java.lang.Object
- org.apache.pdfbox.examples.signature.SigUtils

```
public class SigUtils
extends java.lang.Object
```
Utility class for the signature / timestamp examples.

Field Summary

Fields
Modifier and Type Field Description

private static org.apache.commons.logging.Log LOG

Constructor Summary

Constructors
Modifier Constructor Description

private SigUtils()

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method	Description
`static void`	`checkCertificateUsage(java.security.cert.X509Certificate x509Certificate)`	Log if the certificate is not valid for signature usage.
`static void`	`checkCrossReferenceTable(PDDocument doc)`	Look for gaps in the cross reference table and display warnings if any found.
`static void`	`checkResponderCertificateUsage(java.security.cert.X509Certificate x509Certificate)`	Log if the certificate is not valid for responding.
`static void`	`checkTimeStampCertificateUsage(java.security.cert.X509Certificate x509Certificate)`	Log if the certificate is not valid for timestamping.
`static org.bouncycastle.tsp.TimeStampToken`	`extractTimeStampTokenFromSignerInformation(org.bouncycastle.cms.SignerInformation signerInformation)`
`static java.security.cert.X509Certificate`	`getCertificateFromTimeStampToken(org.bouncycastle.tsp.TimeStampToken timeStampToken)`	Extract X.509 certificate from a timestamp
`static PDSignature`	`getLastRelevantSignature(PDDocument document)`	Gets the last relevant signature in the document, i.e.
`static int`	`getMDPPermission(PDDocument doc)`	Get the access permissions granted for this document in the DocMDP transform parameters dictionary.
`static java.security.cert.X509Certificate`	`getTsaCertificate(java.lang.String tsaUrl)`	Get certificate of a TSA.
`static java.io.InputStream`	`openURL(java.lang.String urlString)`	Like `URL.openStream()` but will follow redirection from http to https.
`static void`	`setMDPPermission(PDDocument doc, PDSignature signature, int accessPermissions)`	Set the "modification detection and prevention" permissions granted for this document in the DocMDP transform parameters dictionary.
`static void`	`validateTimestampToken(org.bouncycastle.tsp.TimeStampToken timeStampToken)`
`static void`	`verifyCertificateChain(org.bouncycastle.util.Store<org.bouncycastle.cert.X509CertificateHolder> certificatesStore, java.security.cert.X509Certificate certFromSignedData, java.util.Date signDate)`	Verify the certificate chain up to the root, including OCSP or CRL.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

private static final org.apache.commons.logging.Log LOG

Constructor Detail
- SigUtils
```
private SigUtils()
```

Method Detail

getMDPPermission
```
public static int getMDPPermission(PDDocument doc)
```
Get the access permissions granted for this document in the DocMDP transform parameters dictionary. Details are described in the table "Entries in the DocMDP transform parameters dictionary" in the PDF specification.

Parameters:

doc - document.

Returns:

the permission value. 0 means no DocMDP transform parameters dictionary exists. Other return values are 1, 2 or 3. 2 is also returned if the DocMDP transform parameters dictionary is found but did not contain a /P entry, or if the value is outside the valid range.

setMDPPermission
```
public static void setMDPPermission(PDDocument doc,
                                    PDSignature signature,
                                    int accessPermissions)
                             throws java.io.IOException
```
Set the "modification detection and prevention" permissions granted for this document in the DocMDP transform parameters dictionary. Details are described in the table "Entries in the DocMDP transform parameters dictionary" in the PDF specification.

Parameters:

doc - The document.

signature - The signature object.

accessPermissions - The permission value (1, 2 or 3).

Throws:

java.io.IOException - if a signature exists.

checkCertificateUsage
```
public static void checkCertificateUsage(java.security.cert.X509Certificate x509Certificate)
                                  throws java.security.cert.CertificateParsingException
```
Log if the certificate is not valid for signature usage. Doing this anyway results in Adobe Reader failing to validate the PDF.

Parameters:

x509Certificate -

Throws:

java.security.cert.CertificateParsingException

checkTimeStampCertificateUsage

public static void checkTimeStampCertificateUsage(java.security.cert.X509Certificate x509Certificate)
                                           throws java.security.cert.CertificateParsingException

Log if the certificate is not valid for timestamping.

Parameters:: x509Certificate -
Throws:: java.security.cert.CertificateParsingException

checkResponderCertificateUsage

public static void checkResponderCertificateUsage(java.security.cert.X509Certificate x509Certificate)
                                           throws java.security.cert.CertificateParsingException

Log if the certificate is not valid for responding.

Parameters:: x509Certificate -
Throws:: java.security.cert.CertificateParsingException

getLastRelevantSignature
```
public static PDSignature getLastRelevantSignature(PDDocument document)
```
Gets the last relevant signature in the document, i.e. the one with the highest offset.

Parameters:

document - to get its last signature

Returns:

last signature or null when none found

extractTimeStampTokenFromSignerInformation

public static org.bouncycastle.tsp.TimeStampToken extractTimeStampTokenFromSignerInformation(org.bouncycastle.cms.SignerInformation signerInformation)
                                                                                      throws org.bouncycastle.cms.CMSException,
                                                                                             java.io.IOException,
                                                                                             org.bouncycastle.tsp.TSPException

Throws:: org.bouncycastle.cms.CMSException; java.io.IOException; org.bouncycastle.tsp.TSPException

validateTimestampToken

public static void validateTimestampToken(org.bouncycastle.tsp.TimeStampToken timeStampToken)
                                   throws org.bouncycastle.tsp.TSPException,
                                          java.security.cert.CertificateException,
                                          org.bouncycastle.operator.OperatorCreationException,
                                          java.io.IOException

Throws:: org.bouncycastle.tsp.TSPException; java.security.cert.CertificateException; org.bouncycastle.operator.OperatorCreationException; java.io.IOException

verifyCertificateChain

public static void verifyCertificateChain(org.bouncycastle.util.Store<org.bouncycastle.cert.X509CertificateHolder> certificatesStore,
                                          java.security.cert.X509Certificate certFromSignedData,
                                          java.util.Date signDate)
                                   throws CertificateVerificationException,
                                          java.security.cert.CertificateException

Verify the certificate chain up to the root, including OCSP or CRL. However this does not test whether the root certificate is in a trusted list.

Please post bad PDF files that succeed and good PDF files that fail in PDFBOX-3017.

Parameters:: certificatesStore -; certFromSignedData -; signDate -
Throws:: CertificateVerificationException; java.security.cert.CertificateException

getTsaCertificate

public static java.security.cert.X509Certificate getTsaCertificate(java.lang.String tsaUrl)
                                                            throws java.security.GeneralSecurityException,
                                                                   java.io.IOException,
                                                                   java.net.URISyntaxException

Get certificate of a TSA.

Parameters:: tsaUrl - URL
Returns:: the X.509 certificate.
Throws:: java.security.GeneralSecurityException; java.io.IOException; java.net.URISyntaxException

getCertificateFromTimeStampToken

public static java.security.cert.X509Certificate getCertificateFromTimeStampToken(org.bouncycastle.tsp.TimeStampToken timeStampToken)
                                                                           throws java.security.cert.CertificateException

Extract X.509 certificate from a timestamp

Parameters:: timeStampToken -
Returns:: the X.509 certificate.
Throws:: java.security.cert.CertificateException

checkCrossReferenceTable
```
public static void checkCrossReferenceTable(PDDocument doc)
```
Look for gaps in the cross reference table and display warnings if any found. See also here.

Parameters:

doc - document.

openURL

public static java.io.InputStream openURL(java.lang.String urlString)
                                   throws java.io.IOException,
                                          java.net.URISyntaxException

Like URL.openStream() but will follow redirection from http to https.

Parameters:: urlString -
Returns:
Throws:: java.io.IOException; java.net.URISyntaxException

Class SigUtils

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

LOG

Constructor Detail

SigUtils

Method Detail

getMDPPermission

setMDPPermission

checkCertificateUsage