public class TimeStampHandlerFactory extends Object implements SignatureHandlerFactory
An implementation of SignatureHandlerFactory
that returns a SignatureHandler
suitable for adding a "Document Level Timestamp" to the PDF. Signature created this way attest
to the document's condition at the time the PDF is saved, but say nothing
about who created it - so they do not need any private key information to be supplied.
Document Level Timestamps are described in
PDF 2.0 (ISO 32000-2), section 12.8.5, or in the
PAdES standard (ETSI TS 102 778) part 4, and require Acrobat XI or later.
Here's an example showing how to timestamp a PDF using a public RFC3161 timestamp server.
PDF pdf = new PDF(new PDFReader(new File("input.pdf"))); URL url = new URL("http://timestamp.entrust.net/TSS/RFC3161sha1TS"); TimeStampHandlerFactory factory = new TimeStampHandlerFactory(url); FormSignature timestamp = new FormSignature(); timestamp.sign(null, null, null, factory); pdf.getForm().getElements().put("timestamp", timestamp); pdf.render(new FileOutputStream("outpu.pdf"));
Note that due to a lack of joined-up thinking, timestamps are applied to a PDF in a way that
does not itself provide long-term validation. Adding this is a two step process:
first the timestamp must be applied and the PDF saved, then there must be long-term
validation applied to the timestamped PDF. Here's a complete example showing how to do this
which combines the code above and the detail from PKCS7SignatureHandler.addValidationInformation(java.security.KeyStore)
PDF pdf = new PDF(new PDFReader(new File("input.pdf"))); URL url = new URL("http://timestamp.entrust.net/TSS/RFC3161sha1TS"); TimeStampHandlerFactory factory = new TimeStampHandlerFactory(url); FormSignature timestamp = new FormSignature(); timestamp.sign(null, null, null, factory); pdf.getForm().getElements().put("timestamp", timestamp); ByteArrayOutputStream out = new ByteArrayOutputStream(); pdf.render(out); pdf = new PDF(new PDFReader(new ByteArrayInputStream(out.toByteArray()))); KeyStore rootkeystore = FormSignature.loadDefaultKeyStore(); for (FormElement elt : pdf.getForm().getElements().values()) { if (elt instanceof FormSignature) { FormSignature sig = (FormSignature)elt; SignatureHandler handler = sig.getSignatureHandler(); if (handler instanceof PKCS7SignatureHandler) { PKCS7SignatureHandler pkcshandler = (PKCS7SignatureHandler)handler; pkcshandler.addValidationInformation(rootkeystore); } } } pdf.render(new FileOutputStream("output.pdf"));
Constructor and Description |
---|
TimeStampHandlerFactory()
Create a new SignatureHandlerFactory.
|
TimeStampHandlerFactory(URL url)
Create a new SignatureHandlerFactory and set the URL for the TimeStamp server
|
Modifier and Type | Method and Description |
---|---|
SignatureHandler |
getHandler()
Return a handler created by this factory
|
void |
setContentSize(int size)
This method can be called to fix the space allocated for the "Contents" variable,
which contains the encoded signature.
|
void |
setDigestAlgorithm(String algorithm)
Set the message digest algorithm to use - one of MD5, SHA1, SHA-256, SHA-384, SHA-512 or RIPEMD160
The default is SHA-256.
|
void |
setTimeStampServer(URL server)
Specify the URL of an RFC3161 Timestamp Server.
|
public TimeStampHandlerFactory(URL url)
public TimeStampHandlerFactory()
public void setDigestAlgorithm(String algorithm)
algorithm
- the message-digest algorithm to use.public void setTimeStampServer(URL server)
server
- The server to contact for the TimeStamp.
If a username/password are required they may be specified in the URL,
e.g. "http://user:password@server.com".FormSignature.getSignDate()
,
PKCS7SignatureHandler.getTimeStampCertificates()
public void setContentSize(int size)
This method can be called to fix the space allocated for the "Contents" variable, which contains the encoded signature. If a value > 0 is supplied then the Contents variable will have that much space allocated for it. Otherwise, a dummy timetamping will be performed before the actual operation to determined how much space to allocate.
The intention of this is to allocate space in the Contents variable for the signed content without having to perform a dummy signing to determine the size. This method is only of use if you want to limit the number calls made to your TimeStamp server. With a value of zero, two calls are made to the server. With a value > 0, only one call is made.
size
- the size of the Contents string in bytes, or 0 to determine automatically.public SignatureHandler getHandler()
SignatureHandlerFactory
getHandler
in interface SignatureHandlerFactory
Copyright © 2001-2017 Big Faceless Organization