Class KeyStoreSignatureProvider
- java.lang.Object
-
- org.faceless.pdf2.viewer2.ViewerFeature
-
- org.faceless.pdf2.viewer2.SignatureProvider
-
- org.faceless.pdf2.viewer2.feature.KeyStoreSignatureProvider
-
public class KeyStoreSignatureProvider extends SignatureProvider
A
SignatureProvider
that signs and verifies signatures from aKeyStoreManager
(ie from a localKeyStore
. It can verify signatures using anyPKCS7SignatureHandler
, and it can sign PDFs using anyAcrobatSignatureHandlerFactory
.By default this class will prompt the user for the name, reason etc., and let the user choose a private key from the
KeyStore
to sign the PDF. Developers who want to pre-set this information can do so by specifying the values as initialization parameters for the PDFViewer.The following initialization parameters can be specified to configure this feature, as well as those parameters specified in theSignatureProvider
API documentation.alias The default value returned by the getDefaultAlias()
methodpassword The default value returned by the getDefaultPassword()
methoddigestAlgorithm The default value returned by the getDefaultDigestAlgorithm()
methodtimeStampServer The default value returned by the getDefaultTimeStampServer()
methodcontentSize The default value returned by the getDefaultContentSize()
methodAs an example, when deploying the PDFViewer here's how to ensure every signature applied with this class has the location specified is cryptographically time-stamped using an RFC 3161 server. To save making two requests to the time-stamp server, we're pre-allocating 8KB to store the PKCS#7 signature in the PDF. The
AcrobatSignatureHandlerFactory
class has more information on these parameters.java -Dorg.faceless.pdf2.viewer2.feature.KeyStoreSignatureProvider.location="Signed using demo application" \ -Dorg.faceless.pdf2.viewer2.feature.KeyStoreSignatureProvider.timeStampServer="https://tsa.aloaha.com/" \ -Dorg.faceless.pdf2.viewer2.feature.KeyStoreSignatureProvider.contentSize=8192 \ org.faceless.pdf2.viewer2.PDFViewer
The name of this feature is KeyStoreSignatureProviderThis code is copyright the Big Faceless Organization. You're welcome to use, modify and distribute it in any form in your own projects, provided those projects continue to make use of the Big Faceless PDF library.
- Since:
- 2.11
- See Also:
AcrobatSignatureHandlerFactory
,PKCS7SignatureHandler
,KeyStoreManager
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description class
KeyStoreSignatureProvider.X509SignatureState
A subclass of SignatureState that references an X.509 Certificate.-
Nested classes/interfaces inherited from class org.faceless.pdf2.viewer2.SignatureProvider
SignatureProvider.SignatureState
-
-
Constructor Summary
Constructors Constructor Description KeyStoreSignatureProvider()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
canSign(FormSignature field)
Return true if this SignatureProvider can sign the specified fieldboolean
canVerify(FormSignature field)
Return true if this SignatureProvider can verify the specified fieldprotected JComponent
getCertificatePanel(X509Certificate cert)
Return a JComponent that contains information about a single X.509 certificate.protected JComponent
getCertificatesPanel(KeyStoreSignatureProvider.X509SignatureState state, DocumentPanel root, X509Certificate[] certs, X509Certificate cert, JTabbedPane tabbedpane)
Return a JComponent that contains information about the X.509 certificates used in the signature.String
getDefaultAlias()
Return the KeyStore alias to use when signing a PDF using this SignatureProvider.int
getDefaultContentSize()
Return the "Content Size" to be used by the defaultAcrobatSignatureHandlerFactory
.String
getDefaultDigestAlgorithm()
Return the Digest Algorithm to be used by the defaultAcrobatSignatureHandlerFactory
.char[]
getDefaultPassword()
Return the password to use when signing a PDF using this SignatureProvider.URL
getDefaultTimeStampServer()
Return the URL of an RFC 3161 TimeStamp server to be used by the defaultAcrobatSignatureHandlerFactory
.String
getDisplayName()
Return the "user friendly" name of this SignatureProvider, to use in dialogs and menus.KeyStoreManager
getKeyStoreManager()
Return theKeyStoreManager
used by this class - either the value returned byPDFViewer.getKeyStoreManager()
(the default) or a value previously set by a call tosetKeyStoreManager()
.protected PDFCanvas
getSignatureAppearance(KeyStoreManager manager, KeyStore keystore, String alias, float width, float height)
Return the PDFCanvas to be used as a SignatureAppearance for this signature, or null to use the defaultprotected SignatureHandlerFactory
getSignatureHandlerFactory()
Get theSignatureHandlerFactory
used to sign fields using this class.protected JComponent
getSignatureStatePanel(KeyStoreSignatureProvider.X509SignatureState state, DocumentPanel root)
Return a JComponent that contains information about the SignatureState.protected JComponent
getTimestampPanel(KeyStoreSignatureProvider.X509SignatureState state, DocumentPanel root)
Return a JComponent that contains information about the timestamp of the signature.void
setKeyStoreManager(KeyStoreManager keyStoreManager)
Set theKeyStoreManager
used by this class, which will override the default.void
setSignatureHandlerFactory(SignatureHandlerFactory factory)
Set theSignatureHandlerFactory
used to sign fields using this class.void
showSignDialog(JComponent root, FormSignature field)
Display the signing dialog for the specified field, and assuming all goes well sign the field at the end.void
showVerifyDialog(JComponent jroot, FormSignature field)
Show a dialog displaying information about the specified (signed) digital signature field.SignatureProvider.SignatureState
verify(JComponent root, FormSignature field)
Verify the field.-
Methods inherited from class org.faceless.pdf2.viewer2.SignatureProvider
getDefaultCertificationType, getDefaultLocation, getDefaultName, getDefaultReason, getIcon, getSignatureState, getSummaryText, getViewer, initialize, selectSignProvider, selectVerifyProvider, setSignatureState
-
Methods inherited from class org.faceless.pdf2.viewer2.ViewerFeature
getAllEnabledFeatures, getAllFeatures, getCustomJavaScript, getFeatureProperty, getFeatureURLProperty, getName, isEnabledByDefault, setFeatureName, teardown, toString
-
-
-
-
Method Detail
-
getDisplayName
public String getDisplayName()
Description copied from class:SignatureProvider
Return the "user friendly" name of this SignatureProvider, to use in dialogs and menus.- Specified by:
getDisplayName
in classSignatureProvider
-
setSignatureHandlerFactory
public void setSignatureHandlerFactory(SignatureHandlerFactory factory)
Set theSignatureHandlerFactory
used to sign fields using this class.- Parameters:
factory
- the SignatureHandlerFactory to use when signing
-
getSignatureHandlerFactory
protected SignatureHandlerFactory getSignatureHandlerFactory()
Get theSignatureHandlerFactory
used to sign fields using this class. This is either set bysetSignatureHandlerFactory()
, or a newAcrobatSignatureHandlerFactory
which has been initialized using thegetDefaultContentSize()
,getDefaultDigestAlgorithm()
andgetDefaultTimeStampServer()
methods.
-
getKeyStoreManager
public KeyStoreManager getKeyStoreManager()
Return theKeyStoreManager
used by this class - either the value returned byPDFViewer.getKeyStoreManager()
(the default) or a value previously set by a call tosetKeyStoreManager()
.
-
setKeyStoreManager
public void setKeyStoreManager(KeyStoreManager keyStoreManager)
Set theKeyStoreManager
used by this class, which will override the default.- Parameters:
keyStoreManager
- the KeyStoreManager to use, ornull
to use the default.
-
canSign
public boolean canSign(FormSignature field)
Description copied from class:SignatureProvider
Return true if this SignatureProvider can sign the specified field- Specified by:
canSign
in classSignatureProvider
-
canVerify
public boolean canVerify(FormSignature field)
Description copied from class:SignatureProvider
Return true if this SignatureProvider can verify the specified field- Specified by:
canVerify
in classSignatureProvider
-
getDefaultAlias
public String getDefaultAlias()
Return the KeyStore alias to use when signing a PDF using this SignatureProvider. By default this method checks the "alias"feature property
for this class - if specified, it must be a valid alias from the KeyStore, and the user won't be prompted to select one from the list. You will almost certainly want to specify thepassword
too.- Returns:
- the alias to use from the KeyStore, or
null
to let the user select one from the KeyStore.
-
getDefaultPassword
public char[] getDefaultPassword()
Return the password to use when signing a PDF using this SignatureProvider.- Returns:
- the password to use to unlock the alias returned by
getDefaultAlias()
, ornull
to let the user enter one. - See Also:
getDefaultAlias()
-
getDefaultTimeStampServer
public URL getDefaultTimeStampServer()
Return the URL of an RFC 3161 TimeStamp server to be used by the defaultAcrobatSignatureHandlerFactory
. See that class for more information.- Returns:
- the URL of an RFC 3161 TimeStamp server, or
null
not to specify one.
-
getDefaultDigestAlgorithm
public String getDefaultDigestAlgorithm()
Return the Digest Algorithm to be used by the defaultAcrobatSignatureHandlerFactory
. See that class for more information.- Returns:
- the digest algorithm to use, or
null
for the factory default.
-
getDefaultContentSize
public int getDefaultContentSize()
Return the "Content Size" to be used by the defaultAcrobatSignatureHandlerFactory
. See that class for more information.- Returns:
- the contet size to pass to the factory, or
0
for the factory default.
-
showSignDialog
public void showSignDialog(JComponent root, FormSignature field) throws IOException, GeneralSecurityException
Description copied from class:SignatureProvider
Display the signing dialog for the specified field, and assuming all goes well sign the field at the end.- Specified by:
showSignDialog
in classSignatureProvider
- Parameters:
root
- the JCompoment the dialog should be relative to - typically this is theDocumentPanel
field
- the field to be signed- Throws:
IOException
GeneralSecurityException
-
getSignatureAppearance
protected PDFCanvas getSignatureAppearance(KeyStoreManager manager, KeyStore keystore, String alias, float width, float height)
Return the PDFCanvas to be used as a SignatureAppearance for this signature, or null to use the default- Parameters:
manager
- the KeyStoreManagerkeystore
- the KeyStorealias
- the alias being usedwidth
- the width of the annotationheight
- the height of the annotation- Since:
- 2.11.25
-
verify
public SignatureProvider.SignatureState verify(JComponent root, FormSignature field)
Description copied from class:SignatureProvider
Verify the field. Must be overridden by any SignatureProvider that returns true fromcanVerify()
. This method may provide visual feedback to the user, but it's primary purpose is to verify the field and return its state so it should not block user progress unless it's unavoidable.- Overrides:
verify
in classSignatureProvider
- Parameters:
root
- the component that should be used as a root forfield
- the signed field- Returns:
- the SignatureState, or null if verification was cancelled and the state is unknown
-
showVerifyDialog
public void showVerifyDialog(JComponent jroot, FormSignature field)
Description copied from class:SignatureProvider
Show a dialog displaying information about the specified (signed) digital signature field. The dialog should display the signatures verification state, which may be determined by this method or retrieved from a previous verification- Specified by:
showVerifyDialog
in classSignatureProvider
- Parameters:
jroot
- the JCompoment the dialog should be relative to - typically this is theDocumentPanel
field
- the field to be verified
-
getSignatureStatePanel
protected JComponent getSignatureStatePanel(KeyStoreSignatureProvider.X509SignatureState state, DocumentPanel root)
Return a JComponent that contains information about the SignatureState. This method is used internally by theshowVerifyDialog()
method, and there's generally no reason to call it directly.- Parameters:
state
- the X509SignatureState to displayroot
- the DocumentPanel containing the PDF- Returns:
- the panel to be added to the Signature Information dialog
-
getCertificatesPanel
protected JComponent getCertificatesPanel(KeyStoreSignatureProvider.X509SignatureState state, DocumentPanel root, X509Certificate[] certs, X509Certificate cert, JTabbedPane tabbedpane) throws CertificateException
Return a JComponent that contains information about the X.509 certificates used in the signature. This method is used internally by thegetSignatureStatePanel()
method, and there's generally no reason to call it directly.- Parameters:
state
- the X509SignatureStateroot
- the DocumentPanel containing the PDFcerts
- the chain of X.509 Certificates that signed the PDF, for displaycert
- the X.509 certificate that signed the PDF, but is untrusted. If the certificate is trusted this parameter should be nulltabbedpane
- the JTabbedPane to add the panel to.- Returns:
- the panel to be added to the Signature Information dialog
- Throws:
CertificateException
-
getCertificatePanel
protected JComponent getCertificatePanel(X509Certificate cert)
Return a JComponent that contains information about a single X.509 certificate. This method is used internally by thegetSignatureStatePanel()
method, and there's generally no reason to call it directly.- Parameters:
cert
- the Certificate to display- Returns:
- the component to be displayed
-
getTimestampPanel
protected JComponent getTimestampPanel(KeyStoreSignatureProvider.X509SignatureState state, DocumentPanel root)
Return a JComponent that contains information about the timestamp of the signature. For Signatures not timestamped according to RFC3161, this panel will simply display the signature time from the computer clock. This method is used internally by thegetSignatureStatePanel()
method, and there's generally no reason to call it directly.- Parameters:
state
- the X509SignatureStateroot
- the DocumentPanel containing the PDF
-
-