Package com.itextpdf.text.pdf.security
Class LtvVerifier
- java.lang.Object
-
- com.itextpdf.text.pdf.security.CertificateVerifier
-
- com.itextpdf.text.pdf.security.RootStoreVerifier
-
- com.itextpdf.text.pdf.security.LtvVerifier
-
public class LtvVerifier extends RootStoreVerifier
Verifies the signatures in an LTV document.
-
-
Field Summary
Fields Modifier and Type Field Description protected PdfDictionary
dss
The document security store for the revision that is being verifiedprotected AcroFields
fields
The fields in the revision that is being verified.protected boolean
latestRevision
Indicates if we're working with the latest revision.protected static Logger
LOGGER
The Logger instanceprotected LtvVerification.CertificateOption
option
Do we need to check all certificate, or only the signing certificate?protected PdfPKCS7
pkcs7
The PdfPKCS7 object for the signature.protected PdfReader
reader
A reader object for the revision that is being verified.protected java.lang.String
signatureName
The signature that covers the revision.protected java.util.Date
signDate
The date the revision was signed, ornull
for the highest revision.protected boolean
verifyRootCertificate
Verify root.-
Fields inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier
rootStore
-
Fields inherited from class com.itextpdf.text.pdf.security.CertificateVerifier
onlineCheckingAllowed, verifier
-
-
Constructor Summary
Constructors Constructor Description LtvVerifier(PdfReader reader)
Creates a VerificationData object for a PdfReader
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected PdfPKCS7
coversWholeDocument()
Checks if the signature covers the whole document and throws an exception if the document was alteredjava.util.List<java.security.cert.X509CRL>
getCRLsFromDSS()
Gets a list of X509CRL objects from a Document Security Store.java.util.List<org.bouncycastle.cert.ocsp.BasicOCSPResp>
getOCSPResponsesFromDSS()
Gets OCSP responses from the Document Security Store.void
setCertificateOption(LtvVerification.CertificateOption option)
Sets the certificate option.void
setVerifier(CertificateVerifier verifier)
Sets an extra verifier.void
setVerifyRootCertificate(boolean verifyRootCertificate)
Set the verifyRootCertificate to false if you can't verify the root certificate.void
switchToPreviousRevision()
Switches to the previous revision.java.util.List<VerificationOK>
verify(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate)
Verifies certificates against a list of CRLs and OCSP responses.java.util.List<VerificationOK>
verify(java.util.List<VerificationOK> result)
Verifies all the document-level timestamps and all the signatures in the document.void
verifyChain(java.security.cert.Certificate[] chain)
Checks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly?java.util.List<VerificationOK>
verifySignature()
Verifies a document level timestamp.-
Methods inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier
setRootStore
-
Methods inherited from class com.itextpdf.text.pdf.security.CertificateVerifier
setOnlineCheckingAllowed
-
-
-
-
Field Detail
-
LOGGER
protected static final Logger LOGGER
The Logger instance
-
option
protected LtvVerification.CertificateOption option
Do we need to check all certificate, or only the signing certificate?
-
verifyRootCertificate
protected boolean verifyRootCertificate
Verify root.
-
reader
protected PdfReader reader
A reader object for the revision that is being verified.
-
fields
protected AcroFields fields
The fields in the revision that is being verified.
-
signDate
protected java.util.Date signDate
The date the revision was signed, ornull
for the highest revision.
-
signatureName
protected java.lang.String signatureName
The signature that covers the revision.
-
pkcs7
protected PdfPKCS7 pkcs7
The PdfPKCS7 object for the signature.
-
latestRevision
protected boolean latestRevision
Indicates if we're working with the latest revision.
-
dss
protected PdfDictionary dss
The document security store for the revision that is being verified
-
-
Constructor Detail
-
LtvVerifier
public LtvVerifier(PdfReader reader) throws java.security.GeneralSecurityException
Creates a VerificationData object for a PdfReader- Parameters:
reader
- a reader for the document we want to verify.- Throws:
java.security.GeneralSecurityException
-
-
Method Detail
-
setVerifier
public void setVerifier(CertificateVerifier verifier)
Sets an extra verifier.- Parameters:
verifier
- the verifier to set
-
setCertificateOption
public void setCertificateOption(LtvVerification.CertificateOption option)
Sets the certificate option.- Parameters:
option
- Either CertificateOption.SIGNING_CERTIFICATE (default) or CertificateOption.WHOLE_CHAIN
-
setVerifyRootCertificate
public void setVerifyRootCertificate(boolean verifyRootCertificate)
Set the verifyRootCertificate to false if you can't verify the root certificate.
-
coversWholeDocument
protected PdfPKCS7 coversWholeDocument() throws java.security.GeneralSecurityException
Checks if the signature covers the whole document and throws an exception if the document was altered- Returns:
- a PdfPKCS7 object
- Throws:
java.security.GeneralSecurityException
-
verify
public java.util.List<VerificationOK> verify(java.util.List<VerificationOK> result) throws java.io.IOException, java.security.GeneralSecurityException
Verifies all the document-level timestamps and all the signatures in the document.- Throws:
java.io.IOException
java.security.GeneralSecurityException
-
verifySignature
public java.util.List<VerificationOK> verifySignature() throws java.security.GeneralSecurityException, java.io.IOException
Verifies a document level timestamp.- Throws:
java.security.GeneralSecurityException
java.io.IOException
-
verifyChain
public void verifyChain(java.security.cert.Certificate[] chain) throws java.security.GeneralSecurityException
Checks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly?- Parameters:
chain
-- Throws:
java.security.GeneralSecurityException
-
verify
public java.util.List<VerificationOK> verify(java.security.cert.X509Certificate signCert, java.security.cert.X509Certificate issuerCert, java.util.Date signDate) throws java.security.GeneralSecurityException, java.io.IOException
Verifies certificates against a list of CRLs and OCSP responses.- Overrides:
verify
in classRootStoreVerifier
- Parameters:
signingCert
-issuerCert
-- Returns:
- a list of
VerificationOK
objects. The list will be empty if the certificate couldn't be verified. - Throws:
java.security.GeneralSecurityException
java.io.IOException
- See Also:
com.itextpdf.text.pdf.security.RootStoreVerifier#verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate)
-
switchToPreviousRevision
public void switchToPreviousRevision() throws java.io.IOException, java.security.GeneralSecurityException
Switches to the previous revision.- Throws:
java.io.IOException
java.security.GeneralSecurityException
-
getCRLsFromDSS
public java.util.List<java.security.cert.X509CRL> getCRLsFromDSS() throws java.security.GeneralSecurityException, java.io.IOException
Gets a list of X509CRL objects from a Document Security Store.- Returns:
- a list of CRLs
- Throws:
java.security.GeneralSecurityException
java.io.IOException
-
getOCSPResponsesFromDSS
public java.util.List<org.bouncycastle.cert.ocsp.BasicOCSPResp> getOCSPResponsesFromDSS() throws java.io.IOException, java.security.GeneralSecurityException
Gets OCSP responses from the Document Security Store.- Returns:
- a list of BasicOCSPResp objects
- Throws:
java.io.IOException
java.security.GeneralSecurityException
-
-