Package com.bfo.box
Class C2PASignature
java.lang.Object
com.bfo.box.Box
com.bfo.box.JUMBox
com.bfo.box.CborContainerBox
com.bfo.box.C2PASignature
The C2PA signature
is applied to each
manifest to sign it. There is one signature per manifest.- Since:
- 5
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptioncose()Return the COSE object which actually contains the signature.longReturn the timestamp the signature was applied at, or 0 if not known.booleanReturn true if an identity has been set for signing withsetSigner(java.security.PrivateKey, java.util.List<java.security.cert.X509Certificate>)voidsetSigner(PrivateKey key, List<X509Certificate> certs) Set the identity that will be used in a subsequent call tosign().voidsetTimestamp(long timestamp) If the signature does not contain a timestamp, set the time that the signature was applied.sign()Sign the claim.toString()Return a String representation of this Box, which will be parseable as JSONVerify the cryptographic aspects of the claim.Methods inherited from class com.bfo.box.CborContainerBox
cbor, getBox
-
Method Details
-
toString
Description copied from class:BoxReturn a String representation of this Box, which will be parseable as JSON -
cose
Return the COSE object which actually contains the signature. While useful for retrieving cryptographic details from the signature, don't call sign/verify on the returned object; call them on this class instead.- Returns:
- the COSE object
-
setSigner
Set the identity that will be used in a subsequent call tosign(). These values are not preserved in any way; they're only used bysign().- Parameters:
key- the PrivateKeycerts- a list of X.509 certificates to include in the COSE object.
-
hasSigner
public boolean hasSigner()Return true if an identity has been set for signing withsetSigner(java.security.PrivateKey, java.util.List<java.security.cert.X509Certificate>)- Returns:
- whether the identity is set
-
sign
Sign the claim. Before signing- the
setSigner()method must have been called with a key and non-empty certificates - If the
claim's assertionsare empty, it will be initialized to all themanifest's assertions - The assertions must be non-empty and include a "hash" type assertion
- The
claim formatmust be set - The
claim instance idmust be set - If the
hash algorithmis not set, it will be initialized to a default value - If the
generatoris not set, it will be initialized to a default value - The claim object is finalized and signed
- Returns:
- a list of status codes - if any of them are invalid, signing failed
- Throws:
RuntimeException- wrapping a GeneralSecurityException if signing failsIOException- if signing fails due to an IOException
- the
-
setTimestamp
public void setTimestamp(long timestamp) If the signature does not contain a timestamp, set the time that the signature was applied. Without this information and a timestamp, the signature will be verified against the current time- Parameters:
timestamp- the timestamp of the signature, or 0 to use the default (the current time)
-
getTimestamp
public long getTimestamp()Return the timestamp the signature was applied at, or 0 if not known.- Returns:
- the timestamp
-
verify
Verify the cryptographic aspects of the claim. Note for full verification, each asseration in the claim's list must also be verified, seeC2PA_Assertion.verify()- Parameters:
keystore- if not null, the final certificate in the chain will be verified against the trusted roots in this KeyStore- Returns:
- a list of validation status codes
- Throws:
IllegalArgumentException- if no key is available to verifyIllegalStateException- if the signature is not signed or has been incorrectly set upIOException- if such an exception was thrown while computing the object digest
-