Package org.apache.pdfbox.examples.signature.validation

Class AddValidationInformation

  • public class AddValidationInformation
extends java.lang.Object
    An example for adding Validation Information to a signed PDF, inspired by ETSI TS 102 778-4 V1.1.2 (2009-12), Part 4: PAdES Long Term - PAdES-LTV Profile. This procedure appends the Validation Information of the last signature (more precise its signer(s)) to a copy of the document. The signature and the signed data will not be touched and stay valid.

    See also Bachelor thesis (in German) about LTV

    • Field Detail

      • LOG

        private static final org.apache.commons.logging.Log LOG

      • correspondingOCSPs

        private COSArray correspondingOCSPs

      • correspondingCRLs

        private COSArray correspondingCRLs

      • certMap

        private final java.util.Map<java.security.cert.X509Certificate,​COSStream> certMap

      • foundRevocationInformation

        private final java.util.Set<java.security.cert.X509Certificate> foundRevocationInformation

      • signDate

        private java.util.Calendar signDate

      • ocspChecked

        private final java.util.Set<java.security.cert.X509Certificate> ocspChecked

    • Constructor Detail

      • AddValidationInformation

        public AddValidationInformation()

    • Method Detail

      • validateSignature

        public void validateSignature​(java.io.File inFile,
                              java.io.File outFile)
                       throws java.io.IOException
        Signs the given PDF file.
        Parameters:
        inFile - input PDF file
        outFile - output PDF file
        Throws:
        java.io.IOException - if the input file could not be read

      • doValidation

        private void doValidation​(java.lang.String filename,
                          java.io.OutputStream output)
                   throws java.io.IOException
        Fetches certificate information from the last signature of the document and appends a DSS with the validation information to the document.
        Parameters:
        filename - in file to extract signature
        output - where to write the changed document
        Throws:
        java.io.IOException

      • getOrCreateDictionaryEntry

        private static <T extends COSBase & COSUpdateInfo> T getOrCreateDictionaryEntry​(java.lang.Class<T> clazz,
                                                                                COSDictionary parent,
                                                                                java.lang.String name)
                                                                         throws java.io.IOException
        Gets or creates a dictionary entry. If existing checks for the type and sets need to be updated.
        Parameters:
        clazz - the class of the dictionary entry, must implement COSUpdateInfo
        parent - where to find the element
        name - of the element
        Returns:
        a Element of given class, new or existing
        Throws:
        java.io.IOException - when the type of the element is wrong

      • addRevocationData

        private void addRevocationData​(CertInformationCollector.CertSignatureInformation certInfo)
                        throws java.io.IOException
        Fetches and adds revocation information based on the certInfo to the DSS.
        Parameters:
        certInfo - Certificate information from CertInformationHelper containing certificate chains.
        Throws:
        java.io.IOException

      • addRevocationDataRecursive

        private void addRevocationDataRecursive​(CertInformationCollector.CertSignatureInformation certInfo)
                                 throws java.io.IOException
        Tries to get Revocation Data (first OCSP, else CRL) from the given Certificate Chain.
        Parameters:
        certInfo - from which to fetch revocation data. Will work recursively through its chains.
        Throws:
        java.io.IOException - when failed to fetch an revocation data.

      • fetchOcspData

        private boolean fetchOcspData​(CertInformationCollector.CertSignatureInformation certInfo)
                       throws java.io.IOException
        Tries to fetch and add OCSP Data to its containers.
        Parameters:
        certInfo - the certificate info, for it to check OCSP data.
        Returns:
        true when the OCSP data has successfully been fetched and added
        Throws:
        java.io.IOException - when Certificate is revoked.

      • fetchCrlData

        private void fetchCrlData​(CertInformationCollector.CertSignatureInformation certInfo)
                   throws java.io.IOException
        Tries to fetch and add CRL Data to its containers.
        Parameters:
        certInfo - the certificate info, for it to check CRL data.
        Throws:
        java.io.IOException - when failed to fetch, because no validation data could be fetched for data.

      • addAllCertsToCertArray

        private void addAllCertsToCertArray()
                             throws java.io.IOException
        Adds all certs to the certs-array. Make sure that all certificates are inside the certificateStore of certInformationHelper. This should be the only call to fill certs.
        Throws:
        java.io.IOException

      • writeDataToStream

        private COSStream writeDataToStream​(byte[] data)
                             throws java.io.IOException
        Creates a Flate encoded COSStream object with the given data.
        Parameters:
        data - to write into the COSStream
        Returns:
        COSStream a COSStream object that can be added to the document
        Throws:
        java.io.IOException

      • addExtensions

        private void addExtensions​(PDDocumentCatalog catalog)
        Adds Extensions to the document catalog. So that the use of DSS is identified. Described in PAdES Part 4, Chapter 4.4.
        Parameters:
        catalog - to add Extensions into

      • main

        public static void main​(java.lang.String[] args)
                 throws java.io.IOException
        Throws:
        java.io.IOException

      • usage

        private static void usage()