Class MakeSignature

java.lang.Object

com.itextpdf.text.pdf.security.MakeSignature

public class MakeSignature
extends Object

Class that signs your PDF.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	MakeSignature.CryptoStandard

Field Summary

Fields

Modifier and Type	Field	Description
private static final Logger	LOGGER	The Logger instance.

Constructor Summary

Constructors

Constructor	Description
MakeSignature()

Method Summary

Modifier and Type	Method	Description
static Collection<byte[]>	processCrl(Certificate cert, Collection<CrlClient> crlList)	Processes a CRL list.
static void	signDeferred(PdfReader reader, String fieldName, OutputStream outs, ExternalSignatureContainer externalSignatureContainer)	Signs a PDF where space was already reserved.
static void	signDetached(PdfSignatureAppearance sap, ExternalDigest externalDigest, ExternalSignature externalSignature, Certificate[] chain, Collection<CrlClient> crlList, OcspClient ocspClient, TSAClient tsaClient, int estimatedSize, MakeSignature.CryptoStandard sigtype)	Signs the document using the detached mode, CMS or CAdES equivalent.
static void	signDetached(PdfSignatureAppearance sap, ExternalDigest externalDigest, ExternalSignature externalSignature, Certificate[] chain, Collection<CrlClient> crlList, OcspClient ocspClient, TSAClient tsaClient, int estimatedSize, MakeSignature.CryptoStandard sigtype, SignaturePolicyInfo signaturePolicy)	Signs the document using the detached mode, CMS or CAdES equivalent.
static void	signDetached(PdfSignatureAppearance sap, ExternalDigest externalDigest, ExternalSignature externalSignature, Certificate[] chain, Collection<CrlClient> crlList, OcspClient ocspClient, TSAClient tsaClient, int estimatedSize, MakeSignature.CryptoStandard sigtype, org.bouncycastle.asn1.esf.SignaturePolicyIdentifier signaturePolicy)	Signs the document using the detached mode, CMS or CAdES equivalent.
static void	signExternalContainer(PdfSignatureAppearance sap, ExternalSignatureContainer externalSignatureContainer, int estimatedSize)	Sign the document using an external container, usually a PKCS7.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

LOGGER

private static final Logger LOGGER

The Logger instance.

Constructor Details

MakeSignature

public MakeSignature()

Method Details

signDetached

public static void signDetached(PdfSignatureAppearance sap,
 ExternalDigest externalDigest,
 ExternalSignature externalSignature,
 Certificate[] chain,
 Collection<CrlClient> crlList,
 OcspClient ocspClient,
 TSAClient tsaClient,
 int estimatedSize,
 MakeSignature.CryptoStandard sigtype)
                         throws IOException,
DocumentException,
GeneralSecurityException

Signs the document using the detached mode, CMS or CAdES equivalent.

Parameters:

sap - the PdfSignatureAppearance

externalDigest - an implementation that provides the digest

externalSignature - the interface providing the actual signing

chain - the certificate chain

crlList - the CRL list

ocspClient - the OCSP client

tsaClient - the Timestamp client

estimatedSize - the reserved size for the signature. It will be estimated if 0

sigtype - Either Signature.CMS or Signature.CADES

Throws:

DocumentException

IOException

GeneralSecurityException

NoSuchAlgorithmException

Exception

signDetached

public static void signDetached(PdfSignatureAppearance sap,
 ExternalDigest externalDigest,
 ExternalSignature externalSignature,
 Certificate[] chain,
 Collection<CrlClient> crlList,
 OcspClient ocspClient,
 TSAClient tsaClient,
 int estimatedSize,
 MakeSignature.CryptoStandard sigtype,
 SignaturePolicyInfo signaturePolicy)
                         throws IOException,
DocumentException,
GeneralSecurityException

Signs the document using the detached mode, CMS or CAdES equivalent.

Parameters:

sap - the PdfSignatureAppearance

externalDigest - an implementation that provides the digest

externalSignature - the interface providing the actual signing

chain - the certificate chain

crlList - the CRL list

ocspClient - the OCSP client

tsaClient - the Timestamp client

estimatedSize - the reserved size for the signature. It will be estimated if 0

sigtype - Either Signature.CMS or Signature.CADES

signaturePolicy - the signature policy (for EPES signatures)

Throws:

DocumentException

IOException

GeneralSecurityException

NoSuchAlgorithmException

Exception

signDetached

public static void signDetached(PdfSignatureAppearance sap,
 ExternalDigest externalDigest,
 ExternalSignature externalSignature,
 Certificate[] chain,
 Collection<CrlClient> crlList,
 OcspClient ocspClient,
 TSAClient tsaClient,
 int estimatedSize,
 MakeSignature.CryptoStandard sigtype,
 org.bouncycastle.asn1.esf.SignaturePolicyIdentifier signaturePolicy)
                         throws IOException,
DocumentException,
GeneralSecurityException

Signs the document using the detached mode, CMS or CAdES equivalent.

Parameters:

sap - the PdfSignatureAppearance

externalDigest - an implementation that provides the digest

externalSignature - the interface providing the actual signing

chain - the certificate chain

crlList - the CRL list

ocspClient - the OCSP client

tsaClient - the Timestamp client

estimatedSize - the reserved size for the signature. It will be estimated if 0

sigtype - Either Signature.CMS or Signature.CADES

signaturePolicy - the signature policy (for EPES signatures)

Throws:

DocumentException

IOException

GeneralSecurityException

NoSuchAlgorithmException

Exception

processCrl

public static Collection<byte[]> processCrl(Certificate cert,
 Collection<CrlClient> crlList)

Processes a CRL list.

Parameters:

cert - a Certificate if one of the CrlList implementations needs to retrieve the CRL URL from it.

crlList - a list of CrlClient implementations

Returns:

a collection of CRL bytes that can be embedded in a PDF.

signExternalContainer

public static void signExternalContainer(PdfSignatureAppearance sap,
 ExternalSignatureContainer externalSignatureContainer,
 int estimatedSize)
                                  throws GeneralSecurityException,
IOException,
DocumentException

Sign the document using an external container, usually a PKCS7. The signature is fully composed externally, iText will just put the container inside the document.

Parameters:

sap - the PdfSignatureAppearance

externalSignatureContainer - the interface providing the actual signing

estimatedSize - the reserved size for the signature

Throws:

GeneralSecurityException

IOException

DocumentException

signDeferred

public static void signDeferred(PdfReader reader,
 String fieldName,
 OutputStream outs,
 ExternalSignatureContainer externalSignatureContainer)
                         throws DocumentException,
IOException,
GeneralSecurityException

Signs a PDF where space was already reserved.

Parameters:

reader - the original PDF

fieldName - the field to sign. It must be the last field

outs - the output PDF

externalSignatureContainer - the signature container doing the actual signing. Only the method ExternalSignatureContainer.sign is used

Throws:

DocumentException

IOException

GeneralSecurityException