public class PKCS7SignatureHandler.ValidationInformation extends Object
AcrobatSignatureHandlerFactory.setTimeStampServer(java.net.URL)
and
AcrobatSignatureHandlerFactory.setValidateCertificatesOnSigning(boolean)
methods
on the SignatureHandlerFactory before signing. We call this an initial validation.
PKCS7SignatureHandler.addValidationInformation(java.security.KeyStore)
method.
The Certificates used in the original signing are verified, and if they have not been revoked an
additional revision is added to the file with the same information (the OCSP and CRL responses).
Either of these validations may be complete, which means it contains all the OCSP and CRL responses required to verify the entire certificate chain up to self-signed root. A complete signature is the equivalent of an "LTV enabled" signature in Acrobat.
Modifier and Type | Method and Description |
---|---|
List<X509Certificate> |
getCertificates()
Return the full list of Certificates included with the long-term validation.
|
List<X509CRL> |
getCRLs()
Return the full list of CRLs used to validate this signature, or an empty list if there are none.
|
PKCS7SignatureHandler |
getHandler()
Return the PKCS7SignatureHandler object this class is associated with
|
List<PKCS7SignatureHandler.OCSPResponse> |
getOCSPResponses()
Return the full list of OCSP responses used to validate this signature, or an empty list if there are none.
|
Calendar |
getTime()
Return the time the validation was performed at.
|
boolean |
isComplete(KeyStore keystore)
Verify the validation information as correct, and return true if it includes all
the information to validate the signature.
|
boolean |
isInitial()
Return true if this Validation was added at the time of signing (technically, if
it was included as part of the id-adbe-revocationInfoArchival attribute in the
PKCS#7 object).
|
public List<X509CRL> getCRLs()
public List<PKCS7SignatureHandler.OCSPResponse> getOCSPResponses()
public List<X509Certificate> getCertificates()
initial
Validation, this is the same as
PKCS7SignatureHandler.getCertificates()
public Calendar getTime()
initial
Validation,
this is the same as FormSignature.getSignDate()
. For any subsequent validations,
this time is not usually asserted in any cryptographically assured way, so this value
is just an indication.public boolean isInitial()
public boolean isComplete(KeyStore keystore) throws GeneralSecurityException
Verify the validation information as correct, and return true if it includes all
the information to validate the signature. If a KeyStore is supplied, it is
presumed to contain the list of trusted roots: the certificate chains in the PDF
must be validated to one of those roots to be trusted. If keystore is null
,
then any self-signed root is presumed to be trusted.
The validation process confirms that the Certicates used during signing were not
revoked at the time of signing. This method presumes that the timestamp of the
signature is valid, which is not something that can be asserted unless the signature
was timestamped by a trusted TimeStamp server: the
PKCS7SignatureHandler.getTimeStampCertificates()
should be used to confirm this.
GeneralSecurityException
- if the signature chain cannot be validated, either
due to a signature failing to verify, or because one of the certificates has been revoked.public PKCS7SignatureHandler getHandler()
Copyright © 2001-2017 Big Faceless Organization