iaik.pdf.signature

Class ApprovalSignatureCMS

java.lang.Object

iaik.pdf.signature.ApprovalSignatureCMS

public abstract class ApprovalSignatureCMS
extends java.lang.Object

This class provides some methods to extract or verify attributes from the provided CAdES signature. These methods are independent from the used PDF library and can therefore be used by ApprovalSignature implementations.

Constructor Summary

Constructors

Constructor and Description
ApprovalSignatureCMS()

Method Summary

Modifier and Type	Method and Description
static iaik.x509.X509Certificate[]	getCertificateChain(CadesSignature cadesSignature) Get the signer's certificate chain from the given CAdES signature.
static boolean	getCrlRevocationStatus(CadesSignature cadesSignature, RevocationInfoArchival revocationInfos) Checks whether the signer's certificate is contained in the crl that is included in the signature's revocation information.
static iaik.x509.ocsp.CertStatus	getOcspRevocationStatus(CadesSignature cadesSignature, RevocationInfoArchival revocationInfos) Parses the OCSP responses included in the given revocation information.
static RevocationInfoArchival	getRevocationInformation(CadesSignature cadesSignature) Extract revocation information if included.
static iaik.x509.X509Certificate	getSignerCertificate(CadesSignature cadesSignature) Get the signer certificate from the given CAdES signature.
static iaik.x509.X509Certificate	verifySignatureValue(CadesSignature cadesSignature) Verify the signature value from the given CAdES signature.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ApprovalSignatureCMS

public ApprovalSignatureCMS()

Method Detail

getRevocationInformation

public static RevocationInfoArchival getRevocationInformation(CadesSignature cadesSignature)
                                                       throws CmsCadesException

Extract revocation information if included.

Parameters:

cadesSignature - the cades signature to extract the revocation information from

Returns:

the revocation information or null, if none included

Throws:

CmsCadesException - if the revocation attribute can't be parsed or the revocation type is unknown

getOcspRevocationStatus

public static iaik.x509.ocsp.CertStatus getOcspRevocationStatus(CadesSignature cadesSignature,
                                                                RevocationInfoArchival revocationInfos)
                                                         throws CmsCadesException

Parses the OCSP responses included in the given revocation information. If an OCSP response for the signer certificate can be found, the included certificate status is returned. If multiple OCSP responses for the signer certificate are included, the first one is used. Returns null if no matching response was found. For identifying the signer certificate, also the issuer certificate must be included in the signature. An exception is thrown, if the issuer certificate can't be found.

Parameters:

cadesSignature - the cades signature to extract the signer's certificate from

revocationInfos - the revocation information to be checked

Returns:

the signer certificate's certificate status

Throws:

CmsCadesException - if no revocation infos are included or can't be read

getCrlRevocationStatus

public static boolean getCrlRevocationStatus(CadesSignature cadesSignature,
                                             RevocationInfoArchival revocationInfos)
                                      throws CmsCadesException

Checks whether the signer's certificate is contained in the crl that is included in the signature's revocation information.

Parameters:

cadesSignature - the cades signature to extract the signer's certificate from

revocationInfos - the revocation information to be checked

Returns:

true, if the certificate is on the crl; false otherwise

Throws:

CmsCadesException - if no revocation infos are included or can't be read

getSignerCertificate

public static iaik.x509.X509Certificate getSignerCertificate(CadesSignature cadesSignature)
                                                      throws CmsCadesException

Get the signer certificate from the given CAdES signature.

Parameters:

cadesSignature - the cades signature to extract the certificate from

Returns:

the signer certificate

Throws:

CmsCadesException - if requested certificate is not contained

getCertificateChain

public static iaik.x509.X509Certificate[] getCertificateChain(CadesSignature cadesSignature)
                                                       throws CmsCadesException

Get the signer's certificate chain from the given CAdES signature.

Parameters:

cadesSignature - the cades signature to extract the certificate chain from

Returns:

the signer's certificate chain

Throws:

CmsCadesException - if requested certificate chain is not contained

verifySignatureValue

public static iaik.x509.X509Certificate verifySignatureValue(CadesSignature cadesSignature)
                                                      throws CmsCadesException,
                                                             iaik.cms.CMSSignatureException

Verify the signature value from the given CAdES signature.

Parameters:

cadesSignature - the cades signature to verify

Returns:

the signer certificate

Throws:

CmsCadesException - if no signature could be found

iaik.cms.CMSSignatureException - if the signature turns out to be incorrect or there is no signer with the given certificate or the certificate