com.itextpdf.text.pdf.security
Class LtvVerifier

java.lang.Object
  com.itextpdf.text.pdf.security.CertificateVerifier
      com.itextpdf.text.pdf.security.RootStoreVerifier
          com.itextpdf.text.pdf.security.LtvVerifier

public class LtvVerifier
extends RootStoreVerifier

Verifies the signatures in an LTV document.

Field Summary

protected PdfDictionary	dss The document security store for the revision that is being verified
protected AcroFields	fields The fields in the revision that is being verified.
protected boolean	latestRevision Indicates if we're working with the latest revision.
protected static Logger	LOGGER The Logger instance
protected LtvVerification.CertificateOption	option Do we need to check all certificate, or only the signing certificate?
protected PdfPKCS7	pkcs7 The PdfPKCS7 object for the signature.
protected PdfReader	reader A reader object for the revision that is being verified.
protected String	signatureName The signature that covers the revision.
protected Date	signDate The date the revision was signed, or null for the highest revision.
protected boolean	verifyRootCertificate Verify root.

Fields inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier

rootStore

Fields inherited from class com.itextpdf.text.pdf.security.CertificateVerifier

onlineCheckingAllowed, verifier

Constructor Summary

LtvVerifier(PdfReader reader)
Creates a VerificationData object for a PdfReader

Method Summary

protected PdfPKCS7	coversWholeDocument() Checks if the signature covers the whole document and throws an exception if the document was altered
List<X509CRL>	getCRLsFromDSS() Gets a list of X509CRL objects from a Document Security Store.
List<org.bouncycastle.cert.ocsp.BasicOCSPResp>	getOCSPResponsesFromDSS() Gets OCSP responses from the Document Security Store.
void	setCertificateOption(LtvVerification.CertificateOption option) Sets the certificate option.
void	setVerifier(CertificateVerifier verifier) Sets an extra verifier.
void	setVerifyRootCertificate(boolean verifyRootCertificate) Set the verifyRootCertificate to false if you can't verify the root certificate.
void	switchToPreviousRevision() Switches to the previous revision.
List<VerificationOK>	verify(List<VerificationOK> result) Verifies all the document-level timestamps and all the signatures in the document.
List<VerificationOK>	verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate) Verifies certificates against a list of CRLs and OCSP responses.
void	verifyChain(Certificate[] chain) Checks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly?
List<VerificationOK>	verifySignature() Verifies a document level timestamp.

Methods inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier

setRootStore

Methods inherited from class com.itextpdf.text.pdf.security.CertificateVerifier

setOnlineCheckingAllowed

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOGGER

protected static final Logger LOGGER

The Logger instance

option

protected LtvVerification.CertificateOption option

Do we need to check all certificate, or only the signing certificate?

verifyRootCertificate

protected boolean verifyRootCertificate

Verify root.

reader

protected PdfReader reader

A reader object for the revision that is being verified.

fields

protected AcroFields fields

The fields in the revision that is being verified.

signDate

protected Date signDate

The date the revision was signed, or null for the highest revision.

signatureName

protected String signatureName

The signature that covers the revision.

pkcs7

protected PdfPKCS7 pkcs7

The PdfPKCS7 object for the signature.

latestRevision

protected boolean latestRevision

Indicates if we're working with the latest revision.

dss

protected PdfDictionary dss

The document security store for the revision that is being verified

Constructor Detail

LtvVerifier

public LtvVerifier(PdfReader reader)
            throws GeneralSecurityException

Creates a VerificationData object for a PdfReader

Parameters:

reader - a reader for the document we want to verify.

Throws:

GeneralSecurityException

Method Detail

setVerifier

public void setVerifier(CertificateVerifier verifier)

Sets an extra verifier.

Parameters:

verifier - the verifier to set

setCertificateOption

public void setCertificateOption(LtvVerification.CertificateOption option)

Sets the certificate option.

Parameters:

option - Either CertificateOption.SIGNING_CERTIFICATE (default) or CertificateOption.WHOLE_CHAIN

setVerifyRootCertificate

public void setVerifyRootCertificate(boolean verifyRootCertificate)

Set the verifyRootCertificate to false if you can't verify the root certificate.

coversWholeDocument

protected PdfPKCS7 coversWholeDocument()
                                throws GeneralSecurityException

Checks if the signature covers the whole document and throws an exception if the document was altered

Returns:

a PdfPKCS7 object

Throws:

GeneralSecurityException

verify

public List<VerificationOK> verify(List<VerificationOK> result)
                            throws IOException,
                                   GeneralSecurityException

Verifies all the document-level timestamps and all the signatures in the document.

Throws:

IOException

GeneralSecurityException

verifySignature

public List<VerificationOK> verifySignature()
                                     throws GeneralSecurityException,
                                            IOException

Verifies a document level timestamp.

Throws:

GeneralSecurityException

IOException

verifyChain

public void verifyChain(Certificate[] chain)
                 throws GeneralSecurityException

Checks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly?

Parameters:

chain -

Throws:

GeneralSecurityException

verify

public List<VerificationOK> verify(X509Certificate signCert,
                                   X509Certificate issuerCert,
                                   Date signDate)
                            throws GeneralSecurityException,
                                   IOException

Verifies certificates against a list of CRLs and OCSP responses.

Overrides:

verify in class RootStoreVerifier

Parameters:

signingCert -

issuerCert -

Returns:

a list of VerificationOK objects. The list will be empty if the certificate couldn't be verified.

Throws:

GeneralSecurityException

IOException

See Also:

com.itextpdf.text.pdf.security.RootStoreVerifier#verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate)

switchToPreviousRevision

public void switchToPreviousRevision()
                              throws IOException,
                                     GeneralSecurityException

Switches to the previous revision.

Throws:

IOException

GeneralSecurityException

getCRLsFromDSS

public List<X509CRL> getCRLsFromDSS()
                             throws GeneralSecurityException,
                                    IOException

Gets a list of X509CRL objects from a Document Security Store.

Returns:

a list of CRLs

Throws:

GeneralSecurityException

IOException

getOCSPResponsesFromDSS

public List<org.bouncycastle.cert.ocsp.BasicOCSPResp> getOCSPResponsesFromDSS()
                                                                       throws IOException,
                                                                              GeneralSecurityException

Gets OCSP responses from the Document Security Store.

Returns:

a list of BasicOCSPResp objects

Throws:

IOException

GeneralSecurityException