Example usage for com.lowagie.text.pdf PdfPKCS7 verifyTimestampCertificates

List of usage examples for com.lowagie.text.pdf PdfPKCS7 verifyTimestampCertificates

  1. HOME
  2. Java
  3. com.lowagie
  4. com.lowagie.text.pdf.*
  5. PdfPKCS7
  6. verifyTimestampCertificates

Introduction

In this page you can find the example usage for com.lowagie.text.pdf PdfPKCS7 verifyTimestampCertificates.

Prototype

public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider)

Source Link

Document

Verifies a timestamp against a KeyStore.

Usage

From source file:net.sf.jsignpdf.verify.VerifierLogic.java

License:Mozilla Public License

public Exception validateTimeStampToken(TimeStampToken token) {
    if (token == null) {
        return null;
    }//from  www. j  a  v a2  s  .  com
    try {
        SignerId signer = token.getSID();

        X509Certificate certificate = null;
        X500Principal sign_cert_issuer = signer.getIssuer();
        BigInteger sign_cert_serial = signer.getSerialNumber();

        CertStore store = token.getCertificatesAndCRLs("Collection", "BC");

        // Iterate CertStore to find a signing certificate
        Collection<? extends Certificate> certs = store.getCertificates(null);
        Iterator<? extends Certificate> iter = certs.iterator();

        while (iter.hasNext()) {
            X509Certificate cert = (X509Certificate) iter.next();
            if (cert.getIssuerX500Principal().equals(sign_cert_issuer)
                    && cert.getSerialNumber().equals(sign_cert_serial)) {
                certificate = cert;
                break;
            }
        }

        if (certificate == null) {
            throw new TSPException("Missing signing certificate for TSA.");
        }

        // check TS token's certificate against keystore
        if (certs.size() == 1) {
            boolean verifyTimestampCertificates = PdfPKCS7.verifyTimestampCertificates(token, kall, null);
            if (!verifyTimestampCertificates) {
                throw new Exception("Timestamp certificate can't be verified.");
            }
        } else {
            int certSize = certs.size();
            Certificate[] array = certs.toArray(new Certificate[certSize]);
            Certificate[] certArray = new Certificate[certSize];
            // reverse order
            for (int i = 0; i < certSize; i++) {
                certArray[i] = array[certSize - 1 - i];
            }
            // token.validate(SignerInformationVerifier) will check if certificate has been valid at the time the timestamp was created
            Object[] verifyCertificates = PdfPKCS7.verifyCertificates(certArray, kall, null, null);
            if (verifyCertificates != null) {
                throw new Exception("Timestamp certificate can't be verified.");
            }
        }

        SignerInformationVerifier verifier = new JcaSimpleSignerInfoVerifierBuilder().build(certificate);
        token.validate(verifier);
    } catch (Exception e) {
        return e;
    }
    return null;
}