Class TimeStampHandlerFactory

  • All Implemented Interfaces:
    SignatureHandlerFactory

    public class TimeStampHandlerFactory
    extends Object
    implements SignatureHandlerFactory

    An implementation of SignatureHandlerFactory that returns a SignatureHandler suitable for adding a "Document Level Timestamp" to the PDF. Signature created this way attest to the document's condition at the time the PDF is saved, but say nothing about who created it - so they do not need any private key information to be supplied. Document Level Timestamps are described in PDF 2.0 (ISO 32000-2), section 12.8.5, or in the PAdES standard (ETSI TS 102 778) part 4, and require Acrobat XI or later.

    Here's an example showing how to timestamp a PDF using a public RFC3161 timestamp server.

     PDF pdf = new PDF(new PDFReader(new File("input.pdf")));
     URL url = new URL("http://timestamp.entrust.net/TSS/RFC3161sha1TS");
     TimeStampHandlerFactory factory = new TimeStampHandlerFactory(url);
     FormSignature timestamp = new FormSignature();
     timestamp.sign(null, null, null, factory);
     pdf.getForm().getElements().put("timestamp", timestamp);
     pdf.render(new FileOutputStream("outpu.pdf"));
     

    Note that due to a lack of joined-up thinking, timestamps are applied to a PDF in a way that does not itself provide long-term validation. Adding this is a two step process: first the timestamp must be applied and the PDF saved, then there must be long-term validation applied to the timestamped PDF. Here's a complete example showing how to do this which combines the code above and the detail from PKCS7SignatureHandler.addValidationInformation(java.security.KeyStore)

     PDF pdf = new PDF(new PDFReader(new File("input.pdf")));
     URL url = new URL("http://timestamp.entrust.net/TSS/RFC3161sha1TS");
    
     TimeStampHandlerFactory factory = new TimeStampHandlerFactory(url);
     FormSignature timestamp = new FormSignature();
     timestamp.sign(null, null, null, factory);
     pdf.getForm().getElements().put("timestamp", timestamp);
    
     FastByteArrayOutputStream out = new FastByteArrayOutputStream();
     pdf.render(out);
     pdf = new PDF(new PDFReader(new ByteArrayInputStream(out.toByteArray())));
    
     KeyStore rootkeystore = FormSignature.loadDefaultKeyStore();
     for (FormElement elt : pdf.getForm().getElements().values()) {
       if (elt instanceof FormSignature) {
         FormSignature sig = (FormSignature)elt;
         SignatureHandler handler = sig.getSignatureHandler();
         if (handler instanceof PKCS7SignatureHandler) {
           PKCS7SignatureHandler pkcshandler = (PKCS7SignatureHandler)handler;
           pkcshandler.addValidationInformation(rootkeystore);
         }
       }
     }
     pdf.render(new FileOutputStream("output.pdf"));
     
    Since:
    2.18.2
    • Constructor Detail

      • TimeStampHandlerFactory

        public TimeStampHandlerFactory​(URL url)
        Create a new SignatureHandlerFactory and set the URL for the TimeStamp server
      • TimeStampHandlerFactory

        public TimeStampHandlerFactory()
        Create a new SignatureHandlerFactory.
    • Method Detail

      • setDigestAlgorithm

        public void setDigestAlgorithm​(String algorithm)
        Set the message digest algorithm to use - one of MD5, SHA1, SHA-256, SHA-384, SHA-512 or RIPEMD160 The default is SHA-256.
        Parameters:
        algorithm - the message-digest algorithm to use.
      • setTimeStampServer

        public void setTimeStampServer​(URL server)
        Specify the URL of an RFC3161 Timestamp Server. The server will be contacted and the PDF timestamped when it is saved. A TimeStamp server is required to timestamp a document.
        Parameters:
        server - The server to contact for the TimeStamp. If a username/password are required they may be specified in the URL, e.g. "http://user:password@server.com".
        See Also:
        FormSignature.getSignDate(), PKCS7SignatureHandler.getTimeStampCertificates()
      • setContentSize

        public void setContentSize​(int size)

        This method can be called to fix the space allocated for the "Contents" variable, which contains the encoded signature. If a value > 0 is supplied then the Contents variable will have that much space allocated for it. Otherwise, a dummy timetamping will be performed before the actual operation to determined how much space to allocate.

        The intention of this is to allocate space in the Contents variable for the signed content without having to perform a dummy signing to determine the size. This method is only of use if you want to limit the number calls made to your TimeStamp server. With a value of zero, two calls are made to the server. With a value > 0, only one call is made.

        Parameters:
        size - the size of the Contents string in bytes, or 0 to determine automatically.