Class TimeStampHandlerFactory
- java.lang.Object
-
- org.faceless.pdf2.TimeStampHandlerFactory
-
- All Implemented Interfaces:
SignatureHandlerFactory
public class TimeStampHandlerFactory extends Object implements SignatureHandlerFactory
An implementation of
SignatureHandlerFactory
that returns aSignatureHandler
suitable for adding a "Document Level Timestamp" to the PDF. Signature created this way attest to the document's condition at the time the PDF is saved, but say nothing about who created it - so they do not need any private key information to be supplied. Document Level Timestamps are described in PDF 2.0 (ISO 32000-2), section 12.8.5, or in the PAdES standard (ETSI TS 102 778) part 4, and require Acrobat XI or later.Here's an example showing how to timestamp a PDF using a public RFC3161 timestamp server.
PDF pdf = new PDF(new PDFReader(new File("input.pdf"))); URL url = new URL("http://timestamp.entrust.net/TSS/RFC3161sha1TS"); TimeStampHandlerFactory factory = new TimeStampHandlerFactory(url); FormSignature timestamp = new FormSignature(); timestamp.sign(null, null, null, factory); pdf.getForm().getElements().put("timestamp", timestamp); pdf.render(new FileOutputStream("outpu.pdf"));
Note that due to a lack of joined-up thinking, timestamps are applied to a PDF in a way that does not itself provide long-term validation. Adding this is a two step process: first the timestamp must be applied and the PDF saved, then there must be long-term validation applied to the timestamped PDF. Here's a complete example showing how to do this which combines the code above and the detail from
PKCS7SignatureHandler.addValidationInformation(java.security.KeyStore)
PDF pdf = new PDF(new PDFReader(new File("input.pdf"))); URL url = new URL("http://timestamp.entrust.net/TSS/RFC3161sha1TS"); TimeStampHandlerFactory factory = new TimeStampHandlerFactory(url); FormSignature timestamp = new FormSignature(); timestamp.sign(null, null, null, factory); pdf.getForm().getElements().put("timestamp", timestamp); FastByteArrayOutputStream out = new FastByteArrayOutputStream(); pdf.render(out); pdf = new PDF(new PDFReader(new ByteArrayInputStream(out.toByteArray()))); KeyStore rootkeystore = FormSignature.loadDefaultKeyStore(); for (FormElement elt : pdf.getForm().getElements().values()) { if (elt instanceof FormSignature) { FormSignature sig = (FormSignature)elt; SignatureHandler handler = sig.getSignatureHandler(); if (handler instanceof PKCS7SignatureHandler) { PKCS7SignatureHandler pkcshandler = (PKCS7SignatureHandler)handler; pkcshandler.addValidationInformation(rootkeystore); } } } pdf.render(new FileOutputStream("output.pdf"));
- Since:
- 2.18.2
-
-
Constructor Summary
Constructors Constructor Description TimeStampHandlerFactory()
Create a new SignatureHandlerFactory.TimeStampHandlerFactory(URL url)
Create a new SignatureHandlerFactory and set the URL for the TimeStamp server
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description SignatureHandler
getHandler()
Return a handler created by this factoryvoid
setContentSize(int size)
This method can be called to fix the space allocated for the "Contents" variable, which contains the encoded signature.void
setDigestAlgorithm(String algorithm)
Set the message digest algorithm to use - one of MD5, SHA1, SHA-256, SHA-384, SHA-512 or RIPEMD160 The default is SHA-256.void
setTimeStampServer(URL server)
Specify the URL of an RFC3161 Timestamp Server.
-
-
-
Constructor Detail
-
TimeStampHandlerFactory
public TimeStampHandlerFactory(URL url)
Create a new SignatureHandlerFactory and set the URL for the TimeStamp server
-
TimeStampHandlerFactory
public TimeStampHandlerFactory()
Create a new SignatureHandlerFactory.
-
-
Method Detail
-
setDigestAlgorithm
public void setDigestAlgorithm(String algorithm)
Set the message digest algorithm to use - one of MD5, SHA1, SHA-256, SHA-384, SHA-512 or RIPEMD160 The default is SHA-256.- Parameters:
algorithm
- the message-digest algorithm to use.
-
setTimeStampServer
public void setTimeStampServer(URL server)
Specify the URL of an RFC3161 Timestamp Server. The server will be contacted and the PDF timestamped when it is saved. A TimeStamp server is required to timestamp a document.- Parameters:
server
- The server to contact for the TimeStamp. If a username/password are required they may be specified in the URL, e.g. "http://user:password@server.com".- See Also:
FormSignature.getSignDate()
,PKCS7SignatureHandler.getTimeStampCertificates()
-
setContentSize
public void setContentSize(int size)
This method can be called to fix the space allocated for the "Contents" variable, which contains the encoded signature. If a value > 0 is supplied then the Contents variable will have that much space allocated for it. Otherwise, a dummy timetamping will be performed before the actual operation to determined how much space to allocate.
The intention of this is to allocate space in the Contents variable for the signed content without having to perform a dummy signing to determine the size. This method is only of use if you want to limit the number calls made to your TimeStamp server. With a value of zero, two calls are made to the server. With a value > 0, only one call is made.
- Parameters:
size
- the size of the Contents string in bytes, or 0 to determine automatically.
-
getHandler
public SignatureHandler getHandler()
Description copied from interface:SignatureHandlerFactory
Return a handler created by this factory- Specified by:
getHandler
in interfaceSignatureHandlerFactory
-
-