Class PKCS7SignatureHandler.ValidationInformation

    • Method Detail

      • getCRLs

        public List<X509CRL> getCRLs()
        Return the full list of CRLs used to validate this signature, or an empty list if there are none.
      • getOCSPResponses

        public List<PKCS7SignatureHandler.OCSPResponse> getOCSPResponses()
        Return the full list of OCSP responses used to validate this signature, or an empty list if there are none.
      • getTime

        public Calendar getTime()
        Return the time the validation was performed at. For an initial Validation, this is the same as FormSignature.getSignDate(). For any subsequent validations, this time is not usually asserted in any cryptographically assured way, so this value is just an indication.
      • isInitial

        public boolean isInitial()
        Return true if this Validation was added at the time of signing (technically, if it was included as part of the id-adbe-revocationInfoArchival attribute in the PKCS#7 object). If it is, it will automatically be verified as part of the signature verification
      • isComplete

        public boolean isComplete​(KeyStore keystore)
                           throws GeneralSecurityException

        Verify the validation information as correct, and return true if it includes all the information to validate the signature. If a KeyStore is supplied, it is presumed to contain the list of trusted roots: the certificate chains in the PDF must be validated to one of those roots to be trusted. If keystore is null, then any self-signed root is presumed to be trusted.

        The validation process confirms that the Certicates used during signing were not revoked at the time of signing. This method presumes that the timestamp of the signature is valid, which is not something that can be asserted unless the signature was timestamped by a trusted TimeStamp server: the PKCS7SignatureHandler.getTimeStampCertificates() should be used to confirm this.

        Returns:
        true if the certificate chain up to a trusted root can be verified using only information contained in the PDF, or false if the chain cannot be verified without further information
        Throws:
        GeneralSecurityException - if the signature chain cannot be validated, either due to a signature failing to verify, or because one of the certificates has been revoked.
      • getHandler

        public PKCS7SignatureHandler getHandler()
        Return the PKCS7SignatureHandler object this class is associated with