Package com.pdftools.crypto

Enum ValidationInformation

java.lang.Object
java.lang.Enum<ValidationInformation>
com.pdftools.crypto.ValidationInformation
All Implemented Interfaces:
Serializable, Comparable<ValidationInformation>
public enum ValidationInformation extends Enum<ValidationInformation>

Whether to embed validation information to enable the long-term validation (LTV) of the signature

Embed revocation information such as online certificate status response (OCSP - RFC2560) and certificate revocation lists (CRL - RFC3280). Revocation information of a certificate is provided by a validation service at the time of signing and acts as proof that the certificate was valid at the time of signing. This is useful because even when the certificate expires or is revoked at a later time, the signature in the signed document remains valid.

Embedding revocation information is optional but suggested when applying advanced or qualified electronic signatures. This feature is not always available. It has to be supported by the signing certificate and the cryptographic provider. Also, it is not supported by document time-stamp signatures. For these cases, a subsequent invocation of pdftools.sign.Signer.process with pdftools.sign.OutputOptions.getAddValidationInformation is required.

Revocation information is embedded for the signing certificate and all certificates of its trust chain. This implies that both OCSP responses and CRLs can be present in the same message. The disadvantages of embedding revocation information are the increase of the file size (normally by around 20KB), and that it requires a web request to a validation service, which delays the process of signing. Embedding revocation information requires an online connection to the CA that issues them. The firewall must be configured accordingly. If a web proxy is used (see pdftools.Sdk.getProxy), make sure the following MIME types are supported:

  • application/ocsp-request
  • application/ocsp-response

  • Enum Constant Details

    • NONE

      public static final ValidationInformation NONE

      Basic: Do not add any validation information

    • EMBED_IN_SIGNATURE

      public static final ValidationInformation EMBED_IN_SIGNATURE

      LTV: Embed validation information into the signature

      This is only possible for Legacy PAdES Basic signatures (signature format SignatureFormat.ADBE_PKCS7_DETACHED).

    • EMBED_IN_DOCUMENT

      public static final ValidationInformation EMBED_IN_DOCUMENT

      LTV: Embed validation information into the document

      Embedding validation information into the document security store (DSS) is recommended, because it creates smaller files and is supported for all signature formats.

      The document security store has been standardized in 2009 by the standard for PAdES-LTV Profiles (ETSI TS 102 778-4). Therefore, some legacy signature validation software may not support this. For these cases, it is necessary to use EmbedInSignature.

  • Method Details

    • values

      public static ValidationInformation[] values()
      Returns an array containing the constants of this enum type, in the order they are declared.
      Returns:
      an array containing the constants of this enum type, in the order they are declared

    • valueOf

      public static ValidationInformation valueOf(String name)
      Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
      Parameters:
      name - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum type has no constant with the specified name
      NullPointerException - if the argument is null