org.demoiselle.signer.policy.impl.cades.pkcs7.impl

Class CAdESSigner

java.lang.Object

org.demoiselle.signer.policy.impl.cades.pkcs7.impl.CAdESSigner

All Implemented Interfaces:

PKCS7Signer, Signer

public class CAdESSigner
extends Object
implements PKCS7Signer

Basic Implementation for digital signatures in PKCS7 Format.

Constructor Summary

Constructors

Constructor and Description
CAdESSigner()
CAdESSigner(String algorithm, PolicyFactory.Policies police)
CAdESSigner(String algorithm, PolicyFactory.Policies police, boolean pades)

Method Summary

Modifier and Type	Method and Description
byte[]	doAttachedSign(byte[] content) Generates a digital signature from a content and attaches this content on result file
byte[]	doAttachedSign(byte[] content, byte[] previewSigned) Generates a digital co-signature from a content and attaches this content on result file
byte[]	doCounterSign(byte[] previewCMSSignature) Generates a digital couter-signature
byte[]	doDetachedSign(byte[] content) Generates a digital signature from a content, the result does not contains the content that was signed
byte[]	doDetachedSign(byte[] content, byte[] previewSigned) Generates a digital co-signature from a content, the result file does not contains the content that was signed
byte[]	doHashCoSign(byte[] hash, byte[] previewSigned) Generates a digital co-signature from a previous calculated hash for a content, and its previous signatures the result file does not contains the original content that was signed
byte[]	doHashSign(byte[] hash) Generates a digital signature from a previous calculated hash for a content, the result file does not contains the original content that was signed
byte[]	envelopAttachedSign(org.bouncycastle.cms.CMSSignedData signedData) Generates a digital signature from a content and attaches this content on result On this step only signed attributes are generates
byte[]	envelopDetachedSign(org.bouncycastle.cms.CMSSignedData signedData) Generates a digital signature from a content, the result does not contains the content that was signed On this step only signed attributes are generates
byte[]	envelopHashSign(org.bouncycastle.cms.CMSSignedData signedData) Generates a digital signature from a previous calculated hash for a content, the result does not contains the original content that was signed On this step only signed attributes are generates
byte[]	envelopSignature(org.bouncycastle.cms.CMSSignedData cmsSignedData, byte[] previewSignature)
Certificate[]	extractCertificates(byte[] previewSignature) Extrai a lista de certificados incluídos em um envelope PKCS#7 ou CMS
org.bouncycastle.util.Store<?>	generatedCertStore(Certificate[] previewCerts)
String	getAlgorithm() Returns the algorithm to be used in the signature
CertificateManager	getCertificateManager()
byte[]	getHash()
Date	getNotAfterSignerCertificate() Data of end of Certificate use.
String	getPolicyName()
PrivateKey	getPrivateKey() Returns the private key.
PrivateKey	getPrivateKeyForTimeStamp()
Provider	getProvider() Returns the provider.
PublicKey	getPublicKey() Returns the public key.
String	getSignatory()
boolean	isAttached()
boolean	isDefaultCertificateValidators()
boolean	isPades()
AlgAndLength	prepareAlgAndLength() Seleciona os algorítmos de hash e criptografia e também o tamanho mínimo da chave que será utilizada para realizar a assinatura.
org.bouncycastle.cms.CMSSignedData	prepareAttachedSign(byte[] content) Prepare to Generates a digital signature from a content and attaches this content on result On this step only signed attributes are generates
org.bouncycastle.cms.CMSSignedData	prepareDetachedSign(byte[] content) Prepare to Generates a digital signature from a content, the result does not contains the content that was signed On this step only signed attributes are generates
org.bouncycastle.cms.CMSSignedData	prepareHashSign(byte[] hash) Prepare to Generates a digital signature from a previous calculated hash for a content, the result does not contains the original content that was signed On this step only signed attributes are generates
org.bouncycastle.asn1.cms.AttributeTable	prepareSignedAttributes(byte[] content, byte[] previewSignature) Recebe o conteúdo e uma assinatura prévia e prepara a tabela de atributos assináveis.
void	setAlgorithm(SignerAlgorithmEnum algorithm) Set an algorithm pre-defined in enumeration.
void	setAlgorithm(String algorithm) Set a Signature Algorithm.
void	setAttached(boolean attached)
void	setCertificateManager(CertificateManager certificateManager)
void	setCertificates(Certificate[] certificates) Assign a Certificate for validate or generate a signature
void	setCertificatesForTimeStamp(Certificate[] certificates) Assign a Certificate for get timeStamp
void	setDefaultCertificateValidators(boolean defaultCertificateValidators)
void	setHash(byte[] hash)
void	setNotAfterSignerCertificate(Date notAfterSignerCertificate)
void	setPades(boolean pades)
void	setPolicyName(String policyName)
void	setPrivateKey(PrivateKey privateKey) Private key required for asymmetric cryptography
void	setPrivateKeyForTimeStamp(PrivateKey privateKeyForTimeStamp) the private key to use for request timestamp
void	setProvider(Provider provider) Indicates which Provider will be used.
void	setPublicKey(PublicKey publicKey) Public key needed for asymmetric cryptography
void	setSignatory(String signatory)
void	setSignaturePolicy(PolicyFactory.Policies signaturePolicy) Assign a Policy for validate or generate a signature

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CAdESSigner

public CAdESSigner()

CAdESSigner

public CAdESSigner(String algorithm,
                   PolicyFactory.Policies police)

CAdESSigner

public CAdESSigner(String algorithm,
                   PolicyFactory.Policies police,
                   boolean pades)

Method Detail

generatedCertStore

public org.bouncycastle.util.Store<?> generatedCertStore(Certificate[] previewCerts)

Returns:

org.bouncycastle.cert.jcajce.JcaCertStore

getAlgorithm

public String getAlgorithm()

Description copied from interface: Signer

Returns the algorithm to be used in the signature

Specified by:

getAlgorithm in interface Signer

Returns:

current algorithm

getPrivateKey

public PrivateKey getPrivateKey()

Description copied from interface: Signer

Returns the private key.

Specified by:

getPrivateKey in interface Signer

Returns:

current private key

getProvider

public Provider getProvider()

Description copied from interface: Signer

Returns the provider.

Specified by:

getProvider in interface Signer

Returns:

current provider

getPublicKey

public PublicKey getPublicKey()

Description copied from interface: Signer

Returns the public key.

Specified by:

getPublicKey in interface Signer

Returns:

current public key

getHash

public byte[] getHash()

setHash

public void setHash(byte[] hash)

isDefaultCertificateValidators

public boolean isDefaultCertificateValidators()

setAlgorithm

public void setAlgorithm(SignerAlgorithmEnum algorithm)

Description copied from interface: Signer

Set an algorithm pre-defined in enumeration. Compatible with ICP-Brasil

Specified by:

setAlgorithm in interface Signer

Parameters:

algorithm - algorithm representation to be used

setAlgorithm

public void setAlgorithm(String algorithm)

Description copied from interface: Signer

Set a Signature Algorithm. Ex: SHA256withRSA

Specified by:

setAlgorithm in interface Signer

Parameters:

algorithm - algorithm to be used

isAttached

public boolean isAttached()

setAttached

public void setAttached(boolean attached)

setCertificates

public void setCertificates(Certificate[] certificates)

Description copied from interface: PKCS7Signer

Assign a Certificate for validate or generate a signature

Specified by:

setCertificates in interface PKCS7Signer

Parameters:

certificates - certificate to be used

setDefaultCertificateValidators

public void setDefaultCertificateValidators(boolean defaultCertificateValidators)

setPrivateKey

public void setPrivateKey(PrivateKey privateKey)

Description copied from interface: Signer

Private key required for asymmetric cryptography

Specified by:

setPrivateKey in interface Signer

Parameters:

privateKey - private key to be used

setProvider

public void setProvider(Provider provider)

Description copied from interface: Signer

Indicates which Provider will be used.

Specified by:

setProvider in interface Signer

Parameters:

provider - provider to be used

setPublicKey

public void setPublicKey(PublicKey publicKey)

Description copied from interface: Signer

Public key needed for asymmetric cryptography

Specified by:

setPublicKey in interface Signer

Parameters:

publicKey - public key to be used

setSignaturePolicy

public void setSignaturePolicy(PolicyFactory.Policies signaturePolicy)

Description copied from interface: PKCS7Signer

Assign a Policy for validate or generate a signature

Specified by:

setSignaturePolicy in interface PKCS7Signer

Parameters:

signaturePolicy - Signature policy to be used

doAttachedSign

public byte[] doAttachedSign(byte[] content)

Description copied from interface: Signer

Generates a digital signature from a content and attaches this content on result file

Specified by:

doAttachedSign in interface Signer

Parameters:

content - content to be signed

Returns:

attached signature

doDetachedSign

public byte[] doDetachedSign(byte[] content)

Description copied from interface: Signer

Generates a digital signature from a content, the result does not contains the content that was signed

Specified by:

doDetachedSign in interface Signer

Parameters:

content - content to be signed

Returns:

detached signature

doAttachedSign

public byte[] doAttachedSign(byte[] content,
                             byte[] previewSigned)

Description copied from interface: PKCS7Signer

Generates a digital co-signature from a content and attaches this content on result file

Specified by:

doAttachedSign in interface PKCS7Signer

Parameters:

content - content to be signed

previewSigned - CMS content from preview signed

Returns:

attached signature

doDetachedSign

public byte[] doDetachedSign(byte[] content,
                             byte[] previewSigned)

Description copied from interface: PKCS7Signer

Generates a digital co-signature from a content, the result file does not contains the content that was signed

Specified by:

doDetachedSign in interface PKCS7Signer

Parameters:

content - content to be signed

previewSigned - CMS content from preview signed

Returns:

detached signature

doCounterSign

public byte[] doCounterSign(byte[] previewCMSSignature)

Description copied from interface: PKCS7Signer

Generates a digital couter-signature

Specified by:

doCounterSign in interface PKCS7Signer

Parameters:

previewCMSSignature - CMS content from preview signed

Returns:

new CMS Signature bytes

doHashSign

public byte[] doHashSign(byte[] hash)

Description copied from interface: PKCS7Signer

Generates a digital signature from a previous calculated hash for a content, the result file does not contains the original content that was signed

Specified by:

doHashSign in interface PKCS7Signer

Specified by:

doHashSign in interface Signer

Parameters:

hash - hash to be signed

Returns:

detached PCKS7 signature

doHashCoSign

public byte[] doHashCoSign(byte[] hash,
                           byte[] previewSigned)

Description copied from interface: PKCS7Signer

Generates a digital co-signature from a previous calculated hash for a content, and its previous signatures the result file does not contains the original content that was signed

Specified by:

doHashCoSign in interface PKCS7Signer

Parameters:

hash - hash to be signed

previewSigned - previous signature

Returns:

detached PCKS7 signature

getPolicyName

public String getPolicyName()

setPolicyName

public void setPolicyName(String policyName)

getCertificateManager

public CertificateManager getCertificateManager()

setCertificateManager

public void setCertificateManager(CertificateManager certificateManager)

isPades

public boolean isPades()

setPades

public void setPades(boolean pades)

getNotAfterSignerCertificate

public Date getNotAfterSignerCertificate()

Description copied from interface: Signer

Data of end of Certificate use.

Specified by:

getNotAfterSignerCertificate in interface Signer

Returns:

the notAfterSignerCertificate

setNotAfterSignerCertificate

public void setNotAfterSignerCertificate(Date notAfterSignerCertificate)

Parameters:

notAfterSignerCertificate - the notAfterSignerCertificate to set

setCertificatesForTimeStamp

public void setCertificatesForTimeStamp(Certificate[] certificates)

Description copied from interface: PKCS7Signer

Assign a Certificate for get timeStamp

Specified by:

setCertificatesForTimeStamp in interface PKCS7Signer

Parameters:

certificates - certificate to be used

setPrivateKeyForTimeStamp

public void setPrivateKeyForTimeStamp(PrivateKey privateKeyForTimeStamp)

the private key to use for request timestamp

Specified by:

setPrivateKeyForTimeStamp in interface Signer

Parameters:

privateKeyForTimeStamp - to be used for request timestamp

getPrivateKeyForTimeStamp

public PrivateKey getPrivateKeyForTimeStamp()

Specified by:

getPrivateKeyForTimeStamp in interface Signer

Returns:

privateKey to be used for request timestamp

getSignatory

public String getSignatory()

Specified by:

getSignatory in interface Signer

Returns:

who perform the signature

setSignatory

public void setSignatory(String signatory)

prepareDetachedSign

public org.bouncycastle.cms.CMSSignedData prepareDetachedSign(byte[] content)

Description copied from interface: Signer

Prepare to Generates a digital signature from a content, the result does not contains the content that was signed On this step only signed attributes are generates

Specified by:

prepareDetachedSign in interface Signer

Parameters:

content - full content to sign

Returns:

only signed attributes

prepareAttachedSign

public org.bouncycastle.cms.CMSSignedData prepareAttachedSign(byte[] content)

Description copied from interface: Signer

Prepare to Generates a digital signature from a content and attaches this content on result On this step only signed attributes are generates

Specified by:

prepareAttachedSign in interface Signer

Parameters:

content - content to be signed

Returns:

only signed attributes for attached signature

prepareHashSign

public org.bouncycastle.cms.CMSSignedData prepareHashSign(byte[] hash)

Description copied from interface: Signer

Prepare to Generates a digital signature from a previous calculated hash for a content, the result does not contains the original content that was signed On this step only signed attributes are generates

Specified by:

prepareHashSign in interface Signer

Parameters:

hash - hash to be signed

Returns:

only signed attributes for detached PCKS7 signature

envelopDetachedSign

public byte[] envelopDetachedSign(org.bouncycastle.cms.CMSSignedData signedData)

Description copied from interface: Signer

Generates a digital signature from a content, the result does not contains the content that was signed On this step only signed attributes are generates

Specified by:

envelopDetachedSign in interface Signer

Parameters:

signedData - signed attributes

Returns:

only signed attributes

envelopAttachedSign

public byte[] envelopAttachedSign(org.bouncycastle.cms.CMSSignedData signedData)

Description copied from interface: Signer

Generates a digital signature from a content and attaches this content on result On this step only signed attributes are generates

Specified by:

envelopAttachedSign in interface Signer

Parameters:

signedData - signed attributes

Returns:

only signed attributes for attached signature

envelopHashSign

public byte[] envelopHashSign(org.bouncycastle.cms.CMSSignedData signedData)

Description copied from interface: Signer

Generates a digital signature from a previous calculated hash for a content, the result does not contains the original content that was signed On this step only signed attributes are generates

Specified by:

envelopHashSign in interface Signer

Parameters:

signedData - signed attributes

Returns:

only signed attributes for detached PCKS7 signature

envelopSignature

public byte[] envelopSignature(org.bouncycastle.cms.CMSSignedData cmsSignedData,
                               byte[] previewSignature)

prepareSignedAttributes

public org.bouncycastle.asn1.cms.AttributeTable prepareSignedAttributes(byte[] content,
                                                                        byte[] previewSignature)

Recebe o conteúdo e uma assinatura prévia e prepara a tabela de atributos assináveis. Caso o conteúdo seja nulo, o hash do documento a ser assinado deve ser informado na propriedade this.hash. A tabela de atributos retornada ainda precisará receber o atributo signingTime e ser reordenada antes que possa ser realizada a assinatura.

Parameters:

content - Conteúdo que está sendo assinado, ou null

previewSignature - Assinatura prévia do mesmo conteúdo, para copiar os certificados

Returns:

prepareAlgAndLength

public AlgAndLength prepareAlgAndLength()

Seleciona os algorítmos de hash e criptografia e também o tamanho mínimo da chave que será utilizada para realizar a assinatura.

Returns:

extractCertificates

public Certificate[] extractCertificates(byte[] previewSignature)

Extrai a lista de certificados incluídos em um envelope PKCS#7 ou CMS

Parameters:

previewSignature -

Returns: