|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.faceless.pdf2.SignatureHandler
org.faceless.pdf2.DSE200Handler
An implementation of SignatureHandler
that can be used to time-stamp
documents using an nCipher DSE200.
These documents can then be verified using nCiphers
pdfProof plugin for Acrobat.
Using this class is fairly simple. First, you will need the
asn1rt.jar
and tti.jar
files supplied with the DSE200
Development Kit in your CLASSPATH (if you don't have a copy of the DSE200 SDK, get in
touch with nCipher through their website).
Additionally, if signing (rather than verifying) you will need the hostname of the DSE
you're using to sign. Then, it's as simple as:
SignatureHandlerFactory factory = new DSE200HandlerFactory(hostname, DSE200HandlerFactory.TSP); FormSignature sig = new FormSignature(null, null, null, factory); sig.addAnnotation(page, 100, 500, 300, 700); form.getElements().put("TestSignature", sig);
To verify documents, as with all public key signatures you must first verify the signature matches the document, then verify that the certificates that signed it are trusted. To do this, first you must register the factory class like so:
FormSignature.registerHandlerForVerification(new DSE200HandlerFactory(null,0));and then call
FormSignature.verify()
as normal to confirm the signature matches the
document. For further verification you can retrieve the Certificate used to sign the
TimeStamp with getSignerCertificate()
, or the getTimeStampToken()
method
can be called to retrieve the DER encoded TimeStampToken object, which can be parsed and
verified seperately if required.
Note: If running these classes with Java 1.2, an external security provider must also be installed or signature validation functions will throw NoSuchAlgorithmException.
Method Summary | |
String |
getFilter()
Return the name of the filter, eg "Adobe.PPKLite". |
PDFCanvas |
getLayerAppearance(String layername,
PDFStyle textstyle)
Return a PDFCanvas for the specified layer.
|
String[] |
getLayerNames()
Return the list of appearance layer names used by this Signature Handler to create a visible appearance on the page, in the order they should be drawn. |
Calendar |
getSignatureDate()
|
X509Certificate |
getSignerCertificate()
Return the Signer Certificate used to sign this timestamp |
String |
getSubFilter()
|
byte[] |
getTimeStampToken()
Return the encoded TimeStampToken object used to sign the
document. |
byte[] |
getVariable(String name)
This method returns the contents of the variable specified by name .
|
Map |
getVariables()
Return the list of "variables" which will be set by the handler after the PDF is rendered. |
protected void |
prepareToSign(KeyStore store,
String alias,
char[] password)
This method initialized the handler using the specified values into a state where it's ready to sign. |
byte[] |
sign(InputStream in)
Return a signature token corresponding to the specified InputStream .
|
boolean |
verify(InputStream in)
Return true if the hash of the signed document is the same as the hash included in the PKCS#7 object, the time in the signature dictionary is the same as the time in the time-stamp, and if the signature of the time-stamp matches the signer certificate stored in the time-stamp. |
Methods inherited from class org.faceless.pdf2.SignatureHandler |
containsKey, getArrayValueSize, getBooleanValue, getDictionaryValueKeys, getNameValue, getNumericValue, getStringValue, getTextStringValue, isPDFObjectSignature, putArrayValue, putBooleanValue, putDictionaryValue, putNameValue, putNumericValue, putStringValue, putTextStringValue |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Method Detail |
public String getFilter()
SignatureHandler
getFilter
in class SignatureHandler
public String getSubFilter()
public Map getVariables() throws GeneralSecurityException
SignatureHandler
Return the list of "variables" which will be set by the handler after the
PDF is rendered. Entries in the returned map should have a String
as a key and a byte[]
as a value. The byte array should be empty
(ie all zeros), and should be long enough to hold the token that will eventually
be substituted into it from the SignatureHandler.getVariable(java.lang.String)
method.
For most SignatureHandlers, the only variable is the "Contents" array containing the signature token, which is what this method returns (it may be overridden if more variables are required).
This method and SignatureHandler.getVariable(java.lang.String)
replace the isPDFObjectSignature
method which was added in 2.2.4 but has been removed in favour of this considerably
more flexible approach.
getVariables
in class SignatureHandler
GeneralSecurityException
public byte[] getVariable(String name) throws GeneralSecurityException
SignatureHandler
name
.
It is called after the SignatureHandler.sign(java.io.InputStream)
method. The returned byte array should not be longer
than the array returned by SignatureHandler.getVariables()
, and as it will be substituted straight
into the PDF should contain any PDF formatting that's required - for example, if returning
a string, you need to make sure the "(" and ")" characters are added around the String and
that any nested "(" characters are escaped.
This method will be called once for each item returned from the SignatureHandler.getVariables()
method,
except for "Content" (which is handled seperately).
getVariable
in class SignatureHandler
name
- the name of a variable - guaranteed to be one of the keys returned from SignatureHandler.getVariables()
GeneralSecurityException
protected void prepareToSign(KeyStore store, String alias, char[] password) throws GeneralSecurityException
SignatureHandler
This method initialized the handler using the specified values into a state where it's ready to sign. This method should be used to set any additional fields in the Signature dictionary, for example "Certs" for the Self-Sign handler.
Those overriding this method must call super.prepareToSign()
before doing anything else.
prepareToSign
in class SignatureHandler
store
- the KeyStore holding the signing keyalias
- which key in the KeyStore to usepassword
- the password to use to decode the key from the keystore
GeneralSecurityException
public byte[] sign(InputStream in) throws GeneralSecurityException
SignatureHandler
InputStream
.
This method will be called more than once - the first time with a
zero-length stream, to calculate the length of the token, the second time
with the actual data to sign. The returned byte array will be stored
as the "Contents" value of the Signature dictionary.
sign
in class SignatureHandler
GeneralSecurityException
- if the signature cannot be applied for some cryptographic reasonpublic boolean verify(InputStream in) throws GeneralSecurityException
verify
in class SignatureHandler
GeneralSecurityException
- if the signature cannot be verified for some cryptographic reasonpublic X509Certificate getSignerCertificate()
public Calendar getSignatureDate()
public byte[] getTimeStampToken()
TimeStampToken
object used to sign the
document. This can be used to perform further, independent validation
of the time-stamp if required.
public String[] getLayerNames()
SignatureHandler
FormSignature
class
when drawing the signature annotations on the page.
For more information see the document "Digital Signature Appearances for Public-Key Interoperability", from Adobes website.
As an example, both the Verisign and the SelfSign handlers return the array
[ "n0", "n1", "n2", "n3" ]
.
getLayerNames
in class SignatureHandler
SignatureHandler.getLayerAppearance(java.lang.String, org.faceless.pdf2.PDFStyle)
public PDFCanvas getLayerAppearance(String layername, PDFStyle textstyle)
SignatureHandler
PDFCanvas
for the specified layer.
This method is called internally by the FormSignature
class
when drawing the signature annotations on the page.
For more information see the document "Digital Signature Appearances for Public-Key Interoperability", from Adobes website.
getLayerAppearance
in class SignatureHandler
layername
- the layer to create (from the list returned by SignatureHandler.getLayerNames()
)textstyle
- the style in which to draw the text, if any
PDFCanvas
of any size containing the specified layer.SignatureHandler.getLayerNames()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |