List of usage examples for com.itextpdf.text.pdf.security SignaturePermissions SignaturePermissions
public SignaturePermissions(PdfDictionary sigDict, SignaturePermissions previous)
From source file:controller.CCInstance.java
License:Open Source License
public final ArrayList<SignatureValidation> validatePDF(final String file, final ValidationListener vl) throws IOException, DocumentException, GeneralSecurityException { this.validating = true; final PdfReader reader = new PdfReader(file); final AcroFields af = reader.getAcroFields(); final ArrayList names = af.getSignatureNames(); final ArrayList<SignatureValidation> validateList = new ArrayList<>(); X509Certificate x509c = null; Security.setProperty("ocsp.enable", "true"); System.setProperty("com.sun.security.enableCRLDP", "true"); boolean nextValid = true; for (Object o : names) { if (!validating) { return null; }/*from w w w . ja v a2s . com*/ final String name = (String) o; final PdfPKCS7 pk = af.verifySignature(name, "BC"); final Certificate pkc[] = pk.getCertificates(); x509c = (X509Certificate) pkc[pkc.length - 1]; final Certificate[] aL = pkc;//getCompleteCertificateChain(x509c); if (null == aL || 0 == aL.length) { return null; } CertificateStatus ocspCertificateStatus = CertificateStatus.UNCHECKED; BasicOCSPResp ocspResp = pk.getOcsp(); if (null != ocspResp && pk.isRevocationValid()) { for (SingleResp singleResp : ocspResp.getResponses()) { if (null == singleResp.getCertStatus()) { ocspCertificateStatus = CertificateStatus.OK; } else if (singleResp.getCertStatus() instanceof RevokedStatus) { if (ocspResp.getProducedAt() .before(((RevokedStatus) singleResp.getCertStatus()).getRevocationTime())) { ocspCertificateStatus = CertificateStatus.OK; } else { ocspCertificateStatus = CertificateStatus.REVOKED; } } else if (singleResp.getCertStatus() instanceof UnknownStatus) { ocspCertificateStatus = CertificateStatus.UNKNOWN; } } } CertificateStatus crlCertificateStatus = CertificateStatus.UNCHECKED; Collection<CRL> crlResp = pk.getCRLs(); if (null != crlResp) { boolean revoked = false; for (CRL crl : crlResp) { if (crl.isRevoked(x509c)) { revoked = true; } } crlCertificateStatus = revoked ? CertificateStatus.REVOKED : CertificateStatus.OK; } if (ocspCertificateStatus.equals(CertificateStatus.UNCHECKED) && crlCertificateStatus.equals(CertificateStatus.UNCHECKED)) { if (pkc.length == 1) { Certificate[] completeChain = getCompleteTrustedCertificateChain(x509c); if (completeChain.length == 1) { ocspCertificateStatus = CertificateStatus.UNCHAINED; } else { ocspCertificateStatus = CertificateStatus.CHAINED_LOCALLY; } } } final TimeStampToken tst = pk.getTimeStampToken(); boolean validTimestamp = false; if (null != tst) { final boolean hasTimestamp = pk.verifyTimestampImprint(); validTimestamp = hasTimestamp && CertificateVerification.verifyTimestampCertificates(tst, ks, null); } PdfDictionary pdfDic = reader.getAcroFields().getSignatureDictionary(name); SignaturePermissions sp = new SignaturePermissions(pdfDic, null); boolean isValid; if (nextValid) { isValid = pk.verify(); } else { isValid = false; } List<AcroFields.FieldPosition> posList = af.getFieldPositions(name); final SignatureValidation signature = new SignatureValidation(file, name, pk, !pk.verify(), af.signatureCoversWholeDocument(name), af.getRevision(name), af.getTotalRevisions(), reader.getCertificationLevel(), ocspCertificateStatus, crlCertificateStatus, validTimestamp, posList, sp, isValid); validateList.add(signature); if (null != vl) { vl.onValidationComplete(signature); } if (!sp.isFillInAllowed()) { nextValid = false; } } return validateList; }