Package eu.europa.esig.dss.spi.x509
Class CMSSignedDataBuilder
java.lang.Object
eu.europa.esig.dss.spi.x509.CMSSignedDataBuilder
-
Constructor Summary
ConstructorsConstructorDescriptionThis is the default constructor forCMSSignedDataBuilder. -
Method Summary
Modifier and TypeMethodDescriptionprotected org.bouncycastle.cms.CMSSignedDataaddDigestAlgorithm(org.bouncycastle.cms.CMSSignedData cmsSignedData, org.bouncycastle.asn1.x509.AlgorithmIdentifier algorithmIdentifier) This method adds a DigestAlgorithm used by an Archive TimeStamp to the SignedData.digestAlgorithms set, when required.org.bouncycastle.cms.CMSSignedDatacreateCMSSignedData(org.bouncycastle.cms.SignerInfoGenerator signerInfoGenerator, DSSDocument toSignDocument) Builds aCMSSignedDataorg.bouncycastle.cms.CMSSignedDataGeneratorcreateCMSSignedDataGenerator(org.bouncycastle.cms.SignerInfoGenerator signerInfoGenerator) Note: Section 5.1 of RFC 3852 [4] requires that, the CMS SignedData version be set to 3 if certificates from SignedData is present AND (any version 1 attribute certificates are present OR any SignerInfo structures are version 3 OR eContentType from encapContentInfo is other than id-data).org.bouncycastle.cms.CMSSignedDataextendCMSSignedData(Collection<CertificateToken> certificateTokens, Collection<CRLToken> crlTokens, Collection<OCSPToken> ocspTokens) Extends the providedcmsSignedDatawith the required validation dataprotected org.bouncycastle.cms.CMSTypedDatagetContentToBeSigned(DSSDocument toSignData) Returns the content to be signedprotected org.bouncycastle.cms.CMSSignedDatapopulateDigestAlgorithmSet(org.bouncycastle.cms.CMSSignedData newCmsSignedData) This method is used to ensure the presence of all items from SignedData.digestAlgorithm set fromoriginalCMSSignedDatawithinnewCmsSignedDatasetCertificateChain(Collection<CertificateToken> certificateChain) Sets a collection of certificates to be incorporated within CMSSignedData.certificates fieldsetEncapsulate(boolean encapsulate) Sets whether a signer content shall be encapsulated to the CMSSignedData.setGenerateWithoutCertificates(boolean generateWithoutCertificates) Sets whether CMSSignedData is to be generated without certificates inside.setOriginalCMSSignedData(org.bouncycastle.cms.CMSSignedData originalCMSSignedData) Sets the original CMSSignedData, which internal field values will be copied to a new CMSSignedDatasetSigningCertificate(CertificateToken signingCertificate) Sets a signing-certificate to be used for CMSSignedData generationsetTrustAnchorBPPolicy(boolean trustAnchorBPPolicy) Sets whether a B-level trust anchor policy should be used.setTrustedCertificateSource(CertificateSource trustedCertificateSource) Sets a trusted certificate source.
-
Constructor Details
-
CMSSignedDataBuilder
public CMSSignedDataBuilder()This is the default constructor forCMSSignedDataBuilder.
-
-
Method Details
-
setSigningCertificate
Sets a signing-certificate to be used for CMSSignedData generation- Parameters:
signingCertificate-CertificateToken- Returns:
- this
CMSSignedDataBuilder
-
setCertificateChain
Sets a collection of certificates to be incorporated within CMSSignedData.certificates field- Parameters:
certificateChain- a collection ofCertificateTokens- Returns:
- this
CMSSignedDataBuilder
-
setGenerateWithoutCertificates
Sets whether CMSSignedData is to be generated without certificates inside. Default : FALSE (an attempt to generate without certificates will result to an exception)- Parameters:
generateWithoutCertificates- whether CMSSignedData is to be generated without certificates- Returns:
- this
CMSSignedDataBuilder
-
setTrustedCertificateSource
Sets a trusted certificate source. SeetrustAnchorBPPolicyfor more details.- Parameters:
trustedCertificateSource-CertificateSource- Returns:
- this
CMSSignedDataBuilder
-
setTrustAnchorBPPolicy
Sets whether a B-level trust anchor policy should be used. When enabled, the trust anchor is not included to the generated certificate chain. Otherwise, the chain is generated up to a trust anchor, including the trust anchor itself. Default : TRUE (the certificate chain will be generated up to a trust anchor, excluded)- Parameters:
trustAnchorBPPolicy- whether a B-level trust anchor policy should be used- Returns:
- this
CMSSignedDataBuilder
-
setOriginalCMSSignedData
public CMSSignedDataBuilder setOriginalCMSSignedData(org.bouncycastle.cms.CMSSignedData originalCMSSignedData) Sets the original CMSSignedData, which internal field values will be copied to a new CMSSignedData- Parameters:
originalCMSSignedData-CMSSignedData- Returns:
- this
CMSSignedDataBuilder
-
setEncapsulate
Sets whether a signer content shall be encapsulated to the CMSSignedData. When enabled creates an enveloping signature, otherwise creates detached signature. Default : TRUE (the signer content is included to the signature)- Parameters:
encapsulate- whether signer content shall be encapsulated to the CMSSignedData- Returns:
- this
CMSSignedDataBuilder
-
createCMSSignedData
public org.bouncycastle.cms.CMSSignedData createCMSSignedData(org.bouncycastle.cms.SignerInfoGenerator signerInfoGenerator, DSSDocument toSignDocument) Builds aCMSSignedData- Parameters:
signerInfoGenerator-SignerInfoGeneratortoSignDocument-DSSDocument- Returns:
CMSSignedData
-
createCMSSignedDataGenerator
public org.bouncycastle.cms.CMSSignedDataGenerator createCMSSignedDataGenerator(org.bouncycastle.cms.SignerInfoGenerator signerInfoGenerator) Note: Section 5.1 of RFC 3852 [4] requires that, the CMS SignedData version be set to 3 if certificates from SignedData is present AND (any version 1 attribute certificates are present OR any SignerInfo structures are version 3 OR eContentType from encapContentInfo is other than id-data). Otherwise, the CMS SignedData version is required to be set to 1. CMS SignedData Version is handled automatically by BouncyCastle.- Parameters:
signerInfoGenerator- the signer info generator- Returns:
- the bouncycastle signed data generator which signs the document and adds the required signed and unsigned CMS attributes
-
getContentToBeSigned
Returns the content to be signed- Parameters:
toSignData-DSSDocumentto sign- Returns:
CMSTypedData
-
extendCMSSignedData
public org.bouncycastle.cms.CMSSignedData extendCMSSignedData(Collection<CertificateToken> certificateTokens, Collection<CRLToken> crlTokens, Collection<OCSPToken> ocspTokens) Extends the providedcmsSignedDatawith the required validation data- Parameters:
certificateTokens- a collection ofCertificateTokenscrlTokens- a collection ofCRLTokensocspTokens- a collection ofOCSPTokens- Returns:
- extended
CMSSignedData
-
populateDigestAlgorithmSet
protected org.bouncycastle.cms.CMSSignedData populateDigestAlgorithmSet(org.bouncycastle.cms.CMSSignedData newCmsSignedData) This method is used to ensure the presence of all items from SignedData.digestAlgorithm set fromoriginalCMSSignedDatawithinnewCmsSignedData- Parameters:
newCmsSignedData-CMSSignedDatato be extended with digest algorithms, if required- Returns:
- extended
CMSSignedData
-
addDigestAlgorithm
protected org.bouncycastle.cms.CMSSignedData addDigestAlgorithm(org.bouncycastle.cms.CMSSignedData cmsSignedData, org.bouncycastle.asn1.x509.AlgorithmIdentifier algorithmIdentifier) This method adds a DigestAlgorithm used by an Archive TimeStamp to the SignedData.digestAlgorithms set, when required. See ETSI EN 319 122-1, ch. "5.5.3 The archive-time-stamp-v3 attribute"- Parameters:
cmsSignedData-CMSSignedDatato extendalgorithmIdentifier-AlgorithmIdentifierto add- Returns:
CMSSignedData
-