Class ExternalCMSService
java.lang.Object
eu.europa.esig.dss.pades.signature.ExternalCMSService
This service is used to generate a CMSSignedData used for incorporation
within a PDF document for a PAdES signature creation.
To create a CMS with the current class, please follow the algorithm:
1) Compute DTBS using message-digest of the PDF signature's ByteRange:
ToBeSigned toBeSigned = getDataToSign(Digest messageDigest, PAdESSignatureParameters parameters);
2) Create signature value using private-key signing:
SignatureValue signatureValue = *sign toBeSigned data*;
3) Create CMS signature signing the message-digest:
CMSSignedDocument cmsSignature = signMessageDigest(
Digest messageDigest, PAdESSignatureParameters parameters, SignatureValue signatureValue);
NOTE : This class does not create CAdES-BASELINE signatures, but CAdES-Extended signatures as per ETSI EN 319 122-2, suitable for a PAdES-BASELINE creation.
-
Constructor Summary
ConstructorsConstructorDescriptionExternalCMSService(CertificateVerifier certificateVerifier) This is the default constructor forPAdESCMSGeneratorService. -
Method Summary
Modifier and TypeMethodDescriptionprotected voidassertConfigurationValid(DSSMessageDigest messageDigest, PAdESSignatureParameters parameters) This method verifies whether the providedparametersare valid for the external CMS creation processprotected voidassertSigningCertificateValid(AbstractSignatureParameters<?> parameters) This method raises an exception if the signing rules forbid the use the certificate.protected org.bouncycastle.cms.CMSSignedDatabuildCMSSignedData(DSSMessageDigest messageDigest, PAdESSignatureParameters parameters, SignatureValue signatureValue) This method builds aCMSSignedDatawithout executing additional checks on provided configurationprotected ToBeSignedbuildToBeSignedData(DSSMessageDigest messageDigest, PAdESSignatureParameters parameters) This method builds aCMSSignedDatawithout executing additional checks on provided configurationgetDataToSign(DSSMessageDigest messageDigest, PAdESSignatureParameters parameters) This method is used to compute signed-attributes of a CMSSignedData to be used for a private-key signing.voidsetTspSource(TSPSource tspSource) This setter allows to define the TSP (timestamp provider) source for T-level signature creation.signMessageDigest(DSSMessageDigest messageDigest, PAdESSignatureParameters parameters, SignatureValue signatureValue) This method is used to create a signed CMSSignedData to be used for incorporation within a PDF document for a PAdES signature creation
-
Constructor Details
-
ExternalCMSService
This is the default constructor forPAdESCMSGeneratorService.- Parameters:
certificateVerifier-CertificateVerifierprovides information on the sources to be used in the validation process in the context of a signature.
-
-
Method Details
-
setTspSource
This setter allows to define the TSP (timestamp provider) source for T-level signature creation.- Parameters:
tspSource- The time stamp source which is used when timestamping the signature.
-
getDataToSign
public ToBeSigned getDataToSign(DSSMessageDigest messageDigest, PAdESSignatureParameters parameters) This method is used to compute signed-attributes of a CMSSignedData to be used for a private-key signing.- Parameters:
messageDigest-DSSMessageDigestrepresenting message-digest of a ByteRange content prepared for a PDF signature creationparameters-PAdESSignatureParameterscontaining configuration for CMS creation- Returns:
ToBeSignedrepresenting the data to be cryptographically signed (used to compute SignatureValue)
-
buildToBeSignedData
protected ToBeSigned buildToBeSignedData(DSSMessageDigest messageDigest, PAdESSignatureParameters parameters) This method builds aCMSSignedDatawithout executing additional checks on provided configuration- Parameters:
messageDigest-DSSMessageDigestrepresenting message-digest of a ByteRange content prepared for a PDF signature creationparameters-PAdESSignatureParameters- Returns:
CMSSignedData
-
signMessageDigest
public CMSSignedDocument signMessageDigest(DSSMessageDigest messageDigest, PAdESSignatureParameters parameters, SignatureValue signatureValue) This method is used to create a signed CMSSignedData to be used for incorporation within a PDF document for a PAdES signature creation- Parameters:
messageDigest-DSSMessageDigestrepresenting digest of a ByteRange content prepared for a PDF signature creationparameters-PAdESSignatureParameterscontaining configuration for CMS creationsignatureValue-SignatureValuerepresenting private-key signing of the DTBS- Returns:
CMSSignedDocumentrepresenting a CMS signature suitable for PAdES signature creation
-
buildCMSSignedData
protected org.bouncycastle.cms.CMSSignedData buildCMSSignedData(DSSMessageDigest messageDigest, PAdESSignatureParameters parameters, SignatureValue signatureValue) This method builds aCMSSignedDatawithout executing additional checks on provided configuration- Parameters:
messageDigest-DSSMessageDigestrepresenting digest of PDF ByteRange to be signedparameters-PAdESSignatureParameterssignatureValue-SignatureValue- Returns:
CMSSignedData
-
assertConfigurationValid
protected void assertConfigurationValid(DSSMessageDigest messageDigest, PAdESSignatureParameters parameters) This method verifies whether the providedparametersare valid for the external CMS creation process- Parameters:
messageDigest-DSSMessageDigestrepresenting message-digest computed on PDF signature byte rangeparameters-PAdESSignatureParametersto be checked
-
assertSigningCertificateValid
This method raises an exception if the signing rules forbid the use the certificate.- Parameters:
parameters- set of driving signing parameters
-