Class LtvVerification


  • public class LtvVerification
    extends java.lang.Object
    Add verification according to PAdES-LTV (part 4).
    • Constructor Detail

      • LtvVerification

        public LtvVerification​(PdfDocument document)
        The verification constructor. This class should only be created with PdfStamper.getLtvVerification() otherwise the information will not be added to the Pdf.
        Parameters:
        document - The PdfDocument to apply the validation to.
      • LtvVerification

        public LtvVerification​(PdfDocument document,
                               java.lang.String securityProviderCode)
        The verification constructor. This class should only be created with PdfStamper.getLtvVerification() otherwise the information will not be added to the Pdf.
        Parameters:
        document - The PdfDocument to apply the validation to.
        securityProviderCode - Security provider to use
    • Method Detail

      • addVerification

        public boolean addVerification​(java.lang.String signatureName,
                                       IOcspClient ocsp,
                                       ICrlClient crl,
                                       LtvVerification.CertificateOption certOption,
                                       LtvVerification.Level level,
                                       LtvVerification.CertificateInclusion certInclude)
                                throws java.io.IOException,
                                       java.security.GeneralSecurityException
        Add verification for a particular signature.
        Parameters:
        signatureName - the signature to validate (it may be a timestamp)
        ocsp - the interface to get the OCSP
        crl - the interface to get the CRL
        certOption - options as to how many certificates to include
        level - the validation options to include
        certInclude - certificate inclusion options
        Returns:
        true if a validation was generated, false otherwise
        Throws:
        java.security.GeneralSecurityException - when requested cryptographic algorithm or security provider is not available
        java.io.IOException - signals that an I/O exception has occurred
      • addVerification

        public boolean addVerification​(java.lang.String signatureName,
                                       java.util.Collection<byte[]> ocsps,
                                       java.util.Collection<byte[]> crls,
                                       java.util.Collection<byte[]> certs)
                                throws java.io.IOException,
                                       java.security.GeneralSecurityException
        Adds verification to the signature.
        Parameters:
        signatureName - name of the signature
        ocsps - collection of DER-encoded BasicOCSPResponses
        crls - collection of DER-encoded CRLs
        certs - collection of DER-encoded certificates
        Returns:
        boolean
        Throws:
        java.io.IOException - signals that an I/O exception has occurred
        java.security.GeneralSecurityException - when requested cryptographic algorithm or security provider is not available
      • merge

        public void merge()
        Merges the validation with any validation already in the document or creates a new one.
      • convertToHex

        public static java.lang.String convertToHex​(byte[] bytes)
        Converts an array of bytes to a String of hexadecimal values
        Parameters:
        bytes - a byte array
        Returns:
        the same bytes expressed as hexadecimal values
      • getParent

        java.security.cert.X509Certificate getParent​(java.security.cert.X509Certificate cert,
                                                     java.security.cert.Certificate[] certs)
        Get the issuing certificate for a child certificate.
        Parameters:
        cert - the certificate for which we search the parent
        certs - an array with certificates that contains the parent
        Returns:
        the parent certificate
      • addRevocationDataForCertificate

        private void addRevocationDataForCertificate​(java.security.cert.X509Certificate signingCert,
                                                     java.security.cert.Certificate[] certificateChain,
                                                     java.security.cert.X509Certificate cert,
                                                     IOcspClient ocsp,
                                                     ICrlClient crl,
                                                     LtvVerification.Level level,
                                                     LtvVerification.CertificateInclusion certInclude,
                                                     LtvVerification.CertificateOption certOption,
                                                     LtvVerification.ValidationData validationData,
                                                     java.util.Set<java.security.cert.X509Certificate> processedCerts)
                                              throws java.io.IOException,
                                                     java.security.cert.CertificateException,
                                                     java.security.cert.CRLException
        Throws:
        java.io.IOException
        java.security.cert.CertificateException
        java.security.cert.CRLException
      • iterableToList

        private static java.util.List<java.security.cert.X509Certificate> iterableToList​(java.lang.Iterable<java.security.cert.X509Certificate> iterable)
      • buildOCSPResponse

        private static byte[] buildOCSPResponse​(byte[] basicOcspResponse)
                                         throws java.io.IOException
        Throws:
        java.io.IOException
      • getSignatureHashKey

        private PdfName getSignatureHashKey​(java.lang.String signatureName)
                                     throws java.security.NoSuchAlgorithmException
        Throws:
        java.security.NoSuchAlgorithmException
      • hashBytesSha1

        private static byte[] hashBytesSha1​(byte[] b)
                                     throws java.security.NoSuchAlgorithmException
        Throws:
        java.security.NoSuchAlgorithmException
      • updateDss

        private void updateDss()
      • deleteOldReferences

        private static void deleteOldReferences​(PdfArray all,
                                                PdfArray toDelete)
      • createDss

        private void createDss()
      • retrieveMissingCertificates

        private java.security.cert.Certificate[] retrieveMissingCertificates​(java.security.cert.Certificate[] certChain)