Package com.itextpdf.text.pdf.security
Class LtvVerifier
- java.lang.Object
-
- com.itextpdf.text.pdf.security.CertificateVerifier
-
- com.itextpdf.text.pdf.security.RootStoreVerifier
-
- com.itextpdf.text.pdf.security.LtvVerifier
-
public class LtvVerifier extends RootStoreVerifier
Verifies the signatures in an LTV document.
-
-
Field Summary
Fields Modifier and Type Field Description protected PdfDictionarydssThe document security store for the revision that is being verifiedprotected AcroFieldsfieldsThe fields in the revision that is being verified.protected booleanlatestRevisionIndicates if we're working with the latest revision.protected static LoggerLOGGERThe Logger instanceprotected LtvVerification.CertificateOptionoptionDo we need to check all certificate, or only the signing certificate?protected PdfPKCS7pkcs7The PdfPKCS7 object for the signature.protected PdfReaderreaderA reader object for the revision that is being verified.protected java.lang.StringsignatureNameThe signature that covers the revision.protected java.util.DatesignDateThe date the revision was signed, ornullfor the highest revision.protected booleanverifyRootCertificateVerify root.-
Fields inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier
rootStore
-
Fields inherited from class com.itextpdf.text.pdf.security.CertificateVerifier
onlineCheckingAllowed, verifier
-
-
Constructor Summary
Constructors Constructor Description LtvVerifier(PdfReader reader)Creates a VerificationData object for a PdfReader
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected PdfPKCS7coversWholeDocument()Checks if the signature covers the whole document and throws an exception if the document was alteredjava.util.List<java.security.cert.X509CRL>getCRLsFromDSS()Gets a list of X509CRL objects from a Document Security Store.java.util.List<org.bouncycastle.cert.ocsp.BasicOCSPResp>getOCSPResponsesFromDSS()Gets OCSP responses from the Document Security Store.voidsetCertificateOption(LtvVerification.CertificateOption option)Sets the certificate option.voidsetVerifier(CertificateVerifier verifier)Sets an extra verifier.voidsetVerifyRootCertificate(boolean verifyRootCertificate)Set the verifyRootCertificate to false if you can't verify the root certificate.voidswitchToPreviousRevision()Switches to the previous revision.java.util.List<VerificationOK>verify(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate)Verifies certificates against a list of CRLs and OCSP responses.java.util.List<VerificationOK>verify(java.util.List<VerificationOK> result)Verifies all the document-level timestamps and all the signatures in the document.voidverifyChain(java.security.cert.Certificate[] chain)Checks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly?java.util.List<VerificationOK>verifySignature()Verifies a document level timestamp.-
Methods inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier
setRootStore
-
Methods inherited from class com.itextpdf.text.pdf.security.CertificateVerifier
setOnlineCheckingAllowed
-
-
-
-
Field Detail
-
LOGGER
protected static final Logger LOGGER
The Logger instance
-
option
protected LtvVerification.CertificateOption option
Do we need to check all certificate, or only the signing certificate?
-
verifyRootCertificate
protected boolean verifyRootCertificate
Verify root.
-
reader
protected PdfReader reader
A reader object for the revision that is being verified.
-
fields
protected AcroFields fields
The fields in the revision that is being verified.
-
signDate
protected java.util.Date signDate
The date the revision was signed, ornullfor the highest revision.
-
signatureName
protected java.lang.String signatureName
The signature that covers the revision.
-
pkcs7
protected PdfPKCS7 pkcs7
The PdfPKCS7 object for the signature.
-
latestRevision
protected boolean latestRevision
Indicates if we're working with the latest revision.
-
dss
protected PdfDictionary dss
The document security store for the revision that is being verified
-
-
Constructor Detail
-
LtvVerifier
public LtvVerifier(PdfReader reader) throws java.security.GeneralSecurityException
Creates a VerificationData object for a PdfReader- Parameters:
reader- a reader for the document we want to verify.- Throws:
java.security.GeneralSecurityException
-
-
Method Detail
-
setVerifier
public void setVerifier(CertificateVerifier verifier)
Sets an extra verifier.- Parameters:
verifier- the verifier to set
-
setCertificateOption
public void setCertificateOption(LtvVerification.CertificateOption option)
Sets the certificate option.- Parameters:
option- Either CertificateOption.SIGNING_CERTIFICATE (default) or CertificateOption.WHOLE_CHAIN
-
setVerifyRootCertificate
public void setVerifyRootCertificate(boolean verifyRootCertificate)
Set the verifyRootCertificate to false if you can't verify the root certificate.
-
coversWholeDocument
protected PdfPKCS7 coversWholeDocument() throws java.security.GeneralSecurityException
Checks if the signature covers the whole document and throws an exception if the document was altered- Returns:
- a PdfPKCS7 object
- Throws:
java.security.GeneralSecurityException
-
verify
public java.util.List<VerificationOK> verify(java.util.List<VerificationOK> result) throws java.io.IOException, java.security.GeneralSecurityException
Verifies all the document-level timestamps and all the signatures in the document.- Throws:
java.io.IOExceptionjava.security.GeneralSecurityException
-
verifySignature
public java.util.List<VerificationOK> verifySignature() throws java.security.GeneralSecurityException, java.io.IOException
Verifies a document level timestamp.- Throws:
java.security.GeneralSecurityExceptionjava.io.IOException
-
verifyChain
public void verifyChain(java.security.cert.Certificate[] chain) throws java.security.GeneralSecurityExceptionChecks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly?- Parameters:
chain-- Throws:
java.security.GeneralSecurityException
-
verify
public java.util.List<VerificationOK> verify(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate) throws java.security.GeneralSecurityException, java.io.IOException
Verifies certificates against a list of CRLs and OCSP responses.- Overrides:
verifyin classRootStoreVerifier- Parameters:
signingCert-issuerCert-- Returns:
- a list of
VerificationOKobjects. The list will be empty if the certificate couldn't be verified. - Throws:
java.security.GeneralSecurityExceptionjava.io.IOException- See Also:
com.itextpdf.text.pdf.security.RootStoreVerifier#verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate)
-
switchToPreviousRevision
public void switchToPreviousRevision() throws java.io.IOException, java.security.GeneralSecurityExceptionSwitches to the previous revision.- Throws:
java.io.IOExceptionjava.security.GeneralSecurityException
-
getCRLsFromDSS
public java.util.List<java.security.cert.X509CRL> getCRLsFromDSS() throws java.security.GeneralSecurityException, java.io.IOExceptionGets a list of X509CRL objects from a Document Security Store.- Returns:
- a list of CRLs
- Throws:
java.security.GeneralSecurityExceptionjava.io.IOException
-
getOCSPResponsesFromDSS
public java.util.List<org.bouncycastle.cert.ocsp.BasicOCSPResp> getOCSPResponsesFromDSS() throws java.io.IOException, java.security.GeneralSecurityExceptionGets OCSP responses from the Document Security Store.- Returns:
- a list of BasicOCSPResp objects
- Throws:
java.io.IOExceptionjava.security.GeneralSecurityException
-
-