Package eu.europa.esig.dss.pades.signature

Class PAdESWithExternalCMSService

java.lang.Object

eu.europa.esig.dss.pades.signature.PAdESWithExternalCMSService

All Implemented Interfaces:

Serializable

public class PAdESWithExternalCMSService
extends Object
implements Serializable

This service contains methods for a PAdES signature creation using an external CMS provider.

To create a signature with the current class, please follow the algorithm: 1) Create a message-digest computed on PDF ByteRange: Digest messageDigest = getMessageDigest(DSSDocument toSignDocument, PAdESSignatureParameters parameters); 2) Create CMS signature signing the message-digest (e.g. using a remote-signing solution): DSSDocument cmsDocument = *create CMS using message-digest*; 3) OPTIONAL : verify validity of the obtained CMS signature using the methods: - isValidCMSSignedData(Digest messageDigest, DSSDocument cms) - to check cryptographical validity of the signature; - isValidPAdESBaselineCMSSignedData(Digest messageDigest, DSSDocument cms) - to check CMS applicability rules for a PAdES signature creation; 4) Create PAdES signature by incorporating obtained CMS signature to a PDF document: DSSDocument signedDocument = signDocument(DSSDocument toSignDocument, PAdESSignatureParameters parameters, DSSDocument cmsDocument).

NOTES: - Unlike configuration in PAdESService an instance of PAdESSignatureParameters in this class does not need to have signingCertificate and certificateChain defined when using external signing. - Signature extension to -T level with the current class will never lead to a signature-timestamp incorporated within CMS Signed Data. It always creates a new revision with a document timestamp. - Content timestamp is not supported by this service.

See Also:

• Serialized Form

Constructor Summary

Constructors

Constructor	Description
PAdESWithExternalCMSService()	Default constructor to instantiate PAdESExternalCMSSignatureService

Method Summary

Modifier and Type	Method	Description
protected String	getFinalDocumentName(DSSDocument originalFile, SignatureLevel level)	Generates and returns a final name for the document to be created
DSSMessageDigest	getMessageDigest(DSSDocument toSignDocument, PAdESSignatureParameters parameters)	This method computes message-digest of the signature ByteRange to be used for CMS Signed Data creation
protected PAdESService	getPAdESService()	This method creates an instance of a PAdESService to be used for signature extension
protected PDFSignatureService	getPAdESSignatureService()	This method is used to return a new PDFSignatureService for a signature creation
boolean	isValidCMSSignedData(DSSMessageDigest messageDigest, DSSDocument cms)	This method verifies if the cms is cryptographically valid
boolean	isValidPAdESBaselineCMSSignedData(DSSMessageDigest messageDigest, DSSDocument cms)	This method verifies if the given cms signature is compliant for PAdES format
void	setCertificateVerifier(CertificateVerifier certificateVerifier)	This setter allows to define the CertificateVerifier.
void	setPdfObjFactory(IPdfObjFactory pdfObjFactory)	Set the IPdfObjFactory.
void	setTspSource(TSPSource tspSource)	This setter allows to define the TSP (timestamp provider) source.
DSSDocument	signDocument(DSSDocument toSignDocument, PAdESSignatureParameters parameters, DSSDocument cmsDocument)	This method embeds the provided external cmsDocument to a {code toSignDocument} within a new signature revision.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

PAdESWithExternalCMSService

public PAdESWithExternalCMSService()

Default constructor to instantiate PAdESExternalCMSSignatureService

Method Details

setCertificateVerifier

public void setCertificateVerifier(CertificateVerifier certificateVerifier)

This setter allows to define the CertificateVerifier. Used for signature extension and on CMS creation method. Not required for B-level remote-signing solutions.

Parameters:

certificateVerifier - CertificateVerifier used to verify the certificate chain

setTspSource

public void setTspSource(TSPSource tspSource)

This setter allows to define the TSP (timestamp provider) source.

Parameters:

tspSource - The time stamp source which is used when timestamping the signature.

setPdfObjFactory

public void setPdfObjFactory(IPdfObjFactory pdfObjFactory)

Set the IPdfObjFactory. Allow to set the used implementation. Cannot be null.

Parameters:

pdfObjFactory - the implementation to be used.

getMessageDigest

public DSSMessageDigest getMessageDigest(DSSDocument toSignDocument,
 PAdESSignatureParameters parameters)

This method computes message-digest of the signature ByteRange to be used for CMS Signed Data creation

Parameters:

toSignDocument - DSSDocument represented by a PDF document to be signed

parameters - PAdESSignatureParameters for signature configuration

Returns:

DSSMessageDigest of the PDF signature ByteRange to be signed

signDocument

public DSSDocument signDocument(DSSDocument toSignDocument,
 PAdESSignatureParameters parameters,
 DSSDocument cmsDocument)

This method embeds the provided external cmsDocument to a {code toSignDocument} within a new signature revision.

Parameters:

toSignDocument - DSSDocument represented by a PDF document to be signed

parameters - PAdESSignatureParameters for signature configuration

cmsDocument - DSSDocument representing an external CMS Signed Data (e.g. CMSSignedDocument or InMemoryDocument)

Returns:

DSSDocument representing a signed PDF document

getPAdESSignatureService

protected PDFSignatureService getPAdESSignatureService()

This method is used to return a new PDFSignatureService for a signature creation

Returns:

PDFSignatureService

getPAdESService

protected PAdESService getPAdESService()

This method creates an instance of a PAdESService to be used for signature extension

Returns:

PAdESService

getFinalDocumentName

protected String getFinalDocumentName(DSSDocument originalFile,
 SignatureLevel level)

Generates and returns a final name for the document to be created

Parameters:

originalFile - DSSDocument original signed/extended document

level - SignatureLevel the final signature level

Returns:

String the document filename

isValidCMSSignedData

public boolean isValidCMSSignedData(DSSMessageDigest messageDigest,
 DSSDocument cms)

This method verifies if the cms is cryptographically valid

Parameters:

messageDigest - DSSMessageDigest computed on PDF's signature ByteRange

cms - DSSDocument representing an external CMSSignedData

Returns:

TRUE if the given CMSSignedData is valid, FALSE otherwise

isValidPAdESBaselineCMSSignedData

public boolean isValidPAdESBaselineCMSSignedData(DSSMessageDigest messageDigest,
 DSSDocument cms)

This method verifies if the given cms signature is compliant for PAdES format

Parameters:

messageDigest - DSSMessageDigest computed on PDF's signature ByteRange

cms - DSSDocument to be verified

Returns:

TRUE if the CMS is compliant to PAdES specification, FALSE otherwise