Package com.itextpdf.signatures

Class LtvVerification

  • public class LtvVerification
extends java.lang.Object
    Add verification according to PAdES-LTV (part 4).

    • Constructor Detail

      • LtvVerification

        public LtvVerification​(PdfDocument document)
        The verification constructor. This class should only be created with PdfStamper.getLtvVerification() otherwise the information will not be added to the Pdf.
        Parameters:
        document - The PdfDocument to apply the validation to.

      • LtvVerification

        public LtvVerification​(PdfDocument document,
                       java.lang.String securityProviderCode)
        The verification constructor. This class should only be created with PdfStamper.getLtvVerification() otherwise the information will not be added to the Pdf.
        Parameters:
        document - The PdfDocument to apply the validation to.
        securityProviderCode - Security provider to use

    • Method Detail

      • addVerification

        public boolean addVerification​(java.lang.String signatureName,
                               IOcspClient ocsp,
                               ICrlClient crl,
                               LtvVerification.CertificateOption certOption,
                               LtvVerification.Level level,
                               LtvVerification.CertificateInclusion certInclude)
                        throws java.io.IOException,
                               java.security.GeneralSecurityException
        Add verification for a particular signature.
        Parameters:
        signatureName - the signature to validate (it may be a timestamp)
        ocsp - the interface to get the OCSP
        crl - the interface to get the CRL
        certOption - options as to how many certificates to include
        level - the validation options to include
        certInclude - certificate inclusion options
        Returns:
        true if a validation was generated, false otherwise
        Throws:
        java.security.GeneralSecurityException - when requested cryptographic algorithm or security provider is not available
        java.io.IOException - signals that an I/O exception has occurred

      • addVerification

        public boolean addVerification​(java.lang.String signatureName,
                               java.util.Collection<byte[]> ocsps,
                               java.util.Collection<byte[]> crls,
                               java.util.Collection<byte[]> certs)
                        throws java.io.IOException,
                               java.security.GeneralSecurityException
        Adds verification to the signature.
        Parameters:
        signatureName - name of the signature
        ocsps - collection of DER-encoded BasicOCSPResponses
        crls - collection of DER-encoded CRLs
        certs - collection of DER-encoded certificates
        Returns:
        boolean
        Throws:
        java.io.IOException - signals that an I/O exception has occurred
        java.security.GeneralSecurityException - when requested cryptographic algorithm or security provider is not available

      • merge

        public void merge()
        Merges the validation with any validation already in the document or creates a new one.

      • convertToHex

        public static java.lang.String convertToHex​(byte[] bytes)
        Converts an array of bytes to a String of hexadecimal values
        Parameters:
        bytes - a byte array
        Returns:
        the same bytes expressed as hexadecimal values

      • getParent

        java.security.cert.X509Certificate getParent​(java.security.cert.X509Certificate cert,
                                             java.security.cert.Certificate[] certs)
        Get the issuing certificate for a child certificate.
        Parameters:
        cert - the certificate for which we search the parent
        certs - an array with certificates that contains the parent
        Returns:
        the parent certificate

      • addRevocationDataForCertificate

        private void addRevocationDataForCertificate​(java.security.cert.X509Certificate signingCert,
                                             java.security.cert.Certificate[] certificateChain,
                                             java.security.cert.X509Certificate cert,
                                             IOcspClient ocsp,
                                             ICrlClient crl,
                                             LtvVerification.Level level,
                                             LtvVerification.CertificateInclusion certInclude,
                                             LtvVerification.CertificateOption certOption,
                                             LtvVerification.ValidationData validationData,
                                             java.util.Set<java.security.cert.X509Certificate> processedCerts)
                                      throws java.io.IOException,
                                             java.security.cert.CertificateException,
                                             java.security.cert.CRLException
        Throws:
        java.io.IOException
        java.security.cert.CertificateException
        java.security.cert.CRLException

      • iterableToList

        private static java.util.List<java.security.cert.X509Certificate> iterableToList​(java.lang.Iterable<java.security.cert.X509Certificate> iterable)

      • buildOCSPResponse

        private static byte[] buildOCSPResponse​(byte[] basicOcspResponse)
                                 throws java.io.IOException
        Throws:
        java.io.IOException

      • getSignatureHashKey

        private PdfName getSignatureHashKey​(java.lang.String signatureName)
                             throws java.security.NoSuchAlgorithmException
        Throws:
        java.security.NoSuchAlgorithmException

      • hashBytesSha1

        private static byte[] hashBytesSha1​(byte[] b)
                             throws java.security.NoSuchAlgorithmException
        Throws:
        java.security.NoSuchAlgorithmException

      • updateDss

        private void updateDss()

      • deleteOldReferences

        private static void deleteOldReferences​(PdfArray all,
                                        PdfArray toDelete)

      • createDss

        private void createDss()

      • retrieveMissingCertificates

        private java.security.cert.Certificate[] retrieveMissingCertificates​(java.security.cert.Certificate[] certChain)