public class CertificateHolder
extends java.lang.Object
To learn more, visit the Work with Digital Signatures documentation article.
Remarks:
CertificateHolder can be created by static factory methods only. It contains an instance of X509Certificate2 which is used to introduce private, public keys and certificate chains into the system. This class is applied in DigitalSignatureUtil and PdfDigitalSignatureDetails instead of obsolete methods with X509Certificate2 as parameters.
Examples:
Shows how to sign encrypted document file.
// Create an X.509 certificate from a PKCS#12 store, which should contain a private key.
CertificateHolder certificateHolder = CertificateHolder.create(getMyDir() + "morzal.pfx", "aw");
// Create a comment, date, and decryption password which will be applied with our new digital signature.
SignOptions signOptions = new SignOptions();
{
signOptions.setComments("Comment");
signOptions.setSignTime(new Date());
signOptions.setDecryptionPassword("docPassword");
}
// Set a local system filename for the unsigned input document, and an output filename for its new digitally signed copy.
String inputFileName = getMyDir() + "Encrypted.docx";
String outputFileName = getArtifactsDir() + "DigitalSignatureUtil.DecryptionPassword.docx";
DigitalSignatureUtil.sign(inputFileName, outputFileName, certificateHolder, signOptions);
Shows how to digitally sign documents.
// Create an X.509 certificate from a PKCS#12 store, which should contain a private key.
CertificateHolder certificateHolder = CertificateHolder.create(getMyDir() + "morzal.pfx", "aw");
// Create a comment and date which will be applied with our new digital signature.
SignOptions signOptions = new SignOptions();
{
signOptions.setComments("My comment");
signOptions.setSignTime(new Date());
}
// Take an unsigned document from the local file system via a file stream,
// then create a signed copy of it determined by the filename of the output file stream.
InputStream streamIn = new FileInputStream(getMyDir() + "Document.docx");
try {
OutputStream streamOut = new FileOutputStream(getArtifactsDir() + "DigitalSignatureUtil.SignDocument.docx");
try {
DigitalSignatureUtil.sign(streamIn, streamOut, certificateHolder, signOptions);
} finally {
if (streamOut != null) streamOut.close();
}
} finally {
if (streamIn != null) streamIn.close();
}
Shows how to add a signature line to a document, and then sign it using a digital certificate.
public static void sign() throws Exception {
String signPersonName = "Ron Williams";
String srcDocumentPath = getMyDir() + "Document.docx";
String dstDocumentPath = getArtifactsDir() + "SignDocumentCustom.Sign.docx";
String certificatePath = getMyDir() + "morzal.pfx";
String certificatePassword = "aw";
// We need to create simple list with test signers for this example.
createSignPersonData();
System.out.println("Test data successfully added!");
// Get sign person object by name of the person who must sign a document.
// This an example, in real use case you would return an object from a database.
SignPersonTestClass signPersonInfo = gSignPersonList.stream().filter(x -> x.getName() == signPersonName).findFirst().get();
if (signPersonInfo != null) {
signDocument(srcDocumentPath, dstDocumentPath, signPersonInfo, certificatePath, certificatePassword);
System.out.println("Document successfully signed!");
} else {
System.out.println("Sign person does not exist, please check your parameters.");
}
// Now do something with a signed document, for example, save it to your database.
// Use 'new Document(dstDocumentPath)' for loading a signed document.
}
/// <summary>
/// Signs the document obtained at the source location and saves it to the specified destination.
/// </summary>
private static void signDocument(final String srcDocumentPath, final String dstDocumentPath,
final SignPersonTestClass signPersonInfo, final String certificatePath,
final String certificatePassword) throws Exception {
// Create new document instance based on a test file that we need to sign.
Document document = new Document(srcDocumentPath);
DocumentBuilder builder = new DocumentBuilder(document);
// Add info about responsible person who sign a document.
SignatureLineOptions signatureLineOptions = new SignatureLineOptions();
signatureLineOptions.setSigner(signPersonInfo.getName());
signatureLineOptions.setSignerTitle(signPersonInfo.getPosition());
// Add signature line for responsible person who sign a document.
SignatureLine signatureLine = builder.insertSignatureLine(signatureLineOptions).getSignatureLine();
signatureLine.setId(signPersonInfo.getPersonId());
// Save a document with line signatures into temporary file for future signing.
builder.getDocument().save(dstDocumentPath);
// Create holder of certificate instance based on your personal certificate.
// This is the test certificate generated for this example.
CertificateHolder certificateHolder = CertificateHolder.create(certificatePath, certificatePassword);
// Link our signature line with personal signature.
SignOptions signOptions = new SignOptions();
signOptions.setSignatureLineId(signPersonInfo.getPersonId());
signOptions.setSignatureLineImage(signPersonInfo.getImage());
// Sign a document which contains signature line with personal certificate.
DigitalSignatureUtil.sign(dstDocumentPath, dstDocumentPath, certificateHolder, signOptions);
}
/// <summary>
/// Create test data that contains info about sing persons.
/// </summary>
private static void createSignPersonData() throws IOException {
InputStream inputStream = new FileInputStream(getImageDir() + "Logo.jpg");
gSignPersonList = new ArrayList<>();
gSignPersonList.add(new SignPersonTestClass(UUID.randomUUID(), "Ron Williams", "Chief Executive Officer",
DocumentHelper.getBytesFromStream(inputStream)));
gSignPersonList.add(new SignPersonTestClass(UUID.randomUUID(), "Stephen Morse", "Head of Compliance",
DocumentHelper.getBytesFromStream(inputStream)));
}
private static ArrayList<SignPersonTestClass> gSignPersonList;
| Modifier and Type | Method and Description |
|---|---|
static CertificateHolder |
create(byte[] certBytes,
java.lang.String password)
Creates
CertificateHolder object using byte array of PKCS12 store and its password. |
static CertificateHolder |
create(java.lang.String fileName,
java.lang.String password)
Creates
CertificateHolder object using path to PKCS12 store and its password. |
static CertificateHolder |
create(java.lang.String fileName,
java.lang.String password,
java.lang.String alias)
Creates
CertificateHolder object using path to PKCS12 store, its password and the alias by using which private key and certificate will be found. |
X509Certificate2Wrapper |
getCertificate()
Returns the instance of X509Certificate2Wrapper that holds X509Certificate2 which holds private, public keys and certificate chain.
|
public X509Certificate2Wrapper getCertificate()
Examples:
Shows how to validate and display information about each signature in a document.
Document doc = new Document(getMyDir() + "Digitally signed.docx");
for (DigitalSignature signature : doc.getDigitalSignatures()) {
System.out.println("*** Signature Found ***");
System.out.println("Is valid: " + signature.isValid());
// This property is available in MS Word documents only
System.out.println("Reason for signing: " + signature.getComments());
System.out.println("Signature type: " + signature.getSignatureType());
System.out.println("Time of signing: " + signature.getSignTime());
System.out.println("Subject name: " + signature.getSubjectName());
System.out.println("Issuer name: " + signature.getIssuerName());
System.out.println();
}
X509Certificate2Wrapper instancepublic static CertificateHolder create(byte[] certBytes, java.lang.String password) throws java.lang.Exception
CertificateHolder object using byte array of PKCS12 store and its password. T:Org.BouncyCastle.Security.InvalidParameterException Thrown if certBytes is null T:Org.BouncyCastle.Security.InvalidParameterException Thrown if password is nullcertBytes - A byte array that contains data from an X.509 certificate.password - The password required to access the X.509 certificate data.CertificateHolderjava.lang.SecurityException - Thrown if PKCS12 store contains no aliasesjava.io.IOException - Thrown if there is wrong password or corrupted file.
Examples:
Shows how to create CertificateHolder objects.
// Below are four ways of creating CertificateHolder objects.
// 1 - Load a PKCS #12 file into a byte array and apply its password:
byte[] certBytes = DocumentHelper.getBytesFromStream(new FileInputStream(getMyDir() + "morzal.pfx"));
CertificateHolder.create(certBytes, "aw");
// 2 - Use a valid alias:
CertificateHolder.create(getMyDir() + "morzal.pfx", "aw", "c20be521-11ea-4976-81ed-865fbbfc9f24");
// 3 - Pass "null" as the alias in order to use the first available alias that returns a private key:
CertificateHolder.create(getMyDir() + "morzal.pfx", "aw", null);
java.lang.Exceptionpublic static CertificateHolder create(java.lang.String fileName, java.lang.String password) throws java.lang.Exception
CertificateHolder object using path to PKCS12 store and its password. T:Org.BouncyCastle.Security.InvalidParameterException Thrown if fileName is null T:Org.BouncyCastle.Security.InvalidParameterException Thrown if password is nullfileName - The name of a certificate file.password - The password required to access the X.509 certificate data.CertificateHolderjava.lang.SecurityException - Thrown if PKCS12 store contains no aliasesjava.io.IOException - Thrown if there is wrong password or corrupted file.
Examples:
Shows how to digitally sign documents.
// Create an X.509 certificate from a PKCS#12 store, which should contain a private key.
CertificateHolder certificateHolder = CertificateHolder.create(getMyDir() + "morzal.pfx", "aw");
// Create a comment and date which will be applied with our new digital signature.
SignOptions signOptions = new SignOptions();
{
signOptions.setComments("My comment");
signOptions.setSignTime(new Date());
}
// Take an unsigned document from the local file system via a file stream,
// then create a signed copy of it determined by the filename of the output file stream.
InputStream streamIn = new FileInputStream(getMyDir() + "Document.docx");
try {
OutputStream streamOut = new FileOutputStream(getArtifactsDir() + "DigitalSignatureUtil.SignDocument.docx");
try {
DigitalSignatureUtil.sign(streamIn, streamOut, certificateHolder, signOptions);
} finally {
if (streamOut != null) streamOut.close();
}
} finally {
if (streamIn != null) streamIn.close();
}
java.lang.Exceptionpublic static CertificateHolder create(java.lang.String fileName, java.lang.String password, java.lang.String alias) throws java.lang.Exception
CertificateHolder object using path to PKCS12 store, its password and the alias by using which private key and certificate will be found. T:Org.BouncyCastle.Security.InvalidParameterException Thrown if fileName is null T:Org.BouncyCastle.Security.InvalidParameterException Thrown if password is nullfileName - The name of a certificate file.password - The password required to access the X.509 certificate data.alias - The associated alias for a certificate and its private keyCertificateHolderjava.lang.SecurityException - Thrown if PKCS12 store contains no aliasesjava.io.IOException - Thrown if there is wrong password or corrupted file.java.lang.SecurityException - Thrown if there is no private key with the given alias
Examples:
Shows how to create CertificateHolder objects.
// Below are four ways of creating CertificateHolder objects.
// 1 - Load a PKCS #12 file into a byte array and apply its password:
byte[] certBytes = DocumentHelper.getBytesFromStream(new FileInputStream(getMyDir() + "morzal.pfx"));
CertificateHolder.create(certBytes, "aw");
// 2 - Use a valid alias:
CertificateHolder.create(getMyDir() + "morzal.pfx", "aw", "c20be521-11ea-4976-81ed-865fbbfc9f24");
// 3 - Pass "null" as the alias in order to use the first available alias that returns a private key:
CertificateHolder.create(getMyDir() + "morzal.pfx", "aw", null);
java.lang.Exception