net.jsign

Class PESigner

java.lang.Object

net.jsign.PESigner

public class PESigner
extends Object

Sign a portable executable file. Timestamping is enabled by default and relies on the Comodo server (http://timestamp.comodoca.com/authenticode).

Since:

1.0

Author:

Emmanuel Bourg

See Also:

Windows Authenticode Portable Executable Signature Format, Time Stamping Authenticode Signatures

Constructor Summary

Constructors

Constructor and Description
PESigner(Certificate[] chain, PrivateKey privateKey) Create a PESigner with the specified certificate chain and private key.
PESigner(KeyStore keystore, String alias, String password) Create a PESigner with a certificate chain and private key from the specified keystore.

Method Summary

Modifier and Type	Method and Description
void	sign(PEFile file) Sign the specified executable file.
PESigner	withDigestAlgorithm(DigestAlgorithm algorithm) Set the digest algorithm to use (SHA-256 by default)
PESigner	withProgramName(String programName) Set the program name embedded in the signature.
PESigner	withProgramURL(String programURL) Set the program URL embedded in the signature.
PESigner	withSignatureAlgorithm(String signatureAlgorithm) Explicitly sets the signature algorithm to use.
PESigner	withSignatureAlgorithm(String signatureAlgorithm, Provider signatureProvider) Explicitly sets the signature algorithm and provider to use.
PESigner	withSignatureAlgorithm(String signatureAlgorithm, String signatureProvider) Explicitly sets the signature algorithm and provider to use.
PESigner	withSignatureProvider(Provider signatureProvider) Set the signature provider to use.
PESigner	withSignaturesReplaced(boolean replace) Enable or disable the replacement of the previous signatures (disabled by default).
PESigner	withTimestamper(Timestamper timestamper) Set the Timestamper implementation.
PESigner	withTimestamping(boolean timestamping) Enable or disable the timestamping (enabled by default).
PESigner	withTimestampingAuthority(String... url) Set the URL of the timestamping authority.
PESigner	withTimestampingAuthority(String url) Set the URL of the timestamping authority.
PESigner	withTimestampingMode(TimestampingMode tsmode) RFC3161 or Authenticode (Authenticode by default).
PESigner	withTimestampingRetries(int timestampingRetries) Set the number of retries for timestamping.
PESigner	withTimestampingRetryWait(int timestampingRetryWait) Set the number of seconds to wait between timestamping retries.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PESigner

public PESigner(Certificate[] chain,
                PrivateKey privateKey)

Create a PESigner with the specified certificate chain and private key.

Parameters:

chain - the certificate chain. The first certificate is the signing certificate

privateKey - the private key

Throws:

IllegalArgumentException - if the chain is empty

PESigner

public PESigner(KeyStore keystore,
                String alias,
                String password)
         throws NoSuchAlgorithmException,
                KeyStoreException,
                UnrecoverableKeyException

Create a PESigner with a certificate chain and private key from the specified keystore.

Parameters:

keystore - the keystore holding the certificate and the private key

alias - the alias of the certificate in the keystore

password - the password to get the private key

Throws:

NoSuchAlgorithmException

KeyStoreException

UnrecoverableKeyException

Method Detail

sign

public void sign(PEFile file)
          throws Exception

Sign the specified executable file.

Throws:

Exception

withDigestAlgorithm

public PESigner withDigestAlgorithm(DigestAlgorithm algorithm)

Set the digest algorithm to use (SHA-256 by default)

withProgramName

public PESigner withProgramName(String programName)

Set the program name embedded in the signature.

withProgramURL

public PESigner withProgramURL(String programURL)

Set the program URL embedded in the signature.

withSignatureAlgorithm

public PESigner withSignatureAlgorithm(String signatureAlgorithm)

Explicitly sets the signature algorithm to use.

Since:

2.0

withSignatureAlgorithm

public PESigner withSignatureAlgorithm(String signatureAlgorithm,
                                       Provider signatureProvider)

Explicitly sets the signature algorithm and provider to use.

Since:

2.0

withSignatureAlgorithm

public PESigner withSignatureAlgorithm(String signatureAlgorithm,
                                       String signatureProvider)

Explicitly sets the signature algorithm and provider to use.

Since:

2.0

withSignatureProvider

public PESigner withSignatureProvider(Provider signatureProvider)

Set the signature provider to use.

Since:

2.0

withSignaturesReplaced

public PESigner withSignaturesReplaced(boolean replace)

Enable or disable the replacement of the previous signatures (disabled by default).

Since:

2.0

withTimestamper

public PESigner withTimestamper(Timestamper timestamper)

Set the Timestamper implementation.

withTimestamping

public PESigner withTimestamping(boolean timestamping)

Enable or disable the timestamping (enabled by default).

withTimestampingAuthority

public PESigner withTimestampingAuthority(String... url)

Set the URL of the timestamping authority. RFC 3161 servers as used for jar signing are not compatible with Authenticode signatures.

Since:

2.1

withTimestampingAuthority

public PESigner withTimestampingAuthority(String url)

Set the URL of the timestamping authority. RFC 3161 servers as used for jar signing are not compatible with Authenticode signatures.

Since:

2.1

withTimestampingMode

public PESigner withTimestampingMode(TimestampingMode tsmode)

RFC3161 or Authenticode (Authenticode by default).

Since:

1.3

withTimestampingRetries

public PESigner withTimestampingRetries(int timestampingRetries)

Set the number of retries for timestamping.

withTimestampingRetryWait

public PESigner withTimestampingRetryWait(int timestampingRetryWait)

Set the number of seconds to wait between timestamping retries.