iaik.pdf.pdfbox

Class PdfSignatureInstancePdfbox

java.lang.Object

iaik.pdf.signature.PdfSignatureInstance

iaik.pdf.pdfbox.PdfSignatureInstancePdfbox

public class PdfSignatureInstancePdfbox
extends PdfSignatureInstance

Implementation of the PdfSignatureInstance abstraction to use PDFBox for parsing and creating signed PDF documents.

Constructor Summary

Constructors

Constructor and Description
PdfSignatureInstancePdfbox()

Method Summary

Modifier and Type	Method and Description
void	addArchivalTimestamp(java.lang.String tsaUrl, java.lang.String username, java.lang.String password, PadesLTVParameters params, java.lang.String newTimestampedFilePath) Add the validation data contained in params to this document's DSS (document security store) as defined by PAdES-LTV (PAdES - long term validation).
void	addArchivalTimestamp(java.lang.String tsaUrl, java.lang.String username, java.lang.String password, PadesLTVParameters params, java.lang.String newTimestampedFilePath, java.lang.String digestAlgorithm) Add the validation data contained in params to this document's DSS (document security store) as defined by PAdES-LTV (PAdES - long term validation).
void	certify() Add a certification signature as defined in initSign.
void	certify(CertificationSignature.ModificationPermission allowedModification) Add a certification signature as defined in initSign.
void	certify(CertificationSignature.ModificationPermission allowedModification, LegalContentAttestation attestation) Add a certification signature as defined in initSign.
void	closeDocument() Close document instances that may still be open.
CertificationSignature	getCertificationSignature() Extract the certification signature if included.
PadesLTVParameters	getDocumentSecurityStore() Get all validation data included in the document security store (dss).
PdfSignatureDetails[]	getSignatures() Extract all PDF signatures (approval and certification signatures) contained in the document.
void	initSign(java.io.InputStream originalPdf, byte[] pwd, java.io.OutputStream signedPdf, java.security.PrivateKey privateKey, java.security.cert.Certificate[] certChain, PdfSignatureParameters params) Set all details needed to create a PDF signature.
void	initSign(java.lang.String originalFilePath, byte[] pwd, java.lang.String signedFilePath, java.security.PrivateKey privateKey, java.security.cert.Certificate[] certChain, PdfSignatureParameters params) Set all details needed to create a PDF signature.
void	initVerify(java.io.InputStream pdfFile, byte[] pwd) Specify the signed PDF document to be further analyzed.
void	initVerify(java.lang.String path, byte[] pwd) Specify the signed PDF document to be further analyzed.
void	setPDVisibleSigProperties(org.apache.pdfbox.pdmodel.interactive.digitalsignature.visible.PDVisibleSigProperties properties)
void	sign() Sign the PDF document given as defined in initSign.

Methods inherited from class iaik.pdf.signature.PdfSignatureInstance

certificateInfosToText, setCmsSecurityProvider, verify

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PdfSignatureInstancePdfbox

public PdfSignatureInstancePdfbox()

Method Detail

initSign

public void initSign(java.lang.String originalFilePath,
                     byte[] pwd,
                     java.lang.String signedFilePath,
                     java.security.PrivateKey privateKey,
                     java.security.cert.Certificate[] certChain,
                     PdfSignatureParameters params)
              throws java.io.IOException,
                     PdfSignatureException

Description copied from class: PdfSignatureInstance

Set all details needed to create a PDF signature. Depending on the key type specified, you may need to set a CMSSecurityProvider. E.g. if you use the IAIK PKCS#11-provider to create the signature on a smart card or token you have to set the PKCS#11 security provider: SecurityProvider.setSecurityProvider(new IaikPkcs11SecurityProvider((IAIKPkcs11)pkcs11Provider)); If using EC-keys and the IAIK ECCelerate toolkit, also use the corresponding CMS security provider: SecurityProvider.setSecurityProvider(new ECCelerateProvider());

Specified by:

initSign in class PdfSignatureInstance

Parameters:

originalFilePath - path to the PDF document, that shall be signed

pwd - password to open the document if encrypted (may be null)

signedFilePath - path where to save the signed PDF document

privateKey - private key to use for creating the signature

certChain - certificate chain corresponding to the given private key

params - parameters defining the required characteristics of the signature

Throws:

java.io.IOException - if the original file can't be read or the signed file can't be written

PdfSignatureException - if specified parameters are invalid or certificates can't be parsed

initSign

public void initSign(java.io.InputStream originalPdf,
                     byte[] pwd,
                     java.io.OutputStream signedPdf,
                     java.security.PrivateKey privateKey,
                     java.security.cert.Certificate[] certChain,
                     PdfSignatureParameters params)
              throws java.io.IOException,
                     PdfSignatureException

Description copied from class: PdfSignatureInstance

Set all details needed to create a PDF signature. Depending on the key type specified, you may need to set a CMSSecurityProvider. E.g. if you use the IAIK PKCS#11-provider to create the signature on a smart card or token you have to set the PKCS#11 security provider: SecurityProvider.setSecurityProvider(new IaikPkcs11SecurityProvider((IAIKPkcs11)pkcs11Provider)); If using EC-keys and the IAIK ECCelerate toolkit, also use the corresponding CMS security provider: SecurityProvider.setSecurityProvider(new ECCelerateProvider()); If using PdfBox the given originalPdf stream will be wrapped in a NonClosingIteratingInputStream.

Specified by:

initSign in class PdfSignatureInstance

Parameters:

originalPdf - the stream to read the PDF document from, that shall be signed

pwd - password to open the document if encrypted (may be null)

signedPdf - stream to write the signed PDF document to

privateKey - private key to use for creating the signature

certChain - certificate chain corresponding to the given private key

params - parameters defining the required characteristics of the signature

Throws:

java.io.IOException - if the original file can't be read or the signed file can't be written

PdfSignatureException - if specified parameters are invalid or certificates can't be parsed

setPDVisibleSigProperties

public void setPDVisibleSigProperties(org.apache.pdfbox.pdmodel.interactive.digitalsignature.visible.PDVisibleSigProperties properties)

sign

public void sign()
          throws PdfSignatureException,
                 java.io.IOException

Description copied from class: PdfSignatureInstance

Sign the PDF document given as defined in initSign. (Add an approval signature.)

Specified by:

sign in class PdfSignatureInstance

Throws:

PdfSignatureException - if errors during signing occur

java.io.IOException - if the signed document can't be written

certify

public void certify()
             throws PdfSignatureException,
                    java.io.IOException

Description copied from class: PdfSignatureInstance

Add a certification signature as defined in initSign. Such a signature shall be the first signature in the document and additionally to the signature as used in the approval signature defines what kind of modifications are allowed. Uses ModificationPermission.SignaturesFormsTemplates as default.

Specified by:

certify in class PdfSignatureInstance

Throws:

PdfSignatureException - if errors during signing occur

java.io.IOException - if the signed document can't be written

See Also:

CertificationSignature.ModificationPermission

certify

public void certify(CertificationSignature.ModificationPermission allowedModification)
             throws PdfSignatureException,
                    java.io.IOException

Description copied from class: PdfSignatureInstance

Add a certification signature as defined in initSign. Such a signature shall be the first signature in the document and additionally to the signature as used in the approval signature defines what kind of modifications are allowed. Uses ModificationPermission.SignaturesFormsTemplates as default.

Specified by:

certify in class PdfSignatureInstance

Parameters:

allowedModification - the modifications allowed in order not to invalidate the signature

Throws:

PdfSignatureException - if errors during signing occur

java.io.IOException - if the signed document can't be written

See Also:

CertificationSignature.ModificationPermission

certify

public void certify(CertificationSignature.ModificationPermission allowedModification,
                    LegalContentAttestation attestation)
             throws PdfSignatureException,
                    java.io.IOException

Description copied from class: PdfSignatureInstance

Add a certification signature as defined in initSign. Such a signature shall be the first and only signature in the document and additionally to the signature as used in the approval signature defines what kind of modifications are allowed. Uses ModificationPermission.SignaturesFormsTemplates as default.

Specified by:

certify in class PdfSignatureInstance

Parameters:

allowedModification - the modifications allowed in order not to invalidate the signature

attestation - legal content attestation certifying the document's content

Throws:

PdfSignatureException - if errors during signing occur

java.io.IOException - if the signed document can't be written

See Also:

CertificationSignature.ModificationPermission

initVerify

public void initVerify(java.lang.String path,
                       byte[] pwd)
                throws java.io.IOException

Description copied from class: PdfSignatureInstance

Specify the signed PDF document to be further analyzed.

Specified by:

initVerify in class PdfSignatureInstance

Parameters:

path - path to the signed PDF document that shall be analyzed

pwd - password to open the document if encrypted (may be null)

Throws:

java.io.IOException - if the document can't be read

initVerify

public void initVerify(java.io.InputStream pdfFile,
                       byte[] pwd)
                throws java.io.IOException

Description copied from class: PdfSignatureInstance

Specify the signed PDF document to be further analyzed. If using PdfBox the given pdfStream will be wrapped in a NonClosingIteratingInputStream.

Specified by:

initVerify in class PdfSignatureInstance

Parameters:

pdfFile - the stream to read the PDF document that shall be analyzed

pwd - password to open the document if encrypted (may be null)

Throws:

java.io.IOException - if the stream can't be read

getSignatures

public PdfSignatureDetails[] getSignatures()
                                    throws PdfSignatureException,
                                           java.io.IOException

Description copied from class: PdfSignatureInstance

Extract all PDF signatures (approval and certification signatures) contained in the document. The position of the signatures in the array is in ascending order beginning with the first (oldest, innermost) and ending with the last (most current, outermost) signature. For further operations on the received signatures, detect the signature's type and call the respective methods, e.g. like this:

 PdfSignatureDetails[] signatures = signatureInstance.getSignatures();
 for (int i = 0; i < signatures.length; i++) {
   PdfSignatureDetails signature = signatures[i];
   if (signature instanceof ApprovalSignature) {
     ((ApprovalSignature) signature).verifySignatureValue();
     if (signature instanceof CertificationSignature) {
       ModificationPermission permissions = ((CertificationSignature) signature)
           .getModificationPermission();
     }
   } else if (signature instanceof DocumentTimestamp) {
     PadesLTVParameters ltvParams = ((DocumentTimestamp) signature).getLTVParams();
   }
 }
 

Specified by:

getSignatures in class PdfSignatureInstance

Returns:

all signatures as array

Throws:

PdfSignatureException - if no signed document has been specified with initVerify

java.io.IOException - if the document can't be read

getCertificationSignature

public CertificationSignature getCertificationSignature()
                                                 throws PdfSignatureException,
                                                        java.io.IOException

Description copied from class: PdfSignatureInstance

Extract the certification signature if included.

Specified by:

getCertificationSignature in class PdfSignatureInstance

Returns:

The PDF signature implying the certification signature.

Throws:

PdfSignatureException - if more than one certification signature was found

java.io.IOException - if the document can't be read

getDocumentSecurityStore

public PadesLTVParameters getDocumentSecurityStore()
                                            throws PdfSignatureException,
                                                   java.io.IOException

Description copied from class: PdfSignatureInstance

Get all validation data included in the document security store (dss).

Specified by:

getDocumentSecurityStore in class PdfSignatureInstance

Returns:

the dss as ltv parameters

Throws:

PdfSignatureException - if some dss data can't be parsed

java.io.IOException - if some dss data can't be read

addArchivalTimestamp

public void addArchivalTimestamp(java.lang.String tsaUrl,
                                 java.lang.String username,
                                 java.lang.String password,
                                 PadesLTVParameters params,
                                 java.lang.String newTimestampedFilePath)
                          throws PdfSignatureException,
                                 java.io.IOException,
                                 iaik.tsp.TspVerificationException

Description copied from class: PdfSignatureInstance

Add the validation data contained in params to this document's DSS (document security store) as defined by PAdES-LTV (PAdES - long term validation). This validation data (certificates, CRLs, OCSP responses) shall be used at a later date to verify the included signatures, when external sources may no longer be available. After adding this data a document timestamp (requested from the given timestamp authority) is added, in order to protect the validation data.

Specified by:

addArchivalTimestamp in class PdfSignatureInstance

Parameters:

tsaUrl - URL of the timestamp authority

username - username for authorization

password - password for authorization

params - parameters including the validation data to be added

newTimestampedFilePath - the file path where the new document containing the data and timestamp shall be saved

Throws:

PdfSignatureException - if the validation data can't be encoded or the timestamp can't be created

java.io.IOException - if the validation data or the document timestamp can't be written

iaik.tsp.TspVerificationException - if errors occur when requesting and verifying the timestamp

addArchivalTimestamp

public void addArchivalTimestamp(java.lang.String tsaUrl,
                                 java.lang.String username,
                                 java.lang.String password,
                                 PadesLTVParameters params,
                                 java.lang.String newTimestampedFilePath,
                                 java.lang.String digestAlgorithm)
                          throws PdfSignatureException,
                                 java.io.IOException,
                                 iaik.tsp.TspVerificationException

Description copied from class: PdfSignatureInstance

Add the validation data contained in params to this document's DSS (document security store) as defined by PAdES-LTV (PAdES - long term validation). This validation data (certificates, CRLs, OCSP responses) shall be used at a later date to verify the included signatures, when external sources may no longer be available. After adding this data a document timestamp (requested from the given timestamp authority) is added, in order to protect the validation data.

Specified by:

addArchivalTimestamp in class PdfSignatureInstance

Parameters:

tsaUrl - URL of the timestamp authority

username - username for authorization

password - password for authorization

params - parameters including the validation data to be added

newTimestampedFilePath - the file path where the new document containing the data and timestamp shall be saved

digestAlgorithm - digest algorithm used to digest the timestamped data (timestamp imprint)

Throws:

PdfSignatureException - if the validation data can't be encoded or the timestamp can't be created

java.io.IOException - if the validation data or the document timestamp can't be written

iaik.tsp.TspVerificationException - if errors occur when requesting and verifying the timestamp

closeDocument

public void closeDocument()

Description copied from class: PdfSignatureInstance

Close document instances that may still be open. Call this function, if this signature instance will not be used any more.

Specified by:

closeDocument in class PdfSignatureInstance