Class PKCS7SignatureHandler.ValidationInformation

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.util.List<java.security.cert.X509Certificate> getCertificates()
      Return the full list of Certificates included with the long-term validation.
      java.util.List<java.security.cert.X509CRL> getCRLs()
      Return the full list of CRLs used to validate this signature, or an empty list if there are none.
      PKCS7SignatureHandler getHandler()
      Return the PKCS7SignatureHandler object this class is associated with
      java.util.List<PKCS7SignatureHandler.OCSPResponse> getOCSPResponses()
      Return the full list of OCSP responses used to validate this signature, or an empty list if there are none.
      java.util.Calendar getTime()
      Return the time the validation was performed at.
      boolean isComplete​(java.security.KeyStore keystore)
      Verify the validation information as correct, and return true if it includes all the information to validate the signature.
      boolean isInitial()
      Return true if this Validation was added at the time of signing (technically, if it was included as part of the id-adbe-revocationInfoArchival attribute in the PKCS#7 object).
      java.lang.String toString()  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
    • Method Detail

      • getCRLs

        public java.util.List<java.security.cert.X509CRL> getCRLs()
        Return the full list of CRLs used to validate this signature, or an empty list if there are none.
      • getOCSPResponses

        public java.util.List<PKCS7SignatureHandler.OCSPResponse> getOCSPResponses()
        Return the full list of OCSP responses used to validate this signature, or an empty list if there are none.
      • getCertificates

        public java.util.List<java.security.cert.X509Certificate> getCertificates()
        Return the full list of Certificates included with the long-term validation. For an initial Validation, this is the same as PKCS7SignatureHandler.getCertificates()
      • getTime

        public java.util.Calendar getTime()
        Return the time the validation was performed at. For an initial Validation, this is the same as FormSignature.getSignDate(). For any subsequent validations, this time is not usually asserted in any cryptographically assured way, so this value is just an indication.
      • isInitial

        public boolean isInitial()
        Return true if this Validation was added at the time of signing (technically, if it was included as part of the id-adbe-revocationInfoArchival attribute in the PKCS#7 object). If it is, it will automatically be verified as part of the signature verification
      • isComplete

        public boolean isComplete​(java.security.KeyStore keystore)
                           throws java.security.GeneralSecurityException

        Verify the validation information as correct, and return true if it includes all the information to validate the signature. If a KeyStore is supplied, it is presumed to contain the list of trusted roots: the certificate chains in the PDF must be validated to one of those roots to be trusted. If keystore is null, then any self-signed root is presumed to be trusted.

        The validation process confirms that the Certicates used during signing were not revoked at the time of signing. This method presumes that the timestamp of the signature is valid, which is not something that can be asserted unless the signature was timestamped by a trusted TimeStamp server: the PKCS7SignatureHandler.getTimeStampCertificates() should be used to confirm this.

        Returns:
        true if the certificate chain up to a trusted root can be verified using only information contained in the PDF, or false if the chain cannot be verified without further information
        Throws:
        java.security.GeneralSecurityException - if the signature chain cannot be validated, either due to a signature failing to verify, or because one of the certificates has been revoked.
      • getHandler

        public PKCS7SignatureHandler getHandler()
        Return the PKCS7SignatureHandler object this class is associated with
      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object