Class PadesTwoPhaseSigningHelper

java.lang.Object
com.itextpdf.signatures.PadesTwoPhaseSigningHelper
public class PadesTwoPhaseSigningHelper extends Object
Helper class to perform signing operation in two steps.

Firstly createCMSContainerWithoutSignature(Certificate[], String, PdfReader, OutputStream, SignerProperties) prepares document and placeholder for future signature without actual signing process.

Secondly follow-up step signs prepared document with corresponding PAdES Baseline profile.

  • Constructor Details

  • Method Details

    • setOcspClient

      public PadesTwoPhaseSigningHelper setOcspClient(IOcspClient ocspClient)
      Set IOcspClient to be used for LTV Verification.

      This setter is only relevant if Baseline-LT Profile level or higher is used.

      If none is set, there will be an attempt to create default OCSP Client instance using the certificate chain.

      Parameters:
      ocspClient - IOcspClient instance to be used for LTV Verification
      Returns:
      same instance of PadesTwoPhaseSigningHelper

    • setTrustedCertificates

      public PadesTwoPhaseSigningHelper setTrustedCertificates(List<Certificate> certificateList)
      Set certificate list to be used by the IIssuingCertificateRetriever to retrieve missing certificates.
      Parameters:
      certificateList - certificate list for getting missing certificates in chain or CRL response issuer certificates.
      Returns:
      same instance of PadesTwoPhaseSigningHelper.

    • setCrlClient

      public PadesTwoPhaseSigningHelper setCrlClient(ICrlClient crlClient)
      Set ICrlClient to be used for LTV Verification.

      This setter is only relevant if Baseline-LT Profile level or higher is used.

      If none is set, there will be an attempt to create default CRL Client instance using the certificate chain.

      Parameters:
      crlClient - ICrlClient instance to be used for LTV Verification
      Returns:
      same instance of PadesTwoPhaseSigningHelper

    • setTSAClient

      public PadesTwoPhaseSigningHelper setTSAClient(ITSAClient tsaClient)
      Set ITSAClient to be used for timestamp signature creation.

      This client has to be set for Baseline-T Profile level and higher.

      Parameters:
      tsaClient - ITSAClient instance to be used for timestamp signature creation.
      Returns:
      same instance of PadesTwoPhaseSigningHelper

    • setIssuingCertificateRetriever

      public PadesTwoPhaseSigningHelper setIssuingCertificateRetriever(IIssuingCertificateRetriever issuingCertificateRetriever)
      Set IIssuingCertificateRetriever to be used before main signing operation.

      If none is set, IssuingCertificateRetriever instance will be used instead.

      Parameters:
      issuingCertificateRetriever - IIssuingCertificateRetriever instance to be used for getting missing certificates in chain or CRL response issuer certificates.
      Returns:
      same instance of PadesTwoPhaseSigningHelper.

    • setEstimatedSize

      public PadesTwoPhaseSigningHelper setEstimatedSize(int estimatedSize)
      Set estimated size of a signature to be applied.

      This parameter represents estimated amount of bytes to be preserved for the signature.

      If none is set, 0 will be used and the required space will be calculated during the signing.

      Parameters:
      estimatedSize - amount of bytes to be used as estimated value
      Returns:
      same instance of PadesTwoPhaseSigningHelper

    • setTemporaryDirectoryPath

      public PadesTwoPhaseSigningHelper setTemporaryDirectoryPath(String temporaryDirectoryPath)
      Set temporary directory to be used for temporary files creation.

      If none is set, temporary documents will be created in memory.

      Parameters:
      temporaryDirectoryPath - String representing relative or absolute path to the directory
      Returns:
      same instance of PadesTwoPhaseSigningHelper

    • setTimestampSignatureName

      public PadesTwoPhaseSigningHelper setTimestampSignatureName(String timestampSignatureName)
      Set the name to be used for timestamp signature creation.

      This setter is only relevant if PdfPadesSigner.signWithBaselineLTAProfile(SignerProperties, Certificate[], IExternalSignature, ITSAClient) or PdfPadesSigner.prolongSignatures(ITSAClient) methods are used.

      If none is set, randomly generated signature name will be used.

      Parameters:
      timestampSignatureName - String representing the name of a timestamp signature to be applied
      Returns:
      same instance of PadesTwoPhaseSigningHelper

    • setStampingProperties

      public PadesTwoPhaseSigningHelper setStampingProperties(StampingProperties stampingProperties)
      Set stamping properties to be used during main signing operation.

      If none is set, stamping properties with append mode enabled will be used

      Parameters:
      stampingProperties - StampingProperties instance to be used during main signing operation
      Returns:
      same instance of PadesTwoPhaseSigningHelper

    • createCMSContainerWithoutSignature

      public CMSContainer createCMSContainerWithoutSignature(Certificate[] certificates, String digestAlgorithm, PdfReader inputDocument, OutputStream outputStream, SignerProperties signerProperties) throws IOException, GeneralSecurityException
      Creates CMS container compliant with PAdES level. Prepares document and placeholder for the future signature without actual signing process.
      Parameters:
      certificates - certificates to be added to the CMS container
      digestAlgorithm - the algorithm to generate the digest with
      inputDocument - reader PdfReader instance to read original PDF file
      outputStream - OutputStream output stream to write the resulting PDF file into
      signerProperties - properties to be used in the signing operations
      Returns:
      prepared CMS container without signature.
      Throws:
      IOException - if an I/O error occurs.
      GeneralSecurityException - if some problem with signature or security occur.

    • signCMSContainerWithBaselineBProfile

      public void signCMSContainerWithBaselineBProfile(IExternalSignature externalSignature, PdfReader inputDocument, OutputStream outputStream, String signatureFieldName, CMSContainer cmsContainer) throws Exception
      Follow-up step that signs prepared document with PAdES Baseline-B profile.
      Parameters:
      externalSignature - external signature to do the actual signing
      inputDocument - reader PdfReader instance to read prepared document
      outputStream - the output PDF
      signatureFieldName - the field to sign
      cmsContainer - the finalized CMS container (e.g. created in the first step)
      Throws:
      Exception - if some exception occur.

    • signCMSContainerWithBaselineTProfile

      public void signCMSContainerWithBaselineTProfile(IExternalSignature externalSignature, PdfReader inputDocument, OutputStream outputStream, String signatureFieldName, CMSContainer cmsContainer) throws Exception
      Follow-up step that signs prepared document with PAdES Baseline-T profile.
      Parameters:
      externalSignature - external signature to do the actual signing
      inputDocument - reader PdfReader instance to read prepared document
      outputStream - the output PDF
      signatureFieldName - the field to sign
      cmsContainer - the finalized CMS container (e.g. created in the first step)
      Throws:
      Exception - if some exception occur.

    • signCMSContainerWithBaselineLTProfile

      public void signCMSContainerWithBaselineLTProfile(IExternalSignature externalSignature, PdfReader inputDocument, OutputStream outputStream, String signatureFieldName, CMSContainer cmsContainer) throws Exception
      Follow-up step that signs prepared document with PAdES Baseline-LT profile.
      Parameters:
      externalSignature - external signature to do the actual signing
      inputDocument - reader PdfReader instance to read prepared document
      outputStream - the output PDF
      signatureFieldName - the field to sign
      cmsContainer - the finalized CMS container (e.g. created in the first step)
      Throws:
      Exception - if some exception occur.

    • signCMSContainerWithBaselineLTAProfile

      public void signCMSContainerWithBaselineLTAProfile(IExternalSignature externalSignature, PdfReader inputDocument, OutputStream outputStream, String signatureFieldName, CMSContainer cmsContainer) throws Exception
      Follow-up step that signs prepared document with PAdES Baseline-LTA profile.
      Parameters:
      externalSignature - external signature to do the actual signing
      inputDocument - reader PdfReader instance to read prepared document
      outputStream - the output PDF
      signatureFieldName - the field to sign
      cmsContainer - the finalized CMS container (e.g. created in the first step)
      Throws:
      Exception - if some exception occur.