Package com.itextpdf.signatures
Class LtvVerifier
java.lang.Object
com.itextpdf.signatures.CertificateVerifier
com.itextpdf.signatures.RootStoreVerifier
com.itextpdf.signatures.LtvVerifier
Verifies the signatures in an LTV document.
-
Field Summary
Modifier and TypeFieldDescriptionprotected PdfAcroForm
The fields in the revision that is being verified.protected PdfDocument
A document object for the revision that is being verified.protected PdfDictionary
The document security store for the revision that is being verifiedprotected boolean
Indicates if we're working with the latest revision.protected static final org.slf4j.Logger
The Logger instanceprotected IMetaInfo
The meta infoprotected LtvVerification.CertificateOption
Option to specify level of verification; signing certificate only or the entire chain.protected PdfPKCS7
The PdfPKCS7 object for the signature.protected String
Security provider to use, use null for defaultprotected String
The signature that covers the revision.protected Date
The date the revision was signed, ornull
for the highest revision.protected boolean
Verify root.Fields inherited from class com.itextpdf.signatures.RootStoreVerifier
rootStore
Fields inherited from class com.itextpdf.signatures.CertificateVerifier
onlineCheckingAllowed, verifier
-
Constructor Summary
ConstructorDescriptionLtvVerifier
(PdfDocument document) Creates a VerificationData object for a PdfReaderLtvVerifier
(PdfDocument document, String securityProviderCode) -
Method Summary
Modifier and TypeMethodDescriptionprotected PdfPKCS7
Checks if the signature covers the whole document and throws an exception if the document was alteredGets a list of X509CRL objects from a Document Security Store.Gets OCSP responses from the Document Security Store.protected void
initLtvVerifier
(PdfDocument document) void
Sets the certificate option.void
setEventCountingMetaInfo
(IMetaInfo metaInfo) Sets theIMetaInfo
that will be used duringPdfDocument
creation.void
setVerifier
(CertificateVerifier verifier) Sets an extra verifier.void
setVerifyRootCertificate
(boolean verifyRootCertificate) Set the verifyRootCertificate to false if you can't verify the root certificate.void
Switches to the previous revision.verify
(X509Certificate signCert, X509Certificate issuerCert, Date signDate) Verifies certificates against a list of CRLs and OCSP responses.verify
(List<VerificationOK> result) Verifies all the document-level timestamps and all the signatures in the document.void
verifyChain
(Certificate[] chain) Checks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly?Verifies a document level timestamp.Methods inherited from class com.itextpdf.signatures.RootStoreVerifier
setRootStore
Methods inherited from class com.itextpdf.signatures.CertificateVerifier
setOnlineCheckingAllowed
-
Field Details
-
LOGGER
protected static final org.slf4j.Logger LOGGERThe Logger instance -
option
Option to specify level of verification; signing certificate only or the entire chain. -
verifyRootCertificate
protected boolean verifyRootCertificateVerify root. -
document
A document object for the revision that is being verified. -
acroForm
The fields in the revision that is being verified. -
signDate
The date the revision was signed, ornull
for the highest revision. -
signatureName
The signature that covers the revision. -
pkcs7
The PdfPKCS7 object for the signature. -
latestRevision
protected boolean latestRevisionIndicates if we're working with the latest revision. -
dss
The document security store for the revision that is being verified -
securityProviderCode
Security provider to use, use null for default -
metaInfo
The meta info
-
-
Constructor Details
-
LtvVerifier
Creates a VerificationData object for a PdfReader- Parameters:
-
document
- The document we want to verify. - Throws:
-
GeneralSecurityException
- if some problem with signature or security are occurred
-
LtvVerifier
public LtvVerifier(PdfDocument document, String securityProviderCode) throws GeneralSecurityException - Throws:
-
GeneralSecurityException
-
-
Method Details
-
setVerifier
Sets an extra verifier.- Parameters:
-
verifier
- the verifier to set
-
setCertificateOption
Sets the certificate option.- Parameters:
-
option
- Either CertificateOption.SIGNING_CERTIFICATE (default) or CertificateOption.WHOLE_CHAIN
-
setVerifyRootCertificate
public void setVerifyRootCertificate(boolean verifyRootCertificate) Set the verifyRootCertificate to false if you can't verify the root certificate.- Parameters:
-
verifyRootCertificate
- false if you can't verify the root certificate, otherwise true
-
setEventCountingMetaInfo
Sets theIMetaInfo
that will be used duringPdfDocument
creation.- Parameters:
-
metaInfo
- meta info to set
-
verify
public List<VerificationOK> verify(List<VerificationOK> result) throws IOException, GeneralSecurityException Verifies all the document-level timestamps and all the signatures in the document.- Parameters:
-
result
- a list ofVerificationOK
objects - Returns:
-
a list of all
VerificationOK
objects after verification - Throws:
-
IOException
- signals that an I/O exception has occurred -
GeneralSecurityException
- if some problems with signature or security occurred
-
verifySignature
Verifies a document level timestamp.- Returns:
-
a list of
VerificationOK
objects - Throws:
-
GeneralSecurityException
- if some problems with signature or security occurred -
IOException
- signals that an I/O exception has occurred
-
verifyChain
Checks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly?- Parameters:
-
chain
- the certificate chain - Throws:
-
GeneralSecurityException
- when requested cryptographic algorithm or security provider is not available, if the certificate is invalid on a specific date and if the certificates chained up incorrectly
-
verify
public List<VerificationOK> verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException Verifies certificates against a list of CRLs and OCSP responses.- Overrides:
-
verify
in classRootStoreVerifier
- Parameters:
-
signCert
- the signing certificate -
issuerCert
- the issuer's certificate -
signDate
- the date the certificate needs to be valid - Returns:
-
a list of
VerificationOK
objects. The list will be empty if the certificate couldn't be verified. - Throws:
-
GeneralSecurityException
- if some problems with signature or security occurred - See Also:
-
switchToPreviousRevision
Switches to the previous revision.- Throws:
-
IOException
- signals that an I/O exception has occurred -
GeneralSecurityException
- if some problems with signature or security occurred
-
getCRLsFromDSS
Gets a list of X509CRL objects from a Document Security Store.- Returns:
- a list of CRLs
- Throws:
-
GeneralSecurityException
- when requested cryptographic algorithm or security provider is not available
-
getOCSPResponsesFromDSS
Gets OCSP responses from the Document Security Store.- Returns:
- a list of BasicOCSPResp objects
- Throws:
-
GeneralSecurityException
- if OCSP response failed
-
initLtvVerifier
- Throws:
-
GeneralSecurityException
-
coversWholeDocument
Checks if the signature covers the whole document and throws an exception if the document was altered- Returns:
- a PdfPKCS7 object
- Throws:
-
GeneralSecurityException
- if some problems with signature or security occurred
-