com.adobe.fd.signatures.pki.client

Interface PKIInterface

public interface PKIInterface

Interface for all PKI Operations

Method Summary

Modifier and Type	Method and Description
byte[]	createTimestamp(byte[] dataToTimestamp) Get a timestamp on the bytes provided.
int	getSignatureSize(PKISignatureType type, HashAlgorithm hashAlgo, byte[] data, com.adobe.fd.signatures.pki.client.signature.SignParams params) Estimate the size of the signature that will be created using the params provided
void	setCertificates(CertificateInfo[] inCerts) Sets the Input certificates that should be used for chain building
void	setRevocationInfo(RevocationInfoList inRevocationInfo) Sets the Input Revocation Info that should be used for checking revocation.
byte[]	sign(PKISignatureType type, PrivateKey key, HashAlgorithm hashAlgo, byte[] data, com.adobe.fd.signatures.pki.client.signature.SignParams params) Sign the data with the key provided
VerificationInfo	verifyCertificate(CertificateInfo certInfo, Date verificationTime, RevocationCheckStyle revocationOption, int trustLevel) Deprecated.
VerificationInfo	verifyCertificate(CertificateInfo certInfo, Date verificationTime, RevocationCheckStyle revocationOption, int trustLevel, boolean isFromSign) Verifies a certificate for trust and revocation @author ankit
com.adobe.fd.signatures.pki.client.signature.SignatureData	verifySignature(PKISignatureType type, byte[] signatureBytes, int offset, int length, com.adobe.fd.signatures.pki.client.signature.VerifyParams params) Verifies the signature bytes of the specified type
TSPVerificationInfo	verifyTimestamp(byte[] timestampToken, byte[] message) Verifies the Timestamp token DER bytes as per the preferences provided

Method Detail

setCertificates

void setCertificates(CertificateInfo[] inCerts)
              throws PKIException

Sets the Input certificates that should be used for chain building

Parameters:

inCerts - Input certificates that should be used for chain building

Throws:

PKIException

setRevocationInfo

void setRevocationInfo(RevocationInfoList inRevocationInfo)

Sets the Input Revocation Info that should be used for checking revocation.

Parameters:

inRevocationInfo - Input Revocation Info that should be used for checking revocation.

verifyCertificate

VerificationInfo verifyCertificate(CertificateInfo certInfo,
                                   Date verificationTime,
                                   RevocationCheckStyle revocationOption,
                                   int trustLevel,
                                   boolean isFromSign)
                            throws PKIException

Verifies a certificate for trust and revocation @author ankit

Parameters:

certInfo - Certificate that needs to be verified

verificationTime - Time of verification

revocationOption - The type of revocation checking to be done for this certificate

trustLevel - Level of trust of trust anchors that will be retrieved from Titan TM

isFromSign - certificate verification will work differently if the method is called from sign or certify.

Returns:

List of certificates and their statuses

Throws:

PKIException - Thrown if Verification could not be completed.

See Also:

TrustBit

verifyCertificate

@Deprecated
VerificationInfo verifyCertificate(CertificateInfo certInfo,
                                               Date verificationTime,
                                               RevocationCheckStyle revocationOption,
                                               int trustLevel)
                                        throws PKIException

Deprecated.

Verifies a certificate for trust and revocation @author ankit

Parameters:

certInfo - Certificate that needs to be verified

verificationTime - Time of verification

revocationOption - The type of revocation checking to be done for this certificate

trustLevel - Level of trust of trust anchors that will be retrieved from Titan TM

Returns:

List of certificates and their statuses

Throws:

PKIException - Thrown if Verification could not be completed.

See Also:

TrustBit

sign

byte[] sign(PKISignatureType type,
            PrivateKey key,
            HashAlgorithm hashAlgo,
            byte[] data,
            com.adobe.fd.signatures.pki.client.signature.SignParams params)
     throws PKIException

Sign the data with the key provided

Parameters:

type - Type of signature to be generated

key - Private Key to be used for signing

hashAlgo - Hash Algorithm to be used to digesting the message

data - Data to be signed

params - Additional parameters that may be required during signing

Returns:

Signed data

Throws:

PKIException

getSignatureSize

int getSignatureSize(PKISignatureType type,
                     HashAlgorithm hashAlgo,
                     byte[] data,
                     com.adobe.fd.signatures.pki.client.signature.SignParams params)
              throws PKIException

Estimate the size of the signature that will be created using the params provided

Parameters:

type - Type of signature to be generated

hashAlgo - Hash Algorithm to be used to digesting the message

data - Data to be signed

params - Additional parameters that may be required during signing

Returns:

Throws:

PKIException

verifySignature

com.adobe.fd.signatures.pki.client.signature.SignatureData verifySignature(PKISignatureType type,
                                                                           byte[] signatureBytes,
                                                                           int offset,
                                                                           int length,
                                                                           com.adobe.fd.signatures.pki.client.signature.VerifyParams params)
                                                                    throws PKIException

Verifies the signature bytes of the specified type

Parameters:

type - Type of signature

signatureBytes - The signature raw bytes

offset - Offset of the signature bytes

length - Length of the signature

params - Signature Parameters

Returns:

The Signature Data containing its validity and other extraced info.

Throws:

PKIException

createTimestamp

byte[] createTimestamp(byte[] dataToTimestamp)
                throws com.adobe.fd.signatures.pki.exception.TSPException,
                       com.adobe.fd.signatures.pki.transport.PKITransportException

Get a timestamp on the bytes provided. The timestamp server and other settings are retrieved from the TSP Preferences. The DER encoded timestamp token byte array as specified by RFC 3161 is returned

Parameters:

dataToTimestamp - The data to timestamp

Returns:

The timestamp bytes DER encoded timestamp token byte array as specified by RFC 3161

Throws:

com.adobe.fd.signatures.pki.exception.TSPException - Timestamp related exception

com.adobe.fd.signatures.pki.transport.PKITransportException - Any communication related exception

verifyTimestamp

TSPVerificationInfo verifyTimestamp(byte[] timestampToken,
                                    byte[] message)

Verifies the Timestamp token DER bytes as per the preferences provided

Parameters:

timestampToken - Timestamp token DER bytes

message - The Message that is associated with this timestamp

Returns:

Timestamp Verification Information including the timestamp time