public class PdfSigner extends Object
Modifier and Type | Class and Description |
---|---|
static class |
PdfSigner.CryptoStandard
Enum containing the Cryptographic Standards.
|
static interface |
PdfSigner.ISignatureEvent
An interface to retrieve the signature dictionary for modification.
|
Modifier and Type | Field and Description |
---|---|
protected PdfSignatureAppearance |
appearance
The signature appearance.
|
protected byte[] |
bout
The bytes of the file right before the signature is added (if raf is null).
|
protected int |
certificationLevel
The certification level.
|
static int |
CERTIFIED_FORM_FILLING
Author signature, form filling allowed.
|
static int |
CERTIFIED_FORM_FILLING_AND_ANNOTATIONS
Author signature, form filling and annotations allowed.
|
static int |
CERTIFIED_NO_CHANGES_ALLOWED
Author signature, no changes allowed.
|
protected boolean |
closed
Boolean to check if this PdfSigner instance has been closed already or not.
|
protected PdfSignature |
cryptoDictionary
The crypto dictionary.
|
protected PdfDocument |
document
The PdfDocument.
|
protected Map<PdfName,PdfLiteral> |
exclusionLocations
Name and content of keys that can only be added in the close() method.
|
protected PdfSigFieldLock |
fieldLock
Signature field lock dictionary.
|
protected String |
fieldName
The name of the field.
|
static int |
NOT_CERTIFIED
Approval signature.
|
protected OutputStream |
originalOS
OutputStream for the bytes of the document.
|
protected boolean |
preClosed
Indicates if the pdf document has already been pre-closed.
|
protected RandomAccessFile |
raf
The file right before the signature is added (can be null).
|
protected long[] |
range
Array containing the byte positions of the bytes that need to be hashed.
|
protected PdfSigner.ISignatureEvent |
signatureEvent
Holds value of property signatureEvent.
|
protected Calendar |
signDate
Holds value of property signDate.
|
protected File |
tempFile
Tempfile to hold the output temporarily.
|
protected ByteArrayOutputStream |
temporaryOS
Outputstream that temporarily holds the output in memory.
|
Constructor and Description |
---|
PdfSigner(PdfReader reader, OutputStream outputStream, boolean append)
Creates a PdfSigner instance.
|
PdfSigner(PdfReader reader, OutputStream outputStream, String path, boolean append)
Creates a PdfSigner instance.
|
Modifier and Type | Method and Description |
---|---|
protected void |
addDeveloperExtension(PdfDeveloperExtension extension) |
protected void |
addDocMDP(PdfSignature crypto)
Adds keys to the signature dictionary that define the certification level and the permissions.
|
protected void |
addFieldMDP(PdfSignature crypto, PdfSigFieldLock fieldLock)
Adds keys to the signature dictionary that define the field permissions.
|
protected void |
close(PdfDictionary update)
This is the last method to be called when using external signatures.
|
protected boolean |
documentContainsCertificationOrApprovalSignatures() |
int |
getCertificationLevel()
Returns the document's certification level.
|
PdfDocument |
getDocument()
Gets the PdfDocument associated with this instance.
|
PdfSigFieldLock |
getFieldLockDict()
Getter for the field lock dictionary.
|
String |
getFieldName()
Gets the field name.
|
String |
getNewSigFieldName()
Gets a new signature field name that doesn't clash with any existing name.
|
protected InputStream |
getRangeStream()
Gets the document bytes that are hashable when using external signatures.
|
PdfSignatureAppearance |
getSignatureAppearance()
Provides access to a signature appearance object.
|
PdfSignature |
getSignatureDictionary()
Returns the user made signature dictionary.
|
PdfSigner.ISignatureEvent |
getSignatureEvent()
Getter for property signatureEvent.
|
Calendar |
getSignDate()
Gets the signature date.
|
protected IRandomAccessSource |
getUnderlyingSource()
Returns the underlying source.
|
protected int |
getWidgetPageNumber(PdfWidgetAnnotation widget)
Get the page number associated to the provided widget.
|
protected Rectangle |
getWidgetRectangle(PdfWidgetAnnotation widget)
Get the rectangle associated to the provided widget.
|
protected boolean |
isPreClosed()
Checks if the document is in the process of closing.
|
protected void |
preClose(Map<PdfName,Integer> exclusionSizes)
This is the first method to be called when using external signatures.
|
protected Collection |
processCrl(Certificate cert, Collection<ICrlClient> crlList)
Processes a CRL list.
|
void |
setCertificationLevel(int certificationLevel)
Sets the document's certification level.
|
protected void |
setDocument(PdfDocument document)
Sets the PdfDocument.
|
void |
setFieldLockDict(PdfSigFieldLock fieldLock)
Setter for the field lock dictionary.
|
void |
setFieldName(String fieldName)
Sets the name indicating the field to be signed.
|
void |
setOriginalOutputStream(OutputStream originalOS)
Setter for the OutputStream.
|
void |
setSignatureEvent(PdfSigner.ISignatureEvent signatureEvent)
Sets the signature event to allow modification of the signature dictionary.
|
void |
setSignDate(Calendar signDate)
Sets the signature date.
|
static void |
signDeferred(PdfDocument document, String fieldName, OutputStream outs, IExternalSignatureContainer externalSignatureContainer)
Signs a PDF where space was already reserved.
|
void |
signDetached(IExternalDigest externalDigest, IExternalSignature externalSignature, Certificate[] chain, Collection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize, PdfSigner.CryptoStandard sigtype)
Signs the document using the detached mode, CMS or CAdES equivalent.
|
void |
signDetached(IExternalDigest externalDigest, IExternalSignature externalSignature, Certificate[] chain, Collection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize, PdfSigner.CryptoStandard sigtype, org.bouncycastle.asn1.esf.SignaturePolicyIdentifier signaturePolicy)
Signs the document using the detached mode, CMS or CAdES equivalent.
|
void |
signDetached(IExternalDigest externalDigest, IExternalSignature externalSignature, Certificate[] chain, Collection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize, PdfSigner.CryptoStandard sigtype, SignaturePolicyInfo signaturePolicy)
Signs the document using the detached mode, CMS or CAdES equivalent.
|
void |
signExternalContainer(IExternalSignatureContainer externalSignatureContainer, int estimatedSize)
Sign the document using an external container, usually a PKCS7.
|
void |
timestamp(ITSAClient tsa, String signatureName)
Signs a document with a PAdES-LTV Timestamp.
|
public static final int NOT_CERTIFIED
public static final int CERTIFIED_NO_CHANGES_ALLOWED
public static final int CERTIFIED_FORM_FILLING
public static final int CERTIFIED_FORM_FILLING_AND_ANNOTATIONS
protected int certificationLevel
protected String fieldName
protected RandomAccessFile raf
protected byte[] bout
protected long[] range
protected PdfDocument document
protected PdfSignature cryptoDictionary
protected PdfSigner.ISignatureEvent signatureEvent
protected OutputStream originalOS
protected ByteArrayOutputStream temporaryOS
protected File tempFile
protected Map<PdfName,PdfLiteral> exclusionLocations
protected boolean preClosed
protected PdfSigFieldLock fieldLock
protected PdfSignatureAppearance appearance
protected Calendar signDate
protected boolean closed
public PdfSigner(PdfReader reader, OutputStream outputStream, boolean append) throws IOException
ByteArrayOutputStream
instead of a temporary file.
reader
- PdfReader that reads the PDF file
outputStream
- OutputStream to write the signed PDF file
append
- boolean to indicate whether the signing should happen in append mode or not
IOException
public PdfSigner(PdfReader reader, OutputStream outputStream, String path, boolean append) throws IOException
ByteArrayOutputStream
instead of a temporary file.
reader
- PdfReader that reads the PDF file
outputStream
- OutputStream to write the signed PDF file
path
- File to which the output is temporarily written
append
- boolean to indicate whether the signing should happen in append mode or not
IOException
public Calendar getSignDate()
public void setSignDate(Calendar signDate)
signDate
- the signature date
public PdfSignatureAppearance getSignatureAppearance()
Be aware:
setFieldName(java.lang.String)
with the name that doesn't exist in the document or don't specify it at all) then the signature is invisible by default.setFieldName(java.lang.String)
call you'll have to do it again)PdfSignatureAppearance
object.
public int getCertificationLevel()
setCertificationLevel(int)
.
public void setCertificationLevel(int certificationLevel)
certificationLevel
- a new certification level for a document. Possible values are:
public String getFieldName()
public PdfSignature getSignatureDictionary()
public PdfSigner.ISignatureEvent getSignatureEvent()
public void setSignatureEvent(PdfSigner.ISignatureEvent signatureEvent)
signatureEvent
- the signature event
public String getNewSigFieldName()
public void setFieldName(String fieldName)
fieldName
- The name indicating the field to be signed.
public PdfDocument getDocument()
protected void setDocument(PdfDocument document)
public void setOriginalOutputStream(OutputStream originalOS)
public PdfSigFieldLock getFieldLockDict()
public void setFieldLockDict(PdfSigFieldLock fieldLock)
Be aware: if a signature is created on an existing signature field, then its /Lock dictionary takes the precedence (if it exists).
fieldLock
- Field lock dictionary
public void signDetached(IExternalDigest externalDigest, IExternalSignature externalSignature, Certificate[] chain, Collection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize, PdfSigner.CryptoStandard sigtype) throws IOException, GeneralSecurityException
externalSignature
- the interface providing the actual signing
chain
- the certificate chain
crlList
- the CRL list
ocspClient
- the OCSP client
tsaClient
- the Timestamp client
externalDigest
- an implementation that provides the digest
estimatedSize
- the reserved size for the signature. It will be estimated if 0
sigtype
- Either Signature.CMS or Signature.CADES
IOException
GeneralSecurityException
public void signDetached(IExternalDigest externalDigest, IExternalSignature externalSignature, Certificate[] chain, Collection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize, PdfSigner.CryptoStandard sigtype, SignaturePolicyInfo signaturePolicy) throws IOException, GeneralSecurityException
externalSignature
- the interface providing the actual signing
chain
- the certificate chain
crlList
- the CRL list
ocspClient
- the OCSP client
tsaClient
- the Timestamp client
externalDigest
- an implementation that provides the digest
estimatedSize
- the reserved size for the signature. It will be estimated if 0
sigtype
- Either Signature.CMS or Signature.CADES
signaturePolicy
- the signature policy (for EPES signatures)
IOException
GeneralSecurityException
public void signDetached(IExternalDigest externalDigest, IExternalSignature externalSignature, Certificate[] chain, Collection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize, PdfSigner.CryptoStandard sigtype, org.bouncycastle.asn1.esf.SignaturePolicyIdentifier signaturePolicy) throws IOException, GeneralSecurityException
externalSignature
- the interface providing the actual signing
chain
- the certificate chain
crlList
- the CRL list
ocspClient
- the OCSP client
tsaClient
- the Timestamp client
externalDigest
- an implementation that provides the digest
estimatedSize
- the reserved size for the signature. It will be estimated if 0
sigtype
- Either Signature.CMS or Signature.CADES
signaturePolicy
- the signature policy (for EPES signatures)
IOException
GeneralSecurityException
public void signExternalContainer(IExternalSignatureContainer externalSignatureContainer, int estimatedSize) throws GeneralSecurityException, IOException
externalSignatureContainer
- the interface providing the actual signing
estimatedSize
- the reserved size for the signature
GeneralSecurityException
IOException
public void timestamp(ITSAClient tsa, String signatureName) throws IOException, GeneralSecurityException
tsa
- the timestamp generator
signatureName
- the signature name or null to have a name generated automatically
IOException
GeneralSecurityException
public static void signDeferred(PdfDocument document, String fieldName, OutputStream outs, IExternalSignatureContainer externalSignatureContainer) throws IOException, GeneralSecurityException
document
- the original PDF
fieldName
- the field to sign. It must be the last field
outs
- the output PDF
externalSignatureContainer
- the signature container doing the actual signing. Only the method ExternalSignatureContainer.sign is used
IOException
GeneralSecurityException
protected CollectionprocessCrl(Certificate cert, Collection<ICrlClient> crlList)
cert
- a Certificate if one of the CrlList implementations needs to retrieve the CRL URL from it.
crlList
- a list of CrlClient implementations
protected void addDeveloperExtension(PdfDeveloperExtension extension)
protected boolean isPreClosed()
protected void preClose(Map<PdfName,Integer> exclusionSizes) throws IOException
exclusionSizes
must contain at least the PdfName.CONTENTS
key with the size that it will take in the document. Note that due to the hex string coding this size should be byte_size*2+2.
exclusionSizes
- Map with names and sizes to be excluded in the signature calculation. The key is a PdfName and the value an Integer. At least the /Contents must be present
IOException
- on error
protected InputStream getRangeStream() throws IOException
preClose(Map)
, getRangeStream()
and close(PdfDictionary)
.
InputStream
of bytes to be signed.
IOException
protected void close(PdfDictionary update) throws IOException
update is a PdfDictionary that must have exactly the same keys as the ones provided in preClose(Map)
.
update
- a PdfDictionary with the key/value that will fill the holes defined in preClose(Map)
IOException
- on error
protected IRandomAccessSource getUnderlyingSource() throws IOException
IOException
protected void addDocMDP(PdfSignature crypto)
crypto
- the signature dictionary
protected void addFieldMDP(PdfSignature crypto, PdfSigFieldLock fieldLock)
crypto
- the signature dictionary
protected boolean documentContainsCertificationOrApprovalSignatures()
protected Rectangle getWidgetRectangle(PdfWidgetAnnotation widget)
widget
- PdfWidgetAnnotation to extract the rectangle from
protected int getWidgetPageNumber(PdfWidgetAnnotation widget)
widget
- PdfWidgetAnnotation from which to extract the page number
Copyright © 1998–2018 iText Group NV. All rights reserved.