Package com.itextpdf.signatures
Class LtvVerifier
java.lang.Object
com.itextpdf.signatures.CertificateVerifier
com.itextpdf.signatures.RootStoreVerifier
com.itextpdf.signatures.LtvVerifier
Verifies the signatures in an LTV document.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected PdfAcroFormThe fields in the revision that is being verified.protected PdfDocumentA document object for the revision that is being verified.protected PdfDictionaryThe document security store for the revision that is being verifiedprotected booleanIndicates if we're working with the latest revision.protected static final LoggerThe Logger instanceprotected IMetaInfoThe meta infoprotected LtvVerification.CertificateOptionOption to specify level of verification; signing certificate only or the entire chain.protected PdfPKCS7The PdfPKCS7 object for the signature.protected StringSecurity provider to use, use null for defaultprotected StringThe signature that covers the revision.protected DateThe date the revision was signed, ornullfor the highest revision.protected booleanVerify root.Fields inherited from class com.itextpdf.signatures.RootStoreVerifier
rootStoreFields inherited from class com.itextpdf.signatures.CertificateVerifier
onlineCheckingAllowed, verifier -
Constructor Summary
ConstructorsConstructorDescriptionLtvVerifier(PdfDocument document) Creates a VerificationData object for a PdfReaderLtvVerifier(PdfDocument document, String securityProviderCode) -
Method Summary
Modifier and TypeMethodDescriptionprotected PdfPKCS7Checks if the signature covers the whole document and throws an exception if the document was alteredGets a list of X509CRL objects from a Document Security Store.Gets OCSP responses from the Document Security Store.protected voidinitLtvVerifier(PdfDocument document) voidSets the certificate option.voidsetEventCountingMetaInfo(IMetaInfo metaInfo) Sets theIMetaInfothat will be used duringPdfDocumentcreation.voidsetVerifier(CertificateVerifier verifier) Sets an extra verifier.voidsetVerifyRootCertificate(boolean verifyRootCertificate) Set the verifyRootCertificate to false if you can't verify the root certificate.voidSwitches to the previous revision.verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate) Verifies certificates against a list of CRLs and OCSP responses.verify(List<VerificationOK> result) Verifies all the document-level timestamps and all the signatures in the document.voidverifyChain(Certificate[] chain) Checks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly?Verifies a document level timestamp.Methods inherited from class com.itextpdf.signatures.RootStoreVerifier
setRootStoreMethods inherited from class com.itextpdf.signatures.CertificateVerifier
setOnlineCheckingAllowed
-
Field Details
-
LOGGER
The Logger instance -
option
Option to specify level of verification; signing certificate only or the entire chain. -
verifyRootCertificate
protected boolean verifyRootCertificateVerify root. -
document
A document object for the revision that is being verified. -
acroForm
The fields in the revision that is being verified. -
signDate
The date the revision was signed, ornullfor the highest revision. -
signatureName
The signature that covers the revision. -
pkcs7
The PdfPKCS7 object for the signature. -
latestRevision
protected boolean latestRevisionIndicates if we're working with the latest revision. -
dss
The document security store for the revision that is being verified -
securityProviderCode
Security provider to use, use null for default -
metaInfo
The meta info
-
-
Constructor Details
-
LtvVerifier
Creates a VerificationData object for a PdfReader- Parameters:
-
document- The document we want to verify. - Throws:
-
GeneralSecurityException- if some problem with signature or security are occurred
-
LtvVerifier
public LtvVerifier(PdfDocument document, String securityProviderCode) throws GeneralSecurityException - Throws:
-
GeneralSecurityException
-
-
Method Details
-
setVerifier
Sets an extra verifier.- Parameters:
-
verifier- the verifier to set
-
setCertificateOption
Sets the certificate option.- Parameters:
-
option- Either CertificateOption.SIGNING_CERTIFICATE (default) or CertificateOption.WHOLE_CHAIN
-
setVerifyRootCertificate
public void setVerifyRootCertificate(boolean verifyRootCertificate) Set the verifyRootCertificate to false if you can't verify the root certificate.- Parameters:
-
verifyRootCertificate- false if you can't verify the root certificate, otherwise true
-
setEventCountingMetaInfo
Sets theIMetaInfothat will be used duringPdfDocumentcreation.- Parameters:
-
metaInfo- meta info to set
-
verify
public List<VerificationOK> verify(List<VerificationOK> result) throws IOException, GeneralSecurityException Verifies all the document-level timestamps and all the signatures in the document.- Parameters:
-
result- a list ofVerificationOKobjects - Returns:
-
a list of all
VerificationOKobjects after verification - Throws:
-
IOException- signals that an I/O exception has occurred -
GeneralSecurityException- if some problems with signature or security occurred
-
verifySignature
Verifies a document level timestamp.- Returns:
-
a list of
VerificationOKobjects - Throws:
-
GeneralSecurityException- if some problems with signature or security occurred -
IOException- signals that an I/O exception has occurred
-
verifyChain
Checks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly?- Parameters:
-
chain- the certificate chain - Throws:
-
GeneralSecurityException- when requested cryptographic algorithm or security provider is not available, if the certificate is invalid on a specific date and if the certificates chained up incorrectly
-
verify
public List<VerificationOK> verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException Verifies certificates against a list of CRLs and OCSP responses.- Overrides:
-
verifyin classRootStoreVerifier - Parameters:
-
signCert- the signing certificate -
issuerCert- the issuer's certificate -
signDate- the date the certificate needs to be valid - Returns:
-
a list of
VerificationOKobjects. The list will be empty if the certificate couldn't be verified. - Throws:
-
GeneralSecurityException- if some problems with signature or security occurred - See Also:
-
switchToPreviousRevision
Switches to the previous revision.- Throws:
-
IOException- signals that an I/O exception has occurred -
GeneralSecurityException- if some problems with signature or security occurred
-
getCRLsFromDSS
Gets a list of X509CRL objects from a Document Security Store.- Returns:
- a list of CRLs
- Throws:
-
GeneralSecurityException- when requested cryptographic algorithm or security provider is not available
-
getOCSPResponsesFromDSS
Gets OCSP responses from the Document Security Store.- Returns:
- a list of BasicOCSPResp objects
- Throws:
-
GeneralSecurityException- if OCSP response failed
-
initLtvVerifier
- Throws:
-
GeneralSecurityException
-
coversWholeDocument
Checks if the signature covers the whole document and throws an exception if the document was altered- Returns:
- a PdfPKCS7 object
- Throws:
-
GeneralSecurityException- if some problems with signature or security occurred
-