Module jpms_dss_spi
Package eu.europa.esig.dss.spi.x509

Class CMSSignedDataBuilder

java.lang.Object
eu.europa.esig.dss.spi.x509.CMSSignedDataBuilder
public class CMSSignedDataBuilder extends Object
Builds a CMSSignedData

  • Constructor Summary

    Constructors
    Constructor
    Description
    CMSSignedDataBuilder()
    This is the default constructor for CMSSignedDataBuilder.

  • Method Summary

    Modifier and Type
    Method
    Description
    protected org.bouncycastle.cms.CMSSignedData
    addDigestAlgorithm(org.bouncycastle.cms.CMSSignedData cmsSignedData, org.bouncycastle.asn1.x509.AlgorithmIdentifier algorithmIdentifier)
    This method adds a DigestAlgorithm used by an Archive TimeStamp to the SignedData.digestAlgorithms set, when required.
    org.bouncycastle.cms.CMSSignedData
    createCMSSignedData(org.bouncycastle.cms.SignerInfoGenerator signerInfoGenerator, eu.europa.esig.dss.model.DSSDocument toSignDocument)
    Builds a CMSSignedData
    org.bouncycastle.cms.CMSSignedDataGenerator
    createCMSSignedDataGenerator(org.bouncycastle.cms.SignerInfoGenerator signerInfoGenerator)
    Note: Section 5.1 of RFC 3852 [4] requires that, the CMS SignedData version be set to 3 if certificates from SignedData is present AND (any version 1 attribute certificates are present OR any SignerInfo structures are version 3 OR eContentType from encapContentInfo is other than id-data).
    org.bouncycastle.cms.CMSSignedData
    extendCMSSignedData(Collection<eu.europa.esig.dss.model.x509.CertificateToken> certificateTokens, Collection<CRLToken> crlTokens, Collection<OCSPToken> ocspTokens)
    Extends the provided cmsSignedData with the required validation data
    protected org.bouncycastle.cms.CMSTypedData
    getContentToBeSigned(eu.europa.esig.dss.model.DSSDocument toSignData)
    Returns the content to be signed
    protected org.bouncycastle.cms.CMSSignedData
    populateDigestAlgorithmSet(org.bouncycastle.cms.CMSSignedData newCmsSignedData)
    This method is used to ensure the presence of all items from SignedData.digestAlgorithm set from originalCMSSignedData within newCmsSignedData
    CMSSignedDataBuilder
    setCertificateChain(Collection<eu.europa.esig.dss.model.x509.CertificateToken> certificateChain)
    Sets a collection of certificates to be incorporated within CMSSignedData.certificates field
    CMSSignedDataBuilder
    setEncapsulate(boolean encapsulate)
    Sets whether a signer content shall be encapsulated to the CMSSignedData.
    CMSSignedDataBuilder
    setGenerateWithoutCertificates(boolean generateWithoutCertificates)
    Sets whether CMSSignedData is to be generated without certificates inside.
    CMSSignedDataBuilder
    setOriginalCMSSignedData(org.bouncycastle.cms.CMSSignedData originalCMSSignedData)
    Sets the original CMSSignedData, which internal field values will be copied to a new CMSSignedData
    CMSSignedDataBuilder
    setSigningCertificate(eu.europa.esig.dss.model.x509.CertificateToken signingCertificate)
    Sets a signing-certificate to be used for CMSSignedData generation
    CMSSignedDataBuilder
    setTrustAnchorBPPolicy(boolean trustAnchorBPPolicy)
    Sets whether a B-level trust anchor policy should be used.
    CMSSignedDataBuilder
    setTrustedCertificateSource(CertificateSource trustedCertificateSource)
    Sets a trusted certificate source.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • CMSSignedDataBuilder

      public CMSSignedDataBuilder()
      This is the default constructor for CMSSignedDataBuilder.

  • Method Details

    • setSigningCertificate

      public CMSSignedDataBuilder setSigningCertificate(eu.europa.esig.dss.model.x509.CertificateToken signingCertificate)
      Sets a signing-certificate to be used for CMSSignedData generation
      Parameters:
      signingCertificate - CertificateToken
      Returns:
      this CMSSignedDataBuilder

    • setCertificateChain

      public CMSSignedDataBuilder setCertificateChain(Collection<eu.europa.esig.dss.model.x509.CertificateToken> certificateChain)
      Sets a collection of certificates to be incorporated within CMSSignedData.certificates field
      Parameters:
      certificateChain - a collection of CertificateTokens
      Returns:
      this CMSSignedDataBuilder

    • setGenerateWithoutCertificates

      public CMSSignedDataBuilder setGenerateWithoutCertificates(boolean generateWithoutCertificates)
      Sets whether CMSSignedData is to be generated without certificates inside. Default : FALSE (an attempt to generate without certificates will result to an exception)
      Parameters:
      generateWithoutCertificates - whether CMSSignedData is to be generated without certificates
      Returns:
      this CMSSignedDataBuilder

    • setTrustedCertificateSource

      public CMSSignedDataBuilder setTrustedCertificateSource(CertificateSource trustedCertificateSource)
      Sets a trusted certificate source. See trustAnchorBPPolicy for more details.
      Parameters:
      trustedCertificateSource - CertificateSource
      Returns:
      this CMSSignedDataBuilder

    • setTrustAnchorBPPolicy

      public CMSSignedDataBuilder setTrustAnchorBPPolicy(boolean trustAnchorBPPolicy)
      Sets whether a B-level trust anchor policy should be used. When enabled, the trust anchor is not included to the generated certificate chain. Otherwise, the chain is generated up to a trust anchor, including the trust anchor itself. Default : TRUE (the certificate chain will be generated up to a trust anchor, excluded)
      Parameters:
      trustAnchorBPPolicy - whether a B-level trust anchor policy should be used
      Returns:
      this CMSSignedDataBuilder

    • setOriginalCMSSignedData

      public CMSSignedDataBuilder setOriginalCMSSignedData(org.bouncycastle.cms.CMSSignedData originalCMSSignedData)
      Sets the original CMSSignedData, which internal field values will be copied to a new CMSSignedData
      Parameters:
      originalCMSSignedData - CMSSignedData
      Returns:
      this CMSSignedDataBuilder

    • setEncapsulate

      public CMSSignedDataBuilder setEncapsulate(boolean encapsulate)
      Sets whether a signer content shall be encapsulated to the CMSSignedData. When enabled creates an enveloping signature, otherwise creates detached signature. Default : TRUE (the signer content is included to the signature)
      Parameters:
      encapsulate - whether signer content shall be encapsulated to the CMSSignedData
      Returns:
      this CMSSignedDataBuilder

    • createCMSSignedData

      public org.bouncycastle.cms.CMSSignedData createCMSSignedData(org.bouncycastle.cms.SignerInfoGenerator signerInfoGenerator, eu.europa.esig.dss.model.DSSDocument toSignDocument)
      Builds a CMSSignedData
      Parameters:
      signerInfoGenerator - SignerInfoGenerator
      toSignDocument - DSSDocument
      Returns:
      CMSSignedData

    • createCMSSignedDataGenerator

      public org.bouncycastle.cms.CMSSignedDataGenerator createCMSSignedDataGenerator(org.bouncycastle.cms.SignerInfoGenerator signerInfoGenerator)
      Note: Section 5.1 of RFC 3852 [4] requires that, the CMS SignedData version be set to 3 if certificates from SignedData is present AND (any version 1 attribute certificates are present OR any SignerInfo structures are version 3 OR eContentType from encapContentInfo is other than id-data). Otherwise, the CMS SignedData version is required to be set to 1. CMS SignedData Version is handled automatically by BouncyCastle.
      Parameters:
      signerInfoGenerator - the signer info generator
      Returns:
      the bouncycastle signed data generator which signs the document and adds the required signed and unsigned CMS attributes

    • getContentToBeSigned

      protected org.bouncycastle.cms.CMSTypedData getContentToBeSigned(eu.europa.esig.dss.model.DSSDocument toSignData)
      Returns the content to be signed
      Parameters:
      toSignData - DSSDocument to sign
      Returns:
      CMSTypedData

    • extendCMSSignedData

      public org.bouncycastle.cms.CMSSignedData extendCMSSignedData(Collection<eu.europa.esig.dss.model.x509.CertificateToken> certificateTokens, Collection<CRLToken> crlTokens, Collection<OCSPToken> ocspTokens)
      Extends the provided cmsSignedData with the required validation data
      Parameters:
      certificateTokens - a collection of CertificateTokens
      crlTokens - a collection of CRLTokens
      ocspTokens - a collection of OCSPTokens
      Returns:
      extended CMSSignedData

    • populateDigestAlgorithmSet

      protected org.bouncycastle.cms.CMSSignedData populateDigestAlgorithmSet(org.bouncycastle.cms.CMSSignedData newCmsSignedData)
      This method is used to ensure the presence of all items from SignedData.digestAlgorithm set from originalCMSSignedData within newCmsSignedData
      Parameters:
      newCmsSignedData - CMSSignedData to be extended with digest algorithms, if required
      Returns:
      extended CMSSignedData

    • addDigestAlgorithm

      protected org.bouncycastle.cms.CMSSignedData addDigestAlgorithm(org.bouncycastle.cms.CMSSignedData cmsSignedData, org.bouncycastle.asn1.x509.AlgorithmIdentifier algorithmIdentifier)
      This method adds a DigestAlgorithm used by an Archive TimeStamp to the SignedData.digestAlgorithms set, when required. See ETSI EN 319 122-1, ch. "5.5.3 The archive-time-stamp-v3 attribute"
      Parameters:
      cmsSignedData - CMSSignedData to extend
      algorithmIdentifier - AlgorithmIdentifier to add
      Returns:
      CMSSignedData