Class LtvVerifier


  • public class LtvVerifier
    extends RootStoreVerifier
    Verifies the signatures in an LTV document.
    • Field Detail

      • LOGGER

        protected static final Logger LOGGER
        The Logger instance
      • verifyRootCertificate

        protected boolean verifyRootCertificate
        Verify root.
      • reader

        protected PdfReader reader
        A reader object for the revision that is being verified.
      • fields

        protected AcroFields fields
        The fields in the revision that is being verified.
      • signDate

        protected java.util.Date signDate
        The date the revision was signed, or null for the highest revision.
      • signatureName

        protected java.lang.String signatureName
        The signature that covers the revision.
      • pkcs7

        protected PdfPKCS7 pkcs7
        The PdfPKCS7 object for the signature.
      • latestRevision

        protected boolean latestRevision
        Indicates if we're working with the latest revision.
      • dss

        protected PdfDictionary dss
        The document security store for the revision that is being verified
    • Constructor Detail

      • LtvVerifier

        public LtvVerifier​(PdfReader reader)
                    throws java.security.GeneralSecurityException
        Creates a VerificationData object for a PdfReader
        Parameters:
        reader - a reader for the document we want to verify.
        Throws:
        java.security.GeneralSecurityException
    • Method Detail

      • setVerifier

        public void setVerifier​(CertificateVerifier verifier)
        Sets an extra verifier.
        Parameters:
        verifier - the verifier to set
      • setCertificateOption

        public void setCertificateOption​(LtvVerification.CertificateOption option)
        Sets the certificate option.
        Parameters:
        option - Either CertificateOption.SIGNING_CERTIFICATE (default) or CertificateOption.WHOLE_CHAIN
      • setVerifyRootCertificate

        public void setVerifyRootCertificate​(boolean verifyRootCertificate)
        Set the verifyRootCertificate to false if you can't verify the root certificate.
      • coversWholeDocument

        protected PdfPKCS7 coversWholeDocument()
                                        throws java.security.GeneralSecurityException
        Checks if the signature covers the whole document and throws an exception if the document was altered
        Returns:
        a PdfPKCS7 object
        Throws:
        java.security.GeneralSecurityException
      • verify

        public java.util.List<VerificationOK> verify​(java.util.List<VerificationOK> result)
                                              throws java.io.IOException,
                                                     java.security.GeneralSecurityException
        Verifies all the document-level timestamps and all the signatures in the document.
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException
      • verifySignature

        public java.util.List<VerificationOK> verifySignature()
                                                       throws java.security.GeneralSecurityException,
                                                              java.io.IOException
        Verifies a document level timestamp.
        Throws:
        java.security.GeneralSecurityException
        java.io.IOException
      • verifyChain

        public void verifyChain​(java.security.cert.Certificate[] chain)
                         throws java.security.GeneralSecurityException
        Checks the certificates in a certificate chain: are they valid on a specific date, and do they chain up correctly?
        Parameters:
        chain -
        Throws:
        java.security.GeneralSecurityException
      • verify

        public java.util.List<VerificationOK> verify​(java.security.cert.X509Certificate signCert,
                                                     java.security.cert.X509Certificate issuerCert,
                                                     java.util.Date signDate)
                                              throws java.security.GeneralSecurityException,
                                                     java.io.IOException
        Verifies certificates against a list of CRLs and OCSP responses.
        Overrides:
        verify in class RootStoreVerifier
        Parameters:
        signingCert -
        issuerCert -
        Returns:
        a list of VerificationOK objects. The list will be empty if the certificate couldn't be verified.
        Throws:
        java.security.GeneralSecurityException
        java.io.IOException
        See Also:
        com.itextpdf.text.pdf.security.RootStoreVerifier#verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate)
      • switchToPreviousRevision

        public void switchToPreviousRevision()
                                      throws java.io.IOException,
                                             java.security.GeneralSecurityException
        Switches to the previous revision.
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException
      • getCRLsFromDSS

        public java.util.List<java.security.cert.X509CRL> getCRLsFromDSS()
                                                                  throws java.security.GeneralSecurityException,
                                                                         java.io.IOException
        Gets a list of X509CRL objects from a Document Security Store.
        Returns:
        a list of CRLs
        Throws:
        java.security.GeneralSecurityException
        java.io.IOException
      • getOCSPResponsesFromDSS

        public java.util.List<org.bouncycastle.cert.ocsp.BasicOCSPResp> getOCSPResponsesFromDSS()
                                                                                         throws java.io.IOException,
                                                                                                java.security.GeneralSecurityException
        Gets OCSP responses from the Document Security Store.
        Returns:
        a list of BasicOCSPResp objects
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException