|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.faceless.pdf2.SignatureHandler
org.faceless.pdf2.PKCS7SignatureHandler
This class represents the subclass of digital signatures that rely on Public/Private key pairs and that meet the requirements laid down in the document "PDF Public-Key Digital Signature and Encryption Specification", published by Adobe. Currently we know of three handlers that meet this requirement - the general purpose PKCS#7 handler supplied with Acrobat 6.0, or for earlier versions, the Adobe "Self-Sign" handler and the plugin supplied by VeriSign.
FormSignature.HANDLER_VERISIGN
,
FormSignature.HANDLER_SELFSIGN
,
FormSignature.HANDLER_ACROBATSIX
Constructor Summary | |
protected |
PKCS7SignatureHandler()
|
Method Summary | |
X509Certificate[] |
getCertificates()
Return the list of certificates included in this signature. |
protected abstract String |
getHashAlgorithm()
Return the Hash algorithm used by the PKCS#7 object. |
PDFCanvas |
getLayerAppearance(String layername,
PDFStyle textstyle)
Return a PDFCanvas for the specified layer.
|
String[] |
getLayerNames()
Return the list of appearance layer names used by this Signature Handler to create a visible appearance on the page, in the order they should be drawn. |
protected abstract String |
getSubFilter()
Return the SubFilter field, which determines how the PKCS#7 object is encoded. |
protected void |
prepareToSign(KeyStore keystore,
String alias,
char[] password)
This method initialized the handler using the specified values into a state where it's ready to sign. |
void |
setCustomAppearance(PDFCanvas canvas,
float x1,
float y1,
float x2,
float y2)
Set a custom appearance for this signature. |
byte[] |
sign(InputStream in)
Return a signature token corresponding to the specified InputStream .
|
boolean |
verify(InputStream in)
Return a boolean indicating whether or not the signature handler can verify the specified InputStream . |
Methods inherited from class org.faceless.pdf2.SignatureHandler |
containsKey, getArrayValueSize, getBooleanValue, getDictionaryValueKeys, getFilter, getNameValue, getNumericValue, getStringValue, getTextStringValue, getVariable, getVariables, isPDFObjectSignature, putArrayValue, putBooleanValue, putDictionaryValue, putNameValue, putNumericValue, putStringValue, putTextStringValue |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
protected PKCS7SignatureHandler()
Method Detail |
protected abstract String getHashAlgorithm()
protected abstract String getSubFilter()
protected void prepareToSign(KeyStore keystore, String alias, char[] password) throws GeneralSecurityException
SignatureHandler
This method initialized the handler using the specified values into a state where it's ready to sign. This method should be used to set any additional fields in the Signature dictionary, for example "Certs" for the Self-Sign handler.
Those overriding this method must call super.prepareToSign()
before doing anything else.
prepareToSign
in class SignatureHandler
keystore
- the KeyStore holding the signing keyalias
- which key in the KeyStore to usepassword
- the password to use to decode the key from the keystore
GeneralSecurityException
public byte[] sign(InputStream in) throws GeneralSecurityException, IOException
SignatureHandler
InputStream
.
This method will be called more than once - the first time with a
zero-length stream, to calculate the length of the token, the second time
with the actual data to sign. The returned byte array will be stored
as the "Contents" value of the Signature dictionary.
sign
in class SignatureHandler
GeneralSecurityException
- if the signature cannot be applied for some cryptographic reason
IOException
- if the InputStream cannot be readpublic final boolean verify(InputStream in) throws GeneralSecurityException, IOException
SignatureHandler
InputStream
.
verify
in class SignatureHandler
GeneralSecurityException
- if the signature cannot be verified for some cryptographic reason
IOException
- if the InputStream cannot be readpublic final X509Certificate[] getCertificates() throws CertificateException
CertificateException
public String[] getLayerNames()
SignatureHandler
FormSignature
class
when drawing the signature annotations on the page.
For more information see the document "Digital Signature Appearances for Public-Key Interoperability", from Adobes website.
As an example, both the Verisign and the SelfSign handlers return the array
[ "n0", "n1", "n2", "n3" ]
.
getLayerNames
in class SignatureHandler
SignatureHandler.getLayerAppearance(java.lang.String, org.faceless.pdf2.PDFStyle)
public PDFCanvas getLayerAppearance(String layername, PDFStyle textstyle)
SignatureHandler
PDFCanvas
for the specified layer.
This method is called internally by the FormSignature
class
when drawing the signature annotations on the page.
For more information see the document "Digital Signature Appearances for Public-Key Interoperability", from Adobes website.
getLayerAppearance
in class SignatureHandler
layername
- the layer to create (from the list returned by SignatureHandler.getLayerNames()
)textstyle
- the style in which to draw the text, if any
PDFCanvas
of any size containing the specified layer.SignatureHandler.getLayerNames()
public void setCustomAppearance(PDFCanvas canvas, float x1, float y1, float x2, float y2)
Set a custom appearance for this signature. This method allows you to add a signature, thumbprint, logo or any other form of custom image to your signature annotations (technically, this method sets the "n2" layer of the annotation). The canvas may be of any size, and will be scaled to fit the annotation on the page.
Care needs to be taken when setting this value. It's not recommended to use a canvas containing a bitmap image with an opaque background, as this may mask any layers behind this one. In particular, a "?" is typically used on a layer below this one to indicate the signature has not been verified. Specifying an opaque image may result in this being obscured.
As a optional convenience, by specifying non-zero coordinates for the x1,y1,x2 and y2 values, some text describing the signing certificate will be added to the canvas at the specified location. The format for this is fixed, but as it doesn't have to be included, the developer is free to add his or her own text if they don't like the result, simply by setting all four values to zero.
As an example, the default PKCS7 appearance is set with the following code which loads a pre-defined pattern from a resources file:
setCustomAppearance(new PDFCanvas("logo.Adobe", 1), 0, 35, 100, 65);
canvas
- the canvas to display as the "n2" layer of the signature appearance.x1
- the left-most X co-ordinate to place the (optional) certificate texty1
- the bottom-most Y co-ordinate to place the (optional) certificate textx2
- the right-most X co-ordinate to place the (optional) certificate texty2
- the top-most Y co-ordinate to place the (optional) certificate text
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |