java.lang.Object
- org.faceless.pdf2.PKCS7SignatureHandler.ValidationInformation

Enclosing class:

PKCS7SignatureHandler
```
public class PKCS7SignatureHandler.ValidationInformation
extends Object
```
This class represents long-term validation information, as described in PAdES part 4. It may be added in one of two ways:
- At time of signing. This is done by verifying the Certificates used (via OCSP or CRL) and timestamping the Signature. With our API, this can be done by calling the AcrobatSignatureHandlerFactory.setTimeStampServer(java.net.URL) and AcrobatSignatureHandlerFactory.setValidateCertificatesOnSigning(boolean) methods on the SignatureHandlerFactory before signing. We call this an initial validation.
- At some later date. This is done in Acrobat by "adding validation information" to the PDF and saving the file, or in our API by calling the PKCS7SignatureHandler.addValidationInformation(java.security.KeyStore) method. The Certificates used in the original signing are verified, and if they have not been revoked an additional revision is added to the file with the same information (the OCSP and CRL responses).
Either of these validations may be complete, which means it contains all the OCSP and CRL responses required to verify the entire certificate chain up to self-signed root. A complete signature is the equivalent of an "LTV enabled" signature in Acrobat.
Since:

2.18.2

See Also:

PKCS7SignatureHandler.addValidationInformation(java.security.KeyStore), PKCS7SignatureHandler.getValidationInformation()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`List<X509Certificate>`	`getCertificates()`	Return the full list of Certificates included with the long-term validation.
`List<X509CRL>`	`getCRLs()`	Return the full list of CRLs used to validate this signature, or an empty list if there are none.
`PKCS7SignatureHandler`	`getHandler()`	Return the PKCS7SignatureHandler object this class is associated with
`List<PKCS7SignatureHandler.OCSPResponse>`	`getOCSPResponses()`	Return the full list of OCSP responses used to validate this signature, or an empty list if there are none.
`Calendar`	`getTime()`	Return the time the validation was performed at.
`boolean`	`isComplete(KeyStore keystore)`	Verify the validation information as correct, and return true if it includes all the information to validate the signature.
`boolean`	`isInitial()`	Return true if this Validation was added at the time of signing (technically, if it was included as part of the id-adbe-revocationInfoArchival attribute in the PKCS#7 object).
`String`	`toString()`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Method Detail
  - getCRLs
```
public List<X509CRL> getCRLs()
```
    Return the full list of CRLs used to validate this signature, or an empty list if there are none.
  - getOCSPResponses
```
public List<PKCS7SignatureHandler.OCSPResponse> getOCSPResponses()
```
    Return the full list of OCSP responses used to validate this signature, or an empty list if there are none.
  - getCertificates
```
public List<X509Certificate> getCertificates()
```
    Return the full list of Certificates included with the long-term validation. For an initial Validation, this is the same as PKCS7SignatureHandler.getCertificates()
  - getTime
```
public Calendar getTime()
```
    Return the time the validation was performed at. For an initial Validation, this is the same as FormSignature.getSignDate(). For any subsequent validations, this time is not usually asserted in any cryptographically assured way, so this value is just an indication.
  - isInitial
```
public boolean isInitial()
```
    Return true if this Validation was added at the time of signing (technically, if it was included as part of the id-adbe-revocationInfoArchival attribute in the PKCS#7 object). If it is, it will automatically be verified as part of the signature verification
  - isComplete
```
public boolean isComplete(KeyStore keystore)
                   throws GeneralSecurityException
```
    Verify the validation information as correct, and return true if it includes all the information to validate the signature. If a KeyStore is supplied, it is presumed to contain the list of trusted roots: the certificate chains in the PDF must be validated to one of those roots to be trusted. If keystore is null, then any self-signed root is presumed to be trusted.
    The validation process confirms that the Certicates used during signing were not revoked at the time of signing. This method presumes that the timestamp of the signature is valid, which is not something that can be asserted unless the signature was timestamped by a trusted TimeStamp server: the PKCS7SignatureHandler.getTimeStampCertificates() should be used to confirm this.
    
    Returns:
    
    true if the certificate chain up to a trusted root can be verified using only information contained in the PDF, or false if the chain cannot be verified without further information
    
    Throws:
    
    GeneralSecurityException - if the signature chain cannot be validated, either due to a signature failing to verify, or because one of the certificates has been revoked.
  - getHandler
```
public PKCS7SignatureHandler getHandler()
```
    Return the PKCS7SignatureHandler object this class is associated with
  - toString
```
public String toString()
```
    Overrides:
    
    toString in class Object

Class PKCS7SignatureHandler.ValidationInformation

Method Summary

Methods inherited from class java.lang.Object

Method Detail

getCRLs

getOCSPResponses

getCertificates

getTime

isInitial

isComplete

getHandler

toString