|
|
||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Objectcom.lowagie.text.pdf.PdfPKCS7
public class PdfPKCS7
This class does all the processing related to signing and verifying a PKCS#7 signature.
It's based in code found at org.bouncycastle.
| Nested Class Summary | |
|---|---|
static class |
PdfPKCS7.X509Name
a class that holds an X509 name |
static class |
PdfPKCS7.X509NameTokenizer
class for breaking up an X500 Name into it's component tokens, ala java.util.StringTokenizer. |
| Field Summary | |
|---|---|
private Collection |
certs
|
private Collection |
crls
|
private byte[] |
digest
|
private String |
digestAlgorithm
|
private Set |
digestalgos
|
private byte[] |
digestAttr
|
private String |
digestEncryptionAlgorithm
|
private byte[] |
externalDigest
|
private byte[] |
externalRSAdata
|
private static String |
ID_ADBE_REVOCATION
|
private static String |
ID_CONTENT_TYPE
|
private static String |
ID_DSA
|
private static String |
ID_MD2
|
private static String |
ID_MD2RSA
|
private static String |
ID_MD5
|
private static String |
ID_MD5RSA
|
private static String |
ID_MESSAGE_DIGEST
|
private static String |
ID_PKCS7_DATA
|
private static String |
ID_PKCS7_SIGNED_DATA
|
private static String |
ID_RSA
|
private static String |
ID_SHA1
|
private static String |
ID_SHA1RSA
|
private static String |
ID_SIGNING_TIME
|
private String |
location
Holds value of property location. |
private MessageDigest |
messageDigest
|
private PrivateKey |
privKey
|
private String |
reason
Holds value of property reason. |
private byte[] |
RSAdata
|
private Signature |
sig
|
private byte[] |
sigAttr
|
private X509Certificate |
signCert
|
private Calendar |
signDate
Holds value of property signDate. |
private int |
signerversion
|
private String |
signName
Holds value of property signName. |
private boolean |
verified
|
private boolean |
verifyResult
|
private int |
version
|
| Constructor Summary | |
|---|---|
PdfPKCS7(byte[] contentsKey,
byte[] certsKey,
String provider)
Verifies a signature using the sub-filter adbe.x509.rsa_sha1. |
|
PdfPKCS7(byte[] contentsKey,
String provider)
Verifies a signature using the sub-filter adbe.pkcs7.detached or adbe.pkcs7.sha1. |
|
PdfPKCS7(PrivateKey privKey,
Certificate[] certChain,
CRL[] crlList,
String hashAlgorithm,
String provider,
boolean hasRSAdata)
Generates a signature. |
|
| Method Summary | |
|---|---|
byte[] |
getAuthenticatedAttributeBytes(byte[] secondDigest,
Calendar signingTime)
When using authenticatedAttributes the authentication process is different. |
Certificate[] |
getCertificates()
Get the X.509 certificates associated with this PKCS#7 object |
Collection |
getCRLs()
Get the X.509 certificate revocation lists associated with this PKCS#7 object |
String |
getDigestAlgorithm()
Get the algorithm used to calculate the message digest |
byte[] |
getEncodedPKCS1()
Gets the bytes for the PKCS#1 object. |
byte[] |
getEncodedPKCS7()
Gets the bytes for the PKCS7SignedData object. |
byte[] |
getEncodedPKCS7(byte[] secondDigest,
Calendar signingTime)
Gets the bytes for the PKCS7SignedData object. |
String |
getHashAlgorithm()
Returns the algorithm. |
private static DERObject |
getIssuer(byte[] enc)
Get the "issuer" from the TBSCertificate bytes that are passed in |
static PdfPKCS7.X509Name |
getIssuerFields(X509Certificate cert)
Get the issuer fields from an X509 Certificate |
String |
getLocation()
Getter for property location. |
String |
getReason()
Getter for property reason. |
Calendar |
getSignDate()
Getter for property signDate. |
X509Certificate |
getSigningCertificate()
Get the X.509 certificate actually used to sign the digest. |
int |
getSigningInfoVersion()
Get the version of the PKCS#7 "SignerInfo" object. |
String |
getSignName()
Getter for property sigName. |
private static DERObject |
getSubject(byte[] enc)
Get the "subject" from the TBSCertificate bytes that are passed in |
static PdfPKCS7.X509Name |
getSubjectFields(X509Certificate cert)
Get the subject fields from an X509 Certificate |
int |
getVersion()
Get the version of the PKCS#7 object. |
static KeyStore |
loadCacertsKeyStore()
Loads the default root certificates at <java.home>/lib/security/cacerts with the default provider. |
static KeyStore |
loadCacertsKeyStore(String provider)
Loads the default root certificates at <java.home>/lib/security/cacerts. |
void |
setExternalDigest(byte[] digest,
byte[] RSAdata,
String digestEncryptionAlgorithm)
Sets the digest/signature to an external calculated value. |
void |
setLocation(String location)
Setter for property location. |
void |
setReason(String reason)
Setter for property reason. |
void |
setSignDate(Calendar signDate)
Setter for property signDate. |
void |
setSignName(String signName)
Setter for property sigName. |
void |
update(byte[] buf,
int off,
int len)
Update the digest with the specified bytes. |
boolean |
verify()
Verify the digest. |
static String |
verifyCertificate(X509Certificate cert,
Collection crls,
Calendar calendar)
Verifies a single certificate. |
static Object[] |
verifyCertificates(Certificate[] certs,
KeyStore keystore,
Collection crls,
Calendar calendar)
Verifies a certificate chain against a KeyStore. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
private byte[] sigAttr
private byte[] digestAttr
private int version
private int signerversion
private Set digestalgos
private Collection certs
private Collection crls
private X509Certificate signCert
private byte[] digest
private MessageDigest messageDigest
private String digestAlgorithm
private String digestEncryptionAlgorithm
private Signature sig
private transient PrivateKey privKey
private byte[] RSAdata
private boolean verified
private boolean verifyResult
private byte[] externalDigest
private byte[] externalRSAdata
private static final String ID_PKCS7_DATA
private static final String ID_PKCS7_SIGNED_DATA
private static final String ID_MD5
private static final String ID_MD2
private static final String ID_SHA1
private static final String ID_RSA
private static final String ID_DSA
private static final String ID_CONTENT_TYPE
private static final String ID_MESSAGE_DIGEST
private static final String ID_SIGNING_TIME
private static final String ID_MD2RSA
private static final String ID_MD5RSA
private static final String ID_SHA1RSA
private static final String ID_ADBE_REVOCATION
private String reason
private String location
private Calendar signDate
private String signName
| Constructor Detail |
|---|
public PdfPKCS7(byte[] contentsKey,
byte[] certsKey,
String provider)
throws SecurityException,
InvalidKeyException,
CertificateException,
NoSuchProviderException,
NoSuchAlgorithmException,
IOException,
StreamParsingException
contentsKey - the /Contents keycertsKey - the /Cert keyprovider - the provider or null for the default provider
SecurityException - on error
InvalidKeyException - on error
CertificateException - on error
NoSuchProviderException - on error
NoSuchAlgorithmException - on error
IOException - on error
StreamParsingException
public PdfPKCS7(byte[] contentsKey,
String provider)
throws SecurityException,
CRLException,
InvalidKeyException,
CertificateException,
NoSuchProviderException,
NoSuchAlgorithmException,
StreamParsingException
contentsKey - the /Contents keyprovider - the provider or null for the default provider
SecurityException - on error
CRLException - on error
InvalidKeyException - on error
CertificateException - on error
NoSuchProviderException - on error
NoSuchAlgorithmException - on error
StreamParsingException
public PdfPKCS7(PrivateKey privKey,
Certificate[] certChain,
CRL[] crlList,
String hashAlgorithm,
String provider,
boolean hasRSAdata)
throws SecurityException,
InvalidKeyException,
NoSuchProviderException,
NoSuchAlgorithmException
privKey - the private keycertChain - the certificate chaincrlList - the certificate revocation listhashAlgorithm - the hash algorithmprovider - the provider or null for the default providerhasRSAdata - true if the sub-filter is adbe.pkcs7.sha1
SecurityException - on error
InvalidKeyException - on error
NoSuchProviderException - on error
NoSuchAlgorithmException - on error| Method Detail |
|---|
public void update(byte[] buf,
int off,
int len)
throws SignatureException
buf - the data bufferoff - the offset in the data bufferlen - the data length
SignatureException - on error
public boolean verify()
throws SignatureException
true if the signature checks out, false otherwise
SignatureException - on errorpublic Certificate[] getCertificates()
public Collection getCRLs()
public X509Certificate getSigningCertificate()
public int getVersion()
public int getSigningInfoVersion()
public String getDigestAlgorithm()
public String getHashAlgorithm()
public static KeyStore loadCacertsKeyStore()
KeyStorepublic static KeyStore loadCacertsKeyStore(String provider)
provider - the provider or null for the default provider
KeyStore
public static String verifyCertificate(X509Certificate cert,
Collection crls,
Calendar calendar)
cert - the certificate to verifycrls - the certificate revocation list or nullcalendar - the date or null for the current date
String with the error description or null
if no error
public static Object[] verifyCertificates(Certificate[] certs,
KeyStore keystore,
Collection crls,
Calendar calendar)
certs - the certificate chainkeystore - the KeyStorecrls - the certificate revocation list or nullcalendar - the date or null for the current date
null if the certificate chain could be validade or a
Object[]{cert,error} where cert is the
failed certificate and error is the error messageprivate static DERObject getIssuer(byte[] enc)
enc - a TBSCertificate in a byte array
private static DERObject getSubject(byte[] enc)
enc - A TBSCertificate in a byte array
public static PdfPKCS7.X509Name getIssuerFields(X509Certificate cert)
cert - an X509Certificate
public static PdfPKCS7.X509Name getSubjectFields(X509Certificate cert)
cert - an X509Certificate
public byte[] getEncodedPKCS1()
public void setExternalDigest(byte[] digest,
byte[] RSAdata,
String digestEncryptionAlgorithm)
digest - the digest. This is the actual signatureRSAdata - the extra data that goes into the data tag in PKCS#7digestEncryptionAlgorithm - the encryption algorithm. It may must be null if the digest
is also null. If the digest is not null
then it may be "RSA" or "DSA"public byte[] getEncodedPKCS7()
public byte[] getEncodedPKCS7(byte[] secondDigest,
Calendar signingTime)
null, none will be used.
secondDigest - the digest in the authenticatedAttributessigningTime - the signing time in the authenticatedAttributes
public byte[] getAuthenticatedAttributeBytes(byte[] secondDigest,
Calendar signingTime)
getEncodedPKCS7(byte[],Calendar).
A simple example:
Calendar cal = Calendar.getInstance();
PdfPKCS7 pk7 = new PdfPKCS7(key, chain, null, "SHA1", null, false);
MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
byte buf[] = new byte[8192];
int n;
InputStream inp = sap.getRangeStream();
while ((n = inp.read(buf)) > 0) {
messageDigest.update(buf, 0, n);
}
byte hash[] = messageDigest.digest();
byte sh[] = pk7.getAuthenticatedAttributeBytes(hash, cal);
pk7.update(sh, 0, sh.length);
byte sg[] = pk7.getEncodedPKCS7(hash, cal);
secondDigest - the content digestsigningTime - the signing time
public String getReason()
public void setReason(String reason)
reason - New value of property reason.public String getLocation()
public void setLocation(String location)
location - New value of property location.public Calendar getSignDate()
public void setSignDate(Calendar signDate)
signDate - New value of property signDate.public String getSignName()
public void setSignName(String signName)
signName - New value of property sigName.
|
|
||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||