Package eu.europa.esig.dss.pades.signature

Class PAdESWithExternalCMSService

java.lang.Object
eu.europa.esig.dss.pades.signature.PAdESWithExternalCMSService
All Implemented Interfaces:
Serializable
public class PAdESWithExternalCMSService extends Object implements Serializable
This service contains methods for a PAdES signature creation using an external CMS provider.

To create a signature with the current class, please follow the algorithm: 1) Create a message-digest computed on PDF ByteRange: Digest messageDigest = getMessageDigest(DSSDocument toSignDocument, PAdESSignatureParameters parameters); 2) Create CMS signature signing the message-digest (e.g. using a remote-signing solution): DSSDocument cmsDocument = *create CMS using message-digest*; 3) OPTIONAL : verify validity of the obtained CMS signature using the methods: - isValidCMSSignedData(Digest messageDigest, DSSDocument cms) - to check cryptographical validity of the signature; - isValidPAdESBaselineCMSSignedData(Digest messageDigest, DSSDocument cms) - to check CMS applicability rules for a PAdES signature creation; 4) Create PAdES signature by incorporating obtained CMS signature to a PDF document: DSSDocument signedDocument = signDocument(DSSDocument toSignDocument, PAdESSignatureParameters parameters, DSSDocument cmsDocument).

NOTES: - Unlike configuration in PAdESService an instance of PAdESSignatureParameters in this class does not need to have signingCertificate and certificateChain defined when using external signing. - Signature extension to -T level with the current class will never lead to a signature-timestamp incorporated within CMS Signed Data. It always creates a new revision with a document timestamp. - Content timestamp is not supported by this service.

See Also:

  • Constructor Details

    • PAdESWithExternalCMSService

      public PAdESWithExternalCMSService()
      Default constructor to instantiate PAdESExternalCMSSignatureService

  • Method Details

    • setCertificateVerifier

      public void setCertificateVerifier(CertificateVerifier certificateVerifier)
      This setter allows to define the CertificateVerifier. Used for signature extension and on CMS creation method. Not required for B-level remote-signing solutions.
      Parameters:
      certificateVerifier - CertificateVerifier used to verify the certificate chain

    • setTspSource

      public void setTspSource(TSPSource tspSource)
      This setter allows to define the TSP (timestamp provider) source.
      Parameters:
      tspSource - The time stamp source which is used when timestamping the signature.

    • setPdfObjFactory

      public void setPdfObjFactory(IPdfObjFactory pdfObjFactory)
      Set the IPdfObjFactory. Allow to set the used implementation. Cannot be null.
      Parameters:
      pdfObjFactory - the implementation to be used.

    • getMessageDigest

      public DSSMessageDigest getMessageDigest(DSSDocument toSignDocument, PAdESSignatureParameters parameters)
      This method computes message-digest of the signature ByteRange to be used for CMS Signed Data creation
      Parameters:
      toSignDocument - DSSDocument represented by a PDF document to be signed
      parameters - PAdESSignatureParameters for signature configuration
      Returns:
      DSSMessageDigest of the PDF signature ByteRange to be signed

    • signDocument

      public DSSDocument signDocument(DSSDocument toSignDocument, PAdESSignatureParameters parameters, DSSDocument cmsDocument)
      This method embeds the provided external cmsDocument to a {code toSignDocument} within a new signature revision.
      Parameters:
      toSignDocument - DSSDocument represented by a PDF document to be signed
      parameters - PAdESSignatureParameters for signature configuration
      cmsDocument - DSSDocument representing an external CMS Signed Data (e.g. CMSSignedDocument or InMemoryDocument)
      Returns:
      DSSDocument representing a signed PDF document

    • getPAdESSignatureService

      protected PDFSignatureService getPAdESSignatureService()
      This method is used to return a new PDFSignatureService for a signature creation
      Returns:
      PDFSignatureService

    • getPAdESService

      protected PAdESService getPAdESService()
      This method creates an instance of a PAdESService to be used for signature extension
      Returns:
      PAdESService

    • getFinalDocumentName

      protected String getFinalDocumentName(DSSDocument originalFile, SignatureLevel level)
      Generates and returns a final name for the document to be created
      Parameters:
      originalFile - DSSDocument original signed/extended document
      level - SignatureLevel the final signature level
      Returns:
      String the document filename

    • isValidCMSSignedData

      public boolean isValidCMSSignedData(DSSMessageDigest messageDigest, DSSDocument cms)
      This method verifies if the cms is cryptographically valid
      Parameters:
      messageDigest - DSSMessageDigest computed on PDF's signature ByteRange
      cms - DSSDocument representing an external CMSSignedData
      Returns:
      TRUE if the given CMSSignedData is valid, FALSE otherwise

    • isValidPAdESBaselineCMSSignedData

      public boolean isValidPAdESBaselineCMSSignedData(DSSMessageDigest messageDigest, DSSDocument cms)
      This method verifies if the given cms signature is compliant for PAdES format
      Parameters:
      messageDigest - DSSMessageDigest computed on PDF's signature ByteRange
      cms - DSSDocument to be verified
      Returns:
      TRUE if the CMS is compliant to PAdES specification, FALSE otherwise