|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.faceless.pdf2.SignatureHandler
org.faceless.pdf2.DSE200Handler
public class DSE200Handler
Note. Acrobat 7 now supports RFC3161, the industry standard method of embedding a certified
timestamp in a digital signature. This requires no additional plugins for Acrobat, and since 2.7.1
is supported with our PDF library via the AcrobatSignatureHandlerFactory.setTimeStampServer(java.net.URL)
method.
Unless you're specifically targeting Acrobat 6.0, we'd encourage you to use that approach instead
of this class
This class is an implementation of SignatureHandler
that can be used to time-stamp
documents using an nCipher DSE200.
These documents can then be verified using nCiphers
pdfProof plugin for Acrobat.
Using this class is fairly simple. First, you will need the
asn1rt.jar
and tti.jar
files supplied with the DSE200
Development Kit in your CLASSPATH (if you don't have a copy of the DSE200 SDK, get in
touch with nCipher through their website).
Additionally, if signing (rather than verifying) you will need the hostname of the DSE
you're using to sign. Then, it's as simple as:
SignatureHandlerFactory factory = new DSE200HandlerFactory(hostname, DSE200HandlerFactory.TSP); FormSignature sig = new FormSignature(null, null, null, factory); sig.addAnnotation(page, 100, 500, 300, 700); form.getElements().put("TestSignature", sig);
To verify documents, as with all public key signatures you must first verify the signature matches the document, then verify that the certificates that signed it are trusted. To do this, first you must register the factory class like so:
FormSignature.registerHandlerForVerification(new DSE200HandlerFactory(null,0));and then call
FormSignature.verify()
as normal to confirm the signature matches the
document. For further verification you can retrieve the Certificate used to sign the
TimeStamp with getSignerCertificate()
, or the getTimeStampToken()
method
can be called to retrieve the DER encoded TimeStampToken object, which can be parsed and
verified seperately if required.
Note: If running these classes with Java 1.2, an external security provider must also be installed or signature validation functions will throw NoSuchAlgorithmException.
Nested Class Summary |
---|
Nested classes/interfaces inherited from class org.faceless.pdf2.SignatureHandler |
---|
SignatureHandler.Placeholder |
Method Summary | |
---|---|
String |
getFilter()
Return the name of the filter, eg "Adobe.PPKLite". |
PDFCanvas |
getLayerAppearance(String layername,
PDFStyle textstyle)
Return a PDFCanvas for the specified layer. |
String[] |
getLayerNames()
Return the list of appearance layer names used by this Signature Handler to create a visible appearance on the page, in the order they should be drawn. |
MessageDigest |
getMessageDigest()
Return a MessageDigest that will be used to calculate the digest of the PDF for signing. |
Calendar |
getSignatureDate()
|
X509Certificate |
getSignerCertificate()
Return the Signer Certificate used to sign this timestamp |
String |
getSubFilter()
|
byte[] |
getTimeStampToken()
Return the encoded TimeStampToken object used to sign the
document. |
byte[] |
getVariable(String name)
|
Map |
getVariables()
Return the list of "variables" which will be set by the handler after the PDF is rendered. |
boolean |
isVariableEncrypted(String name)
|
protected void |
prepareToSign(KeyStore store,
String alias,
char[] password)
This method initialized the handler using the specified values into a state where it's ready to sign. |
byte[] |
sign()
Finish the digest calculation on the digest returned from SignatureHandler.getMessageDigest()
and return a signature token the signs it. |
boolean |
verify(InputStream in)
Return true if the hash of the signed document is the same as the hash included in the PKCS#7 object, the time in the signature dictionary is the same as the time in the time-stamp, and if the signature of the time-stamp matches the signer certificate stored in the time-stamp. |
Methods inherited from class org.faceless.pdf2.SignatureHandler |
---|
containsKey, getArrayValueSize, getBooleanValue, getCertificationType, getDefaultName, getDictionaryValueKeys, getEstimatedContentSize, getFormSignature, getNameValue, getNumericValue, getStreamValue, getStringValue, getTextStringValue, postDigest, preDigest, putArrayValue, putBooleanValue, putDictionaryValue, putNameValue, putNumericValue, putStreamValue, putStringValue, putTextStringValue |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Method Detail |
---|
public String getFilter()
SignatureHandler
getFilter
in class SignatureHandler
public String getSubFilter()
public Map getVariables() throws GeneralSecurityException
SignatureHandler
Return the list of "variables" which will be set by the handler after the
PDF is rendered. Entries in the returned map should have a String
as a key and a SignatureHandler.Placeholder
as a value. These placeholders will be
inserted into the PDF at the correct points.
For most SignatureHandlers, the only variables are the "ByteRange" and "Contents" array containing the signature token, which is what this method returns (it may be overridden if more variables are required).
This method was updated for a new signing architecture in release 2.11.12.
getVariables
in class SignatureHandler
GeneralSecurityException
AcrobatSignatureHandlerFactory.setContentSize(int)
public boolean isVariableEncrypted(String name)
public byte[] getVariable(String name) throws GeneralSecurityException
GeneralSecurityException
protected void prepareToSign(KeyStore store, String alias, char[] password) throws GeneralSecurityException
SignatureHandler
This method initialized the handler using the specified values into a state where it's ready to sign. This method should be used to set any additional fields in the Signature dictionary, for example "Certs" for the Self-Sign handler.
Those overriding this method must call super.prepareToSign()
before doing anything else.
prepareToSign
in class SignatureHandler
store
- the KeyStorealias
- which key to usepassword
- the password to use to decode the key
GeneralSecurityException
public MessageDigest getMessageDigest()
SignatureHandler
SignatureHandler.sign()
- see the API docs
for that method for more details.
getMessageDigest
in class SignatureHandler
public byte[] sign() throws GeneralSecurityException
SignatureHandler
Finish the digest calculation on the digest returned from SignatureHandler.getMessageDigest()
and return a signature token the signs it. The returned byte array will be stored
as the "Contents" value of the Signature dictionary.
As well as being called to perform the actual signing, the default behaviour of the
SignatureHandler.getVariables()
method is also to call this method with an empty digest, to
determine the size of the token to store in the PDF (the SignatureHandler.getMessageDigest()
method is called twice as well). This can be overridden, by calling
AcrobatSignatureHandlerFactory.setContentSize(int)
for handlers created by that
factory or, if you're implementing a custom signature handler, by writing your own
SignatureHandler.getVariables()
method.
sign
in class SignatureHandler
GeneralSecurityException
- if the signature cannot be applied for some cryptographic reasonpublic boolean verify(InputStream in) throws GeneralSecurityException
verify
in class SignatureHandler
GeneralSecurityException
- if the signature cannot be verified for some cryptographic reasonpublic X509Certificate getSignerCertificate()
public Calendar getSignatureDate()
public byte[] getTimeStampToken()
TimeStampToken
object used to sign the
document. This can be used to perform further, independent validation
of the time-stamp if required.
public String[] getLayerNames()
SignatureHandler
FormSignature
class
when drawing the signature annotations on the page.
For more information see the document "Digital Signature Appearances for Public-Key Interoperability", from Adobes website.
As an example, both the Verisign and the SelfSign handlers return the array
[ "n0", "n1", "n2", "n3" ]
.
getLayerNames
in class SignatureHandler
SignatureHandler.getLayerAppearance(java.lang.String, org.faceless.pdf2.PDFStyle)
public PDFCanvas getLayerAppearance(String layername, PDFStyle textstyle)
SignatureHandler
PDFCanvas
for the specified layer.
This method is called internally by the FormSignature
class
when drawing the signature annotations on the page.
For more information see the document "Digital Signature Appearances for Public-Key Interoperability", from Adobes website.
getLayerAppearance
in class SignatureHandler
layername
- the layer to create (from the list returned by SignatureHandler.getLayerNames()
)textstyle
- the style in which to draw the text, if any
PDFCanvas
of any size containing the specified layer.SignatureHandler.getLayerNames()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |