Verifies if an OCSP response is genuine If it doesn't verify against the issuer certificate and response's certificates, it may verify using a trusted anchor or cert. @param ocspResp the OCSP response @param issuerCert the issuer certificate. This certificate is considered trusted and valid by this method. @throws GeneralSecurityException GeneralSecurityException if OCSP response verification cannot be done or failed @throws IOException IOException is not expected here. Will be removed in further releases @deprecated Will be removed in iText 7.2. Use .isValidResponse(BasicOCSPResp, X509Certificate, Date) instead

Verifies if an OCSP response is genuine If it doesn't verify against the issuer certificate and response's certificates, it may verify using a trusted anchor or cert. @param ocspResp the OCSP response @param issuerCert the issuer certificate. This certificate is considered trusted and valid by this method. @param signDate sign date date @throws GeneralSecurityException if OCSP response verification cannot be done or failed

Verifies a certificate against a single OCSP response @param ocspResp the OCSP response @param signCert the certificate that needs to be checked @param issuerCert the certificate of CA (certificate that issued signCert). This certificate is considered trusted and valid by this method. @param signDate sign date date @return {@code true}, in case successful check, otherwise false. @throws GeneralSecurityException GeneralSecurityException if OCSP response verification cannot be done or failed @throws IOException if issuer certificate is corrupted or has an incorrect structure

Verifies if a a valid OCSP response is found for the certificate. If this method returns false, it doesn't mean the certificate isn't valid. It means we couldn't verify it against any OCSP response that was available. @param signCert the signCert the certificate that needs to be checked @param issuerCert its issuer issuer @return a list of VerificationOK objects. The list will be empty if the certificate couldn't be verified. @see com.itextpdf.signatures.RootStoreVerifier#verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)

Gets OCSP response. If OCSPVerifier was set, the response will be checked. @param checkCert to certificate to check @param rootCert the parent certificate @param url to get the verification verification @return OCSP response

When using authenticatedAttributes the authentication process is different. The document digest is generated and put inside the attribute. The signing is done over the DER encoded authenticatedAttributes. This method provides that encoding and the parameters must be exactly the same as in .getEncodedPKCS7(byte[]).

A simple example:

 Calendar cal = Calendar.getInstance();
 PdfPKCS7 pk7 = new PdfPKCS7(key, chain, null, "SHA1", null, false);
 MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
 byte[] buf = new byte[8192];
 int n;
 InputStream inp = sap.getRangeStream();
 while ((n = inp.read(buf)) > 0) {
    messageDigest.update(buf, 0, n);
 }
 byte[] hash = messageDigest.digest();
 byte[] sh = pk7.getAuthenticatedAttributeBytes(hash, cal);
 pk7.update(sh, 0, sh.length);
 byte[] sg = pk7.getEncodedPKCS7(hash, cal);
 

@param secondDigest the content digest @param sigtype specifies the PKCS7 standard flavor to which created PKCS7SignedData object will adhere: either basic CMS or CAdES @param ocsp collection of DER-encoded OCSP responses for the certificate in the signature certificates chain, or null if OCSP revocation data is not to be added. @param crlBytes collection of DER-encoded CRL for certificates from the signature certificates chain, or null if CRL revocation data is not to be added. @return the byte array representation of the authenticatedAttributes ready to be signed

When using authenticatedAttributes the authentication process is different. The document digest is generated and put inside the attribute. The signing is done over the DER encoded authenticatedAttributes. This method provides that encoding and the parameters must be exactly the same as in .getEncodedPKCS7(byte[]).

A simple example:

 Calendar cal = Calendar.getInstance();
 PdfPKCS7 pk7 = new PdfPKCS7(key, chain, null, "SHA1", null, false);
 MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
 byte[] buf = new byte[8192];
 int n;
 InputStream inp = sap.getRangeStream();
 while ((n = inp.read(buf)) > 0) {
    messageDigest.update(buf, 0, n);
 }
 byte[] hash = messageDigest.digest();
 byte[] sh = pk7.getAuthenticatedAttributeBytes(hash, cal);
 pk7.update(sh, 0, sh.length);
 byte[] sg = pk7.getEncodedPKCS7(hash, cal);
 

@param secondDigest the content digest @param ocsp collection of DER-encoded OCSP responses for the certificate in the signature certificates chain, or null if OCSP revocation data is not to be added. @param crlBytes collection of DER-encoded CRL for certificates from the signature certificates chain, or null if CRL revocation data is not to be added. @param sigtype specifies the PKCS7 standard flavor to which created PKCS7SignedData object will adhere: either basic CMS or CAdES @return the byte array representation of the authenticatedAttributes ready to be signed @deprecated This method overload is deprecated. Please use .getAuthenticatedAttributeBytes(byte[], PdfSigner.CryptoStandard, Collection, Collection)

Get the algorithm used to calculate the message digest, e.g. "SHA1withRSA". See ISO-32000-1, section 12.8.3.3 PKCS#7 Signatures as used in ISO 32000 @return the algorithm used to calculate the message digest

Getter for the ID of the digest algorithm, e.g. "2.16.840.1.101.3.4.2.1". See ISO-32000-1, section 12.8.3.3 PKCS#7 Signatures as used in ISO 32000 @return the ID of the digest algorithm

Getter for the digest encryption algorithm. See ISO-32000-1, section 12.8.3.3 PKCS#7 Signatures as used in ISO 32000 @return the encryption algorithm

Returns Getter for the filter subtype. @return the filter subtype

Gets the /Cert entry value of this signature. See ISO 32000-1 12.8.1, Table 252 # Entries in a signature dictionary. @return the signature cert

Gets the /Contents entry value. See ISO 32000-1 12.8.1, Table 252 # Entries in a signature dictionary. @return the signature content

Constructs appearance (top-level) for a signature. @ see PPKAppearances.pdf for further details @ return a top-level signature appearance @throws IOException if font cannot be created @see Adobe Pdf Digital Signature Appearances

Sets the certificate used to provide the text in the appearance. This certificate doesn't take part in the actual signing process. @param signCertificate the certificate certificate @return this instance to support fluent interface

Sets the signing contact. @param contact A new signing contact contact @return this instance to support fluent interface

Set the field name of the appearance. @param fieldName name of the field field @return this instance to support fluent interface

Sets the background image for the layer 2. @param image the background image for the layer 2 2 @return this instance to support fluent interface

Sets the scaling to be applied to the background image. If it's zero the image will fully fill the rectangle. If it's less than zero the image will fill the rectangle but will keep the proportions. If it's greater than zero that scaling will be applied. In any of the cases the image will always be centered. It's zero by default. @param imageScale the scaling to be applied to the background image image @return this instance to support fluent interface

Sets the n2 and n4 layer font. If the font size is zero, auto-fit will be used. @param layer2Font the n2 and n4 font font @return this instance to support fluent interface

Sets the n2 and n4 layer font color. @param color font color color @return this instance to support fluent interface

Sets the n2 and n4 layer font size. @param fontSize font size size @return this instance to support fluent interface

Sets the signature text identifying the signer. @param text the signature text identifying the signer. If null or not set a standard description will be used used @return this instance to support fluent interface

Sets the signing location. @param location A new signing location location @return this instance to support fluent interface

Sets the caption for the signing location. @param locationCaption A new signing location caption caption @return this instance to support fluent interface

Sets the page number of the signature field which this signature appearance is associated with. Implicitly calls PdfSignatureAppearance.setPageRect which considers page number to process the rectangle correctly. @param pageNumber The page number of the signature field which this signature appearance is associated with. @return this instance to support fluent interface

Sets the rectangle that represent the position and dimension of the signature field in the page. @param pageRect The rectangle that represents the position and dimension of the signature field in the page. @return this instance to support fluent interface

Sets the signing reason. @param reason signing reason. @return this instance to support fluent interface

Sets the caption for the signing reason. @param reasonCaption A new signing reason caption caption @return this instance to support fluent interface

Sets the rendering mode for this signature. @param renderingMode the rendering mode mode @return this instance to support fluent interface

Indicates that the existing appearances needs to be reused as layer 0. @param reuseAppearance is an appearances reusing flag value to set @return this instance to support fluent interface

Sets the signature date. @param signDate A new signature date date @return this instance to support fluent interface

Sets the name of the application used to create the signature. @param signatureCreator A new name of the application signing a document document @return this instance to support fluent interface

Sets the Image object to render when Render is set to RenderingMode.GRAPHIC or RenderingMode.GRAPHIC_AND_DESCRIPTION. @param signatureGraphic image rendered. If null the mode is defaulted to RenderingMode. DESCRIPTION DESCRIPTION @return this instance to support fluent interface

Creates a FieldLock instance. @param action indicates the set of fields that should be locked @param fields an array of text strings containing field names

Getter for the field lock action. @return the action of field lock dictionary

Getter for the fields involved in the lock action. @return the fields of field lock dictionary

Creates an object that can inform you about the type of signature in a signature dictionary as well as some of the permissions defined by the signature. @param sigDict the signature dictionary @param previous the signature permissions

Extracts a revision from the document. @param field the signature field name @return an InputStream covering the revision. Returns null if it's not a signature field @throws IOException signals that an I/O exception has occurred.

Constructor. Note the token size estimate is updated by each call, as the token size is not likely to change (as long as we call the same TSA using the same imprint length). @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") @param username String - user(account) name @param password String - password @param tokSzEstimate int - estimated size of received time stamp token (DER encoded) @param digestAlgorithm is a hash algorithm

Gets the MessageDigest to digest the data imprint @return the digest algorithm name name @throws GeneralSecurityException if digestAlgorithm doesn't match any known hash algorithm

Get timestamp token - communications layer @param requestBytes is a byte representation of TSA request @return - byte[] - TSA response, raw bytes (RFC 3161 encoded) @throws IOException if I/O issue occurs

Get RFC 3161 timeStampToken. Method may return null indicating that timestamp should be skipped. @param imprint data imprint to be time- stamped stamped @return encoded, TSA signed data of the timeStampToken @throws IOException IOException if I/O error occurs @throws TSPException if the TSA response is malformed

Creates a VerificationException VerificationException @param cert is a failed certificate @param message is a reason of failure