formsignature.java

Java生成PDF Java生成PDF Java生成PDF

    }

    /**
     * Return the name of the person or entity who created this signature
     * if specified, or <code>null</code> otherwise.
     */
    public String getName()
    {
	return ((org.faceless.pdf2.FormSignature)element).getName();
    }

    /**
     * Set the reason why the the document is being signed -
     * e.g. "Approved for distribution". This field is optional.
     * @param reason the reason the entity is signing the document,
     * or <code>null</code> to clear the current reason
     */
    public void setReason(String reason)
    {
	((org.faceless.pdf2.FormSignature)element).setReason(reason);
    }

    /**
     * Return the reason this signature was applied to the PDF
     * if specified, or <code>null</code> otherwise.
     */
    public String getReason()
    {
	return ((org.faceless.pdf2.FormSignature)element).getReason();
    }

    /**
     * Set the location where the signer is signing the PDF
     * document - e.g. "Head Office". This field is optional.
     * @param location the location where the entity is signing the document,
     * or <code>null</code> to clear the current location
     */
    public void setLocation(String location)
    {
	((org.faceless.pdf2.FormSignature)element).setReason(location);
    }

    /**
     * Return the location where this document was signed if
     * specified, or <code>null</code> otherwise.
     */
    public String getLocation()
    {
	return ((org.faceless.pdf2.FormSignature)element).getLocation();
    }

    /**
     * Return the time the signature was applied to the document.
     * @return the time the document was signed.
     */
    public Calendar getSignDate()
    {
	return ((org.faceless.pdf2.FormSignature)element).getSignDate();
    }

    /**
     * Return the name of the digital signature handler used to sign the
     * document. Common values are <code>Adobe.PPKLite</code> for the Adobe
     * Self-Sign handler supplied by default with Acrobat 4.0 and greater,
     * <code>VeriSign.PPKVS</code> for VeriSigns document signer plugin,
     * <code>Entrust.PPKEF</code> for the Entrust architecture or
     * <code>CICI.SignIt</code>.
     * @see #HANDLER_SELFSIGN
     * @see #HANDLER_VERISIGN
     */
    public String getType()
    {
	return ((org.faceless.pdf2.FormSignature)element).getFilter();
    }

    /**
     * Return the list of certificates included in this signature.
     * The first certificate is the X.509 certificate used to sign
     * the PDF, and the optional additional certificates are those
     * used to validate the earlier certificates, in no particular
     * order.
     *
     * @return a list of one or more X.509 Certificates
     */
    public X509Certificate[] getCertificates()
        throws CertificateException
    {
	org.faceless.pdf2.PKCS7SignatureHandler handler;
	handler = (org.faceless.pdf2.PKCS7SignatureHandler)((org.faceless.pdf2.FormSignature)element).getSignatureHandler();
	return handler.getCertificates();
    }


    /**
     * <p>
     * Verify a signature by ensuring that the PDF document hasn't been altered
     * since it was signed. Only signatures with a state of {@link #STATE_SIGNED}
     * may be verified.
     * </p><p>
     * Note that this only ensures the document matches the specified X.509
     * certificate(s) - to completely confirm the document is unaltered the
     * certificates returned by {@link #getCertificates} should also be
     * validated, either manually or using the {@link #verifyCertificates}
     * method.
     * </p>
     * @return <code>true</code> if the document is unaltered, <code>false</code>
     * if the document has been altered since signing
     *
     * @throws IllegalStateException if the signature you're verifying isn't
     * {@link #STATE_SIGNED}
     * @throws GeneralSecurityException if the specified signing algorithm is
     * unknown, or the certificate or key are invalid
     */
    public boolean verify()
        throws GeneralSecurityException
    {
	return ((org.faceless.pdf2.FormSignature)element).verify();
    }


    /**
     * Return the number of document revisions covered by this signature. A
     * PDF document can be revised a number of times - for example, filling
     * out a form in Acrobat and saving the document creates a new revision.
     * Every revision of the document must be covered by a signature in order
     * to be sure of the documents contents. See the {@link PDFReader} class
     * for more information on document revisions, and the class documentation
     * for this class for examples of how to validate a signature using this
     * method.
     * @return the number of revisions covered by this signature, or zero
     * if the signature doesn't cover any (in which case it should be discounted)
     * @since 1.2.1
     */
    public int getNumberOfRevisionsCovered()
    {
	return ((org.faceless.pdf2.FormSignature)element).getNumberOfRevisionsCovered();
    }

    /**
     * Verify the certificates used to sign this document against a list
     * of trusted certificates.
     * <p>
     * The X.509 certificate(s) used to sign the document are verified and
     * compared against the certificates in the keystore, which are
     * assumed to be trusted. An optional <i>Certificate Revocation
     * List</i> may be specified with a list of compromised certificates.
     * </p><p>
     * The method returns the first certificate specified in the PDF that
     * <i>cannot</i> be verified. If every certificate in the chain is verified
     * and the final certificate is signed by a certificate in the specified
     * keystore, the entire chain is considered valid and this method returns
     * <code>null</code>.
     * </p><p>
     * The specified keystore may be the result of {@link #loadDefaultKeyStore},
     * or a user specified keystore. The CRL may be (and usually is) <code>null</code>.
     * </p><p>
     * Note that self-signed certificates (as created by the Adobe Self-Sign
     * handler) will generally fail, as they cannot be verified against a trusted
     * root certificate. The only exception to this is if you're verifying against
     * a keystore returned from {@link #loadAKFKeyStore}, containing a certificate
     * that was exported from Acrobat.
     * </p><p>
     * Also note that unless you personally trust every entity (represented by
     * a certificate) in the chain to issue certificates responsibly, verifying
     * the chain integrity is worthless.
     * </p>
     *
     * @param keystore the <code>KeyStore</code> containing one or more
     * trusted certificates to verify the certificate chain against.
     *
     * @param crl the Certificate Revocation List to check the
     * certificates against. May be <code>null</code>.
     *
     * @return the first certificate in the chain that <i>couldn't</i> be
     * verified, or <code>null</code> if all were verified against a
     * certificate from the keystore.
     *
     * @throws GeneralSecurityException if the KeyStore or any of the
     * certificates are invalid.
     * @see #loadAKFKeyStore
     * @see #loadPKCS7KeyStore
     * @see #loadDefaultKeyStore
     */
    public X509Certificate verifyCertificates(KeyStore keystore, CRL crl)
        throws GeneralSecurityException
    {
	org.faceless.pdf2.PKCS7SignatureHandler handler;
	handler = (org.faceless.pdf2.PKCS7SignatureHandler)((org.faceless.pdf2.FormSignature)element).getSignatureHandler();
	X509Certificate[] certs = handler.getCertificates();
	Calendar signdate = getSignDate();
	return org.faceless.pdf2.FormSignature.verifyCertificates(certs, keystore, crl, signdate);
    }

    //--------------------------------------------------------------------------


    /** 
     * Return true if the specified X.509 Certificate is valid for the specified date,
     * has not been revoked and has no unknown critical extensions. 
     *
     * @param cert the X.509 certificate to verify
     * @param crl the Certificate Revokation List to search - may be <code>null</code>
     * @param signdate the date the certificate was used for signing
     */
    public static boolean isValidCertificate(X509Certificate cert, CRL crl, Date signdate)
    {
	return org.faceless.pdf2.FormSignature.isValidCertificate(cert, crl, signdate);
    }

    /**
     * Return the default Java keystore to validate keys against.
     * This is the same keystore used to verify signed JAR files,
     * and is distributed with most versions of Java. It includes
     * the public certificates for several certifying authorities -
     * in our version (Sun JDK1.3.1), VeriSign and Thawte.
     */
    public static KeyStore loadDefaultKeyStore()
        throws GeneralSecurityException
    {
	return org.faceless.pdf2.FormSignature.loadDefaultKeyStore();
    }

    /**
     * <p>
     * Load an X.509 certificate from an "Adobe Key File" keystore, the type
     * exported from the Adobe Self-Sign signature handler in Acrobat 4.0. The
     * file (which is exported with a <code>.akf</code> suffix) contains a
     * self-signed X.509 certificate, which can be used to verify (but not sign)
     * documents created with the Adobe Self-Sign signature handler.
     * </p><p>
     * The returned KeyStore has a single X.509 certificate, and can be
     * passed to the <code>verifyCertificates</code> method to fully validate
     * a document signed with the "self-sign" signature handler, acting as
     * the Java equivalent of the "Personal Address Book" in Acrobat 4 terminology.
     * </p><p>
     * Acrobat 5.0 keystores are saved in a different format - the filename is usually
     * "<code>CertExchange<i>Name</i>.fdf", where <i>Name</i> is the name of the user.
     * These keystores can be loaded via the {@link #loadFDFKeyStore} method.
     * </p>
     * @see #HANDLER_SELFSIGN
     * @see #verifyCertificates
     * @see #loadFDFKeyStore
     */
    public static KeyStore loadAKFKeyStore(InputStream in)
        throws IOException, GeneralSecurityException
    {
	return org.faceless.pdf2.FormSignature.loadAKFKeyStore(in);
    }

    /**
     * <p>
     * Load an X.509 certificate from an "Adobe Self-Sign Key" keystore, the type
     * exported from the Adobe Self-Sign signature handler in Acrobat 5.0. The
     * file (which is exported with a <code>.fdf</code> suffix) contains a
     * self-signed X.509 certificate, which can be used to verify (but not sign)
     * documents created with the Adobe Self-Sign signature handler.
     * </p><p>
     * The returned KeyStore has a single X.509 certificate, and can be
     * passed to the <code>verifyCertificates</code> method to fully validate
     * a document signed with the "self-sign" signature handler, acting as
     * the Java equivalent of the "Trusted Certificates" in Acrobat 5 terminology.
     * </p><p>
     * Acrobat 4.0 keystores are saved in a different format - the filename has a suffix
     * of "<code>.akf</code>". These keystores can be loaded via the
     * {@link #loadAKFKeyStore} method. Acrobat 5.0 can also save keys in a PKCS#7 format,
     * which can be loaded using the {@link #loadPKCS7KeyStore} method.
     * </p>
     * @since 1.2.1
     * @see #HANDLER_SELFSIGN
     * @see #verifyCertificates
     * @see #loadAKFKeyStore
     */
    public static KeyStore loadFDFKeyStore(InputStream in)
        throws IOException, GeneralSecurityException
    {
	return org.faceless.pdf2.FormSignature.loadFDFKeyStore(in);
    }

    /**
     * <p>
     * Load a list of one or more X.509 certificates from a PKCS#7 file.
     * </p><p>
     * The returned KeyStore contains X.509 certificates and can be
     * passed to the <code>verifyCertificates</code> method to verify (but not sign)
     * the certificates used to sign a PDF document.
     * </p><p>
     * Note that we provide this method for convenience only. If you're working
     * heavily with PKCS format files, we recommend obtaining a JCE implementation
     * that supports them fully. One that we have tested with some success is provided by
     * <a href="http://www.bouncycastle.org">The Legion of the Bouncy Castle</a>.
     * </p>
     * @see #HANDLER_VERISIGN
     * @see #verifyCertificates
     */
    public static KeyStore loadPKCS7KeyStore(InputStream in)
        throws IOException, GeneralSecurityException
    {
	return org.faceless.pdf2.FormSignature.loadPKCS7KeyStore(in);
    }

    /**
     * <p>
     * Return the specified X.500 field from the specified X.509 certificates Issuer.
     * </p><p>
     * Each X.509 certificate has two entities - a subject and an issuer. These are
     * represented in java by the <code>java.security.Principal</code> class, but
     * unfortunately that class doesn't allow for extraction of the various elements
     * from the entity - elements like Common Name, Country, Organization etc.
     * </p><p>
     * The {@link #getIssuerField} and {@link #getSubjectField} methods aren't
     * specific to digital signatures or PKCS#7, but are useful "utility" methods
     * that fill that gap in functionality.
     * </p>
     *
     * @param cert the X.509 certificate to extract the Issuer from
     * @param field the field to return. Can be one of "C" (country), "CN" (common
     * name), "O" (organization", "OU" (organization unit), "L" (locale), "ST" (state
     * or province) or "Email" (email address - although technically not part of X.500
     * this is sometimes included)
     * @return the requested field, or <code>null</code> if the field is not part of
     * the X.500 name.
     */
    public static String getIssuerField(X509Certificate cert, String field)
        throws CertificateException
    {
	return org.faceless.pdf2.FormSignature.getIssuerField(cert, field);
    }

    /**
     * <p>
     * Return the specified X.500 field from the specified X.509 certificates Subject.
     * See the {@link #getIssuerField} method for more information.
     * </p>
     * @param cert the X.509 certificate to extract the Issuer from
     * @param field the field to return. Can be one of "C" (country), "CN" (common
     * name), "O" (organization", "OU" (organization unit), "L" (locale), "ST" (state
     * or province) or "Email" (email address - although technically not part of X.500
     * this is sometimes included)
     * @return the requested field, or <code>null</code> if the field is not part of
     * the X.500 name.
     */
    public static String getSubjectField(X509Certificate cert, String field)
        throws CertificateException
    {
	return org.faceless.pdf2.FormSignature.getSubjectField(cert, field);
    }
}