream cadesSig = new CadesSignatureStream(signature, data, archivedSignature); cadesSig.addArchiveTimeStamp(signerCertificate, archiveParameters); cadesSig.encodeUpgradedSignature();

Throws:

java.io.IOException - if no output stream was specified with the constructor or data can't be read

CmsCadesException - if signed data attributes or signed data object can't be created

getSignedDataObject

public iaik.cms.SignedDataStream getSignedDataObject()

Get the SignedData object of type SignedData or SignedDataStream

Returns:

the SignedData object

getSignerInfos

public iaik.cms.SignerInfo[] getSignerInfos()
                                     throws CmsCadesException

Extract all SignerInfos included in this CAdES signature.

Returns:

all signer infos

Throws:

CmsCadesException - if no SignerInfo is included.

verifySignatureValue

public iaik.x509.X509Certificate verifySignatureValue(int signerInfoIndex)
                                               throws iaik.cms.CMSSignatureException

Verifies the signature that has been created by the signer at signerInfoIndex. The signature is verified by using the public key of the specified signer, which is extracted from the signer certificate, derived from the certificates field. Note that this method does not perform any certificate verification.

Parameters:

signerInfoIndex - the index of the SignerInfo whose signature has to be verified

Returns:

the certificate of the signer, if its signature turns out to be correct; otherwise a SignaturException is thrown

Throws:

iaik.cms.CMSSignatureException - if the signature verification fails

verifySignatureValue

public iaik.cms.SignerInfo verifySignatureValue(iaik.x509.X509Certificate signerCertificate)
                                         throws iaik.cms.CMSSignatureException

Verifies the signature that has been created by the signer corresponding to the given signerCertificate. Note that this method does not perform any certificate verification.

Parameters:

signerCertificate - the certificate of the signer whose signature should be verified

Returns:

the signerInfo belonging to the signer being owner of the given certificate

Throws:

iaik.cms.CMSSignatureException - if the signature verification fails

verifySignatureValue

public void verifySignatureValue(java.security.PublicKey signerPublicKey,
                                 int signerInfoIndex)
                          throws iaik.cms.CMSSignatureException

Uses the provided public key to verify the signature that has been created by the signer at signerInfoIndex. Note that this method does not perform any certificate verification.

Parameters:

signerPublicKey - the public key of the signer to verify the message

signerInfoIndex - the index of the SignerInfo whose signature has to be verified

Throws:

iaik.cms.CMSSignatureException - if the signature verification fails

verifySignatureTimestampImprint

public void verifySignatureTimestampImprint(iaik.x509.X509Certificate signerCertificate)
                                     throws CmsCadesException,
                                            iaik.tsp.TspVerificationException

Verify signature timestamp if included. No verification is done if no timestamp is contained. If more than one signature timestamp is included in this signature, the first signature timestamp is verified. Verifies the signature value and whether the message imprint equals the expected signature as given by signerInfo. No certificate path validation is done. Uses the timestamp authority's certificate included in the timestamp, if available.

Parameters:

signerCertificate - the signer's certificate

Throws:

CmsCadesException - if tsa certificate is not included to verify timestamp, if timestamp can't be extracted or if signerinfoindex is invalid

iaik.tsp.TspVerificationException - if signature of timestamp token is invalid or an parsing error occurs

verifySignatureTimestampImprint

public void verifySignatureTimestampImprint(int signerInfoIndex)
                                     throws CmsCadesException,
                                            iaik.tsp.TspVerificationException

Verify signature timestamp if included. No verification is done if no timestamp is contained. If more than one signature timestamp is included in this signature, the first signature timestamp is verified. Verifies the signature value and whether the message imprint equals the expected signature as given by signerInfo. No certificate path validation is done. Uses the timestamp authority's certificate included in the timestamp, if available.

Parameters:

signerInfoIndex - the index of the SignerInfo including the timestamp

Throws:

CmsCadesException - if tsa certificate is not included to verify timestamp, if timestamp can't be extracted or if signerinfoindex is invalid

iaik.tsp.TspVerificationException - if signature of timestamp token is invalid or an parsing error occurs

verifySignatureTimestampImprint

public void verifySignatureTimestampImprint(iaik.x509.X509Certificate signerCertificate,
                                            iaik.x509.X509Certificate tsaCertificate)
                                     throws CmsCadesException,
                                            iaik.tsp.TspVerificationException

Verify signature timestamp if included. No verification is done if no timestamp is contained. If more than one signature timestamp is included in this signature, the first signature timestamp is verified. Verifies the signature value and whether the message imprint equals the expected signature as given by signerInfo. No certificate path validation is done. To verify the signature the given TSA certificate is used. If the given TSA certificate is null and this timestamp contains the corresponding TSA certificate, the included TSA certificate is used.

Parameters:

signerCertificate - the signer's certificate

tsaCertificate - the certificate of the timestamp authority

Throws:

CmsCadesException - if timestamp can't be extracted or if signerInfoIndex is invalid

iaik.tsp.TspVerificationException - if signature of timestamp token is invalid or an parsing error occurs

verifySignatureTimestampImprint

public void verifySignatureTimestampImprint(int signerInfoIndex,
                                            iaik.x509.X509Certificate tsaCertificate)
                                     throws CmsCadesException,
                                            iaik.tsp.TspVerificationException

Verify signature timestamp if included. No verification is done if no timestamp is contained. If more than one signature timestamp is included in this signature, the first signature timestamp is verified. Verifies the signature value and whether the message imprint equals the expected signature as given by signerInfo. No certificate path validation is done. To verify the signature the given TSA certificate is used. If the given TSA certificate is null and this timestamp contains the corresponding TSA certificate, the included TSA certificate is used.

Parameters:

signerInfoIndex - the index of the SignerInfo containing the timestamp

tsaCertificate - the certificate of the timestamp authority

Throws:

CmsCadesException - if timestamp can't be extracted or if signerInfoIndex is invalid

iaik.tsp.TspVerificationException - if signature of timestamp token is invalid or an parsing error occurs

getSignatureTimeStampToken

public iaik.tsp.TimeStampToken getSignatureTimeStampToken(iaik.x509.X509Certificate signerCert)
                                                   throws CmsCadesException

Extract signature timestamp token if included. If more than one signature timestamp is included in this signature, the first signature timestamp token is returned.

Parameters:

signerCert - the signer's certificate

Returns:

the signature timestamp token or null if none included

Throws:

CmsCadesException - if signerInfoIndex is invalid or timestamp token can't be parsed

getSignatureTimeStampToken

public iaik.tsp.TimeStampToken getSignatureTimeStampToken(int signerInfoIndex)
                                                   throws CmsCadesException

Extract signature timestamp token if included. If more than one signature timestamp is included in this signature, the first signature timestamp token is returned.

Parameters:

signerInfoIndex - the index of the SignerInfo containing the timestamp token

Returns:

the signature timestamp token or null if none included

Throws:

CmsCadesException - if signerInfoIndex is invalid or timestamp token can't be parsed

getSignatureTimeStamps

public SignatureTimeStamp[] getSignatureTimeStamps(iaik.x509.X509Certificate signerCert)
                                            throws CmsCadesException

Return all signature timestamps included in this signature for the given signer.

Parameters:

signerCert - the signer's certificate

Returns:

all signature timestamps for this signer or an empty array if none included

Throws:

CmsCadesException - if signerInfoIndex is invalid or timestamp token can't be parsed

getSignatureTimeStamps

public SignatureTimeStamp[] getSignatureTimeStamps(int signerInfoIndex)
                                            throws CmsCadesException

Return all signature timestamps included in this signature for the given signer.

Parameters:

signerInfoIndex - the index of the SignerInfo containing the timestamp token

Returns:

all signature timestamps for this signer or an empty array if none included

Throws:

CmsCadesException - if signerInfoIndex is invalid or timestamp token can't be parsed

getContentTimeStamps

public ContentTimeStamp[] getContentTimeStamps(iaik.x509.X509Certificate signerCert)
                                        throws CmsCadesException

Return all content timestamps included in this signature for the given signer.

Parameters:

signerCert - the signer's certificate

Returns:

all content timestamps for this signer or an empty array if none included

Throws:

CmsCadesException - if signerInfoIndex is invalid or timestamp token can't be parsed

getContentTimeStamps

public ContentTimeStamp[] getContentTimeStamps(int signerInfoIndex)
                                        throws CmsCadesException

Return all content timestamps included in this signature for the given signer.

Parameters:

signerInfoIndex - the index of the SignerInfo containing the timestamp token

Returns:

all content timestamps for this signer or an empty array if none included

Throws:

CmsCadesException - if signerInfoIndex is invalid or timestamp token can't be parsed

getCRL

public static iaik.x509.X509CRL getCRL(iaik.x509.X509Certificate certificate)
                                throws CmsCadesException,
                                       java.io.IOException

Extract corresponding CRL of certificate, if an URL to the CRL is included.

Parameters:

certificate - certificate to extract the CRL from

Returns:

the corresponding CRL or null, if no URL included

Throws:

CmsCadesException - if CRL can't be extracted

java.io.IOException - if CRL can't be retrieved from given URL

addArchiveTimeStamp

public void addArchiveTimeStamp(int signerInfoIndex,
                                CadesLTAParameters params)
                         throws CmsCadesException,
                                java.security.NoSuchAlgorithmException

Adds an archive timestamp to this signature for the given signer. The timestamp token is requested from the timestamp server as specified in the given parameters. If the given parameters specify a timestamp digest algorithm, this algorithm is used. Otherwise, the default digest algorithm as given in ArchiveTimeStampv3.DEFAULTHASHALGORITHM is used. Prior to adding the archive timestamp all certificates and revocation information included in the given parameters are added to this signature.

Parameters:

signerInfoIndex - the index of the SignerInfo the archive timestamp shall be added to

params - the parameters specifying all details needed for the creation of the archive timestamp

Throws:

CmsCadesException - if signerInfoIndex is invalid, the parameter data can't be added to the signature or the timestamp can't be created

java.security.NoSuchAlgorithmException - if the timestamp digest algorithm is unknown

addArchiveTimeStamp

public void addArchiveTimeStamp(iaik.x509.X509Certificate signerCert,
                                CadesLTAParameters params)
                         throws CmsCadesException,
                                java.security.NoSuchAlgorithmException

Adds an archive timestamp to this signature for the given signer. The timestamp token is requested from the timestamp server as specified in the given parameters. If the given parameters specify a timestamp digest algorithm, this algorithm is used. Otherwise, the default digest algorithm as given in ArchiveTimeStampv3.DEFAULTHASHALGORITHM is used. Prior to adding the archive timestamp all certificates and revocation information included in the given parameters are added to this signature.

Parameters:

signerCert - the signer's certificate

params - the parameters specifying all details needed for the creation of the archive timestamp

Throws:

CmsCadesException - if signerInfoIndex is invalid, the parameter data can't be added to the signature or the timestamp can't be created

java.security.NoSuchAlgorithmException - if the timestamp digest algorithm is unknown

getArchiveTimeStamps

public ArchiveTimeStampv3[] getArchiveTimeStamps(iaik.x509.X509Certificate signerCert)
                                          throws CmsCadesException,
                                                 java.security.NoSuchAlgorithmException

Returns all archive timestamps included in this signature for the given signer.

Parameters:

signerCert - the signer's certificate

Returns:

all archive timestamps for this signer or an empty array if none included

Throws:

CmsCadesException - if no signer info for this certificate exists or archive timestamps can't be extracted

java.security.NoSuchAlgorithmException - if timestamp digest algorithm is unknown or no content hash for this digest algorithm is available

getArchiveTimeStamps

public ArchiveTimeStampv3[] getArchiveTimeStamps(int signerInfoIndex)
                                          throws CmsCadesException,
                                                 java.security.NoSuchAlgorithmException

Returns all archive timestamps included in this signature for the given signer.

Parameters:

signerInfoIndex - the index of the SignerInfo containing the timestamp token

Returns:

all archive timestamps for this signer or an empty array if none included

Throws:

CmsCadesException - if signerInfoIndex is invalid or archive timestamps can't be extracted

java.security.NoSuchAlgorithmException - if timestamp digest algorithm is unknown or no content hash for this digest algorithm is available