Package com.tom_roush.pdfbox.pdmodel.interactive.digitalsignature

Class PDSeedValueCertificate

  • All Implemented Interfaces:
    COSObjectable
    public class PDSeedValueCertificate
extends Object
implements COSObjectable
    This class represents a certificate seed value dictionary that is in the seed value which puts constraints on certificates when signing documents.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addIssuer​(byte[] issuer)
      array of bytes containing DER-encoded X.509v3 certificates of acceptable issuers.
      void addKeyUsage​(char digitalSignature, char nonRepudiation, char keyEncipherment, char dataEncipherment, char keyAgreement, char keyCertSign, char cRLSign, char encipherOnly, char decipherOnly)
      works like addKeyUsage(String) but enters each character separately
      void addKeyUsage​(String keyUsageExtension)
      (Optional; PDF 1.7) specifies an acceptable key-usage extension that must be presennt in the signing certificate for works like setKeyUsage(List) but takes only one string
      void addOID​(byte[] oid)
      works like setOID(List) but for one object
      void addSubject​(byte[] subject)
      (Optional) byte array containing DER-encoded X.509v3 certificate that is acceptable for signing.
      COSDictionary getCOSObject()
      Convert this standard java object to a COS dictionary.
      List<byte[]> getIssuer()
      Returns list of array of bytes of DER-encoded X.509v3 certificates
      List<String> getKeyUsage()
      Returns list of key usages of certificate strings where each string is 9 characters long and each character is one of these values {0, 1, X} 0 for must not set, 1 for must set, X for don't care.
      List<byte[]> getOID()
      Returns A list of array of bytes that contain Object Identifiers (OIDs) of the certificate policies that must be present in the signing certificate
      List<byte[]> getSubject()
      Returns list of byte arrays that contains DER-encoded X.509v3 certificates
      List<Map<String,​String>> getSubjectDN()
      Returns list of maps that contains subject distinguished names like [(cn: John Doe, o: Doe), (cn: John Smith)] both keys are typically of the form 'cn', 'o', 'email', '2.5.4.43'; and values are text strings.
      String getURL()
      returns String of the URL
      String getURLType()
      A name indicating the usage of the URL entry.
      boolean isIssuerRequired()  
      boolean isKeyUsageRequired()  
      boolean isOIDRequired()  
      boolean isSubjectDNRequired()  
      boolean isSubjectRequired()  
      boolean isURLRequired()  
      void removeIssuer​(byte[] issuer)
      Removes an issuer from the issuers list
      void removeKeyUsage​(String keyUsageExtension)
      Removes a key usage extension
      void removeOID​(byte[] oid)
      removes an OID from the list
      void removeSubject​(byte[] subject)
      removes a subject from the list
      void setIssuer​(List<byte[]> issuers)
      (Optional) A list of array of bytes containing DER-encoded X.509v3 certificates of acceptable issuers.
      void setIssuerRequired​(boolean flag)
      set true if Issuer shall be required as a constraint on signature.
      void setKeyUsage​(List<String> keyUsageExtensions)
      (Optional; PDF 1.7) A List of ASCII strings, where each string specifies an acceptable key-usage extension that must be present in the signing certificate.
      void setKeyUsageRequired​(boolean flag)
      set true if KeyUsage shall be required as a constraint on signature.
      void setOID​(List<byte[]> oidByteStrings)
      (Optional) A list of byte arrays that contain Object Identifiers (OIDs) of the certificate policies that must be present in the signing certificate.
      void setOIDRequired​(boolean flag)
      set true if OID shall be required as a constraint on signature.
      void setSubject​(List<byte[]> subjects)
      (Optional) A list of byte arrays containing DER-encoded X.509v3 certificates that are acceptable for signing.
      void setSubjectDN​(List<Map<String,​String>> subjectDN)
      (Optional; PDF 1.7) A list of maps, where each map contains key value pairs, that specify the Subject Distinguished Name (DN) that must be present within the certificate for it to be acceptable for signing.
      void setSubjectDNRequired​(boolean flag)
      set true if subject DN shall be required as a constraint on signature.
      void setSubjectRequired​(boolean flag)
      set true if subject shall be required as a constraint on signature.
      void setURL​(String url)
      (Optional) A URL, the use for which is defined by the URLType entry.
      void setURLRequired​(boolean flag)
      set true if URL shall be required as a constraint on signature.
      void setURLType​(String urlType)
      (Optional; PDF 1.7) A name indicating the usage of the URL entry.

    • Constructor Detail

      • PDSeedValueCertificate

        public PDSeedValueCertificate()
        Default constructor.

      • PDSeedValueCertificate

        public PDSeedValueCertificate​(COSDictionary dict)
        Constructor.
        Parameters:
        dict - The certificate seed value dictionary.

    • Method Detail

      • getCOSObject

        public COSDictionary getCOSObject()
        Convert this standard java object to a COS dictionary.
        Specified by:
        getCOSObject in interface COSObjectable
        Returns:
        The COS dictionary that matches this Java object.

      • isSubjectRequired

        public boolean isSubjectRequired()
        Returns:
        true if the Subject is required

      • setSubjectRequired

        public void setSubjectRequired​(boolean flag)
        set true if subject shall be required as a constraint on signature.
        Parameters:
        flag - if true, the specified Subject shall be enforced as a constraint.

      • isIssuerRequired

        public boolean isIssuerRequired()
        Returns:
        true if the Issuer is required

      • setIssuerRequired

        public void setIssuerRequired​(boolean flag)
        set true if Issuer shall be required as a constraint on signature.
        Parameters:
        flag - if true, the specified Issuer shall be enforced as a constraint.

      • isOIDRequired

        public boolean isOIDRequired()
        Returns:
        true if the OID is required

      • setOIDRequired

        public void setOIDRequired​(boolean flag)
        set true if OID shall be required as a constraint on signature.
        Parameters:
        flag - if true, the specified OID shall be enforced as a constraint.

      • isSubjectDNRequired

        public boolean isSubjectDNRequired()
        Returns:
        true if the Subject DN is required

      • setSubjectDNRequired

        public void setSubjectDNRequired​(boolean flag)
        set true if subject DN shall be required as a constraint on signature.
        Parameters:
        flag - if true, the specified Subject DN shall be enforced as a constraint.

      • isKeyUsageRequired

        public boolean isKeyUsageRequired()
        Returns:
        true if the KeyUsage is required

      • setKeyUsageRequired

        public void setKeyUsageRequired​(boolean flag)
        set true if KeyUsage shall be required as a constraint on signature.
        Parameters:
        flag - if true, the specified KeyUsage shall be enforced as a constraint.

      • isURLRequired

        public boolean isURLRequired()
        Returns:
        true if the URL is required

      • setURLRequired

        public void setURLRequired​(boolean flag)
        set true if URL shall be required as a constraint on signature.
        Parameters:
        flag - if true, the specified URL shall be enforced as a constraint.

      • getSubject

        public List<byte[]> getSubject()
        Returns list of byte arrays that contains DER-encoded X.509v3 certificates
        Returns:
        a list of bytes arrays representing the subject.

      • setSubject

        public void setSubject​(List<byte[]> subjects)
        (Optional) A list of byte arrays containing DER-encoded X.509v3 certificates that are acceptable for signing. if Subject is not null and isSubjectRequired() is true then the subject constraint is enforced on the subjects in this array subjects.
        Parameters:
        subjects - list of byte arrays containing DER-encoded X.509v3 certificates that are acceptable for signing.

      • addSubject

        public void addSubject​(byte[] subject)
        (Optional) byte array containing DER-encoded X.509v3 certificate that is acceptable for signing. works like setSubject(List) but one byte array
        Parameters:
        subject - byte array containing DER-encoded X.509v3 certificate

      • removeSubject

        public void removeSubject​(byte[] subject)
        removes a subject from the list
        Parameters:
        subject - byte array containing DER-encoded X.509v3 certificate

      • getSubjectDN

        public List<Map<String,​String>> getSubjectDN()
        Returns list of maps that contains subject distinguished names like [(cn: John Doe, o: Doe), (cn: John Smith)] both keys are typically of the form 'cn', 'o', 'email', '2.5.4.43'; and values are text strings.
        Returns:
        a list of maps containing the subject distinguished names

      • setSubjectDN

        public void setSubjectDN​(List<Map<String,​String>> subjectDN)
        (Optional; PDF 1.7) A list of maps, where each map contains key value pairs, that specify the Subject Distinguished Name (DN) that must be present within the certificate for it to be acceptable for signing. The certificate must at a minimum contain all the attributes specified in one of the maps entered.
        Parameters:
        subjectDN - list of maps that contains subject distinguished names

      • getKeyUsage

        public List<String> getKeyUsage()
        Returns list of key usages of certificate strings where each string is 9 characters long and each character is one of these values {0, 1, X} 0 for must not set, 1 for must set, X for don't care. each index in the string represents a key usage:
        1. digitalSignature
        2. non-Repudiation
        3. keyEncipherment
        4. dataEncipherment
        5. keyAgreement
        6. keyCertSign
        7. cRLSign
        8. encipherOnly
        9. decipherOnly
        Returns:
        list of key usages

      • setKeyUsage

        public void setKeyUsage​(List<String> keyUsageExtensions)
        (Optional; PDF 1.7) A List of ASCII strings, where each string specifies an acceptable key-usage extension that must be present in the signing certificate. Multiple strings specify a range of acceptable key-usage extensions; where each string 9 characters long and each character is one of these values {0, 1, X} 0 for must not set, 1 for must set, X for don't care. each index in the string represents a key usage:
        1. digitalSignature
        2. non-Repudiation
        3. keyEncipherment
        4. dataEncipherment
        5. keyAgreement
        6. keyCertSign
        7. cRLSign
        8. encipherOnly
        9. decipherOnly
        Parameters:
        keyUsageExtensions - list of ASCII strings that consists only of {0, 1, X}

      • addKeyUsage

        public void addKeyUsage​(String keyUsageExtension)
        (Optional; PDF 1.7) specifies an acceptable key-usage extension that must be presennt in the signing certificate for works like setKeyUsage(List) but takes only one string
        Parameters:
        keyUsageExtension - String that consist only of {0, 1, X}

      • addKeyUsage

        public void addKeyUsage​(char digitalSignature,
                        char nonRepudiation,
                        char keyEncipherment,
                        char dataEncipherment,
                        char keyAgreement,
                        char keyCertSign,
                        char cRLSign,
                        char encipherOnly,
                        char decipherOnly)
        works like addKeyUsage(String) but enters each character separately
        Parameters:
        digitalSignature - char that is one of {0, 1, X}
        nonRepudiation - char that is one of {0, 1, X}
        keyEncipherment - char that is one of {0, 1, X}
        dataEncipherment - char that is one of {0, 1, X}
        keyAgreement - char that is one of {0, 1, X}
        keyCertSign - char that is one of {0, 1, X}
        cRLSign - char that is one of {0, 1, X}
        encipherOnly - char that is one of {0, 1, X}
        decipherOnly - char that is one of {0, 1, X}

      • removeKeyUsage

        public void removeKeyUsage​(String keyUsageExtension)
        Removes a key usage extension
        Parameters:
        keyUsageExtension - ASCII string that consists of {0, 1, X}

      • getIssuer

        public List<byte[]> getIssuer()
        Returns list of array of bytes of DER-encoded X.509v3 certificates
        Returns:
        a list of byte arrays representing the issuer

      • setIssuer

        public void setIssuer​(List<byte[]> issuers)
        (Optional) A list of array of bytes containing DER-encoded X.509v3 certificates of acceptable issuers. If the signer’s certificate chains up to any of the specified issuers (either directly or indirectly), the certificate is considered acceptable for signing.
        Parameters:
        issuers - A list of byte array containing DER-encoded X.509v3 certificates

      • addIssuer

        public void addIssuer​(byte[] issuer)
        array of bytes containing DER-encoded X.509v3 certificates of acceptable issuers. If the signer’s certificate chains up to any of the specified issuers (either directly or indirectly), the certificate is considered acceptable for signing.
        Parameters:
        issuer - A byte array containing DER-encoded X.509v3 certificate

      • removeIssuer

        public void removeIssuer​(byte[] issuer)
        Removes an issuer from the issuers list
        Parameters:
        issuer - A byte array containing DER-encoded X.509v3 certificate

      • getOID

        public List<byte[]> getOID()
        Returns A list of array of bytes that contain Object Identifiers (OIDs) of the certificate policies that must be present in the signing certificate
        Returns:
        an array of object identifiers.

      • setOID

        public void setOID​(List<byte[]> oidByteStrings)
        (Optional) A list of byte arrays that contain Object Identifiers (OIDs) of the certificate policies that must be present in the signing certificate. This field is only applicable if the value of Issuer is not empty.
        Parameters:
        oidByteStrings - list of byte arrays that contain OIDs

      • addOID

        public void addOID​(byte[] oid)
        works like setOID(List) but for one object
        Parameters:
        oid - the object identifier.

      • removeOID

        public void removeOID​(byte[] oid)
        removes an OID from the list
        Parameters:
        oid - the object identifier to be removed.

      • getURL

        public String getURL()
        returns String of the URL
        Returns:
        the URL

      • setURL

        public void setURL​(String url)
        (Optional) A URL, the use for which is defined by the URLType entry.
        Parameters:
        url - String of the URL

      • getURLType

        public String getURLType()
        A name indicating the usage of the URL entry. There are standard uses and there can be implementation-specific use for this URL. The following value specifies a valid standard usage:
        • Browser, The URL references content that should be displayed in a web browser to allow enrolling for a new credential if a matching credential is not found. The Ff attribute’s URL bit is ignored for this usage.
        • ASSP, The URL references a signature web service that can be used for server-based signing. If the Ff attribute’s URL bit indicates that this is a required constraint, this implies that the credential used when signing must come from this server.
        Returns:
        string of URL type

      • setURLType

        public void setURLType​(String urlType)
        (Optional; PDF 1.7) A name indicating the usage of the URL entry. There are standard uses and there can be implementation-specific uses for this URL. The following value specifies a valid standard usage:
        • Browser, The URL references content that should be displayed in a web browser to allow enrolling for a new credential if a matching credential is not found. The Ff attribute’s URL bit is ignored for this usage.
        • ASSP, The URL references a signature web service that can be used for server-based signing. If the Ff attribute’s URL bit indicates that this is a required constraint, this implies that the credential used when signing must come from this server.
        Third parties can extend the use of this attribute with their own attribute values, which must conform to the guidelines specified in PDF Spec 1.7 Appendix E (PDF Name Registry) if urlType is not set the default is Browser for URL
        Parameters:
        urlType - String of the urlType