Package com.itextpdf.text.pdf.security

Class LtvVerifier

java.lang.Object

com.itextpdf.text.pdf.security.CertificateVerifier

com.itextpdf.text.pdf.security.RootStoreVerifier

com.itextpdf.text.pdf.security.LtvVerifier

public class LtvVerifier
extends RootStoreVerifier

Verifies the signatures in an LTV document.

Field Summary

Fields

Modifier and Type	Field	Description
protected PdfDictionary	dss	The document security store for the revision that is being verified
protected AcroFields	fields	The fields in the revision that is being verified.
protected boolean	latestRevision	Indicates if we're working with the latest revision.
protected static Logger	LOGGER	The Logger instance
protected LtvVerification.CertificateOption	option	Do we need to check all certificate, or only the signing certificate?
protected PdfPKCS7	pkcs7	The PdfPKCS7 object for the signature.
protected PdfReader	reader	A reader object for the revision that is being verified.
protected String	signatureName	The signature that covers the revision.
protected Date	signDate	The date the revision was signed, or null for the highest revision.
protected boolean	verifyRootCertificate	Verify root.

Fields inherited from class com.itextpdf.text.pdf.security.CertificateVerifier

onlineCheckingAllowed, verifier

Fields inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier

rootStore

Constructor Summary

Constructors

Constructor	Description
LtvVerifier(PdfReader reader)	Creates a VerificationData object for a PdfReader

Method Summary

Modifier and Type	Method	Description
protected PdfPKCS7	coversWholeDocument()	Checks if the signature covers the whole document and throws an exception if the document was altered
List<X509CRL>	getCRLsFromDSS()	Gets a list of X509CRL objects from a Document Security Store.
List<org.bouncycastle.cert.ocsp.BasicOCSPResp>	getOCSPResponsesFromDSS()	Gets OCSP responses from the Document Security Store.
void	setCertificateOption(LtvVerification.CertificateOption option)	Sets the certificate option.
void	setVerifier(CertificateVerifier verifier)	Sets an extra verifier.
void	setVerifyRootCertificate(boolean verifyRootCertificate)	Set the verifyRootCertificate to false if you can't verify the root certificate.
void	switchToPreviousRevision()	Switches to the previous revision.
List<VerificationOK>	verify(X509Certificate signCert, X509Certificate issuerCert, Date signDate)	Verifies certificates against a list of CRLs and OCSP responses.
List<VerificationOK>	verify(List<VerificationOK> result)	Verifies all the document-level timestamps and all the signatures in the document.
void	verifyChain(Certificate[] chain)	Checks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly?
List<VerificationOK>	verifySignature()	Verifies a document level timestamp.

Methods inherited from class com.itextpdf.text.pdf.security.CertificateVerifier

setOnlineCheckingAllowed

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from class com.itextpdf.text.pdf.security.RootStoreVerifier

setRootStore

Field Detail

LOGGER

protected static final Logger LOGGER

The Logger instance

option

protected LtvVerification.CertificateOption option

Do we need to check all certificate, or only the signing certificate?

verifyRootCertificate

protected boolean verifyRootCertificate

Verify root.

reader

protected PdfReader reader

A reader object for the revision that is being verified.

fields

protected AcroFields fields

The fields in the revision that is being verified.

signDate

protected Date signDate

The date the revision was signed, or null for the highest revision.

signatureName

protected String signatureName

The signature that covers the revision.

pkcs7

protected PdfPKCS7 pkcs7

The PdfPKCS7 object for the signature.

latestRevision

protected boolean latestRevision

Indicates if we're working with the latest revision.

dss

protected PdfDictionary dss

The document security store for the revision that is being verified

Constructor Detail

LtvVerifier

public LtvVerifier(PdfReader reader)
            throws GeneralSecurityException

Creates a VerificationData object for a PdfReader

Parameters:

reader - a reader for the document we want to verify.

Throws:

GeneralSecurityException

Method Detail

setVerifier

public void setVerifier(CertificateVerifier verifier)

Sets an extra verifier.

Parameters:

verifier - the verifier to set

setCertificateOption

public void setCertificateOption(LtvVerification.CertificateOption option)

Sets the certificate option.

Parameters:

option - Either CertificateOption.SIGNING_CERTIFICATE (default) or CertificateOption.WHOLE_CHAIN

setVerifyRootCertificate

public void setVerifyRootCertificate(boolean verifyRootCertificate)

Set the verifyRootCertificate to false if you can't verify the root certificate.

coversWholeDocument

protected PdfPKCS7 coversWholeDocument()
                                throws GeneralSecurityException

Checks if the signature covers the whole document and throws an exception if the document was altered

Returns:

a PdfPKCS7 object

Throws:

GeneralSecurityException

verify

public List<VerificationOK> verify(List<VerificationOK> result)
                            throws IOException,
                                   GeneralSecurityException

Verifies all the document-level timestamps and all the signatures in the document.

Throws:

IOException

GeneralSecurityException

verifySignature

public List<VerificationOK> verifySignature()
                                     throws GeneralSecurityException,
                                            IOException

Verifies a document level timestamp.

Throws:

GeneralSecurityException

IOException

verifyChain

public void verifyChain(Certificate[] chain)
                 throws GeneralSecurityException

Checks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly?

Parameters:

chain -

Throws:

GeneralSecurityException

verify

public List<VerificationOK> verify(X509Certificate signCert,
                                   X509Certificate issuerCert,
                                   Date signDate)
                            throws GeneralSecurityException,
                                   IOException

Verifies certificates against a list of CRLs and OCSP responses.

Overrides:

verify in class RootStoreVerifier

Parameters:

signingCert -

issuerCert -

Returns:

a list of VerificationOK objects. The list will be empty if the certificate couldn't be verified.

Throws:

GeneralSecurityException

IOException

See Also:

com.itextpdf.text.pdf.security.RootStoreVerifier#verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate)

switchToPreviousRevision

public void switchToPreviousRevision()
                              throws IOException,
                                     GeneralSecurityException

Switches to the previous revision.

Throws:

IOException

GeneralSecurityException

getCRLsFromDSS

public List<X509CRL> getCRLsFromDSS()
                             throws GeneralSecurityException,
                                    IOException

Gets a list of X509CRL objects from a Document Security Store.

Returns:

a list of CRLs

Throws:

GeneralSecurityException

IOException

getOCSPResponsesFromDSS

public List<org.bouncycastle.cert.ocsp.BasicOCSPResp> getOCSPResponsesFromDSS()
                                                                       throws IOException,
                                                                              GeneralSecurityException

Gets OCSP responses from the Document Security Store.

Returns:

a list of BasicOCSPResp objects

Throws:

IOException

GeneralSecurityException