Package org.apache.pdfbox.examples.signature

Class SigUtils

java.lang.Object
org.apache.pdfbox.examples.signature.SigUtils
public class SigUtils extends Object
Utility class for the signature / timestamp examples.

  • Field Details

    • LOG

      private static final org.apache.commons.logging.Log LOG

  • Constructor Details

    • SigUtils

      private SigUtils()

  • Method Details

    • getMDPPermission

      public static int getMDPPermission(PDDocument doc)
      Get the access permissions granted for this document in the DocMDP transform parameters dictionary. Details are described in the table "Entries in the DocMDP transform parameters dictionary" in the PDF specification.
      Parameters:
      doc - document.
      Returns:
      the permission value. 0 means no DocMDP transform parameters dictionary exists. Other return values are 1, 2 or 3. 2 is also returned if the DocMDP transform parameters dictionary is found but did not contain a /P entry, or if the value is outside the valid range.

    • setMDPPermission

      public static void setMDPPermission(PDDocument doc, PDSignature signature, int accessPermissions) throws IOException
      Set the "modification detection and prevention" permissions granted for this document in the DocMDP transform parameters dictionary. Details are described in the table "Entries in the DocMDP transform parameters dictionary" in the PDF specification.
      Parameters:
      doc - The document.
      signature - The signature object.
      accessPermissions - The permission value (1, 2 or 3).
      Throws:
      IOException - if a signature exists.

    • checkCertificateUsage

      public static void checkCertificateUsage(X509Certificate x509Certificate) throws CertificateParsingException
      Log if the certificate is not valid for signature usage. Doing this anyway results in Adobe Reader failing to validate the PDF.
      Parameters:
      x509Certificate -
      Throws:
      CertificateParsingException

    • checkTimeStampCertificateUsage

      public static void checkTimeStampCertificateUsage(X509Certificate x509Certificate) throws CertificateParsingException
      Log if the certificate is not valid for timestamping.
      Parameters:
      x509Certificate -
      Throws:
      CertificateParsingException

    • checkResponderCertificateUsage

      public static void checkResponderCertificateUsage(X509Certificate x509Certificate) throws CertificateParsingException
      Log if the certificate is not valid for responding.
      Parameters:
      x509Certificate -
      Throws:
      CertificateParsingException

    • getLastRelevantSignature

      public static PDSignature getLastRelevantSignature(PDDocument document)
      Gets the last relevant signature in the document, i.e. the one with the highest offset.
      Parameters:
      document - to get its last signature
      Returns:
      last signature or null when none found

    • extractTimeStampTokenFromSignerInformation

      public static org.bouncycastle.tsp.TimeStampToken extractTimeStampTokenFromSignerInformation(org.bouncycastle.cms.SignerInformation signerInformation) throws org.bouncycastle.cms.CMSException, IOException, org.bouncycastle.tsp.TSPException
      Throws:
      org.bouncycastle.cms.CMSException
      IOException
      org.bouncycastle.tsp.TSPException

    • validateTimestampToken

      public static void validateTimestampToken(org.bouncycastle.tsp.TimeStampToken timeStampToken) throws org.bouncycastle.tsp.TSPException, CertificateException, org.bouncycastle.operator.OperatorCreationException, IOException
      Throws:
      org.bouncycastle.tsp.TSPException
      CertificateException
      org.bouncycastle.operator.OperatorCreationException
      IOException

    • verifyCertificateChain

      public static void verifyCertificateChain(org.bouncycastle.util.Store<org.bouncycastle.cert.X509CertificateHolder> certificatesStore, X509Certificate certFromSignedData, Date signDate) throws CertificateVerificationException, CertificateException
      Verify the certificate chain up to the root, including OCSP or CRL. However this does not test whether the root certificate is in a trusted list.

      Please post bad PDF files that succeed and good PDF files that fail in PDFBOX-3017.
      Parameters:
      certificatesStore -
      certFromSignedData -
      signDate -
      Throws:
      CertificateVerificationException
      CertificateException

    • getTsaCertificate

      public static X509Certificate getTsaCertificate(String tsaUrl) throws GeneralSecurityException, IOException, URISyntaxException
      Get certificate of a TSA.
      Parameters:
      tsaUrl - URL
      Returns:
      the X.509 certificate.
      Throws:
      GeneralSecurityException
      IOException
      URISyntaxException

    • getCertificateFromTimeStampToken

      public static X509Certificate getCertificateFromTimeStampToken(org.bouncycastle.tsp.TimeStampToken timeStampToken) throws CertificateException
      Extract X.509 certificate from a timestamp
      Parameters:
      timeStampToken -
      Returns:
      the X.509 certificate.
      Throws:
      CertificateException

    • checkCrossReferenceTable

      public static void checkCrossReferenceTable(PDDocument doc)
      Look for gaps in the cross reference table and display warnings if any found. See also here.
      Parameters:
      doc - document.

    • openURL

      public static InputStream openURL(String urlString) throws IOException, URISyntaxException
      Like URL.openStream() but will follow redirection from http to https.
      Parameters:
      urlString -
      Returns:
      Throws:
      IOException
      URISyntaxException