com.itextpdf.signatures.cms

Class CMSContainer

java.lang.Object

com.itextpdf.signatures.cms.CMSContainer

public class CMSContainer
extends Object

The CMS container which represents SignedData structure from rfc5652 Cryptographic Message Syntax (CMS)

Constructor Summary

Constructors

Constructor and Description
CMSContainer() Creates an empty SignedData structure.
CMSContainer(byte[] encodedCMSdata) Creates a SignedData structure from a serialized ASN1 structure.

Method Summary

Modifier and Type	Method and Description
void	addCertificate(X509Certificate cert) Adds a certificate.
void	addCertificates(X509Certificate[] certs) Adds a set of certificates.
void	addCrl(CRL crl) Adds a CRL response to the CMS container.
void	addOcsp(com.itextpdf.commons.bouncycastle.asn1.ocsp.IBasicOCSPResponse ocspResponse) Adds an OCSP response to the CMS container.
Collection<X509Certificate>	getCertificates() Retrieves a copy of the list of certificates.
int	getCmsVersion() Only version 1 is supported by this class.
Collection<CRL>	getCrls() Retrieves a copy of the list of CRLs.
AlgorithmIdentifier	getDigestAlgorithm() The digest algorithm OID and parameters used by the signer.
EncapsulatedContentInfo	getEncapContentInfo() This represents the signed content.
Collection<com.itextpdf.commons.bouncycastle.asn1.ocsp.IBasicOCSPResponse>	getOcsps() Retrieves a copy of the list of OCSPs.
byte[]	getSerializedSignedAttributes() Retrieves the encoded signed attributes of the signer info.
SignerInfo	getSignerInfo() This class only supports one signer per signature field.
long	getSizeEstimation() When all fields except for signer.signedAttributes.digest and signer.signature are completed it is possible to calculate the eventual size of the signature by serializing except for the signature (that depends on the digest and cypher but is set at 1024 bytes) and later added unsigned attributes like timestamps.
byte[]	serialize() Serializes the SignedData structure and makes the signer infos signed attributes read only.
void	setEncapContentInfo(EncapsulatedContentInfo encapContentInfo) This represents the signed content.
void	setSerializedSignedAttributes(byte[] signedAttributesData) Sets the Signed Attributes of the signer info to this serialized version.
void	setSignerInfo(SignerInfo signerInfo) This class only supports one signer per signature field.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CMSContainer

public CMSContainer()

Creates an empty SignedData structure.

CMSContainer

public CMSContainer(byte[] encodedCMSdata)
             throws IOException,
                    CertificateException,
                    CRLException

Creates a SignedData structure from a serialized ASN1 structure.

Parameters:

encodedCMSdata - the serialized CMS container

Throws:

IOException - if issues occur during ASN1 objects creation.

CertificateException - if issues occur processing the embedded certificates.

CRLException - if CRL encoding error occurs.

Method Detail

setSignerInfo

public void setSignerInfo(SignerInfo signerInfo)

This class only supports one signer per signature field.

Parameters:

signerInfo - the singerInfo

getSignerInfo

public SignerInfo getSignerInfo()

This class only supports one signer per signature field.

Returns:

the singerInfo

getSizeEstimation

public long getSizeEstimation()
                       throws CertificateEncodingException,
                              IOException,
                              CRLException

When all fields except for signer.signedAttributes.digest and signer.signature are completed it is possible to calculate the eventual size of the signature by serializing except for the signature (that depends on the digest and cypher but is set at 1024 bytes) and later added unsigned attributes like timestamps.

Returns:

the estimated size of the complete CMS container before signature is added, size for the signature is added, size for other attributes like timestamps is not.

Throws:

CertificateEncodingException - if an encoding error occurs in X509Certificate.

IOException - if an I/O error occurs.

CRLException - if CRL encoding error occurs.

getCmsVersion

public int getCmsVersion()

Only version 1 is supported by this class.

Returns:

1 as CMSversion

getDigestAlgorithm

public AlgorithmIdentifier getDigestAlgorithm()

The digest algorithm OID and parameters used by the signer. This class only supports one signer for use in pdf signatures, so only one digest algorithm is supported.

This field is set when adding the signerInfo.

Returns:

AlgorithmIdentifier digest algorithm.

getEncapContentInfo

public EncapsulatedContentInfo getEncapContentInfo()

This represents the signed content. In the case of a signed PDF document this will be of type data with no content.

Returns:

a representation of the data to be signed.

setEncapContentInfo

public void setEncapContentInfo(EncapsulatedContentInfo encapContentInfo)

This represents the signed content. In the case of a signed PDF document this will be of type data with no content. Defaults to 1.2.840.113549.1.7.1 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7) id-data(1)}

Parameters:

encapContentInfo - a representation of the data to be signed.

addCertificate

public void addCertificate(X509Certificate cert)

Adds a certificate.

Parameters:

cert - the certificate to be added

addCertificates

public void addCertificates(X509Certificate[] certs)

Adds a set of certificates.

Parameters:

certs - the certificates to be added

getCertificates

public Collection<X509Certificate> getCertificates()

Retrieves a copy of the list of certificates.

Returns:

the list of certificates to be used for signing and certificate validation

getCrls

public Collection<CRL> getCrls()

Retrieves a copy of the list of CRLs.

Returns:

the list of CRL revocation info.

addCrl

public void addCrl(CRL crl)

Adds a CRL response to the CMS container.

Parameters:

crl - the CRL response to be added.

getOcsps

public Collection<com.itextpdf.commons.bouncycastle.asn1.ocsp.IBasicOCSPResponse> getOcsps()

Retrieves a copy of the list of OCSPs.

Returns:

the list of OCSP revocation info.

addOcsp

public void addOcsp(com.itextpdf.commons.bouncycastle.asn1.ocsp.IBasicOCSPResponse ocspResponse)

Adds an OCSP response to the CMS container.

Parameters:

ocspResponse - the OCSP response to be added.

setSerializedSignedAttributes

public void setSerializedSignedAttributes(byte[] signedAttributesData)

Sets the Signed Attributes of the signer info to this serialized version. The signed attributes will become read-only.

Parameters:

signedAttributesData - the serialized Signed Attributes

getSerializedSignedAttributes

public byte[] getSerializedSignedAttributes()
                                     throws IOException

Retrieves the encoded signed attributes of the signer info. This makes the signed attributes read only.

Returns:

the encoded signed attributes of the signer info.

Throws:

IOException - if issues occur during ASN1 objects creation.

serialize

public byte[] serialize()
                 throws CertificateEncodingException,
                        IOException,
                        CRLException

Serializes the SignedData structure and makes the signer infos signed attributes read only.

Returns:

the encoded DignedData structure.

Throws:

CertificateEncodingException - if errors occur during certificate processing.

IOException - if issues occur during ASN1 objects creation.

CRLException - if CRL encoding error occurs.