iaik.pdf.parameters

Class PdfSignatureParameters

java.lang.Object

iaik.pdf.parameters.SignatureParameters

iaik.pdf.parameters.PdfSignatureParameters

Direct Known Subclasses:

PadesBasicParameters, PadesBESParameters

public abstract class PdfSignatureParameters
extends SignatureParameters

Abstract parameter superclass used for PDF signature creation.

Method Summary

Modifier and Type	Method and Description
void	addContentTimestampProperties(java.lang.String tsaUrl, java.lang.String username, java.lang.String password) Add all details required to create a content timestamp and add it as signed attribute to the signature.
void	addSignaturePolicyIdentifier(SignaturePolicyIdentifier policyIdentifier) Adds a signature policy identifier required for a PAdES-EPES signature creation.
void	addSignatureTimestampProperties(java.lang.String tsaUrl, java.lang.String username, java.lang.String password) Add all details required to create a signature timestamp and add it as unsigned attribute to the signature.
void	addSignatureTimestampProperties(java.lang.String tsaUrl, java.lang.String username, java.lang.String password, java.lang.String imprintDigestAlgorithm) Add all details required to create a signature timestamp and add it as unsigned attribute to the signature.
java.security.cert.CRL[]	getCrls() Get CRLs as array, that will be included in signature as signed attribute
int	getEstimatedLength() Get byte length of parameters to reserve sufficient space in signature field
java.lang.String	getOcspUrl() Get OCSP URL, that will be used for the creation of the OCSP response included in the signature
java.lang.String	getSignatureContactInfo() Get contact info given in signature.
Constants.SubFilter	getSignatureEncoding() Get the signature encoding (subfilter)
java.lang.String	getSignatureLocation() Get location where signature has been applied.
java.lang.String	getSignatureReason() Get reason given in signature.
TimestampProperties[]	getSignatureTimestampProperties() Get timestamp properties to create the respective number of signature timestamps.
java.util.Vector<iaik.asn1.structures.Attribute>	getSignedSignerInfoAttributes(iaik.cms.SignedDataStream signedData, iaik.cms.SignerInfo signerInfo, iaik.x509.X509Certificate[] signerCertificateChain) Return all signed attributes as determined by the respective parameter class.
java.lang.String	getTsaPw() Get password for authorization at the timestamp server, used to create the signature timestamp.
java.lang.String	getTsaUrl() Get URL of timestamp server, used to create the signature timestamp.
java.lang.String	getTsaUsername() Get username for authorization at the timestamp server, used to create the signature timestamp.
java.lang.String	getTspImprintDigestAlgorithm() Get digest algorithm, used to hash the data and create the signature timestamp.
java.util.Vector<iaik.asn1.structures.Attribute>	getUnsignedSignerInfoAttributes(iaik.cms.SignedDataStream signedData, iaik.cms.SignerInfo signerInfo, iaik.x509.X509Certificate[] signerCertificateChain) Return all unsigned attributes as determined by the respective parameter class.
void	setContentTimestampProperties(java.lang.String tsaUrl, java.lang.String username, java.lang.String password) Set all details required to create a content timestamp and add it as signed attribute to the signature.
void	setCrls(java.security.cert.CRL[] crls) Set CRLs to be included in signature as signed attribute
void	setDigestAlgorithm(java.lang.String hashAlgorithm) Set digest algorithm used for content digest in signature.
void	setOcspResponses(iaik.x509.ocsp.OCSPResponse[] ocspResponses) Set OCSP responses to be included in signature as signed attribute.
void	setOcspUrl(java.lang.String ocspUrl) Given OCSP responder URL will be used, to request an OCSP response for the signer certificate during signing.
void	setOcspUrl(java.lang.String ocspUrl, java.security.PrivateKey requestorKey, iaik.x509.X509Certificate[] requestorCerts) Given OCSP responder URL will be used, to request an OCSP response for the signer certificate during signing.
void	setSignatureContactInfo(java.lang.String contactinfo) Specify contact information for signature
void	setSignatureLocation(java.lang.String location) Specify location for signature
void	setSignatureReason(java.lang.String reason) Specify reason for signature
void	setSignatureTimestampProperties(java.lang.String tsaUrl, java.lang.String username, java.lang.String password) Set all details required to create a signature timestamp and add it as unsigned attribute to the signature.
void	setSignatureTimestampProperties(java.lang.String tsaUrl, java.lang.String username, java.lang.String password, java.lang.String imprintDigestAlgorithm) Set all details required to create a signature timestamp and add it as unsigned attribute to the signature.
void	setTsaDetails(java.lang.String tsaUrl, java.lang.String username, java.lang.String password) Deprecated. use setSignatureTimestampProperties(String,String,String) instead

Methods inherited from class iaik.pdf.parameters.SignatureParameters

getDigestAlgorithm, getSignatureAlgorithm, isSigningCertificateAttributeIncluded, setSignatureAlgorithm

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

setSignatureReason

public void setSignatureReason(java.lang.String reason)

Specify reason for signature

Parameters:

reason - Reason for signing the pdf

setSignatureLocation

public void setSignatureLocation(java.lang.String location)

Specify location for signature

Parameters:

location - Location of signature creation

setSignatureContactInfo

public void setSignatureContactInfo(java.lang.String contactinfo)

Specify contact information for signature

Parameters:

contactinfo - contact information of signer

setDigestAlgorithm

public void setDigestAlgorithm(java.lang.String hashAlgorithm)

Description copied from class: SignatureParameters

Set digest algorithm used for content digest in signature. If no digest algorithm is specified using this method, it will be derived from the given signing key according to NIST Special Publication SP 800-57 (Part 1, July 2012).

Overrides:

setDigestAlgorithm in class SignatureParameters

Parameters:

hashAlgorithm - digest algorithm for hashing the content

setCrls

public void setCrls(java.security.cert.CRL[] crls)

Set CRLs to be included in signature as signed attribute

Parameters:

crls - CRLs to be included in signature

setOcspResponses

public void setOcspResponses(iaik.x509.ocsp.OCSPResponse[] ocspResponses)

Set OCSP responses to be included in signature as signed attribute.

Parameters:

ocspResponses - OCSP responses to be included in signature

setOcspUrl

public void setOcspUrl(java.lang.String ocspUrl)

Given OCSP responder URL will be used, to request an OCSP response for the signer certificate during signing. The OCSP response will then be included in signature as signed attribute.

Parameters:

ocspUrl - OCSP-URL for getting OCSP response

setOcspUrl

public void setOcspUrl(java.lang.String ocspUrl,
                       java.security.PrivateKey requestorKey,
                       iaik.x509.X509Certificate[] requestorCerts)
                throws PdfSignatureException

Given OCSP responder URL will be used, to request an OCSP response for the signer certificate during signing. The given requestor key and requestor certificates will be used to sign the OCSP request. The OCSP response will then be included in signature as signed attribute.

Parameters:

ocspUrl - OCSP-URL for getting OCSP response

requestorKey - key to be used for signing the OCSP request

requestorCerts - requestor's certificate chain

Throws:

PdfSignatureException

setTsaDetails

public void setTsaDetails(java.lang.String tsaUrl,
                          java.lang.String username,
                          java.lang.String password)
                   throws PdfSignatureException

Deprecated. use setSignatureTimestampProperties(String,String,String) instead

Set details of timestamp authority, in order to add a signature timestamp as unsigned attribute to signature

Parameters:

tsaUrl - URL of the timestamp authority

username - username for authorization

password - password for authorization

Throws:

PdfSignatureException - if tsaUrl is empty

setSignatureTimestampProperties

public void setSignatureTimestampProperties(java.lang.String tsaUrl,
                                            java.lang.String username,
                                            java.lang.String password)
                                     throws PdfSignatureException

Set all details required to create a signature timestamp and add it as unsigned attribute to the signature. Default digest algorithm SHA-256 TimeStampTokenUtil.DEFAULTDIGESTALGORITHM is used, to hash the data that shall be timestamped.

Parameters:

tsaUrl - URL of the timestamp authority

username - username for authorization

password - password for authorization

Throws:

PdfSignatureException - if tsaUrl is empty

setSignatureTimestampProperties

public void setSignatureTimestampProperties(java.lang.String tsaUrl,
                                            java.lang.String username,
                                            java.lang.String password,
                                            java.lang.String imprintDigestAlgorithm)
                                     throws PdfSignatureException

Set all details required to create a signature timestamp and add it as unsigned attribute to the signature. If imprintDigestAlgorithm is null, default digest algorithm SHA-256 TimeStampTokenUtil.DEFAULTDIGESTALGORITHM is used.

Parameters:

tsaUrl - URL of the timestamp authority

username - username for authorization

password - password for authorization

imprintDigestAlgorithm - digest algorithm to hash the data, that shall be timestamped

Throws:

PdfSignatureException - if tsaUrl is empty

setContentTimestampProperties

public void setContentTimestampProperties(java.lang.String tsaUrl,
                                          java.lang.String username,
                                          java.lang.String password)
                                   throws PdfSignatureException

Set all details required to create a content timestamp and add it as signed attribute to the signature.

Parameters:

tsaUrl - URL of the timestamp authority

username - username for authorization

password - password for authorization

Throws:

PdfSignatureException - if tsaUrl is empty

addSignaturePolicyIdentifier

public void addSignaturePolicyIdentifier(SignaturePolicyIdentifier policyIdentifier)

Adds a signature policy identifier required for a PAdES-EPES signature creation.

Parameters:

policyIdentifier - the signature policy identifier

addSignatureTimestampProperties

public void addSignatureTimestampProperties(java.lang.String tsaUrl,
                                            java.lang.String username,
                                            java.lang.String password)
                                     throws PdfSignatureException

Add all details required to create a signature timestamp and add it as unsigned attribute to the signature. To create multiple timestamps, add timestamp properties for each timestamp that shall be added. Default digest algorithm SHA-256 TimeStampTokenUtil.DEFAULTDIGESTALGORITHM is used, to hash the data that shall be timestamped.

Parameters:

tsaUrl - URL of the timestamp authority

username - username for authorization

password - password for authorization

Throws:

PdfSignatureException - if tsaUrl is empty

addSignatureTimestampProperties

public void addSignatureTimestampProperties(java.lang.String tsaUrl,
                                            java.lang.String username,
                                            java.lang.String password,
                                            java.lang.String imprintDigestAlgorithm)
                                     throws PdfSignatureException

Add all details required to create a signature timestamp and add it as unsigned attribute to the signature. To create multiple timestamps, add timestamp properties for each timestamp that shall be added. If imprintDigestAlgorithm is null, default digest algorithm SHA-256 TimeStampTokenUtil.DEFAULTDIGESTALGORITHM is used.

Parameters:

tsaUrl - URL of the timestamp authority

username - username for authorization

password - password for authorization

imprintDigestAlgorithm - digest algorithm to hash the data, that shall be timestamped

Throws:

PdfSignatureException - if tsaUrl is empty

addContentTimestampProperties

public void addContentTimestampProperties(java.lang.String tsaUrl,
                                          java.lang.String username,
                                          java.lang.String password)
                                   throws PdfSignatureException

Add all details required to create a content timestamp and add it as signed attribute to the signature. To create multiple timestamps, add timestamp properties for each timestamp that shall be added.

Parameters:

tsaUrl - URL of the timestamp authority

username - username for authorization

password - password for authorization

Throws:

PdfSignatureException - if tsaUrl is empty

getSignatureEncoding

public Constants.SubFilter getSignatureEncoding()

Get the signature encoding (subfilter)

Returns:

signature encoding

getSignatureReason

public java.lang.String getSignatureReason()

Get reason given in signature.

Returns:

reason of signature creation

getSignatureLocation

public java.lang.String getSignatureLocation()

Get location where signature has been applied.

Returns:

location of signature creation

getSignatureContactInfo

public java.lang.String getSignatureContactInfo()

Get contact info given in signature.

Returns:

contact info of signer

getEstimatedLength

public int getEstimatedLength()

Get byte length of parameters to reserve sufficient space in signature field

Returns:

required byte length of parameters

getCrls

public java.security.cert.CRL[] getCrls()

Get CRLs as array, that will be included in signature as signed attribute

Returns:

array of CRLs that will be included in signature

getOcspUrl

public java.lang.String getOcspUrl()

Get OCSP URL, that will be used for the creation of the OCSP response included in the signature

Returns:

OCSP URL, used for OCSP response creation

getTsaUrl

public java.lang.String getTsaUrl()

Get URL of timestamp server, used to create the signature timestamp. If more timestamp properties have been set, the first set TSA URL will be returned.

Returns:

URL of the timestamp server

getTsaUsername

public java.lang.String getTsaUsername()

Get username for authorization at the timestamp server, used to create the signature timestamp. If more timestamp properties have been set, the first set username will be returned.

Returns:

username for using timestamp server

getTsaPw

public java.lang.String getTsaPw()

Get password for authorization at the timestamp server, used to create the signature timestamp. If more timestamp properties have been set, the first set password will be returned.

Returns:

password for using timestamp server

getTspImprintDigestAlgorithm

public java.lang.String getTspImprintDigestAlgorithm()

Get digest algorithm, used to hash the data and create the signature timestamp. If more timestamp properties have been set, the first set digest algorithm will be returned.

Returns:

digest algorithm to hash the timestamped data

getSignatureTimestampProperties

public TimestampProperties[] getSignatureTimestampProperties()

Get timestamp properties to create the respective number of signature timestamps.

Returns:

the configured timestamp properties

getSignedSignerInfoAttributes

public java.util.Vector<iaik.asn1.structures.Attribute> getSignedSignerInfoAttributes(iaik.cms.SignedDataStream signedData,
                                                                                      iaik.cms.SignerInfo signerInfo,
                                                                                      iaik.x509.X509Certificate[] signerCertificateChain)
                                                                               throws CmsCadesException

Description copied from class: SignatureParameters

Return all signed attributes as determined by the respective parameter class. These attributes may be created automatically by the chosen class (e.g. SigningCertificate attribute for BES-signatures) or may be influenced by provided methods. The attributes are not added to the given SignerInfo object, as further attributes may be added by the user. Some details of the given SignedData object, SignerInfo object and certificates may be required for creating certain attributes. This method is internally used for creating CAdES signatures.

Overrides:

getSignedSignerInfoAttributes in class SignatureParameters

Parameters:

signedData - SignedData object containing the respective signer info

signerInfo - the corresponding SignerInfo object

signerCertificateChain - used certificate chain for the corresponding signer info

Returns:

the signed attributes as given by this parameter class

Throws:

CmsCadesException - if an attribute can't be created

getUnsignedSignerInfoAttributes

public java.util.Vector<iaik.asn1.structures.Attribute> getUnsignedSignerInfoAttributes(iaik.cms.SignedDataStream signedData,
                                                                                        iaik.cms.SignerInfo signerInfo,
                                                                                        iaik.x509.X509Certificate[] signerCertificateChain)
                                                                                 throws CmsCadesException

Description copied from class: SignatureParameters

Return all unsigned attributes as determined by the respective parameter class. These attributes may be created automatically by the chosen class or may be influenced by provided methods (e.g. optional SignatureTimestamp for PAdES signatures). The attributes are not added to the given SignerInfo object, as further attributes may be added by the user. Some details of the given SignedData object, SignerInfo object and certificates may be required for creating certain attributes. This method is internally used for creating CAdES signatures.

Overrides:

getUnsignedSignerInfoAttributes in class SignatureParameters

Parameters:

signedData - SignedData object containing the respective signer info

signerInfo - the corresponding SignerInfo object

signerCertificateChain - used certificate chain for the corresponding signer info

Returns:

the unsigned attributes as given by this parameter class

Throws:

CmsCadesException - if an attribute can't be created