Class PDFBoxSignatureUtils
java.lang.Object
se.idsec.signservice.security.sign.pdf.utils.PDFBoxSignatureUtils
Static utilities for signed PDF documents.
- Author:
- Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
-
Nested Class Summary
Nested Classes -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic byte[]getCmsSignedAttributes(byte[] contentInfoBytes) This method extracts signed attribute data from a CMS signature.static byte[]getCmsSignedAttributes(org.bouncycastle.cms.CMSSignedData signedData) This method extracts signed attribute data from a CMS signaturestatic org.bouncycastle.cms.DefaultSignedAttributeTableGeneratorgetPadesSignerInfoGenerator(Certificate signerCert, org.bouncycastle.asn1.ASN1ObjectIdentifier digestAlgo, boolean includeIssuerSerial) static byte[]getRSAPkcs1DigestInfo(org.bouncycastle.asn1.x509.AlgorithmIdentifier digestAlgo, byte[] hashValue) Gets the RSA PKCS#10 digest info.static org.bouncycastle.asn1.ASN1EncodableVectorgetSignedCertAttr(org.bouncycastle.asn1.ASN1ObjectIdentifier digestAlgo, X509Certificate certificate, boolean includeIssuerSerial) getSignedCertRefAttribute(byte[] signedAttrBytes) static Map<SubjectDnAttribute, String> Gets a map of recognized subject DN attributes.static Map<SubjectDnAttribute, String> getSubjectAttributes(org.bouncycastle.asn1.ASN1Sequence subjectDn) Gets a map of recognized subject DN attributes.static byte[]removeSignedAttr(byte[] signedAttrBytes, org.bouncycastle.asn1.ASN1ObjectIdentifier[] attrOid) static voidsetSubjectNameAndLocality(org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature signature, Certificate sigCert) Sets the signer name and location from the signer certificate subject DN.static byte[]updatePdfPKCS7(byte[] cmsSignedData, byte[] newTbsBytes, byte[] newSigValue, List<X509Certificate> chain) A method that updates the PDF SignedData object (Actually a CMS ContentInfo) with a new signature, certificates and SignedAttributes obtained from an external signing service.
-
Constructor Details
-
PDFBoxSignatureUtils
public PDFBoxSignatureUtils()
-
-
Method Details
-
getCmsSignedAttributes
public static byte[] getCmsSignedAttributes(org.bouncycastle.cms.CMSSignedData signedData) throws org.bouncycastle.cms.CMSException This method extracts signed attribute data from a CMS signature- Parameters:
signedData- CMSSignedData object holding signature data- Returns:
- The signed attributes of a PDF signature
- Throws:
org.bouncycastle.cms.CMSException- If the provided input has no signed attribute data
-
getCmsSignedAttributes
public static byte[] getCmsSignedAttributes(byte[] contentInfoBytes) throws org.bouncycastle.cms.CMSException This method extracts signed attribute data from a CMS signature.- Parameters:
contentInfoBytes- the CMS Content info bytes holding CMS SignedData content- Returns:
- The signed attributes of a PDF signature
- Throws:
org.bouncycastle.cms.CMSException- If the provided input has no signed attribute data
-
updatePdfPKCS7
public static byte[] updatePdfPKCS7(byte[] cmsSignedData, byte[] newTbsBytes, byte[] newSigValue, List<X509Certificate> chain) throws org.bouncycastle.cms.CMSException A method that updates the PDF SignedData object (Actually a CMS ContentInfo) with a new signature, certificates and SignedAttributes obtained from an external signing service.- Parameters:
cmsSignedData- Input CMS SignedDatanewTbsBytes- The new signed attributes bytes signed by the new signaturenewSigValue- The new signature valuechain- The new certificate chain- Returns:
- The bytes of an updated PDF signature (Encoded Content info)
- Throws:
org.bouncycastle.cms.CMSException- for errors
-
setSubjectNameAndLocality
public static void setSubjectNameAndLocality(org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature signature, Certificate sigCert) throws IOException Sets the signer name and location from the signer certificate subject DN.- Parameters:
signature- the signature object to be updatedsigCert- the certificate being source of data- Throws:
IOException- for errors getting the subject attributes from the certificate
-
getSubjectAttributes
public static Map<SubjectDnAttribute,String> getSubjectAttributes(Certificate cert) throws IOException Gets a map of recognized subject DN attributes.- Parameters:
cert- X.509 certificate- Returns:
- subject DN attribute map
- Throws:
IOException- for errors getting the subject attributes from the certificate
-
getSubjectAttributes
public static Map<SubjectDnAttribute,String> getSubjectAttributes(org.bouncycastle.asn1.ASN1Sequence subjectDn) Gets a map of recognized subject DN attributes.- Parameters:
subjectDn- subject DN- Returns:
- subject DN attribute map
-
getRSAPkcs1DigestInfo
public static byte[] getRSAPkcs1DigestInfo(org.bouncycastle.asn1.x509.AlgorithmIdentifier digestAlgo, byte[] hashValue) throws IOException Gets the RSA PKCS#10 digest info.- Parameters:
digestAlgo- digest algorithmhashValue- the hash value- Returns:
- the digest info
- Throws:
IOException- for errors
-
getPadesSignerInfoGenerator
public static org.bouncycastle.cms.DefaultSignedAttributeTableGenerator getPadesSignerInfoGenerator(Certificate signerCert, org.bouncycastle.asn1.ASN1ObjectIdentifier digestAlgo, boolean includeIssuerSerial) throws CertificateException, NoSuchAlgorithmException -
getSignedCertAttr
public static org.bouncycastle.asn1.ASN1EncodableVector getSignedCertAttr(org.bouncycastle.asn1.ASN1ObjectIdentifier digestAlgo, X509Certificate certificate, boolean includeIssuerSerial) throws NoSuchAlgorithmException, CertificateException -
removeSignedAttr
public static byte[] removeSignedAttr(byte[] signedAttrBytes, org.bouncycastle.asn1.ASN1ObjectIdentifier[] attrOid) throws IOException - Throws:
IOException
-
getSignedCertRefAttribute
public static PDFBoxSignatureUtils.SignedCertRef getSignedCertRefAttribute(byte[] signedAttrBytes) throws IOException - Throws:
IOException
-