iaik.pdf.pdfbox

Class ApprovalSignaturePdfBox

java.lang.Object

iaik.pdf.pdfbox.PdfSignatureDetailsPdfBox

iaik.pdf.pdfbox.ApprovalSignaturePdfBox

All Implemented Interfaces:

ApprovalSignature, PdfSignatureDetails

Direct Known Subclasses:

CertificationSignaturePdfBox

public class ApprovalSignaturePdfBox
extends PdfSignatureDetailsPdfBox
implements ApprovalSignature

Implementation of the ApprovalSignature interface using PdfBox.

Method Summary

Modifier and Type	Method and Description
iaik.x509.X509Certificate[]	getCertificateChain(CadesSignature cadesSignature) Get the signer's certificate chain.
CadesSignature	getCMSSignature() Extracts the CMS signature included in the PDF signature dictionary.
boolean	getCrlRevocationStatus() Checks whether the signer's certificate is contained in the crl that is included in the signature's revocation information.
byte[]	getEncodedCmsSignature() Get the original encoding of the CMS signature as included in the PDF signature dictionary.
iaik.x509.ocsp.CertStatus	getOcspRevocationStatus() Parses the OCSP responses included in the signature's revocation information.
RevocationInfoArchival	getRevocationInformation() Extract revocation information if included.
SignatureTimeStamp[]	getSignatureTimeStamps() Extract all included signature timestamps.
iaik.tsp.TimeStampToken	getSignatureTimeStampToken() Extract signature timestamp token if included.
iaik.x509.X509Certificate	getSignerCertificate() Returns the signer certificate.
java.util.Calendar	getSigningTime() Get the time of signature creation.
void	verifySignatureTimestampImprint() Verify signature timestamp if included.
void	verifySignatureTimestampImprint(iaik.x509.X509Certificate tsa_certificate) Verify signature timestamp if included.
void	verifySignatureTimestamps() Verify all included signature timestamps.
iaik.x509.X509Certificate	verifySignatureValue() Verify the signature value.

Methods inherited from class iaik.pdf.pdfbox.PdfSignatureDetailsPdfBox

getName, getRevision, getRevision, getRevision, getSignatureDictionaryDate, getSubfilter, isModified

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface iaik.pdf.signature.PdfSignatureDetails

getName, getRevision, getRevision, getRevision, getSignatureDictionaryDate, getSubfilter, isModified

Method Detail

getCMSSignature

public CadesSignature getCMSSignature()
                               throws PdfSignatureException,
                                      java.io.IOException

Description copied from interface: ApprovalSignature

Extracts the CMS signature included in the PDF signature dictionary.

Specified by:

getCMSSignature in interface ApprovalSignature

Returns:

the CMS signature as instance of type CadesSignature or CadesSignatureStream

Throws:

PdfSignatureException - if the CMS signature can't be extracted or parsed

java.io.IOException - if the CMS signature bytes can't be read

getEncodedCmsSignature

public byte[] getEncodedCmsSignature()
                              throws java.io.IOException

Description copied from interface: ApprovalSignature

Get the original encoding of the CMS signature as included in the PDF signature dictionary.

Specified by:

getEncodedCmsSignature in interface ApprovalSignature

Returns:

the original signature encoding

Throws:

java.io.IOException - if the signature can't be extracted from the PDF document

getSigningTime

public java.util.Calendar getSigningTime()

Description copied from interface: PdfSignatureDetails

Get the time of signature creation. If included the time given by the signature timestamp is used. Otherwise the time given in the PDF signature dictionary is returned.

Specified by:

getSigningTime in interface PdfSignatureDetails

Returns:

time of signature creation

getRevocationInformation

public RevocationInfoArchival getRevocationInformation()
                                                throws PdfSignatureException,
                                                       CmsCadesException

Description copied from interface: ApprovalSignature

Extract revocation information if included.

Specified by:

getRevocationInformation in interface ApprovalSignature

Returns:

the revocation information or null, if none included

Throws:

PdfSignatureException - if the CMS signature can't be extracted or parsed

CmsCadesException - if the revocation attribute can't be parsed or the revocation type is unknown

getOcspRevocationStatus

public iaik.x509.ocsp.CertStatus getOcspRevocationStatus()
                                                  throws PdfSignatureException,
                                                         CmsCadesException

Description copied from interface: ApprovalSignature

Parses the OCSP responses included in the signature's revocation information. If an OCSP response for the signer certificate can be found, the included certificate status is returned. If multiple OCSP responses for the signer certificate are included, the first one is used. Returns null if no matching response was found. For identifying the signer certificate, also the issuer certificate must be included in the signature. An exception is thrown, if the issuer certificate can't be found.

Specified by:

getOcspRevocationStatus in interface ApprovalSignature

Returns:

the signer certificate's certificate status

Throws:

PdfSignatureException - if the CMS signature can't be extracted or parsed

CmsCadesException - if no revocation infos are included or can't be read

getCrlRevocationStatus

public boolean getCrlRevocationStatus()
                               throws PdfSignatureException,
                                      CmsCadesException

Description copied from interface: ApprovalSignature

Checks whether the signer's certificate is contained in the crl that is included in the signature's revocation information.

Specified by:

getCrlRevocationStatus in interface ApprovalSignature

Returns:

true, if the certificate is on the crl; false otherwise

Throws:

PdfSignatureException - if the CMS signature can't be extracted or parsed

CmsCadesException - if no revocation infos are included or can't be read

getSignerCertificate

public iaik.x509.X509Certificate getSignerCertificate()
                                               throws PdfSignatureException,
                                                      CmsCadesException

Description copied from interface: ApprovalSignature

Returns the signer certificate.

Specified by:

getSignerCertificate in interface ApprovalSignature

Returns:

the signer certificate

Throws:

PdfSignatureException - if the CMS signature can't be extracted or parsed

CmsCadesException - if requested certificate is not contained

getCertificateChain

public iaik.x509.X509Certificate[] getCertificateChain(CadesSignature cadesSignature)
                                                throws PdfSignatureException,
                                                       CmsCadesException

Description copied from interface: ApprovalSignature

Get the signer's certificate chain.

Specified by:

getCertificateChain in interface ApprovalSignature

Returns:

the signer's certificate chain

Throws:

PdfSignatureException - if the CMS signature can't be extracted or parsed

CmsCadesException - if requested certificate chain is not contained

verifySignatureValue

public iaik.x509.X509Certificate verifySignatureValue()
                                               throws PdfSignatureException,
                                                      CmsCadesException,
                                                      iaik.cms.CMSSignatureException

Description copied from interface: ApprovalSignature

Verify the signature value.

Specified by:

verifySignatureValue in interface ApprovalSignature

Returns:

the signer certificate

Throws:

PdfSignatureException - if the CMS signature can't be extracted or parsed

CmsCadesException - if no signature could be found

iaik.cms.CMSSignatureException - if the signature turns out to be incorrect

getSignatureTimeStampToken

public iaik.tsp.TimeStampToken getSignatureTimeStampToken()
                                                   throws PdfSignatureException,
                                                          CmsCadesException

Description copied from interface: ApprovalSignature

Extract signature timestamp token if included. If more than one signature timestamp is included in this signature, the first signature timestamp token is returned.

Specified by:

getSignatureTimeStampToken in interface ApprovalSignature

Returns:

the signature timestamp token or null if none included

Throws:

PdfSignatureException - if the CMS signature can't be extracted or parsed

CmsCadesException - if timestamp token can't be parsed

getSignatureTimeStamps

public SignatureTimeStamp[] getSignatureTimeStamps()
                                            throws PdfSignatureException,
                                                   CmsCadesException

Description copied from interface: ApprovalSignature

Extract all included signature timestamps.

Specified by:

getSignatureTimeStamps in interface ApprovalSignature

Returns:

the signature timestamp token or an empty array if none included

Throws:

PdfSignatureException - if the CMS signature can't be extracted or parsed

CmsCadesException - if timestamp token can't be parsed

verifySignatureTimestampImprint

public void verifySignatureTimestampImprint()
                                     throws PdfSignatureException,
                                            CmsCadesException,
                                            iaik.tsp.TspVerificationException

Description copied from interface: ApprovalSignature

Verify signature timestamp if included. No verification is done if no timestamp is contained. If more than one signature timestamp is included in this signature, the first signature timestamp is verified. Verifies the signature value and whether the message imprint equals the expected signature. No certificate path validation is done. Uses the timestamp authority's certificate included in the timestamp.

Specified by:

verifySignatureTimestampImprint in interface ApprovalSignature

Throws:

PdfSignatureException - if the CMS signature can't be extracted or parsed

CmsCadesException - if tsa certificate is not included to verify timestamp, if timestamp can't be extracted

iaik.tsp.TspVerificationException - if signature of timestamp token is invalid or an parsing error occurs

verifySignatureTimestamps

public void verifySignatureTimestamps()
                               throws PdfSignatureException,
                                      CmsCadesException,
                                      iaik.tsp.TspVerificationException

Description copied from interface: ApprovalSignature

Verify all included signature timestamps. No verification is done if no timestamps are contained. Verifies the signature value and whether the message imprint equals the expected signature. No certificate path validation is done. Uses the timestamp authority's certificate included in the timestamp.

Specified by:

verifySignatureTimestamps in interface ApprovalSignature

Throws:

PdfSignatureException - if the CMS signature can't be extracted or parsed

CmsCadesException - if no tsa certificate is included to verify the timestamp or if a timestamp can't be extracted

iaik.tsp.TspVerificationException - if signature of timestamp token is invalid or an parsing error occurs

verifySignatureTimestampImprint

public void verifySignatureTimestampImprint(iaik.x509.X509Certificate tsa_certificate)
                                     throws PdfSignatureException,
                                            CmsCadesException,
                                            iaik.tsp.TspVerificationException

Description copied from interface: ApprovalSignature

Verify signature timestamp if included. No verification is done if no timestamp is contained. If more than one signature timestamp is included in this signature, the first signature timestamp is verified. To verify all signature timestamps using a provided TSA certificate use ApprovalSignature.getSignatureTimeStamps() and its verify method. Verifies the signature value and whether the message imprint equals the expected signature. No certificate path validation is done. To verify the signature the given TSA certificate is used. If the given TSA certificate is null and this timestamp contains the corresponding TSA certificate, the included TSA certificate is used.

Specified by:

verifySignatureTimestampImprint in interface ApprovalSignature

Parameters:

tsa_certificate - the certificate of the timestamp authority

Throws:

PdfSignatureException - if the CMS signature can't be extracted or parsed

CmsCadesException - if timestamp can't be extracted

iaik.tsp.TspVerificationException - if signature of timestamp token is invalid or an parsing error occurs