Package com.itextpdf.text.pdf.security
Class LtvVerifier
java.lang.Object
com.itextpdf.text.pdf.security.CertificateVerifier
com.itextpdf.text.pdf.security.RootStoreVerifier
com.itextpdf.text.pdf.security.LtvVerifier
Verifies the signatures in an LTV document.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected PdfDictionaryThe document security store for the revision that is being verifiedprotected AcroFieldsThe fields in the revision that is being verified.protected booleanIndicates if we're working with the latest revision.protected static final LoggerThe Logger instanceprotected LtvVerification.CertificateOptionDo we need to check all certificate, or only the signing certificate?protected PdfPKCS7The PdfPKCS7 object for the signature.protected PdfReaderA reader object for the revision that is being verified.protected StringThe signature that covers the revision.protected DateThe date the revision was signed, ornullfor the highest revision.protected booleanVerify root.Fields inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier
rootStoreFields inherited from class com.itextpdf.text.pdf.security.CertificateVerifier
onlineCheckingAllowed, verifier -
Constructor Summary
ConstructorsConstructorDescriptionLtvVerifier(PdfReader reader) Creates a VerificationData object for a PdfReader -
Method Summary
Modifier and TypeMethodDescriptionprotected PdfPKCS7Checks if the signature covers the whole document and throws an exception if the document was alteredGets a list of X509CRL objects from a Document Security Store.List<org.bouncycastle.cert.ocsp.BasicOCSPResp> Gets OCSP responses from the Document Security Store.voidSets the certificate option.voidsetVerifier(CertificateVerifier verifier) Sets an extra verifier.voidsetVerifyRootCertificate(boolean verifyRootCertificate) Set the verifyRootCertificate to false if you can't verify the root certificate.voidSwitches to the previous revision.verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate) Verifies certificates against a list of CRLs and OCSP responses.verify(List<VerificationOK> result) Verifies all the document-level timestamps and all the signatures in the document.voidverifyChain(Certificate[] chain) Checks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly?Verifies a document level timestamp.Methods inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier
setRootStoreMethods inherited from class com.itextpdf.text.pdf.security.CertificateVerifier
setOnlineCheckingAllowed
-
Field Details
-
LOGGER
The Logger instance -
option
Do we need to check all certificate, or only the signing certificate? -
verifyRootCertificate
protected boolean verifyRootCertificateVerify root. -
reader
A reader object for the revision that is being verified. -
fields
The fields in the revision that is being verified. -
signDate
The date the revision was signed, ornullfor the highest revision. -
signatureName
The signature that covers the revision. -
pkcs7
The PdfPKCS7 object for the signature. -
latestRevision
protected boolean latestRevisionIndicates if we're working with the latest revision. -
dss
The document security store for the revision that is being verified
-
-
Constructor Details
-
LtvVerifier
Creates a VerificationData object for a PdfReader- Parameters:
reader- a reader for the document we want to verify.- Throws:
GeneralSecurityException
-
-
Method Details
-
setVerifier
Sets an extra verifier.- Parameters:
verifier- the verifier to set
-
setCertificateOption
Sets the certificate option.- Parameters:
option- Either CertificateOption.SIGNING_CERTIFICATE (default) or CertificateOption.WHOLE_CHAIN
-
setVerifyRootCertificate
public void setVerifyRootCertificate(boolean verifyRootCertificate) Set the verifyRootCertificate to false if you can't verify the root certificate. -
coversWholeDocument
Checks if the signature covers the whole document and throws an exception if the document was altered- Returns:
- a PdfPKCS7 object
- Throws:
GeneralSecurityException
-
verify
public List<VerificationOK> verify(List<VerificationOK> result) throws IOException, GeneralSecurityException Verifies all the document-level timestamps and all the signatures in the document.- Throws:
IOExceptionGeneralSecurityException
-
verifySignature
Verifies a document level timestamp.- Throws:
GeneralSecurityExceptionIOException
-
verifyChain
Checks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly?- Parameters:
chain-- Throws:
GeneralSecurityException
-
verify
public List<VerificationOK> verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException, IOException Verifies certificates against a list of CRLs and OCSP responses.- Overrides:
verifyin classRootStoreVerifier- Parameters:
signCert- the certificate to verifyissuerCert-signDate- the date the certificate needs to be validsigningCert-- Returns:
- a list of
VerificationOKobjects. The list will be empty if the certificate couldn't be verified. - Throws:
GeneralSecurityExceptionIOException- See Also:
-
switchToPreviousRevision
Switches to the previous revision.- Throws:
IOExceptionGeneralSecurityException
-
getCRLsFromDSS
Gets a list of X509CRL objects from a Document Security Store.- Returns:
- a list of CRLs
- Throws:
GeneralSecurityExceptionIOException
-
getOCSPResponsesFromDSS
public List<org.bouncycastle.cert.ocsp.BasicOCSPResp> getOCSPResponsesFromDSS() throws IOException, GeneralSecurityExceptionGets OCSP responses from the Document Security Store.- Returns:
- a list of BasicOCSPResp objects
- Throws:
IOExceptionGeneralSecurityException
-