com.itextpdf.signatures

Class LtvVerifier

java.lang.Object

com.itextpdf.signatures.CertificateVerifier

com.itextpdf.signatures.RootStoreVerifier

com.itextpdf.signatures.LtvVerifier

public class LtvVerifier
extends RootStoreVerifier

Verifies the signatures in an LTV document.

Field Summary

Fields

Modifier and Type	Field and Description
protected PdfAcroForm	acroForm The fields in the revision that is being verified.
protected com.itextpdf.kernel.pdf.PdfDocument	document A document object for the revision that is being verified.
protected com.itextpdf.kernel.pdf.PdfDictionary	dss The document security store for the revision that is being verified
protected boolean	latestRevision Indicates if we're working with the latest revision.
protected static org.slf4j.Logger	LOGGER The Logger instance
protected com.itextpdf.kernel.counter.event.IMetaInfo	metaInfo The meta info
protected LtvVerification.CertificateOption	option Option to specify level of verification; signing certificate only or the entire chain.
protected PdfPKCS7	pkcs7 The PdfPKCS7 object for the signature.
protected String	securityProviderCode Security provider to use, use null for default
protected String	signatureName The signature that covers the revision.
protected Date	signDate The date the revision was signed, or null for the highest revision.
protected boolean	verifyRootCertificate Verify root.

Fields inherited from class com.itextpdf.signatures.RootStoreVerifier

rootStore

Fields inherited from class com.itextpdf.signatures.CertificateVerifier

onlineCheckingAllowed, verifier

Constructor Summary

Constructors

Constructor and Description
LtvVerifier(com.itextpdf.kernel.pdf.PdfDocument document) Creates a VerificationData object for a PdfReader
LtvVerifier(com.itextpdf.kernel.pdf.PdfDocument document, String securityProviderCode)

Method Summary

Modifier and Type	Method and Description
protected PdfPKCS7	coversWholeDocument() Checks if the signature covers the whole document and throws an exception if the document was altered
List<X509CRL>	getCRLsFromDSS() Gets a list of X509CRL objects from a Document Security Store.
List<org.bouncycastle.cert.ocsp.BasicOCSPResp>	getOCSPResponsesFromDSS() Gets OCSP responses from the Document Security Store.
protected void	initLtvVerifier(com.itextpdf.kernel.pdf.PdfDocument document)
void	setCertificateOption(LtvVerification.CertificateOption option) Sets the certificate option.
void	setEventCountingMetaInfo(com.itextpdf.kernel.counter.event.IMetaInfo metaInfo) Sets the IMetaInfo that will be used during PdfDocument creation.
void	setVerifier(CertificateVerifier verifier) Sets an extra verifier.
void	setVerifyRootCertificate(boolean verifyRootCertificate) Set the verifyRootCertificate to false if you can't verify the root certificate.
void	switchToPreviousRevision() Switches to the previous revision.
List<VerificationOK>	verify(List<VerificationOK> result) Verifies all the document-level timestamps and all the signatures in the document.
List<VerificationOK>	verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate) Verifies certificates against a list of CRLs and OCSP responses.
void	verifyChain(Certificate[] chain) Checks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly?
List<VerificationOK>	verifySignature() Verifies a document level timestamp.

Methods inherited from class com.itextpdf.signatures.RootStoreVerifier

setRootStore

Methods inherited from class com.itextpdf.signatures.CertificateVerifier

setOnlineCheckingAllowed

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOGGER

protected static final org.slf4j.Logger LOGGER

The Logger instance

option

protected LtvVerification.CertificateOption option

Option to specify level of verification; signing certificate only or the entire chain.

verifyRootCertificate

protected boolean verifyRootCertificate

Verify root.

document

protected com.itextpdf.kernel.pdf.PdfDocument document

A document object for the revision that is being verified.

acroForm

protected PdfAcroForm acroForm

The fields in the revision that is being verified.

signDate

protected Date signDate

The date the revision was signed, or null for the highest revision.

signatureName

protected String signatureName

The signature that covers the revision.

pkcs7

protected PdfPKCS7 pkcs7

The PdfPKCS7 object for the signature.

latestRevision

protected boolean latestRevision

Indicates if we're working with the latest revision.

dss

protected com.itextpdf.kernel.pdf.PdfDictionary dss

The document security store for the revision that is being verified

securityProviderCode

protected String securityProviderCode

Security provider to use, use null for default

metaInfo

protected com.itextpdf.kernel.counter.event.IMetaInfo metaInfo

The meta info

Constructor Detail

LtvVerifier

public LtvVerifier(com.itextpdf.kernel.pdf.PdfDocument document)
            throws GeneralSecurityException

Creates a VerificationData object for a PdfReader

Parameters:

document - The document we want to verify.

Throws:

GeneralSecurityException

LtvVerifier

public LtvVerifier(com.itextpdf.kernel.pdf.PdfDocument document,
                   String securityProviderCode)
            throws GeneralSecurityException

Throws:

GeneralSecurityException

Method Detail

setVerifier

public void setVerifier(CertificateVerifier verifier)

Sets an extra verifier.

Parameters:

verifier - the verifier to set

setCertificateOption

public void setCertificateOption(LtvVerification.CertificateOption option)

Sets the certificate option.

Parameters:

option - Either CertificateOption.SIGNING_CERTIFICATE (default) or CertificateOption.WHOLE_CHAIN

setVerifyRootCertificate

public void setVerifyRootCertificate(boolean verifyRootCertificate)

Set the verifyRootCertificate to false if you can't verify the root certificate.

setEventCountingMetaInfo

public void setEventCountingMetaInfo(com.itextpdf.kernel.counter.event.IMetaInfo metaInfo)

Sets the IMetaInfo that will be used during PdfDocument creation.

Parameters:

metaInfo - meta info to set

verify

public List<VerificationOK> verify(List<VerificationOK> result)
                            throws IOException,
                                   GeneralSecurityException

Verifies all the document-level timestamps and all the signatures in the document.

Throws:

IOException

GeneralSecurityException

verifySignature

public List<VerificationOK> verifySignature()
                                     throws GeneralSecurityException,
                                            IOException

Verifies a document level timestamp.

Throws:

GeneralSecurityException

IOException

verifyChain

public void verifyChain(Certificate[] chain)
                 throws GeneralSecurityException

Checks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly?

Parameters:

chain - the certificate chain

Throws:

GeneralSecurityException

verify

public List<VerificationOK> verify(X509Certificate signCert,
                                   X509Certificate issuerCert,
                                   Date signDate)
                            throws GeneralSecurityException,
                                   IOException

Verifies certificates against a list of CRLs and OCSP responses.

Overrides:

verify in class RootStoreVerifier

Parameters:

signCert - the signing certificate

issuerCert - the issuer's certificate

signDate - the date the certificate needs to be valid

Returns:

a list of VerificationOK objects. The list will be empty if the certificate couldn't be verified.

Throws:

GeneralSecurityException

IOException

See Also:

RootStoreVerifier.verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)

switchToPreviousRevision

public void switchToPreviousRevision()
                              throws IOException,
                                     GeneralSecurityException

Switches to the previous revision.

Throws:

IOException

GeneralSecurityException

getCRLsFromDSS

public List<X509CRL> getCRLsFromDSS()
                             throws GeneralSecurityException,
                                    IOException

Gets a list of X509CRL objects from a Document Security Store.

Returns:

a list of CRLs

Throws:

GeneralSecurityException

IOException

getOCSPResponsesFromDSS

public List<org.bouncycastle.cert.ocsp.BasicOCSPResp> getOCSPResponsesFromDSS()
                                                                       throws IOException,
                                                                              GeneralSecurityException

Gets OCSP responses from the Document Security Store.

Returns:

a list of BasicOCSPResp objects

Throws:

IOException

GeneralSecurityException

initLtvVerifier

protected void initLtvVerifier(com.itextpdf.kernel.pdf.PdfDocument document)
                        throws GeneralSecurityException

Throws:

GeneralSecurityException

coversWholeDocument

protected PdfPKCS7 coversWholeDocument()
                                throws GeneralSecurityException

Checks if the signature covers the whole document and throws an exception if the document was altered

Returns:

a PdfPKCS7 object

Throws:

GeneralSecurityException