SignDoc SDK (Java)
5.0.0
|
Information about a signature field returned by SignDocDocument.verifySignature() or SignDocDocument.verifySignature2(). More...
Public Member Functions | |
int | getState () throws SignDocException |
Get the signature state. More... | |
int | getModificationState () throws SignDocException |
Get the modification state of a PDF document. More... | |
int | getMethod () throws SignDocException |
Get the signing method. More... | |
synchronized int | getDocMDP () throws SignDocException |
Get the DocMDP P value of a certification signature. More... | |
synchronized int | getLockMDP () throws SignDocException |
Get the lock MDP value of the signature. More... | |
String | getDigestAlgorithm () throws SignDocException |
Get the message digest algorithm of the signature. More... | |
byte[][] | getCertificates () throws SignDocException |
Get the certificates of the signature. More... | |
int | verifyCertificateChain (SignDocVerificationParameters aParameters) throws SignDocException |
Verify the certificate chain of the signature's certificate. More... | |
int | getCertificateRevocationState () throws SignDocException |
Get the revocation state of the certificate chain of the signature's certificate. More... | |
int | verifyCertificateSimplified (SignDocVerificationParameters aParameters) throws SignDocException |
Simplified verification of the certificate chain and revocation status of the signature's certificate. More... | |
int | getCertificateChainLength () throws SignDocException |
Get the certificate chain length. More... | |
String | getSignatureString (String aName) throws SignDocException |
Get a string parameter from the signature field. More... | |
byte[] | getSignatureBlob (String aName) throws SignDocException |
Get a blob property from the signature field. More... | |
byte[] | getBiometricData (byte[] aKey, String aKeyPath, byte[] aPassphrase) throws SignDocException |
Get the biometric data of the field. More... | |
byte[] | getEncryptedBiometricData () throws SignDocException |
Get the encrypted biometric data of the field. More... | |
int | getBiometricEncryption () throws SignDocException |
Get the encryption method used for biometric data of the signature field. More... | |
boolean | checkBiometricHash (byte[] aBio) throws SignDocException |
Check the hash of the biometric data. More... | |
int | getTimeStampState () throws SignDocException |
Get the state of the RFC 3161 time stamp. More... | |
String | getTimeStampDigestAlgorithm () throws SignDocException |
Get the message digest algorithm of the RFC 3161 timestamp. More... | |
int | verifyTimeStampCertificateChain (SignDocVerificationParameters aParameters) throws SignDocException |
Verify the certificate chain of the RFC 3161 time stamp. More... | |
int | getTimeStampCertificateRevocationState () throws SignDocException |
Get the revocation state of the certificate chain of the RFC 3161 time stamp. More... | |
int | verifyTimeStampCertificateSimplified (SignDocVerificationParameters aParameters) throws SignDocException |
Simplified verification of the certificate chain and revocation status of the RFC 3161 time stamp. More... | |
String | getTimeStamp () throws SignDocException |
Get the value of the RFC 3161 time stamp. More... | |
byte[][] | getTimeStampCertificates () throws SignDocException |
Get the certificates of the RFC 3161 time stamp. More... | |
String | getErrorMessage () throws SignDocException |
Get an error message for the last function call. More... | |
synchronized void | close () |
Destroy the underlying native object (for java.lang.AutoCloseable). More... | |
Static Public Attributes | |
static final int | rc_ok = 0 |
Return value: OK. More... | |
static final int | rc_invalid_argument = SignDocException.rc_invalid_argument |
Return value: invalid argument. More... | |
static final int | rc_not_supported = SignDocException.rc_not_supported |
Return value: not supported. More... | |
static final int | rc_not_verified = SignDocException.rc_not_verified |
Return value: not verified. More... | |
static final int | ss_unmodified = 0 |
Signature state: No error, signature and document verified. More... | |
static final int | ss_document_extended = 1 |
Signature state: No error, signature and document verified, document modified by adding data to the signed document. More... | |
static final int | ss_document_modified = 2 |
Signature state: Document modified (possibly forged). More... | |
static final int | ss_unsupported_signature = 3 |
Signature state: Unsupported signature method. More... | |
static final int | ss_invalid_certificate = 4 |
Signature state: Invalid certificate. More... | |
static final int | ss_empty = 5 |
Signature state: Signature field without signature. More... | |
static final int | ms_unmodified = 0 |
Modification state of the document for a certain signature: The document has not been modified since the signature was added. More... | |
static final int | ms_allowed = 1 |
Modification state of the document for a certain signature: All the modifications are allowed by the signature. More... | |
static final int | ms_prohibited = 2 |
Modification state of the document for a certain signature: There are modifications that are not allowed by the signature. More... | |
static final int | tss_valid = 0 |
State of the RFC 3161 time stamp: No error. More... | |
static final int | tss_missing = 1 |
State of the RFC 3161 time stamp: There is no RFC 3161 time stamp. More... | |
static final int | tss_invalid = 2 |
State of the RFC 3161 time stamp: Invalid. More... | |
static final int | ccs_ok = 0 |
Certificate chain state: Chain OK. More... | |
static final int | ccs_broken_chain = 1 |
Certificate chain state: Chain broken. More... | |
static final int | ccs_untrusted_root = 2 |
Certificate chain state: Untrusted root certificate. More... | |
static final int | ccs_critical_extension = 3 |
Certificate chain state: A certificate has an unknown critical extension. More... | |
static final int | ccs_not_time_valid = 4 |
Certificate chain state: A certificate is not yet valid or is expired. More... | |
static final int | ccs_path_length = 5 |
Certificate chain state: Path length constraint not satisfied. More... | |
static final int | ccs_invalid = 6 |
Certificate chain state: Invalid certificate or chain. More... | |
static final int | ccs_error = 7 |
Certificate chain state: Other error. More... | |
static final int | crs_ok = 0 |
Certificate revocation state: No certificate revoked. More... | |
static final int | crs_not_checked = 1 |
Certificate revocation state: Revocation not checked. More... | |
static final int | crs_offline = 2 |
Certificate revocation state: Revocation server is offline. More... | |
static final int | crs_revoked = 3 |
Certificate revocation state: At least one certificate has been revoked. More... | |
static final int | crs_error = 4 |
Certificate revocation state: Error. More... | |
Protected Member Functions | |
void | finalize () throws Throwable |
Finalize this object. More... | |
Information about a signature field returned by SignDocDocument.verifySignature() or SignDocDocument.verifySignature2().
If the SignDocDocument object is closed or destroyed before the SignDocVerificationResult objects returned by its verifySignature() and verifySignature2() functions, some functions may fail.
boolean checkBiometricHash | ( | byte[] | aBio | ) | throws SignDocException |
Check the hash of the biometric data.
This function fails for document time stamps, see getMethod().
[in] | aBio | Unencrypted biometric data, typically retrieved by getBiometricData(). |
synchronized void close | ( | ) |
Destroy the underlying native object (for java.lang.AutoCloseable).
After calling this method, all methods but close() will throw SignDocUnexpectedErrorException.
|
protected |
Finalize this object.
Do not call this method unless you know what you are doing.
byte [] getBiometricData | ( | byte[] | aKey, |
String | aKeyPath, | ||
byte[] | aPassphrase | ||
) | throws SignDocException |
Get the biometric data of the field.
Use getBiometricEncryption() to find out what parameters need to be passed:
This function fails for document time stamps, see getMethod().
[in] | aKey | The key (must be null if aKeyPath is not null). |
[in] | aKeyPath | Pathname of the file containing the key (must be null if aKey is not null). |
[in] | aPassphrase | Passphrase for decrypting the key contained in the file named by aKeyPath. If this argument is null or the empty string, it will be assumed that the key file is not protected by a passphrase. aPassphrase is used only when reading the key from a file for SignDocSignatureParameters.be_rsa. The passphrase should contain ASCII characters only. |
int getBiometricEncryption | ( | ) | throws SignDocException |
Get the encryption method used for biometric data of the signature field.
This function fails for document time stamps, see getMethod().
int getCertificateChainLength | ( | ) | throws SignDocException |
Get the certificate chain length.
verifyCertificateChain() or verifyCertificateSimplified() must have been called successfully.
This function fails for document time stamps, see getMethod() and getTimeStampCertificates().
int getCertificateRevocationState | ( | ) | throws SignDocException |
Get the revocation state of the certificate chain of the signature's certificate.
verifyCertificateChain() must have been called successfully.
getErrorMessage() will return an error message if the verification result returned is not crs_ok.
If SignDocVerificationParameters.vf_check_revocation was not set in integer parameter "VerificationFlags" for the most recent call to verifyCertificateChain(), this function will return crs_not_checked.
This function fails for document time stamps, see getMethod() and getTimeStampCertificateRevocationState().
byte [][] getCertificates | ( | ) | throws SignDocException |
Get the certificates of the signature.
This function fails for document time stamps, see getMethod() and getTimeStampCertificates().
String getDigestAlgorithm | ( | ) | throws SignDocException |
Get the message digest algorithm of the signature.
Note that the values returned by this functions are different from the Digest values used by de.softpro.doc.SignDocField.getSeedValueDigestMethod() and friends:
DigestMethod | getDigestAlgorithm() | DetachedHashAlgorithm |
---|---|---|
n/a | "MD5" | n/a |
"RIPEMD160" | "RIPEMD-160" | "RIPEMD-160" |
"SHA1" | "SHA-1" | "SHA-1" |
- | "SHA-224" | "SHA-224" |
"SHA256" | "SHA-256" | "SHA-256" |
"SHA384" | "SHA-384" | "SHA-384" |
"SHA512" | "SHA-512" | "SHA-512" |
synchronized int getDocMDP | ( | ) | throws SignDocException |
Get the DocMDP P value of a certification signature.
The DocMDP P value specifies what modifications to the document are allowed by the certification signature.
byte [] getEncryptedBiometricData | ( | ) | throws SignDocException |
Get the encrypted biometric data of the field.
Use this function if you cannot use getBiometricData() for decrypting the biometric data (for instance, because the private key is stored in an HSM).
In the following description of the format of the encrypted data retrieved by this function, all numbers are stored in little-endian format (howver, RSA uses big-endian format):
If the version number is 1, the encryption method is be_rsa with a 2048-bit key and the body has this format:
If the version number is 2, the body has this format:
If the version number is 3, the encryption method is be_rsa with a key longer than 2048 bits and the body has this format:
This function fails for document time stamps, see getMethod().
String getErrorMessage | ( | ) | throws SignDocException |
Get an error message for the last function call.
synchronized int getLockMDP | ( | ) | throws SignDocException |
Get the lock MDP value of the signature.
The lock MDP value specifies what modifications to the document are allowed by the signature.
int getMethod | ( | ) | throws SignDocException |
Get the signing method.
If the output is SignDocSignatureParameters.m_digsig_cades_rfc3161, the signature is a document time stamp. Use verifyTimeStampCertificateChain() etc. instead of verifyCertificateChain() etc. for document time stamps.
int getModificationState | ( | ) | throws SignDocException |
Get the modification state of a PDF document.
Use this function to find out if the modifications applied to a PDF document after adding a signature are allowed by that signature.
As there is no specification for the modifications allowed or prohibited by a signature, this function tries to mimic the behavior of Adobe Reader.
For TIFF documents, the output is computed directly from the output of getState().
byte [] getSignatureBlob | ( | String | aName | ) | throws SignDocException |
Get a blob property from the signature field.
Available blob parameters are:
Additional, you can store your own blobs in the signature by using a name starting with "Prop_", except for "Prop_AuthTime", "Prop_AuthType", "Prop_Build", and any name starting with "Prop_BiometricData" (which are reserved), see de.softpro.doc.SignDocSignatureParameters.setBlob().
[in] | aName | The name of the property. |
String getSignatureString | ( | String | aName | ) | throws SignDocException |
Get a string parameter from the signature field.
Available string parameters are:
Additionally, you can store your own strings in the signature by using a name starting with "Prop_", except for "Prop_AuthTime", "Prop_AuthType", "Prop_Build", and any name starting with "Prop_BiometricData" (which are reserved), see de.softpro.doc.SignDocSignatureParameters.setString().
The following parameters are not available for document time stamps, see getMethod(): ContactInfo, Location, Reason, and Signer.
[in] | aName | The name of the parameter. |
int getState | ( | ) | throws SignDocException |
Get the signature state.
Use this function to find out if the document is still identical to the signed document, or has been updated since signed, or has been tampered with.
If the state is ss_unsupported_signature or ss_invalid_certificate, getErrorMessage() will provide additional information.
Use verifyCertificateChain() to find out if you can trust the identity of the signer.
If the return value is ss_document_extended for a PDF document, you should call getModificationState() to get additional information.
String getTimeStamp | ( | ) | throws SignDocException |
Get the value of the RFC 3161 time stamp.
You must call verifyTimeStampCertificateChain() and getTimeStampCertificateRevocationState() to find out whether the time stamp can be trusted. If either of these functions report a problem, the time stamp should not be displayed.
A signature has either an RFC 3161 time stamp (returned by this function) or a time stamp stored as string parameter (returned by getSignatureString().
int getTimeStampCertificateRevocationState | ( | ) | throws SignDocException |
Get the revocation state of the certificate chain of the RFC 3161 time stamp.
verifyTimeStampCertificateChain() must have been called successfully. getErrorMessage() will return an error message if this function fails (exception thrown) or the verification result returned is not crs_ok.
If SignDocVerificationParameters.vf_check_revocation was not set in integer parameter "VerificationFlags" of the most recent call to verifyTimeStampCertificateChain(), this function will return crs_not_checked.
byte [][] getTimeStampCertificates | ( | ) | throws SignDocException |
Get the certificates of the RFC 3161 time stamp.
String getTimeStampDigestAlgorithm | ( | ) | throws SignDocException |
Get the message digest algorithm of the RFC 3161 timestamp.
The following table shows the supported digest algorithms and the respective value of string parameter "TimeStampHashAlgorithm":
getTimeStampDigestAlgorithm() | TimeStampHashAlgorithm |
---|---|
"MD5" | n/a |
"RIPEMD-160" | n/a |
"SHA-1" | "SHA-1" |
"SHA-256" | "SHA-256" |
"SHA-384" | "SHA-384" |
"SHA-512" | "SHA-512" |
int getTimeStampState | ( | ) | throws SignDocException |
Get the state of the RFC 3161 time stamp.
int verifyCertificateChain | ( | SignDocVerificationParameters | aParameters | ) | throws SignDocException |
Verify the certificate chain of the signature's certificate.
Use this function to find out if you can trust the identity of the signer.
getErrorMessage() will return an error message if this function fails (exception thrown) or the verification result returned is not ccs_ok or getCertificateRevocationState() won't return crs_ok.
Call getCertificateRevocationState() after this function to get the revocation state.
This function fails for document time stamps, see getMethod() and verifyTimeStampCertificateChain().
[in] | aParameters | Verification parameters or null for default parameters. |
int verifyCertificateSimplified | ( | SignDocVerificationParameters | aParameters | ) | throws SignDocException |
Simplified verification of the certificate chain and revocation status of the signature's certificate.
This function just returns a good / not good value according to policies defined by the arguments. It does not tell the caller what exactly is wrong. However, getErrorMessage() will return an error message if this function fails. Do not attempt to base decisions on that error message, please use verifyCertificateChain() instead of this function if you need details about the failure.
This function fails for document time stamps, see getMethod() and verifyTimeStampCertificateSimplified().
[in] | aParameters | verification parameters or null for default parameters. |
int verifyTimeStampCertificateChain | ( | SignDocVerificationParameters | aParameters | ) | throws SignDocException |
Verify the certificate chain of the RFC 3161 time stamp.
getErrorMessage() will return an error message if this function fails (return value not rc_ok) or the verification result returned is not ccs_ok.
Call getTimeStampCertificateRevocationState() after this function to get the revocation state.
[in] | aParameters | verification parameters or null for default parameters. |
int verifyTimeStampCertificateSimplified | ( | SignDocVerificationParameters | aParameters | ) | throws SignDocException |
Simplified verification of the certificate chain and revocation status of the RFC 3161 time stamp.
This function just returns a good / not good value according to policies defined by the arguments. It does not tell the caller what exactly is wrong. However, getErrorMessage() will return an error message if this function fails. Do not attempt to base decisions on that error message, please use verifyCertificateChain() instead of this function if you need details about the failure.
For integer parameter "CertificateChainVerificationPolicy", SignDocVerificationParameters.ccvp_accept_self_signed_with_bio and SignDocVerificationParameters.ccvp_accept_self_signed_with_rsa_bio are treated like SignDocVerificationParameters.ccvp_accept_self_signed.
[in] | aParameters | Verification parameters or null for default parameters. |
|
static |
Certificate chain state: Chain broken.
No chain leading to a self-signed certificate could be built.
|
static |
Certificate chain state: A certificate has an unknown critical extension.
|
static |
Certificate chain state: Other error.
|
static |
Certificate chain state: Invalid certificate or chain.
|
static |
Certificate chain state: A certificate is not yet valid or is expired.
|
static |
Certificate chain state: Chain OK.
|
static |
Certificate chain state: Path length constraint not satisfied.
|
static |
Certificate chain state: Untrusted root certificate.
|
static |
Certificate revocation state: Error.
|
static |
Certificate revocation state: Revocation not checked.
|
static |
Certificate revocation state: Revocation server is offline.
|
static |
Certificate revocation state: No certificate revoked.
|
static |
Certificate revocation state: At least one certificate has been revoked.
|
static |
Modification state of the document for a certain signature: All the modifications are allowed by the signature.
|
static |
Modification state of the document for a certain signature: There are modifications that are not allowed by the signature.
|
static |
Modification state of the document for a certain signature: The document has not been modified since the signature was added.
|
static |
Return value: invalid argument.
|
static |
Return value: not supported.
|
static |
Return value: not verified.
|
static |
Return value: OK.
|
static |
Signature state: No error, signature and document verified, document modified by adding data to the signed document.
|
static |
Signature state: Document modified (possibly forged).
|
static |
Signature state: Signature field without signature.
|
static |
Signature state: Invalid certificate.
|
static |
Signature state: No error, signature and document verified.
|
static |
Signature state: Unsupported signature method.
|
static |
State of the RFC 3161 time stamp: Invalid.
An RFC 3161 time stamp is present but invalid.
|
static |
State of the RFC 3161 time stamp: There is no RFC 3161 time stamp.
|
static |
State of the RFC 3161 time stamp: No error.
An RFC 3161 time stamp is present and valid (but you have to check the certificate chain and revocation).