Package org.apache.pdfbox.examples.signature.validation

Class AddValidationInformation

java.lang.Object

org.apache.pdfbox.examples.signature.validation.AddValidationInformation

public class AddValidationInformation
extends Object

An example for adding Validation Information to a signed PDF, inspired by ETSI TS 102 778-4 V1.1.2 (2009-12), Part 4: PAdES Long Term - PAdES-LTV Profile. This procedure appends the Validation Information of the last signature (more precise its signer(s)) to a copy of the document. The signature and the signed data will not be touched and stay valid.

See also Bachelor thesis (in German) about LTV

Field Summary

Fields

Modifier and Type	Field	Description
private CertInformationCollector	certInformationHelper
private final Map<X509Certificate,COSStream>	certMap
private COSArray	certs
private COSArray	correspondingCRLs
private COSArray	correspondingOCSPs
private COSArray	crls
private PDDocument	document
private final Set<X509Certificate>	foundRevocationInformation
private static final org.apache.commons.logging.Log	LOG
private final Set<X509Certificate>	ocspChecked
private COSArray	ocsps
private Calendar	signDate
private COSDictionary	vriBase

Constructor Summary

Constructors

Constructor	Description
AddValidationInformation()

Method Summary

Modifier and Type	Method	Description
private void	addAllCertsToCertArray()	Adds all certs to the certs-array.
private void	addCrlRevocationInfo(CertInformationCollector.CertSignatureInformation certInfo)	Fetches and adds CRL data to storage for the given Certificate.
private void	addExtensions(PDDocumentCatalog catalog)	Adds Extensions to the document catalog.
private void	addOcspData(CertInformationCollector.CertSignatureInformation certInfo)	Fetches and adds OCSP data to storage for the given Certificate.
private void	addRevocationData(CertInformationCollector.CertSignatureInformation certInfo)	Fetches and adds revocation information based on the certInfo to the DSS.
private void	addRevocationDataRecursive(CertInformationCollector.CertSignatureInformation certInfo)	Tries to get Revocation Data (first OCSP, else CRL) from the given Certificate Chain.
private void	doValidation(String filename, OutputStream output)	Fetches certificate information from the last signature of the document and appends a DSS with the validation information to the document.
private void	fetchCrlData(CertInformationCollector.CertSignatureInformation certInfo)	Tries to fetch and add CRL Data to its containers.
private boolean	fetchOcspData(CertInformationCollector.CertSignatureInformation certInfo)	Tries to fetch and add OCSP Data to its containers.
private static <T extends COSBase & COSUpdateInfo> T	getOrCreateDictionaryEntry(Class<T> clazz, COSDictionary parent, String name)	Gets or creates a dictionary entry.
static void	main(String[] args)
private void	updateVRI(CertInformationCollector.CertSignatureInformation certInfo, COSDictionary vri)
private static void	usage()
void	validateSignature(File inFile, File outFile)	Signs the given PDF file.
private COSStream	writeDataToStream(byte[] data)	Creates a Flate encoded COSStream object with the given data.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

LOG

private static final org.apache.commons.logging.Log LOG

certInformationHelper

private CertInformationCollector certInformationHelper

correspondingOCSPs

private COSArray correspondingOCSPs

correspondingCRLs

private COSArray correspondingCRLs

vriBase

private COSDictionary vriBase

ocsps

private COSArray ocsps

crls

private COSArray crls

certs

private COSArray certs

certMap

private final Map<X509Certificate,COSStream> certMap

document

private PDDocument document

foundRevocationInformation

private final Set<X509Certificate> foundRevocationInformation

signDate

private Calendar signDate

ocspChecked

private final Set<X509Certificate> ocspChecked

Constructor Details

AddValidationInformation

public AddValidationInformation()

Method Details

validateSignature

public void validateSignature(File inFile,
 File outFile)
                       throws IOException

Signs the given PDF file.

Parameters:

inFile - input PDF file

outFile - output PDF file

Throws:

IOException - if the input file could not be read

doValidation

private void doValidation(String filename,
 OutputStream output)
                   throws IOException

Fetches certificate information from the last signature of the document and appends a DSS with the validation information to the document.

Parameters:

filename - in file to extract signature

output - where to write the changed document

Throws:

IOException

getOrCreateDictionaryEntry

private static <T extends COSBase & COSUpdateInfo>
T getOrCreateDictionaryEntry(Class<T> clazz,
 COSDictionary parent,
 String name)
                      throws IOException

Gets or creates a dictionary entry. If existing checks for the type and sets need to be updated.

Parameters:

clazz - the class of the dictionary entry, must implement COSUpdateInfo

parent - where to find the element

name - of the element

Returns:

a Element of given class, new or existing

Throws:

IOException - when the type of the element is wrong

addRevocationData

private void addRevocationData(CertInformationCollector.CertSignatureInformation certInfo)
                        throws IOException

Fetches and adds revocation information based on the certInfo to the DSS.

Parameters:

certInfo - Certificate information from CertInformationHelper containing certificate chains.

Throws:

IOException

addRevocationDataRecursive

private void addRevocationDataRecursive(CertInformationCollector.CertSignatureInformation certInfo)
                                 throws IOException

Tries to get Revocation Data (first OCSP, else CRL) from the given Certificate Chain.

Parameters:

certInfo - from which to fetch revocation data. Will work recursively through its chains.

Throws:

IOException - when failed to fetch an revocation data.

fetchOcspData

private boolean fetchOcspData(CertInformationCollector.CertSignatureInformation certInfo)
                       throws IOException

Tries to fetch and add OCSP Data to its containers.

Parameters:

certInfo - the certificate info, for it to check OCSP data.

Returns:

true when the OCSP data has successfully been fetched and added

Throws:

IOException - when Certificate is revoked.

fetchCrlData

private void fetchCrlData(CertInformationCollector.CertSignatureInformation certInfo)
                   throws IOException

Tries to fetch and add CRL Data to its containers.

Parameters:

certInfo - the certificate info, for it to check CRL data.

Throws:

IOException - when failed to fetch, because no validation data could be fetched for data.

addOcspData

private void addOcspData(CertInformationCollector.CertSignatureInformation certInfo)
                  throws IOException,
org.bouncycastle.cert.ocsp.OCSPException,
CertificateProccessingException,
RevokedCertificateException,
URISyntaxException

Fetches and adds OCSP data to storage for the given Certificate.

Parameters:

certInfo - the certificate info, for it to check OCSP data.

Throws:

IOException

org.bouncycastle.cert.ocsp.OCSPException

CertificateProccessingException

RevokedCertificateException

URISyntaxException

addCrlRevocationInfo

private void addCrlRevocationInfo(CertInformationCollector.CertSignatureInformation certInfo)
                           throws IOException,
RevokedCertificateException,
GeneralSecurityException,
CertificateVerificationException,
URISyntaxException

Fetches and adds CRL data to storage for the given Certificate.

Parameters:

certInfo - the certificate info, for it to check CRL data.

Throws:

IOException

URISyntaxException

RevokedCertificateException

GeneralSecurityException

CertificateVerificationException

updateVRI

private void updateVRI(CertInformationCollector.CertSignatureInformation certInfo,
 COSDictionary vri)
                throws IOException

Throws:

IOException

addAllCertsToCertArray

private void addAllCertsToCertArray()
                             throws IOException

Adds all certs to the certs-array. Make sure that all certificates are inside the certificateStore of certInformationHelper. This should be the only call to fill certs.

Throws:

IOException

writeDataToStream

private COSStream writeDataToStream(byte[] data)
                             throws IOException

Creates a Flate encoded COSStream object with the given data.

Parameters:

data - to write into the COSStream

Returns:

COSStream a COSStream object that can be added to the document

Throws:

IOException

addExtensions

private void addExtensions(PDDocumentCatalog catalog)

Adds Extensions to the document catalog. So that the use of DSS is identified. Described in PAdES Part 4, Chapter 4.4.

Parameters:

catalog - to add Extensions into

main

public static void main(String[] args)
                 throws IOException

Throws:

IOException

usage

private static void usage()