Package net.jsign
Class AuthenticodeSigner
- java.lang.Object
-
- net.jsign.AuthenticodeSigner
-
public class AuthenticodeSigner extends Object
Sign a file with Authenticode. Timestamping is enabled by default and relies on the Sectigo server (http://timestamp.sectigo.com).- Since:
- 3.0
- Author:
- Emmanuel Bourg
-
-
Constructor Summary
Constructors Constructor Description AuthenticodeSigner(Certificate[] chain, PrivateKey privateKey)Create a signer with the specified certificate chain and private key.AuthenticodeSigner(KeyStore keystore, String alias, String password)Create a signer with a certificate chain and private key from the specified keystore.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidsign(Signable file)Sign the specified file.AuthenticodeSignerwithDigestAlgorithm(DigestAlgorithm algorithm)Set the digest algorithm to use (SHA-256 by default)AuthenticodeSignerwithProgramName(String programName)Set the program name embedded in the signature.AuthenticodeSignerwithProgramURL(String programURL)Set the program URL embedded in the signature.AuthenticodeSignerwithSignatureAlgorithm(String signatureAlgorithm)Explicitly sets the signature algorithm to use.AuthenticodeSignerwithSignatureAlgorithm(String signatureAlgorithm, String signatureProvider)Explicitly sets the signature algorithm and provider to use.AuthenticodeSignerwithSignatureAlgorithm(String signatureAlgorithm, Provider signatureProvider)Explicitly sets the signature algorithm and provider to use.AuthenticodeSignerwithSignatureProvider(Provider signatureProvider)Set the signature provider to use.AuthenticodeSignerwithSignaturesReplaced(boolean replace)Enable or disable the replacement of the previous signatures (disabled by default).AuthenticodeSignerwithTimestamper(Timestamper timestamper)Set the Timestamper implementation.AuthenticodeSignerwithTimestamping(boolean timestamping)Enable or disable the timestamping (enabled by default).AuthenticodeSignerwithTimestampingAuthority(String url)Set the URL of the timestamping authority.AuthenticodeSignerwithTimestampingAuthority(String... urls)Set the URLs of the timestamping authorities.AuthenticodeSignerwithTimestampingMode(TimestampingMode tsmode)RFC3161 or Authenticode (Authenticode by default).AuthenticodeSignerwithTimestampingRetries(int timestampingRetries)Set the number of retries for timestamping.AuthenticodeSignerwithTimestampingRetryWait(int timestampingRetryWait)Set the number of seconds to wait between timestamping retries.
-
-
-
Constructor Detail
-
AuthenticodeSigner
public AuthenticodeSigner(Certificate[] chain, PrivateKey privateKey)
Create a signer with the specified certificate chain and private key.- Parameters:
chain- the certificate chain. The first certificate is the signing certificateprivateKey- the private key- Throws:
IllegalArgumentException- if the chain is empty
-
AuthenticodeSigner
public AuthenticodeSigner(KeyStore keystore, String alias, String password) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException
Create a signer with a certificate chain and private key from the specified keystore.- Parameters:
keystore- the keystore holding the certificate and the private keyalias- the alias of the certificate in the keystorepassword- the password to get the private key- Throws:
KeyStoreException- if the keystore has not been initialized (loaded).NoSuchAlgorithmException- if the algorithm for recovering the key cannot be foundUnrecoverableKeyException- if the key cannot be recovered (e.g., the given password is wrong).
-
-
Method Detail
-
withProgramName
public AuthenticodeSigner withProgramName(String programName)
Set the program name embedded in the signature.- Parameters:
programName- the program name- Returns:
- the current signer
-
withProgramURL
public AuthenticodeSigner withProgramURL(String programURL)
Set the program URL embedded in the signature.- Parameters:
programURL- the program URL- Returns:
- the current signer
-
withSignaturesReplaced
public AuthenticodeSigner withSignaturesReplaced(boolean replace)
Enable or disable the replacement of the previous signatures (disabled by default).- Parameters:
replace-trueif the new signature should replace the existing ones,falseto append it- Returns:
- the current signer
- Since:
- 2.0
-
withTimestamping
public AuthenticodeSigner withTimestamping(boolean timestamping)
Enable or disable the timestamping (enabled by default).- Parameters:
timestamping-trueto enable timestamping,falseto disable it- Returns:
- the current signer
-
withTimestampingMode
public AuthenticodeSigner withTimestampingMode(TimestampingMode tsmode)
RFC3161 or Authenticode (Authenticode by default).- Parameters:
tsmode- the timestamping mode- Returns:
- the current signer
- Since:
- 1.3
-
withTimestampingAuthority
public AuthenticodeSigner withTimestampingAuthority(String url)
Set the URL of the timestamping authority. Both RFC 3161 (as used for jar signing) and Authenticode timestamping services are supported.- Parameters:
url- the URL of the timestamping authority- Returns:
- the current signer
- Since:
- 2.1
-
withTimestampingAuthority
public AuthenticodeSigner withTimestampingAuthority(String... urls)
Set the URLs of the timestamping authorities. Both RFC 3161 (as used for jar signing) and Authenticode timestamping services are supported.- Parameters:
urls- the URLs of the timestamping authorities- Returns:
- the current signer
- Since:
- 2.1
-
withTimestamper
public AuthenticodeSigner withTimestamper(Timestamper timestamper)
Set the Timestamper implementation.- Parameters:
timestamper- the timestamper implementation to use- Returns:
- the current signer
-
withTimestampingRetries
public AuthenticodeSigner withTimestampingRetries(int timestampingRetries)
Set the number of retries for timestamping.- Parameters:
timestampingRetries- the number of retries- Returns:
- the current signer
-
withTimestampingRetryWait
public AuthenticodeSigner withTimestampingRetryWait(int timestampingRetryWait)
Set the number of seconds to wait between timestamping retries.- Parameters:
timestampingRetryWait- the wait time between retries (in seconds)- Returns:
- the current signer
-
withDigestAlgorithm
public AuthenticodeSigner withDigestAlgorithm(DigestAlgorithm algorithm)
Set the digest algorithm to use (SHA-256 by default)- Parameters:
algorithm- the digest algorithm- Returns:
- the current signer
-
withSignatureAlgorithm
public AuthenticodeSigner withSignatureAlgorithm(String signatureAlgorithm)
Explicitly sets the signature algorithm to use.- Parameters:
signatureAlgorithm- the signature algorithm- Returns:
- the current signer
- Since:
- 2.0
-
withSignatureAlgorithm
public AuthenticodeSigner withSignatureAlgorithm(String signatureAlgorithm, String signatureProvider)
Explicitly sets the signature algorithm and provider to use.- Parameters:
signatureAlgorithm- the signature algorithmsignatureProvider- the security provider for the specified algorithm- Returns:
- the current signer
- Since:
- 2.0
-
withSignatureAlgorithm
public AuthenticodeSigner withSignatureAlgorithm(String signatureAlgorithm, Provider signatureProvider)
Explicitly sets the signature algorithm and provider to use.- Parameters:
signatureAlgorithm- the signature algorithmsignatureProvider- the security provider for the specified algorithm- Returns:
- the current signer
- Since:
- 2.0
-
withSignatureProvider
public AuthenticodeSigner withSignatureProvider(Provider signatureProvider)
Set the signature provider to use.- Parameters:
signatureProvider- the security provider for the signature algorithm- Returns:
- the current signer
- Since:
- 2.0
-
-