Example usage for com.itextpdf.text.pdf.security PdfPKCS7 getAuthenticatedAttributeBytes

List of usage examples for com.itextpdf.text.pdf.security PdfPKCS7 getAuthenticatedAttributeBytes

  1. HOME
  2. Java
  3. com.itextpdf
  4. com.itextpdf.text.pdf.security.*
  5. PdfPKCS7
  6. getAuthenticatedAttributeBytes

Introduction

In this page you can find the example usage for com.itextpdf.text.pdf.security PdfPKCS7 getAuthenticatedAttributeBytes.

Prototype

public byte[] getAuthenticatedAttributeBytes(byte secondDigest[], byte[] ocsp, Collection<byte[]> crlBytes,
        CryptoStandard sigtype)

Source Link

Document

When using authenticatedAttributes the authentication process is different.

Usage

From source file:org.opencps.pki.PdfSigner.java

License:Open Source License

/**
 * Compute hash key with corner coordinates of rectangle
 *
 * @param llx lower left x//  www  . ja  v  a  2  s  .co m
 * @param lly lower left y
 * @param urx upper right x
 * @param ury upper right y
 * @throws SignatureException 
 */
public byte[] computeHash(float llx, float lly, float urx, float ury) throws SignatureException {
    try {
        byte[] digestHash = computeDigest(llx, lly, urx, ury);
        PdfPKCS7 sgn = new PdfPKCS7(null, new Certificate[] { getCertificate() }, getHashAlgorithm().toString(),
                null, digest, false);
        return sgn.getAuthenticatedAttributeBytes(digestHash, null, null, CryptoStandard.CMS);
    } catch (Exception e) {
        throw new SignatureException(e.getMessage(), e);
    }
}

From source file:org.opencps.pki.Pkcs7GenerateSignatureContainer.java

License:Open Source License

/**
 * Produces the container with the signature.
 * @param data the data to sign//from w ww .  ja  v  a2s. c o m
 * @return a container with the signature and other objects, like CRL and OCSP. The container will generally be a PKCS7 one.
 * @throws GeneralSecurityException 
 */
@Override
public byte[] sign(InputStream is) throws GeneralSecurityException {
    X509Certificate cert = signer.getCertificate();
    RSAPublicKey rsaKey = (RSAPublicKey) cert.getPublicKey();
    Integer keyLength = rsaKey.getModulus().bitLength() / 8;

    if (keyLength != signature.length) {
        throw new SignatureException("Signature length not correct");
    }

    ExternalDigest digest = signer.getExternalDigest();

    byte[] digestHash = null;
    try {
        digestHash = DigestAlgorithms.digest(is, digest.getMessageDigest(signer.getHashAlgorithm().toString()));
    } catch (IOException e) {
        throw new SignatureException(e.getMessage(), e);
    }

    PdfPKCS7 sgn = new PdfPKCS7(null, new Certificate[] { cert }, signer.getHashAlgorithm().toString(), null,
            digest, false);
    byte[] sh = sgn.getAuthenticatedAttributeBytes(digestHash, null, null, CryptoStandard.CMS);
    Signature sig = Signature
            .getInstance(signer.getHashAlgorithm().toString() + "with" + cert.getPublicKey().getAlgorithm());
    sig.initVerify(cert.getPublicKey());
    sig.update(sh);
    if (!sig.verify(signature)) {
        throw new SignatureException("Signature is not correct");
    }

    TSAClient tsaClient = null;
    String tsaUrl = CertificateUtil.getTSAURL(cert);
    if (tsaUrl != null) {
        tsaClient = new TSAClientBouncyCastle(tsaUrl);
    }

    sgn.setExternalDigest(signature, null, cert.getPublicKey().getAlgorithm());
    return sgn.getEncodedPKCS7(digestHash, tsaClient, null, null, CryptoStandard.CMS);
}