Verifies a certificate against a single CRL. @param crl the Certificate Revocation List @param signCert a certificate that needs to be verified @param issuerCert its issuer @param signDate the sign date @return true if the verification succeeded @throws GeneralSecurityException thrown when certificate has been revoked

Gets the URL of the Certificate Revocation List for a Certificate @param certificate the Certificate @return the String where you can check if the certificate was revoked @throws CertificateParsingException throws if invalid DER-encoded certificate is parsed or unsupported DER features are found in the certificate

Creates a CrlClientOnline instance using a certificate chain. @param chain a certificate chain

Creates a CrlClientOnline instance using one or more URLs. @param crls the CRLs as Strings

Creates a CrlClientOnline instance using one or more URLs. @param crls the CRLs as URLs

Create a digest based on the inputstream. @param data data to be digested @param messageDigest algorithm to be used @return digest of the data @throws GeneralSecurityException IOException @throws signals IOException that an I/O exception has occurred

Creates a MessageDigest object that can be used to create a hash. @param hashAlgorithm the algorithm you want to use to create a hash @param provider the provider you want to use to create the hash @return a MessageDigest object @throws NoSuchAlgorithmException NoSuchAlgorithmException thrown when a particular cryptographic algorithm is requested but is not available in the environment @throws NoSuchProviderException thrown when a particular security provider is requested but is not available in the environment

Get a digest algorithm. @param digestOid oid of the digest algorithm @param provider the provider you want to use to create the hash @return MessageDigest object @throws NoSuchAlgorithmException NoSuchAlgorithmException thrown when a particular cryptographic algorithm is requested but is not available in the environment @throws NoSuchProviderException thrown when a particular security provider is requested but is not available in the environment

Signs the given message using the encryption algorithm in combination with the hash algorithm. @param message The message you want to be hashed and signed. @return A signed message digest. @throws GeneralSecurityException when requested cryptographic algorithm or security provider is not available

Produces the container with the signature. @param data the data to sign @return a container with the signature and other objects, like CRL and OCSP. The container will generally be a PKCS7 one. @throws GeneralSecurityException the general security exception

Returns the MessageDigest to digest the data imprint @return The MessageDigest object. @throws GeneralSecurityException the general security exception

Adds verification to the signature. @param signatureName name of the signature @param ocsps collection of ocsp responses @param crls collection of crls @param certs collection of certificates @return boolean @throws IOException IOException signals that an I/O exception has occurred @throws GeneralSecurityException when requested cryptographic algorithm or security provider is not available

Add verification for a particular signature. @param signatureName the signature to validate (it may be a timestamp) @param ocsp the interface to get the OCSP @param crl the interface to get the CRL @param certOption options as to how many certificates to include @param level the validation options to include @param certInclude certificate inclusion options @return true if a validation was generated, false otherwise @throws GeneralSecurityException GeneralSecurityException when requested cryptographic algorithm or security provider is not available @throws IOException signals that an I/O exception has occurred

Merges the validation with any validation already in the document or creates a new one. @throws IOException

Creates a VerificationData object for a PdfReader @param document The document we want to verify. @throws GeneralSecurityException if some problem with signature or security are occurred

Checks if the signature covers the whole document and throws an exception if the document was altered @return a PdfPKCS7 object @throws GeneralSecurityException if some problems with signature or security occurred

Gets a list of X509CRL objects from a Document Security Store. @return a list of CRLs @throws GeneralSecurityException GeneralSecurityException when requested cryptographic algorithm or security provider is not available @throws IOException signals that an I/O exception has occurred

Gets OCSP responses from the Document Security Store. @return a list of BasicOCSPResp objects @throws IOException IOException signals that an I/O exception has occurred @throws GeneralSecurityException if OCSP response failed

Set the verifyRootCertificate to false if you can't verify the root certificate. @param verifyRootCertificate false if you can't verify the root certificate, otherwise true

Switches to the previous revision. @throws IOException IOException signals that an I/O exception has occurred @throws GeneralSecurityException if some problems with signature or security occurred

Verifies all the document-level timestamps and all the signatures in the document. @param result result a list of VerificationOK objects @return a list of all VerificationOK objects after verification @throws IOException IOException signals that an I/O exception has occurred @throws GeneralSecurityException if some problems with signature or security occurred

Verifies certificates against a list of CRLs and OCSP responses. @param signCert the signing certificate @param issuerCert the issuer's certificate @return a list of VerificationOK objects. The list will be empty if the certificate couldn't be verified. @throws GeneralSecurityException GeneralSecurityException if some problems with signature or security occurred @throws IOException IOException signals that an I/O exception has occurred @see com.itextpdf.signatures.RootStoreVerifier#verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)

Checks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly? @param chain the certificate chain @throws GeneralSecurityException when requested cryptographic algorithm or security provider is not available, if the certificate is invalid on a specific date and if the certificates chained up incorrectly

Verifies a document level timestamp. @return a list of VerificationOK objects @throws GeneralSecurityException GeneralSecurityException if some problems with signature or security occurred @throws IOException signals that an I/O exception has occurred

Sets the signatureCreator property in the underlying PdfSignatureApp dictionary. @param name the signature creator's name to be set

Creates a PdfSigner instance. Uses a java.io.ByteArrayOutputStream instead of a temporary file. @param reader PdfReader that reads the PDF file @param outputStream OutputStream to write the signed PDF file @param properties StampingProperties for the signing document. Note that encryption will be preserved regardless of what is set in properties. @throws IOException if some I/O problem occurs

Creates a PdfSigner instance. Uses a java.io.ByteArrayOutputStream instead of a temporary file. @param reader PdfReader that reads the PDF file @param outputStream OutputStream to write the signed PDF file @param path File to which the output is temporarily written @param properties StampingProperties for the signing document. Note that encryption will be preserved regardless of what is set in properties. @throws IOException if some I/O problem occurs

Creates a PdfSigner instance. Uses a java.io.ByteArrayOutputStream instead of a temporary file. @param reader PdfReader that reads the PDF file @param outputStream OutputStream to write the signed PDF file @param path File to which the output is temporarily written @param append boolean to indicate whether the signing should happen in append mode or not @throws IOException IOException if some I/O problem occurs @deprecated will be removed in next major release. Use .PdfSigner(PdfReader, OutputStream, String, StampingProperties) instead.

Creates a PdfSigner instance. Uses a java.io.ByteArrayOutputStream instead of a temporary file. @param reader PdfReader that reads the PDF file @param outputStream OutputStream to write the signed PDF file @param append boolean to indicate whether the signing should happen in append mode or not @throws IOException IOException if some I/O problem occurs @deprecated will be removed in next major release. Use .PdfSigner(PdfReader, OutputStream, StampingProperties) instead.

Adds keys to the signature dictionary that define the field permissions. This method is only used for signatures that lock fields. @param crypto the signature dictionary @param fieldLock the PdfSigFieldLock instance specified the field lock to be set

Gets the document bytes that are hashable when using external signatures. The general sequence is: .preClose(Map), .getRangeStream() and .close(PdfDictionary). @return The InputStream of bytes to be signed. @throws IOException if some I/O problem occurs

Returns the underlying source. @return The the underlying source @throws IOException if some I/O problem occurs

Signs a PDF where space was already reserved. @param document the original PDF @param fieldName the field to sign. It must be the last field @param outs the output PDF @param externalSignatureContainer the signature container doing the actual signing. Only the method ExternalSignatureContainer.sign is used @throws IOException IOException if some I/O problem occurs @throws GeneralSecurityException if some problem during apply security algorithms occurs

Signs the document using the detached mode, CMS or CAdES equivalent.

NOTE: This method closes the underlying pdf document. This means, that current instance of PdfSigner cannot be used after this method call. @param externalSignature the interface providing the actual signing @param chain the certificate chain @param crlList the CRL list @param ocspClient the OCSP client @param tsaClient the Timestamp client @param externalDigest an implementation that provides the digest @param estimatedSize the reserved size for the signature. It will be estimated if 0 @param sigtype Either Signature.CMS or Signature.CADES @throws IOException IOException if some I/O problem occurs @throws GeneralSecurityException if some problem during apply security algorithms occurs

Signs the document using the detached mode, CMS or CAdES equivalent.

NOTE: This method closes the underlying pdf document. This means, that current instance of PdfSigner cannot be used after this method call. @param externalSignature the interface providing the actual signing @param chain the certificate chain @param crlList the CRL list @param ocspClient the OCSP client @param tsaClient the Timestamp client @param externalDigest an implementation that provides the digest @param estimatedSize the reserved size for the signature. It will be estimated if 0 @param sigtype Either Signature.CMS or Signature.CADES @param signaturePolicy the signature policy (for EPES signatures) @throws IOException IOException if some I/O problem occurs @throws GeneralSecurityException if some problem during apply security algorithms occurs

Signs the document using the detached mode, CMS or CAdES equivalent.

NOTE: This method closes the underlying pdf document. This means, that current instance of PdfSigner cannot be used after this method call. @param externalSignature the interface providing the actual signing @param chain the certificate chain @param crlList the CRL list @param ocspClient the OCSP client @param tsaClient the Timestamp client @param externalDigest an implementation that provides the digest @param estimatedSize the reserved size for the signature. It will be estimated if 0 @param sigtype Either Signature.CMS or Signature.CADES @param signaturePolicy the signature policy (for EPES signatures) @throws IOException IOException if some I/O problem occurs @throws GeneralSecurityException if some problem during apply security algorithms occurs

Sign the document using an external container, usually a PKCS7. The signature is fully composed externally, iText will just put the container inside the document.

NOTE: This method closes the underlying pdf document. This means, that current instance of PdfSigner cannot be used after this method call. @param externalSignatureContainer the interface providing the actual signing @param estimatedSize the reserved size for the signature @throws GeneralSecurityException GeneralSecurityException if some problem during apply security algorithms occurs @throws IOException if some I/O problem occurs

Signs a document with a PAdES-LTV Timestamp. The document is closed at the end.

NOTE: This method closes the underlying pdf document. This means, that current instance of PdfSigner cannot be used after this method call. @param tsa the timestamp generator @param signatureName the signature name or null to have a name generated automatically @throws IOException IOException if some I/O problem occurs @throws GeneralSecurityException if some problem during apply security algorithms occurs