CMSForPAdESBasicGenerator.java

package com.opentrust.spi.cms;

import java.io.IOException;
import java.io.InputStream;
import java.net.URISyntaxException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.Collection;
import java.util.Date;
import java.util.Hashtable;
import java.util.List;

import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedGenerator;
import org.bouncycastle.operator.OperatorCreationException;

import com.opentrust.spi.cms.helpers.ContentSignerWithProvidedSignatureValue;
import com.opentrust.spi.cms.helpers.OCSPResponse;
import com.opentrust.spi.cms.helpers.SignedAttributesHelper;


// Generates CMS signatures suitable for PAdES v2 (or CMS or Basic) compatibility
public class CMSForPAdESBasicGenerator extends CMSGenerator {
	protected CMSForPAdESBasicGenerator(String provider, Certificate certificate, String digestAlgorithm) throws NoSuchAlgorithmException {
		super(provider, certificate, digestAlgorithm);
	}
	
	public CMSForPAdESBasicGenerator(String provider,
			Certificate certificate, PrivateKey privateKey,
			Collection certStore, Date signingTime,
			String digestAlgorithm, Collection<CRL> signedCrls, Collection<OCSPResponse> signedOcspResponses) throws NoSuchAlgorithmException {
		this(provider, certificate, digestAlgorithm);
		this.privateKey = privateKey;
		this.certStore = certStore;
		this.signingTime = signingTime;
		this.signedCrls = signedCrls;
		this.signedOcspResponses = signedOcspResponses;
	}

	// Performs CMS signing on provided content
	// optionally, content can be encapsulated in CMS
	public static byte[] signContent(String provider, InputStream inputStream,
			Certificate certificate, PrivateKey privateKey,
			Collection certStore, Date signingTime,
			String digestAlgorithm, Collection<CRL> signedCrls, Collection<OCSPResponse> signedOcspResponses,
			boolean encapsulate) throws InvalidKeyException,
			NoSuchAlgorithmException, NoSuchProviderException,
			CertStoreException, CMSException, IOException, CRLException, OperatorCreationException, CertificateEncodingException, URISyntaxException, SignatureException {

		CMSForPAdESBasicGenerator cmsGenerator = new CMSForPAdESBasicGenerator(provider, certificate, privateKey, certStore, signingTime,
				digestAlgorithm, signedCrls, signedOcspResponses);
		
		return cmsGenerator.signContent(inputStream, encapsulate);
	}
	
	// Performs CMS signing on pre-digested content
	public static byte[] signReference(String provider, byte[] digest, Certificate certificate,
			PrivateKey privateKey, Collection<Certificate> certStore,
			Date signingTime, String digestAlgorithm, Collection<CRL> signedCrls, Collection<OCSPResponse> signedOcspResponses)
			throws InvalidAlgorithmParameterException,
			NoSuchAlgorithmException, NoSuchProviderException,
			CertStoreException, CMSException, IOException,
			CRLException, OperatorCreationException, CertificateEncodingException, URISyntaxException, SignatureException {
		
		CMSForPAdESBasicGenerator cmsGenerator = new CMSForPAdESBasicGenerator(provider, certificate, privateKey, certStore, signingTime,
				digestAlgorithm, signedCrls, signedOcspResponses);
		
		return cmsGenerator.signReference(digest);
	}

	protected Collection<CRL> signedCrls;
    protected Collection<OCSPResponse> signedOcspResponses;
 	
    @Override
 	protected void populateSignedAttributesHashtable() throws CRLException, IOException, CertificateEncodingException, NoSuchAlgorithmException, NoSuchProviderException {
    	SignedAttributesHelper.addSigningTimeAttribute(signedAttributesHashtable, signingTime);
		SignedAttributesHelper.addRevocationValuesAttribute(signedAttributesHashtable, signedCrls, signedOcspResponses); 
   }

    // used from iText-OTPatch.PDFEnvelopedSignature
    public static CMSSignedGenerator buildCMSSignedGenerator(
			ContentSignerWithProvidedSignatureValue contentSigner,
			boolean isStream,
			String provider,
			Hashtable<DERObjectIdentifier, Attribute> signedAttributesHashtable,
			Certificate signCert, Collection<Certificate> certs, Date signingTime,
			String dataDigestAlgorithm, List<CRL> crls,
			List<OCSPResponse> ocspResponses) throws NoSuchAlgorithmException, CertificateEncodingException, SignatureException, OperatorCreationException, CRLException, NoSuchProviderException, CMSException, IOException {
		CMSForPAdESBasicGenerator cmsGenerator = new CMSForPAdESBasicGenerator(provider, signCert, dataDigestAlgorithm);
		cmsGenerator.contentSigner = contentSigner;
		cmsGenerator.certStore = certs;
		cmsGenerator.signingTime = signingTime;
		cmsGenerator.signedCrls = crls;
		cmsGenerator.signedOcspResponses = ocspResponses;
		cmsGenerator.signedAttributesHashtable = signedAttributesHashtable;
		
		return cmsGenerator.buildCMSSignedGenerator(isStream);
	}

 }