Package com.itextpdf.signatures
Class PdfSigner
java.lang.Object
com.itextpdf.signatures.PdfSigner
Takes care of the cryptographic options and appearances that form a signature.
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic enum
Enum containing the Cryptographic Standards.static interface
An interface to retrieve the signature dictionary for modification. -
Field Summary
Modifier and TypeFieldDescriptionprotected PdfSignatureAppearance
The signature appearance.protected byte[]
The bytes of the file right before the signature is added (if raf is null).protected int
The certification level.static final int
Author signature, form filling allowed.static final int
Author signature, form filling and annotations allowed.static final int
Author signature, no changes allowed.protected boolean
Boolean to check if this PdfSigner instance has been closed already or not.protected PdfSignature
The crypto dictionary.protected PdfDocument
The PdfDocument.protected Map<PdfName,
PdfLiteral> Name and content of keys that can only be added in the close() method.protected PdfSigFieldLock
Signature field lock dictionary.protected String
The name of the field.static final int
Approval signature.protected OutputStream
OutputStream for the bytes of the document.protected boolean
Indicates if the pdf document has already been pre-closed.protected RandomAccessFile
The file right before the signature is added (can be null).protected long[]
Array containing the byte positions of the bytes that need to be hashed.protected PdfSigner.ISignatureEvent
Holds value of property signatureEvent.protected Calendar
Holds value of property signDate.protected File
Tempfile to hold the output temporarily.protected ByteArrayOutputStream
Outputstream that temporarily holds the output in memory. -
Constructor Summary
ConstructorDescriptionPdfSigner
(PdfReader reader, OutputStream outputStream, StampingProperties properties) Creates a PdfSigner instance.PdfSigner
(PdfReader reader, OutputStream outputStream, String path, StampingProperties properties) Creates a PdfSigner instance. -
Method Summary
Modifier and TypeMethodDescriptionprotected void
addDeveloperExtension
(PdfDeveloperExtension extension) protected void
addDocMDP
(PdfSignature crypto) Adds keys to the signature dictionary that define the certification level and the permissions.protected void
addFieldMDP
(PdfSignature crypto, PdfSigFieldLock fieldLock) Adds keys to the signature dictionary that define the field permissions.protected void
close
(PdfDictionary update) This is the last method to be called when using external signatures.protected PdfSigFieldLock
createNewSignatureFormField
(PdfAcroForm acroForm, String name) Creates new signature form field and adds it to the acroForm object.protected boolean
int
Returns the document's certification level.Returns the signing contact.Gets the PdfDocument associated with this instance.Getter for the field lock dictionary.Gets the field name.Gets a new signature field name that doesn't clash with any existing name.int
Provides the page number of the signature field which this signature appearance is associated with.Provides the rectangle that represent the position and dimension of the signature field in the page.protected InputStream
Gets the document bytes that are hashable when using external signatures.Deprecated.Returns the signature creator.Returns the user made signature dictionary.Getter for property signatureEvent.Gets the signature date.protected IRandomAccessSource
Returns the underlying source.protected int
Get the page number associated to the provided widget.protected Rectangle
Get the rectangle associated to the provided widget.protected PdfDocument
initDocument
(PdfReader reader, PdfWriter writer, StampingProperties properties) protected boolean
Checks if the document is in the process of closing.protected PdfSigFieldLock
Populates already existing signature form field in the acroForm object.protected void
This is the first method to be called when using external signatures.protected Collection
processCrl
(Certificate cert, Collection<ICrlClient> crlList) Processes a CRL list.void
setCertificationLevel
(int certificationLevel) Sets the document's certification level.setContact
(String contact) Sets the signing contact.protected void
setDocument
(PdfDocument document) Sets the PdfDocument.void
setFieldLockDict
(PdfSigFieldLock fieldLock) Setter for the field lock dictionary.void
setFieldName
(String fieldName) Sets the name indicating the field to be signed.void
setOriginalOutputStream
(OutputStream originalOS) Setter for the OutputStream.setPageNumber
(int pageNumber) Sets the page number of the signature field which this signature appearance is associated with.setPageRect
(Rectangle pageRect) Sets the rectangle that represent the position and dimension of the signature field in the page.void
setSignatureAppearance
(SignatureFieldAppearance appearance) Sets the signature field layout element to customize the appearance of the signature.setSignatureCreator
(String signatureCreator) Sets the name of the application used to create the signature.void
setSignatureEvent
(PdfSigner.ISignatureEvent signatureEvent) Sets the signature event to allow modification of the signature dictionary.void
setSignDate
(Calendar signDate) Sets the signature date.static void
signDeferred
(PdfDocument document, String fieldName, OutputStream outs, IExternalSignatureContainer externalSignatureContainer) Signs a PDF where space was already reserved.void
signDetached
(IExternalDigest externalDigest, IExternalSignature externalSignature, Certificate[] chain, Collection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize, PdfSigner.CryptoStandard sigtype) Signs the document using the detached mode, CMS or CAdES equivalent.void
signDetached
(IExternalDigest externalDigest, IExternalSignature externalSignature, Certificate[] chain, Collection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize, PdfSigner.CryptoStandard sigtype, ISignaturePolicyIdentifier signaturePolicy) Signs the document using the detached mode, CMS or CAdES equivalent.void
signDetached
(IExternalDigest externalDigest, IExternalSignature externalSignature, Certificate[] chain, Collection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize, PdfSigner.CryptoStandard sigtype, SignaturePolicyInfo signaturePolicy) Signs the document using the detached mode, CMS or CAdES equivalent.void
signExternalContainer
(IExternalSignatureContainer externalSignatureContainer, int estimatedSize) Sign the document using an external container, usually a PKCS7.void
timestamp
(ITSAClient tsa, String signatureName) Signs a document with a PAdES-LTV Timestamp.
-
Field Details
-
NOT_CERTIFIED
public static final int NOT_CERTIFIEDApproval signature.- See Also:
-
CERTIFIED_NO_CHANGES_ALLOWED
public static final int CERTIFIED_NO_CHANGES_ALLOWEDAuthor signature, no changes allowed.- See Also:
-
CERTIFIED_FORM_FILLING
public static final int CERTIFIED_FORM_FILLINGAuthor signature, form filling allowed.- See Also:
-
CERTIFIED_FORM_FILLING_AND_ANNOTATIONS
public static final int CERTIFIED_FORM_FILLING_AND_ANNOTATIONSAuthor signature, form filling and annotations allowed.- See Also:
-
certificationLevel
protected int certificationLevelThe certification level. -
fieldName
The name of the field. -
raf
The file right before the signature is added (can be null). -
bout
protected byte[] boutThe bytes of the file right before the signature is added (if raf is null). -
range
protected long[] rangeArray containing the byte positions of the bytes that need to be hashed. -
document
The PdfDocument. -
cryptoDictionary
The crypto dictionary. -
signatureEvent
Holds value of property signatureEvent. -
originalOS
OutputStream for the bytes of the document. -
temporaryOS
Outputstream that temporarily holds the output in memory. -
tempFile
Tempfile to hold the output temporarily. -
exclusionLocations
Name and content of keys that can only be added in the close() method. -
preClosed
protected boolean preClosedIndicates if the pdf document has already been pre-closed. -
fieldLock
Signature field lock dictionary. -
appearance
The signature appearance. -
signDate
Holds value of property signDate. -
closed
protected boolean closedBoolean to check if this PdfSigner instance has been closed already or not.
-
-
Constructor Details
-
PdfSigner
public PdfSigner(PdfReader reader, OutputStream outputStream, StampingProperties properties) throws IOException Creates a PdfSigner instance. Uses aByteArrayOutputStream
instead of a temporary file.- Parameters:
-
reader
- PdfReader that reads the PDF file -
outputStream
- OutputStream to write the signed PDF file -
properties
-StampingProperties
for the signing document. Note that encryption will be preserved regardless of what is set in properties. - Throws:
-
IOException
- if some I/O problem occurs
-
PdfSigner
public PdfSigner(PdfReader reader, OutputStream outputStream, String path, StampingProperties properties) throws IOException Creates a PdfSigner instance. Uses aByteArrayOutputStream
instead of a temporary file.- Parameters:
-
reader
- PdfReader that reads the PDF file -
outputStream
- OutputStream to write the signed PDF file -
path
- File to which the output is temporarily written -
properties
-StampingProperties
for the signing document. Note that encryption will be preserved regardless of what is set in properties. - Throws:
-
IOException
- if some I/O problem occurs
-
-
Method Details
-
initDocument
protected PdfDocument initDocument(PdfReader reader, PdfWriter writer, StampingProperties properties) -
getSignDate
Gets the signature date.- Returns:
- Calendar set to the signature date
-
setSignDate
Sets the signature date.- Parameters:
-
signDate
- the signature date
-
getSignatureAppearance
Deprecated.Provides access to a signature appearance object. Use it to customize the appearance of the signature.Be aware:
- If you create new signature field (either use
setFieldName(java.lang.String)
with the name that doesn't exist in the document or don't specify it at all) then the signature is invisible by default. - If you sign already existing field, then the signature appearance object is modified to have all the properties (page num., rect etc.) consistent with the state of the field (if you customized the appearance object before the
setFieldName(java.lang.String)
call you'll have to do it again)
- Returns:
-
PdfSignatureAppearance
object.
- If you create new signature field (either use
-
setSignatureAppearance
Sets the signature field layout element to customize the appearance of the signature. Signer's sign date will be set.- Parameters:
-
appearance
- theSignatureFieldAppearance
layout element.
-
getCertificationLevel
public int getCertificationLevel()Returns the document's certification level. For possible values seesetCertificationLevel(int)
.- Returns:
- The certified status.
-
setCertificationLevel
public void setCertificationLevel(int certificationLevel) Sets the document's certification level.- Parameters:
-
certificationLevel
- a new certification level for a document. Possible values are:
-
getFieldName
Gets the field name.- Returns:
- the field name
-
getSignatureDictionary
Returns the user made signature dictionary. This is the dictionary at the /V key of the signature field.- Returns:
- The user made signature dictionary.
-
getSignatureEvent
Getter for property signatureEvent.- Returns:
- Value of property signatureEvent.
-
setSignatureEvent
Sets the signature event to allow modification of the signature dictionary.- Parameters:
-
signatureEvent
- the signature event
-
getNewSigFieldName
Gets a new signature field name that doesn't clash with any existing name.- Returns:
- A new signature field name.
-
setFieldName
Sets the name indicating the field to be signed. The field can already be presented in the document but shall not be signed. If the field is not presented in the document, it will be created.- Parameters:
-
fieldName
- The name indicating the field to be signed.
-
getDocument
Gets the PdfDocument associated with this instance.- Returns:
- the PdfDocument associated with this instance
-
setDocument
Sets the PdfDocument.- Parameters:
-
document
- The PdfDocument
-
getPageNumber
public int getPageNumber()Provides the page number of the signature field which this signature appearance is associated with.- Returns:
- The page number of the signature field which this signature appearance is associated with.
-
setPageNumber
Sets the page number of the signature field which this signature appearance is associated with. Implicitly callssetPageRect(com.itextpdf.kernel.geom.Rectangle)
which considers page number to process the rectangle correctly.- Parameters:
-
pageNumber
- The page number of the signature field which this signature appearance is associated with. - Returns:
- this instance to support fluent interface.
-
getPageRect
Provides the rectangle that represent the position and dimension of the signature field in the page.- Returns:
- the rectangle that represent the position and dimension of the signature field in the page
-
setPageRect
Sets the rectangle that represent the position and dimension of the signature field in the page.- Parameters:
-
pageRect
- The rectangle that represents the position and dimension of the signature field in the page. - Returns:
- this instance to support fluent interface.
-
setOriginalOutputStream
Setter for the OutputStream.- Parameters:
-
originalOS
- OutputStream for the bytes of the document
-
getFieldLockDict
Getter for the field lock dictionary.- Returns:
- Field lock dictionary.
-
setFieldLockDict
Setter for the field lock dictionary.Be aware: if a signature is created on an existing signature field, then its /Lock dictionary takes the precedence (if it exists).
- Parameters:
-
fieldLock
- Field lock dictionary
-
getSignatureCreator
Returns the signature creator.- Returns:
- The signature creator.
-
setSignatureCreator
Sets the name of the application used to create the signature.- Parameters:
-
signatureCreator
- A new name of the application signing a document. - Returns:
- this instance to support fluent interface.
-
getContact
Returns the signing contact.- Returns:
- The signing contact.
-
setContact
Sets the signing contact.- Parameters:
-
contact
- A new signing contact. - Returns:
- this instance to support fluent interface.
-
signDetached
public void signDetached(IExternalDigest externalDigest, IExternalSignature externalSignature, Certificate[] chain, Collection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize, PdfSigner.CryptoStandard sigtype) throws IOException, GeneralSecurityException Signs the document using the detached mode, CMS or CAdES equivalent.
NOTE: This method closes the underlying pdf document. This means, that current instance of PdfSigner cannot be used after this method call.- Parameters:
-
externalSignature
- the interface providing the actual signing -
chain
- the certificate chain -
crlList
- the CRL list -
ocspClient
- the OCSP client -
tsaClient
- the Timestamp client -
externalDigest
- an implementation that provides the digest -
estimatedSize
- the reserved size for the signature. It will be estimated if 0 -
sigtype
- Either Signature.CMS or Signature.CADES - Throws:
-
IOException
- if some I/O problem occurs -
GeneralSecurityException
- if some problem during apply security algorithms occurs
-
signDetached
public void signDetached(IExternalDigest externalDigest, IExternalSignature externalSignature, Certificate[] chain, Collection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize, PdfSigner.CryptoStandard sigtype, SignaturePolicyInfo signaturePolicy) throws IOException, GeneralSecurityException Signs the document using the detached mode, CMS or CAdES equivalent.
NOTE: This method closes the underlying pdf document. This means, that current instance of PdfSigner cannot be used after this method call.- Parameters:
-
externalSignature
- the interface providing the actual signing -
chain
- the certificate chain -
crlList
- the CRL list -
ocspClient
- the OCSP client -
tsaClient
- the Timestamp client -
externalDigest
- an implementation that provides the digest -
estimatedSize
- the reserved size for the signature. It will be estimated if 0 -
sigtype
- Either Signature.CMS or Signature.CADES -
signaturePolicy
- the signature policy (for EPES signatures) - Throws:
-
IOException
- if some I/O problem occurs -
GeneralSecurityException
- if some problem during apply security algorithms occurs
-
signDetached
public void signDetached(IExternalDigest externalDigest, IExternalSignature externalSignature, Certificate[] chain, Collection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize, PdfSigner.CryptoStandard sigtype, ISignaturePolicyIdentifier signaturePolicy) throws IOException, GeneralSecurityException Signs the document using the detached mode, CMS or CAdES equivalent.
NOTE: This method closes the underlying pdf document. This means, that current instance of PdfSigner cannot be used after this method call.- Parameters:
-
externalSignature
- the interface providing the actual signing -
chain
- the certificate chain -
crlList
- the CRL list -
ocspClient
- the OCSP client -
tsaClient
- the Timestamp client -
externalDigest
- an implementation that provides the digest -
estimatedSize
- the reserved size for the signature. It will be estimated if 0 -
sigtype
- Either Signature.CMS or Signature.CADES -
signaturePolicy
- the signature policy (for EPES signatures) - Throws:
-
IOException
- if some I/O problem occurs -
GeneralSecurityException
- if some problem during apply security algorithms occurs
-
signExternalContainer
public void signExternalContainer(IExternalSignatureContainer externalSignatureContainer, int estimatedSize) throws GeneralSecurityException, IOException Sign the document using an external container, usually a PKCS7. The signature is fully composed externally, iText will just put the container inside the document.
NOTE: This method closes the underlying pdf document. This means, that current instance of PdfSigner cannot be used after this method call.- Parameters:
-
externalSignatureContainer
- the interface providing the actual signing -
estimatedSize
- the reserved size for the signature - Throws:
-
GeneralSecurityException
- if some problem during apply security algorithms occurs -
IOException
- if some I/O problem occurs
-
timestamp
public void timestamp(ITSAClient tsa, String signatureName) throws IOException, GeneralSecurityException Signs a document with a PAdES-LTV Timestamp. The document is closed at the end.
NOTE: This method closes the underlying pdf document. This means, that current instance of PdfSigner cannot be used after this method call.- Parameters:
-
tsa
- the timestamp generator -
signatureName
- the signature name or null to have a name generated automatically - Throws:
-
IOException
- if some I/O problem occurs -
GeneralSecurityException
- if some problem during apply security algorithms occurs
-
signDeferred
public static void signDeferred(PdfDocument document, String fieldName, OutputStream outs, IExternalSignatureContainer externalSignatureContainer) throws IOException, GeneralSecurityException Signs a PDF where space was already reserved.- Parameters:
-
document
- the original PDF -
fieldName
- the field to sign. It must be the last field -
outs
- the output PDF -
externalSignatureContainer
- the signature container doing the actual signing. Only the method ExternalSignatureContainer.sign is used - Throws:
-
IOException
- if some I/O problem occurs -
GeneralSecurityException
- if some problem during apply security algorithms occurs
-
processCrl
protected CollectionprocessCrl (Certificate cert, Collection<ICrlClient> crlList) throws CertificateEncodingException Processes a CRL list.- Parameters:
-
cert
- a Certificate if one of the CrlList implementations needs to retrieve the CRL URL from it. -
crlList
- a list of CrlClient implementations - Returns:
- a collection of CRL bytes that can be embedded in a PDF
- Throws:
-
CertificateEncodingException
- if an encoding error occurs inCertificate
.
-
addDeveloperExtension
-
isPreClosed
protected boolean isPreClosed()Checks if the document is in the process of closing.- Returns:
- true if the document is in the process of closing, false otherwise
-
preClose
This is the first method to be called when using external signatures. The general sequence is: preClose(), getDocumentBytes() and close().exclusionSizes
must contain at least thePdfName.CONTENTS
key with the size that it will take in the document. Note that due to the hex string coding this size should be byte_size*2+2.- Parameters:
-
exclusionSizes
- Map with names and sizes to be excluded in the signature calculation. The key is a PdfName and the value an Integer. At least the /Contents must be present - Throws:
-
IOException
- on error
-
populateExistingSignatureFormField
protected PdfSigFieldLock populateExistingSignatureFormField(PdfAcroForm acroForm) throws IOException Populates already existing signature form field in the acroForm object. This method is called during thepreClose(Map)
method if the signature field already exists.- Parameters:
-
acroForm
-PdfAcroForm
object in which the signature field will be populated - Returns:
- signature field lock dictionary
- Throws:
-
IOException
- if font for the appearance dictionary cannot be created
-
createNewSignatureFormField
protected PdfSigFieldLock createNewSignatureFormField(PdfAcroForm acroForm, String name) throws IOException Creates new signature form field and adds it to the acroForm object. This method is called during thepreClose(Map)
method if the signature field doesn't exist.- Parameters:
-
acroForm
-PdfAcroForm
object in which new signature field will be added -
name
- the name of the field - Returns:
- signature field lock dictionary
- Throws:
-
IOException
- if font for the appearance dictionary cannot be created
-
getRangeStream
Gets the document bytes that are hashable when using external signatures. The general sequence is:preClose(Map)
,getRangeStream()
andclose(PdfDictionary)
.- Returns:
-
The
InputStream
of bytes to be signed. - Throws:
-
IOException
- if some I/O problem occurs
-
close
This is the last method to be called when using external signatures. The general sequence is: preClose(), getDocumentBytes() and close().update is a PdfDictionary that must have exactly the same keys as the ones provided in
preClose(Map)
.- Parameters:
-
update
- a PdfDictionary with the key/value that will fill the holes defined inpreClose(Map)
- Throws:
-
IOException
- on error
-
getUnderlyingSource
Returns the underlying source.- Returns:
- the underlying source
- Throws:
-
IOException
- if some I/O problem occurs
-
addDocMDP
Adds keys to the signature dictionary that define the certification level and the permissions. This method is only used for Certifying signatures.- Parameters:
-
crypto
- the signature dictionary
-
addFieldMDP
Adds keys to the signature dictionary that define the field permissions. This method is only used for signatures that lock fields.- Parameters:
-
crypto
- the signature dictionary -
fieldLock
- thePdfSigFieldLock
instance specified the field lock to be set
-
documentContainsCertificationOrApprovalSignatures
protected boolean documentContainsCertificationOrApprovalSignatures() -
getWidgetRectangle
Get the rectangle associated to the provided widget.- Parameters:
-
widget
- PdfWidgetAnnotation to extract the rectangle from - Returns:
- Rectangle
-
getWidgetPageNumber
Get the page number associated to the provided widget.- Parameters:
-
widget
- PdfWidgetAnnotation from which to extract the page number - Returns:
- page number
-