Class SignatureValidator

java.lang.Object

com.itextpdf.signatures.validation.SignatureValidator

public class SignatureValidator
extends Object

Validator class, which is expected to be used for signatures validation.

Field Summary

Fields

Modifier and Type	Field	Description
(package private) static final String	ADD_KNOWN_CERTIFICATES_FAILED
private static final IBouncyCastleFactory	BOUNCY_CASTLE_FACTORY
private final ValidatorChainBuilder	builder
(package private) static final String	CANNOT_PARSE_CERT_FROM_DSS
(package private) static final String	CANNOT_PARSE_CRL_FROM_DSS
(package private) static final String	CANNOT_PARSE_OCSP_FROM_DSS
(package private) static final String	CANNOT_VERIFY_SIGNATURE
(package private) static final String	CANNOT_VERIFY_TIMESTAMP
private final CertificateChainValidator	certificateChainValidator
private final IssuingCertificateRetriever	certificateRetriever
(package private) static final String	CHAIN_VALIDATION_FAILED
(package private) static final String	DOCUMENT_IS_NOT_COVERED
private final DocumentRevisionsValidator	documentRevisionsValidator
private Date	lastKnownPoE
private IMetaInfo	metaInfo
private final PdfDocument	originalDocument
private final SignatureValidationProperties	properties
(package private) static final String	REVISIONS_RETRIEVAL_FAILED
(package private) static final String	REVISIONS_VALIDATION_FAILED
(package private) static final String	SIGNATURE_NOT_FOUND
(package private) static final String	SIGNATURE_VERIFICATION
(package private) static final String	TIMESTAMP_EXTRACTION_FAILED
(package private) static final String	TIMESTAMP_VERIFICATION
(package private) static final String	TIMESTAMP_VERIFICATION_FAILED
static final String	VALIDATING_SIGNATURE_NAME
(package private) static final String	VALIDATION_PERFORMED
private ValidationContext	validationContext
private ValidationCrlClient	validationCrlClient
private ValidationOcspClient	validationOcspClient
private boolean	validationPerformed

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	SignatureValidator(PdfDocument originalDocument, ValidatorChainBuilder builder)	Creates new instance of SignatureValidator.

Method Summary

Modifier and Type	Method	Description
private void	findValidationClients()
private List<Certificate>	getCertificatesFromDss(ValidationReport validationReport, PdfDocument document)
private PdfPKCS7	mathematicallyVerifySignature(ValidationReport validationReport, PdfDocument document)
private void	reportResult(ValidationReport validationReport)
private void	retrieveCrlResponsesFromDss(ValidationReport validationReport, ValidationContext context, PdfDocument document)
private void	retrieveNotSignedRevocationInfoFromSignatureContainer(PdfPKCS7 pkcs7, ValidationContext validationContext)
private void	retrieveOcspResponsesFromDss(ValidationReport validationReport, ValidationContext context, PdfDocument document)
private void	retrieveSignedRevocationInfoFromSignatureContainer(PdfPKCS7 pkcs7, ValidationContext validationContext)
SignatureValidator	setEventCountingMetaInfo(IMetaInfo metaInfo)	Sets the IMetaInfo that will be used during new PdfDocument creations.
private boolean	stopValidation(ValidationReport result, ValidationContext validationContext)
private boolean	updateLastKnownPoE(ValidationReport tsValidationReport, ITSTInfo timeStampTokenInfo)
private void	updateValidationClients(PdfPKCS7 pkcs7, ValidationReport validationReport, ValidationContext validationContext, PdfDocument document)
private ValidationReport	validate(String signatureName)
private ValidationReport	validateEmbeddedTimestamp(PdfPKCS7 pkcs7)
(package private) ValidationReport	validateLatestSignature(PdfDocument document)
ValidationReport	validateSignature(String signatureName)	Validate single signature in the document.
ValidationReport	validateSignatures()	Validate all signatures in the document.
private void	validateTimestampChain(ValidationReport validationReport, Certificate[] knownCerts, X509Certificate signingCert)

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

VALIDATING_SIGNATURE_NAME

public static final String VALIDATING_SIGNATURE_NAME

See Also:

• Constant Field Values

TIMESTAMP_VERIFICATION

static final String TIMESTAMP_VERIFICATION

See Also:

• Constant Field Values

SIGNATURE_VERIFICATION

static final String SIGNATURE_VERIFICATION

See Also:

• Constant Field Values

CANNOT_PARSE_CERT_FROM_DSS

static final String CANNOT_PARSE_CERT_FROM_DSS

See Also:

• Constant Field Values

CANNOT_PARSE_OCSP_FROM_DSS

static final String CANNOT_PARSE_OCSP_FROM_DSS

See Also:

• Constant Field Values

CANNOT_PARSE_CRL_FROM_DSS

static final String CANNOT_PARSE_CRL_FROM_DSS

See Also:

• Constant Field Values

CANNOT_VERIFY_SIGNATURE

static final String CANNOT_VERIFY_SIGNATURE

See Also:

• Constant Field Values

DOCUMENT_IS_NOT_COVERED

static final String DOCUMENT_IS_NOT_COVERED

See Also:

• Constant Field Values

CANNOT_VERIFY_TIMESTAMP

static final String CANNOT_VERIFY_TIMESTAMP

See Also:

• Constant Field Values

TIMESTAMP_VERIFICATION_FAILED

static final String TIMESTAMP_VERIFICATION_FAILED

See Also:

• Constant Field Values

REVISIONS_RETRIEVAL_FAILED

static final String REVISIONS_RETRIEVAL_FAILED

See Also:

• Constant Field Values

TIMESTAMP_EXTRACTION_FAILED

static final String TIMESTAMP_EXTRACTION_FAILED

See Also:

• Constant Field Values

CHAIN_VALIDATION_FAILED

static final String CHAIN_VALIDATION_FAILED

See Also:

• Constant Field Values

REVISIONS_VALIDATION_FAILED

static final String REVISIONS_VALIDATION_FAILED

See Also:

• Constant Field Values

ADD_KNOWN_CERTIFICATES_FAILED

static final String ADD_KNOWN_CERTIFICATES_FAILED

See Also:

• Constant Field Values

SIGNATURE_NOT_FOUND

static final String SIGNATURE_NOT_FOUND

See Also:

• Constant Field Values

VALIDATION_PERFORMED

static final String VALIDATION_PERFORMED

See Also:

• Constant Field Values

BOUNCY_CASTLE_FACTORY

private static final IBouncyCastleFactory BOUNCY_CASTLE_FACTORY

builder

private final ValidatorChainBuilder builder

validationContext

private ValidationContext validationContext

certificateChainValidator

private final CertificateChainValidator certificateChainValidator

documentRevisionsValidator

private final DocumentRevisionsValidator documentRevisionsValidator

certificateRetriever

private final IssuingCertificateRetriever certificateRetriever

properties

private final SignatureValidationProperties properties

lastKnownPoE

private Date lastKnownPoE

metaInfo

private IMetaInfo metaInfo

originalDocument

private final PdfDocument originalDocument

validationOcspClient

private ValidationOcspClient validationOcspClient

validationCrlClient

private ValidationCrlClient validationCrlClient

validationPerformed

private boolean validationPerformed

Constructor Details

SignatureValidator

protected SignatureValidator(PdfDocument originalDocument,
 ValidatorChainBuilder builder)

Creates new instance of SignatureValidator.

Parameters:

originalDocument - PdfDocument instance which will be validated

builder - see ValidatorChainBuilder

Method Details

setEventCountingMetaInfo

public SignatureValidator setEventCountingMetaInfo(IMetaInfo metaInfo)

Sets the IMetaInfo that will be used during new PdfDocument creations.

Parameters:

metaInfo - meta info to set

Returns:

the same SignatureValidator instance

validateSignatures

public ValidationReport validateSignatures()

Validate all signatures in the document.

Returns:

ValidationReport which contains detailed validation results

validateSignature

public ValidationReport validateSignature(String signatureName)

Validate single signature in the document.

Parameters:

signatureName - name of the signature to validate

Returns:

ValidationReport which contains detailed validation results.

validateLatestSignature

ValidationReport validateLatestSignature(PdfDocument document)

reportResult

private void reportResult(ValidationReport validationReport)

validate

private ValidationReport validate(String signatureName)

findValidationClients

private void findValidationClients()

mathematicallyVerifySignature

private PdfPKCS7 mathematicallyVerifySignature(ValidationReport validationReport,
 PdfDocument document)

validateEmbeddedTimestamp

private ValidationReport validateEmbeddedTimestamp(PdfPKCS7 pkcs7)

validateTimestampChain

private void validateTimestampChain(ValidationReport validationReport,
 Certificate[] knownCerts,
 X509Certificate signingCert)

updateLastKnownPoE

private boolean updateLastKnownPoE(ValidationReport tsValidationReport,
 ITSTInfo timeStampTokenInfo)

updateValidationClients

private void updateValidationClients(PdfPKCS7 pkcs7,
 ValidationReport validationReport,
 ValidationContext validationContext,
 PdfDocument document)

retrieveSignedRevocationInfoFromSignatureContainer

private void retrieveSignedRevocationInfoFromSignatureContainer(PdfPKCS7 pkcs7,
 ValidationContext validationContext)

retrieveNotSignedRevocationInfoFromSignatureContainer

private void retrieveNotSignedRevocationInfoFromSignatureContainer(PdfPKCS7 pkcs7,
 ValidationContext validationContext)

retrieveOcspResponsesFromDss

private void retrieveOcspResponsesFromDss(ValidationReport validationReport,
 ValidationContext context,
 PdfDocument document)

retrieveCrlResponsesFromDss

private void retrieveCrlResponsesFromDss(ValidationReport validationReport,
 ValidationContext context,
 PdfDocument document)

getCertificatesFromDss

private List<Certificate> getCertificatesFromDss(ValidationReport validationReport,
 PdfDocument document)

stopValidation

private boolean stopValidation(ValidationReport result,
 ValidationContext validationContext)