Package com.itextpdf.text.pdf.security
Class LtvVerification
- java.lang.Object
-
- com.itextpdf.text.pdf.security.LtvVerification
-
public class LtvVerification extends java.lang.Object
Add verification according to PAdES-LTV (part 4)
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
LtvVerification.CertificateInclusion
Certificate inclusion in the DSS and VRI dictionaries in the CERT and CERTS keysstatic class
LtvVerification.CertificateOption
Options for how many certificates to includestatic class
LtvVerification.Level
What type of verification to includeprivate static class
LtvVerification.ValidationData
-
Field Summary
Fields Modifier and Type Field Description private AcroFields
acroFields
private Logger
LOGGER
private PdfReader
reader
private PdfStamper
stp
private boolean
used
private java.util.Map<PdfName,LtvVerification.ValidationData>
validated
private PdfWriter
writer
-
Constructor Summary
Constructors Constructor Description LtvVerification(PdfStamper stp)
The verification constructor.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
addVerification(java.lang.String signatureName, OcspClient ocsp, CrlClient crl, LtvVerification.CertificateOption certOption, LtvVerification.Level level, LtvVerification.CertificateInclusion certInclude)
Add verification for a particular signatureboolean
addVerification(java.lang.String signatureName, java.util.Collection<byte[]> ocsps, java.util.Collection<byte[]> crls, java.util.Collection<byte[]> certs)
Alternative addVerification.private static byte[]
buildOCSPResponse(byte[] BasicOCSPResponse)
private void
createDss()
private static void
deleteOldReferences(PdfArray all, PdfArray toDelete)
private java.security.cert.X509Certificate
getParent(java.security.cert.X509Certificate cert, java.security.cert.Certificate[] certs)
Returns the issuing certificate for a child certificate.private PdfName
getSignatureHashKey(java.lang.String signatureName)
private static byte[]
hashBytesSha1(byte[] b)
void
merge()
Merges the validation with any validation already in the document or creates a new one.private void
outputDss(PdfDictionary dss, PdfDictionary vrim, PdfArray ocsps, PdfArray crls, PdfArray certs)
private void
updateDss()
-
-
-
Field Detail
-
LOGGER
private Logger LOGGER
-
stp
private PdfStamper stp
-
writer
private PdfWriter writer
-
reader
private PdfReader reader
-
acroFields
private AcroFields acroFields
-
validated
private java.util.Map<PdfName,LtvVerification.ValidationData> validated
-
used
private boolean used
-
-
Constructor Detail
-
LtvVerification
public LtvVerification(PdfStamper stp)
The verification constructor. This class should only be created with PdfStamper.getLtvVerification() otherwise the information will not be added to the Pdf.- Parameters:
stp
- the PdfStamper to apply the validation to
-
-
Method Detail
-
addVerification
public boolean addVerification(java.lang.String signatureName, OcspClient ocsp, CrlClient crl, LtvVerification.CertificateOption certOption, LtvVerification.Level level, LtvVerification.CertificateInclusion certInclude) throws java.io.IOException, java.security.GeneralSecurityException
Add verification for a particular signature- Parameters:
signatureName
- the signature to validate (it may be a timestamp)ocsp
- the interface to get the OCSPcrl
- the interface to get the CRLcertOption
-level
- the validation options to includecertInclude
-- Returns:
- true if a validation was generated, false otherwise
- Throws:
java.security.GeneralSecurityException
java.io.IOException
-
getParent
private java.security.cert.X509Certificate getParent(java.security.cert.X509Certificate cert, java.security.cert.Certificate[] certs)
Returns the issuing certificate for a child certificate.- Parameters:
cert
- the certificate for which we search the parentcerts
- an array with certificates that contains the parent- Returns:
- the partent certificate
-
addVerification
public boolean addVerification(java.lang.String signatureName, java.util.Collection<byte[]> ocsps, java.util.Collection<byte[]> crls, java.util.Collection<byte[]> certs) throws java.io.IOException, java.security.GeneralSecurityException
Alternative addVerification. I assume that inputs are deduplicated.- Throws:
java.io.IOException
java.security.GeneralSecurityException
-
buildOCSPResponse
private static byte[] buildOCSPResponse(byte[] BasicOCSPResponse) throws java.io.IOException
- Throws:
java.io.IOException
-
getSignatureHashKey
private PdfName getSignatureHashKey(java.lang.String signatureName) throws java.security.NoSuchAlgorithmException, java.io.IOException
- Throws:
java.security.NoSuchAlgorithmException
java.io.IOException
-
hashBytesSha1
private static byte[] hashBytesSha1(byte[] b) throws java.security.NoSuchAlgorithmException
- Throws:
java.security.NoSuchAlgorithmException
-
merge
public void merge() throws java.io.IOException
Merges the validation with any validation already in the document or creates a new one.- Throws:
java.io.IOException
-
updateDss
private void updateDss() throws java.io.IOException
- Throws:
java.io.IOException
-
createDss
private void createDss() throws java.io.IOException
- Throws:
java.io.IOException
-
outputDss
private void outputDss(PdfDictionary dss, PdfDictionary vrim, PdfArray ocsps, PdfArray crls, PdfArray certs) throws java.io.IOException
- Throws:
java.io.IOException
-
-