com.itextpdf.signatures.cms

Class SignerInfo

java.lang.Object

com.itextpdf.signatures.cms.SignerInfo

public class SignerInfo
extends Object

This class represents the SignerInfo structure from rfc5652 Cryptographic Message Syntax (CMS)

Constructor Summary

Constructors

Constructor and Description
SignerInfo() Creates an empty SignerInfo structure.
SignerInfo(com.itextpdf.commons.bouncycastle.asn1.IASN1Encodable signerInfoStructure, Collection<X509Certificate> certificates) Creates a SignerInfo structure from an ASN1 structure.

Method Summary

Modifier and Type	Method and Description
void	addSignedAttribute(CmsAttribute attribute) Adds a new attribute to the signed attributes.
void	addSignerCertificateToSignedAttributes(X509Certificate cert, String digestAlgorithmOid) Adds the signer certificate to the signed attributes as a SigningCertificateV2 structure.
void	addUnSignedAttribute(CmsAttribute attribute) Optional.
com.itextpdf.commons.bouncycastle.asn1.IDERSequence	getAsDerSequence() Serializes the SignerInfo structure and makes the signed attributes readonly.
int	getCmsVersion() Value 0 when no signerIdentifier is available.
AlgorithmIdentifier	getDigestAlgorithm() Returns the algorithmId to create the digest of the data to sign.
long	getEstimatedSize() Calculates an estimate size for the SignerInfo structure.
Collection<CmsAttribute>	getSignedAttributes() Optional.
X509Certificate	getSigningCertificate() Gets the certificate that is used to sign.
Collection<CmsAttribute>	getUnSignedAttributes() Retrieves the optional unsigned attributes.
byte[]	serializeSignedAttributes() Retrieves the encoded signed attributes of the signer info.
void	setCrlResponses(Collection<byte[]> crlResponses) Adds a set of CRL responses as signed attributes.
void	setDigestAlgorithm(AlgorithmIdentifier algorithmId) Sets the algorithmId to create the digest of the data to sign.
void	setMessageDigest(byte[] digest) Adds or replaces the message digest signed attribute.
void	setOcspResponses(Collection<byte[]> ocspResponses) Adds a set of OCSP responses as signed attributes.
void	setSerializedSignedAttributes(byte[] serializedSignedAttributes) Sets the signed attributes from a serialized version.
void	setSignature(byte[] signatureData) Sets the actual signature.
void	setSignatureAlgorithm(AlgorithmIdentifier algorithm) Optional.
void	setSigningCertificate(X509Certificate certificate) Sets the certificate that is used to sign.
void	setSigningCertificateAndAddToSignedAttributes(X509Certificate certificate, String digestAlgorithmOid) Sets the certificate that is used to sign a document and adds it to the signed attributes.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SignerInfo

public SignerInfo()

Creates an empty SignerInfo structure.

SignerInfo

public SignerInfo(com.itextpdf.commons.bouncycastle.asn1.IASN1Encodable signerInfoStructure,
                  Collection<X509Certificate> certificates)
           throws IOException

Creates a SignerInfo structure from an ASN1 structure.

Parameters:

signerInfoStructure - the ASN1 structure containing signerInfo

certificates - the certificates of the CMS, it should contain the signing certificate

Throws:

IOException - if issues occur during ASN1 objects creation.

Method Detail

getDigestAlgorithm

public AlgorithmIdentifier getDigestAlgorithm()

Returns the algorithmId to create the digest of the data to sign.

Returns:

the OID of the digest algorithm.

setDigestAlgorithm

public void setDigestAlgorithm(AlgorithmIdentifier algorithmId)

Sets the algorithmId to create the digest of the data to sign.

Parameters:

algorithmId - the OID of the algorithm

setMessageDigest

public void setMessageDigest(byte[] digest)

Adds or replaces the message digest signed attribute.

Parameters:

digest - ASN.1 type MessageDigest

setSigningCertificate

public void setSigningCertificate(X509Certificate certificate)
                           throws CertificateEncodingException

Sets the certificate that is used to sign.

Parameters:

certificate - the certificate that is used to sign

Throws:

CertificateEncodingException - if an encoding error occurs.

getSigningCertificate

public X509Certificate getSigningCertificate()

Gets the certificate that is used to sign.

Returns:

the certificate that is used to sign.

setSigningCertificateAndAddToSignedAttributes

public void setSigningCertificateAndAddToSignedAttributes(X509Certificate certificate,
                                                          String digestAlgorithmOid)
                                                   throws CertificateEncodingException,
                                                          NoSuchAlgorithmException,
                                                          NoSuchProviderException

Sets the certificate that is used to sign a document and adds it to the signed attributes.

Parameters:

certificate - the certificate that is used to sign

digestAlgorithmOid - the oid of the digest algorithm to be added to the signed attributes

Throws:

CertificateEncodingException - if an encoding error occurs.

NoSuchAlgorithmException - when the algorithm is unknown.

NoSuchProviderException - when provider is unknown.

setOcspResponses

public void setOcspResponses(Collection<byte[]> ocspResponses)

Adds a set of OCSP responses as signed attributes.

Parameters:

ocspResponses - a set of binary representations of OCSP responses.

setCrlResponses

public void setCrlResponses(Collection<byte[]> crlResponses)

Adds a set of CRL responses as signed attributes.

Parameters:

crlResponses - a set of binary representations of CRL responses.

addSignerCertificateToSignedAttributes

public void addSignerCertificateToSignedAttributes(X509Certificate cert,
                                                   String digestAlgorithmOid)
                                            throws NoSuchAlgorithmException,
                                                   NoSuchProviderException,
                                                   CertificateEncodingException

Adds the signer certificate to the signed attributes as a SigningCertificateV2 structure.

Parameters:

cert - the certificate to add

digestAlgorithmOid - the digest algorithm oid that will be used

Throws:

NoSuchAlgorithmException - when the algorithm is unknown.

NoSuchProviderException - when the security provider is not known.

CertificateEncodingException - when there was a problem parsing th certificate.

setSignature

public void setSignature(byte[] signatureData)

Sets the actual signature.

Parameters:

signatureData - a byte array containing the signature

setSignatureAlgorithm

public void setSignatureAlgorithm(AlgorithmIdentifier algorithm)

Optional. Sets the OID and parameters of the algorithm that will be used to create the signature. This will be overwritten when setting the signing certificate.

Parameters:

algorithm - The OID and parameters of the algorithm that will be used to create the signature.

getCmsVersion

public int getCmsVersion()

Value 0 when no signerIdentifier is available. Value 1 when signerIdentifier is of type issuerAndSerialNumber. Value 3 when signerIdentifier is of type subjectKeyIdentifier.

Returns:

CMS version.

getSignedAttributes

public Collection<CmsAttribute> getSignedAttributes()

Optional.

Attributes that should be part of the signed content optional, but it MUST be present if the content type of the EncapsulatedContentInfo value being signed is not id-data. In that case it must at least contain the following two attributes:

A content-type attribute having as its value the content type of the EncapsulatedContentInfo value being signed. Section 11.1 defines the content-type attribute. However, the content-type attribute MUST NOT be used as part of a countersignature unsigned attribute as defined in Section 11.4.

A message-digest attribute, having as its value the message digest of the content. Section 11.2 defines the message-digest attribute.

Returns:

collection of the signed attributes.

addSignedAttribute

public void addSignedAttribute(CmsAttribute attribute)

Adds a new attribute to the signed attributes. This become readonly after retrieving the serialized version serializeSignedAttributes().

Parameters:

attribute - the attribute to add

getUnSignedAttributes

public Collection<CmsAttribute> getUnSignedAttributes()

Retrieves the optional unsigned attributes.

Returns:

the optional unsigned attributes.

addUnSignedAttribute

public void addUnSignedAttribute(CmsAttribute attribute)

Optional.

Adds attribute that should not or can not be part of the signed content.

Parameters:

attribute - the attribute to add

serializeSignedAttributes

public byte[] serializeSignedAttributes()
                                 throws IOException

Retrieves the encoded signed attributes of the signer info. This makes the signed attributes read only.

Returns:

the encoded signed attributes of the signer info.

Throws:

IOException - if issues occur during ASN1 objects creation.

setSerializedSignedAttributes

public final void setSerializedSignedAttributes(byte[] serializedSignedAttributes)

Sets the signed attributes from a serialized version. This makes the signed attributes read only.

Parameters:

serializedSignedAttributes - the encoded signed attributes.

getEstimatedSize

public long getEstimatedSize()
                      throws IOException,
                             CertificateEncodingException

Calculates an estimate size for the SignerInfo structure. This takes into account the values added including the signature, but does not account for unset items like a timestamp response added after actual signing.

Returns:

the estimated size of the structure.

Throws:

IOException - if issues occur during ASN1 objects creation.

CertificateEncodingException - if issues occur during processing of certificates.

getAsDerSequence

public com.itextpdf.commons.bouncycastle.asn1.IDERSequence getAsDerSequence()
                                                                     throws CertificateEncodingException

Serializes the SignerInfo structure and makes the signed attributes readonly.

Returns:

the encoded SignerInfo structure.

Throws:

CertificateEncodingException - if issues occur during processing of certificates.