Package eu.europa.esig.dss.pades.signature

Class ExternalCMSService

java.lang.Object
eu.europa.esig.dss.pades.signature.ExternalCMSService
public class ExternalCMSService extends Object
This service is used to generate a CMSSignedData used for incorporation within a PDF document for a PAdES signature creation.

To create a CMS with the current class, please follow the algorithm: 1) Compute DTBS using message-digest of the PDF signature's ByteRange: ToBeSigned toBeSigned = getDataToSign(Digest messageDigest, PAdESSignatureParameters parameters); 2) Create signature value using private-key signing: SignatureValue signatureValue = *sign toBeSigned data*; 3) Create CMS signature signing the message-digest: CMSSignedDocument cmsSignature = signMessageDigest( Digest messageDigest, PAdESSignatureParameters parameters, SignatureValue signatureValue);

NOTE : This class does not create CAdES-BASELINE signatures, but CAdES-Extended signatures as per ETSI EN 319 122-2, suitable for a PAdES-BASELINE creation.

  • Field Details

    • resourcesHandlerBuilder

      protected DSSResourcesHandlerBuilder resourcesHandlerBuilder
      This object is used to write a created CMS into a defined implementation of an OutputStream or a DSSDocument

  • Constructor Details

    • ExternalCMSService

      public ExternalCMSService(CertificateVerifier certificateVerifier)
      This is the default constructor for PAdESCMSGeneratorService.
      Parameters:
      certificateVerifier - CertificateVerifier provides information on the sources to be used in the validation process in the context of a signature.

  • Method Details

    • setTspSource

      public void setTspSource(TSPSource tspSource)
      This setter allows to define the TSP (timestamp provider) source for T-level signature creation.
      Parameters:
      tspSource - The time stamp source which is used when timestamping the signature.

    • setResourcesHandlerBuilder

      public void setResourcesHandlerBuilder(DSSResourcesHandlerBuilder resourcesHandlerBuilder)
      This method sets a DSSResourcesHandlerBuilder to be used for operating with CMS object output containers during the signature creation procedure. NOTE: The DSSResourcesHandlerBuilder is supported only within the 'dss-cms-stream' module!
      Parameters:
      resourcesHandlerBuilder - DSSResourcesHandlerBuilder

    • getDataToSign

      public ToBeSigned getDataToSign(DSSMessageDigest messageDigest, PAdESSignatureParameters parameters)
      This method is used to compute signed-attributes of a CMSSignedData to be used for a private-key signing.
      Parameters:
      messageDigest - DSSMessageDigest representing message-digest of a ByteRange content prepared for a PDF signature creation
      parameters - PAdESSignatureParameters containing configuration for CMS creation
      Returns:
      ToBeSigned representing the data to be cryptographically signed (used to compute SignatureValue)

    • buildToBeSignedData

      protected ToBeSigned buildToBeSignedData(DSSMessageDigest messageDigest, PAdESSignatureParameters parameters)
      This method builds a CMSSignedData without executing additional checks on provided configuration
      Parameters:
      messageDigest - DSSMessageDigest representing message-digest of a ByteRange content prepared for a PDF signature creation
      parameters - PAdESSignatureParameters
      Returns:
      CMSSignedData

    • signMessageDigest

      public DSSDocument signMessageDigest(DSSMessageDigest messageDigest, PAdESSignatureParameters parameters, SignatureValue signatureValue)
      This method is used to create a signed CMS to be used for incorporation within a PDF document for a PAdES signature creation
      Parameters:
      messageDigest - DSSMessageDigest representing digest of a ByteRange content prepared for a PDF signature creation
      parameters - PAdESSignatureParameters containing configuration for CMS creation
      signatureValue - SignatureValue representing private-key signing of the DTBS
      Returns:
      DSSDocument representing a CMS signature suitable for PAdES signature creation

    • buildCMS

      protected CMS buildCMS(DSSMessageDigest messageDigest, PAdESSignatureParameters parameters, SignatureValue signatureValue)
      This method builds a CMS without executing additional checks on provided configuration
      Parameters:
      messageDigest - DSSMessageDigest representing digest of PDF ByteRange to be signed
      parameters - PAdESSignatureParameters
      signatureValue - SignatureValue
      Returns:
      CMS

    • assertConfigurationValid

      protected void assertConfigurationValid(DSSMessageDigest messageDigest, PAdESSignatureParameters parameters)
      This method verifies whether the provided parameters are valid for the external CMS creation process
      Parameters:
      messageDigest - DSSMessageDigest representing message-digest computed on PDF signature byte range
      parameters - PAdESSignatureParameters to be checked

    • assertSigningCertificateValid

      protected void assertSigningCertificateValid(AbstractSignatureParameters<?> parameters)
      This method raises an exception if the signing rules forbid the use the certificate.
      Parameters:
      parameters - set of driving signing parameters