Package com.bfo.box
Class C2PASignature
java.lang.Object
com.bfo.box.Box
com.bfo.box.JUMBox
com.bfo.box.CborContainerBox
com.bfo.box.C2PASignature
The C2PA signature
is applied to each
manifest
to sign it. There is one signature per manifest.- Since:
- 5
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptioncose()
Return the COSE object which actually contains the signature.long
Return the timestamp the signature was applied at, or 0 if not known.boolean
Return true if an identity has been set for signing withsetSigner(java.security.PrivateKey, java.util.List<java.security.cert.X509Certificate>)
void
setSigner
(PrivateKey key, List<X509Certificate> certs) Set the identity that will be used in a subsequent call tosign()
.void
setTimestamp
(long timestamp) If the signature does not contain a timestamp, set the time that the signature was applied.sign()
Sign the claim.toString()
Return a String representation of this Box, which will be parseable as JSONVerify the cryptographic aspects of the claim.Methods inherited from class com.bfo.box.CborContainerBox
cbor, getBox
-
Method Details
-
toString
Description copied from class:Box
Return a String representation of this Box, which will be parseable as JSON -
cose
Return the COSE object which actually contains the signature. While useful for retrieving cryptographic details from the signature, don't call sign/verify on the returned object; call them on this class instead.- Returns:
- the COSE object
-
setSigner
Set the identity that will be used in a subsequent call tosign()
. These values are not preserved in any way; they're only used bysign()
.- Parameters:
key
- the PrivateKeycerts
- a list of X.509 certificates to include in the COSE object.
-
hasSigner
public boolean hasSigner()Return true if an identity has been set for signing withsetSigner(java.security.PrivateKey, java.util.List<java.security.cert.X509Certificate>)
- Returns:
- whether the identity is set
-
sign
Sign the claim. Before signing- the
setSigner()
method must have been called with a key and non-empty certificates - If the
claim's assertions
are empty, it will be initialized to all themanifest's assertions
- The assertions must be non-empty and include a "hash" type assertion
- The
claim format
must be set - The
claim instance id
must be set - If the
hash algorithm
is not set, it will be initialized to a default value - If the
generator
is not set, it will be initialized to a default value - The claim object is finalized and signed
- Returns:
- a list of status codes - if any of them are invalid, signing failed
- Throws:
RuntimeException
- wrapping a GeneralSecurityException if signing failsIOException
- if signing fails due to an IOException
- the
-
setTimestamp
public void setTimestamp(long timestamp) If the signature does not contain a timestamp, set the time that the signature was applied. Without this information and a timestamp, the signature will be verified against the current time- Parameters:
timestamp
- the timestamp of the signature, or 0 to use the default (the current time)
-
getTimestamp
public long getTimestamp()Return the timestamp the signature was applied at, or 0 if not known.- Returns:
- the timestamp
-
verify
Verify the cryptographic aspects of the claim. Note for full verification, each asseration in the claim's list must also be verified, seeC2PA_Assertion.verify()
- Parameters:
keystore
- if not null, the final certificate in the chain will be verified against the trusted roots in this KeyStore- Returns:
- a list of validation status codes
- Throws:
IllegalArgumentException
- if no key is available to verifyIllegalStateException
- if the signature is not signed or has been incorrectly set upIOException
- if such an exception was thrown while computing the object digest
-