VerificationOptions
extends Objectimplements AutoCloseable
| java.lang.Object | |
| ↳ | com.pdftron.pdf.VerificationOptions |
Class Overview
Options pertaining to digital signature verification.
Summary
| Nested Classes | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| enum | VerificationOptions.CertificateTrustFlag | An enumeration representing the level of trust associated with a particular certificate. | |||||||||
| enum | VerificationOptions.SecurityLevel | An enumeration representing the level of security to use when verifying digital signatures. | |||||||||
| enum | VerificationOptions.TimeMode | An enumeration representing the least-secure type of reference-time to use when verifying digital signatures. | |||||||||
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| VerificationOptions(long impl_ptr) | |||||||||||
|
VerificationOptions(VerificationOptions.SecurityLevel in_level)
Constructs a set of options for digital signature verification.
| |||||||||||
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| long | __GetHandle() | ||||||||||
| void |
addTrustedCertificate(byte[] in_certificate_data, long in_trust_flags)
Adds a certificate to the store of trusted certificates inside this options object.
| ||||||||||
| void |
addTrustedCertificate(String in_filepath, long in_trust_flags)
Adds a certificate to the store of trusted certificates inside this options object, by loading it from a file.
| ||||||||||
| void |
addTrustedCertificate(String in_filepath)
Adds a certificate to the store of trusted certificates inside this options object, by loading it from a file.
| ||||||||||
| void |
addTrustedCertificate(byte[] in_certificate_data)
Adds a certificate to the store of trusted certificates inside this options object.
| ||||||||||
| void |
addTrustedCertificates(byte[] in_P7C_binary_DER_certificates_file_data)
Bulk trust list loading API from P7C.
| ||||||||||
| void |
close()
Frees the native memory of the object.
| ||||||||||
| void |
destroy()
Frees the native memory of the object.
| ||||||||||
| void |
enableDigestVerification(boolean in_on_or_off)
Sets a flag that can turn on or off the verification of the digest (cryptographic hash) component of a digital signature.
| ||||||||||
| void |
enableModificationVerification(boolean in_on_or_off)
Sets a flag that can turn on or off the verification of the permissibility of any modifications made to the document after the signing of the digital signature being verified, in terms of the document and field permissions specified by the digital signature being verified.
| ||||||||||
| void |
enableOnlineCRLRevocationChecking(boolean in_on_or_off)
Enables/disables online CRL revocation checking.
| ||||||||||
| void |
enableOnlineOCSPRevocationChecking(boolean in_on_or_off)
Enables/disables online OCSP revocation checking.
| ||||||||||
| void |
enableOnlineRevocationChecking(boolean in_on_or_off)
Enables/disables all online revocation checking modes.
| ||||||||||
| void |
enableTrustVerification(boolean in_on_or_off)
Sets a flag that can turn on or off the verification of the trust status of a digital signature.
| ||||||||||
| X509Certificate |
getTrustedCertificate(int index)
Get the certificate at a specific position in the current list of trusted certificates.
| ||||||||||
| int |
getTrustedCertificateCount()
Get the number of trusted certificates that have been added.
| ||||||||||
| void |
loadTrustList(FDFDoc in_fdf_cert_exchange_data)
Bulk trust list loading API with trust flag support.
| ||||||||||
| void |
setRevocationTimeout(long in_revocation_timeout_milliseconds)
Sets the timeout for online revocation requests.
| ||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
|
From interface
java.lang.AutoCloseable
| |||||||||||
Public Constructors
public VerificationOptions (long impl_ptr)
public VerificationOptions (VerificationOptions.SecurityLevel in_level)
Constructs a set of options for digital signature verification.
Parameters
| in_level | -- the general security level to use. Sets other security settings internally. |
|---|
Throws
| PDFNetException |
|---|
Public Methods
public long __GetHandle ()
public void addTrustedCertificate (byte[] in_certificate_data, long in_trust_flags)
Adds a certificate to the store of trusted certificates inside this options object.
Parameters
| in_certificate_data | -- a buffer consisting of the data of an X.509 public-key certificate encoded in binary DER (Distinguished Encoding Rules) format, or in PEM (appropriate Privacy-Enhanced Mail header+Base64 encoded DER+appropriate footer) format |
|---|---|
| in_trust_flags | -- a combination of trust flags (see enum CertificateTrustFlag) that determine for which situations this certificate should be trusted during trust verification. |
Throws
| PDFNetException |
|---|
public void addTrustedCertificate (String in_filepath, long in_trust_flags)
Adds a certificate to the store of trusted certificates inside this options object, by loading it from a file.
Parameters
| in_filepath | -- a path to a file containing the data of an X.509 public-key certificate encoded in binary DER (Distinguished Encoding Rules) format, or in PEM (appropriate Privacy-Enhanced Mail header+Base64 encoded DER+appropriate footer) format |
|---|---|
| in_trust_flags | -- a combination of trust flags (see enum CertificateTrustFlag) that determine for which situations this certificate should be trusted during trust verification. |
Throws
| PDFNetException |
|---|
public void addTrustedCertificate (String in_filepath)
Adds a certificate to the store of trusted certificates inside this options object, by loading it from a file. This overload uses the e_default_trust CertificateTrustFlag, which matches Acrobat's behaviour, to determine the trust level of the certificate.
Parameters
| in_filepath | -- a path to a file containing the data of an X.509 public-key certificate encoded in binary DER (Distinguished Encoding Rules) format, or in PEM (appropriate Privacy-Enhanced Mail header+Base64 encoded DER+appropriate footer) format |
|---|
Throws
| PDFNetException |
|---|
public void addTrustedCertificate (byte[] in_certificate_data)
Adds a certificate to the store of trusted certificates inside this options object. This overload uses the e_default_trust CertificateTrustFlag, which matches Acrobat's behaviour, to determine the trust level of the certificate.
Parameters
| in_certificate_data | -- a buffer consisting of the data of an X.509 public-key certificate encoded in binary DER (Distinguished Encoding Rules) format, or in PEM (appropriate Privacy-Enhanced Mail header+Base64 encoded DER+appropriate footer) format |
|---|
Throws
| PDFNetException |
|---|
public void addTrustedCertificates (byte[] in_P7C_binary_DER_certificates_file_data)
Bulk trust list loading API from P7C. Attempts to decode the input data as binary DER and trust multiple trusted root certificates from it. Compatible with Acrobat's .P7C format, which is a variation on PKCS #7/CMS that only contains certificates (i.e. no CRLs, no signature, etc.). If a certificate cannot be decoded, this is ignored and an attempt is made to decode the next certificate. This overload takes no account of trust-level flags because none are available in the P7C format. Therefore, when this function is used, all certificates in the P7C file will be loaded as if trusted for everything, which may lead to false positives when compared to other PDF software. (Most applications use the FDF Cert Exchange format.) The FDF-trust-list-loading function "LoadTrustList" should be used instead whenever possible.
Parameters
| in_P7C_binary_DER_certificates_file_data | -- the P7C-format bulk certificate data, encoded in binary DER (Distinguished Encoding Rules) |
|---|
Throws
| PDFNetException |
|---|
public void close ()
Frees the native memory of the object. This can be explicity called to control the deallocation of native memory and avoid situations where the garbage collector does not free the object in a timely manner.
Throws
| PDFNetException |
|---|
public void destroy ()
Frees the native memory of the object. This can be explicity called to control the deallocation of native memory and avoid situations where the garbage collector does not free the object in a timely manner.
Throws
| PDFNetException |
|---|
public void enableDigestVerification (boolean in_on_or_off)
Sets a flag that can turn on or off the verification of the digest (cryptographic hash) component of a digital signature.
Parameters
| in_on_or_off | -- A boolean. |
|---|
Throws
| PDFNetException |
|---|
public void enableModificationVerification (boolean in_on_or_off)
Sets a flag that can turn on or off the verification of the permissibility of any modifications made to the document after the signing of the digital signature being verified, in terms of the document and field permissions specified by the digital signature being verified.
Parameters
| in_on_or_off | -- A boolean. |
|---|
Throws
| PDFNetException |
|---|
public void enableOnlineCRLRevocationChecking (boolean in_on_or_off)
Enables/disables online CRL revocation checking. The default setting is for it to be turned off, but this may change in future versions. CRL checking is off by default because the technology is inherently complicated and resource-intensive, but may help improve verification rate when files are verified against a recent reference-time (e.g. maximum security mode), because online CRLs will be valid within that time. This mode will not be useful for old archival-type ('LTV') documents verified in archiving-and-compatibility security mode, because their online OCSP and/or CRL responder servers may not be alive anymore. However, such LTV documents can be created (if the CRL responder servers are still active) by enabling online checking, verifying, and then embedding the data using DigitalSignatureField.EnableLTVOfflineVerification.
Parameters
| in_on_or_off | -- what setting to use |
|---|
Throws
| PDFNetException |
|---|
public void enableOnlineOCSPRevocationChecking (boolean in_on_or_off)
Enables/disables online OCSP revocation checking. The default setting is for it to be turned on.
Parameters
| in_on_or_off | -- what setting to use |
|---|
Throws
| PDFNetException |
|---|
public void enableOnlineRevocationChecking (boolean in_on_or_off)
Enables/disables all online revocation checking modes. The default settings are that online OCSP is turned on and online CRL is turned off, but the default CRL setting may change in future versions. CRL checking is off by default because the technology is inherently complicated and resource-intensive, but may help improve verification rate when files are verified against a recent reference-time (e.g. maximum security mode), because online CRLs will be valid within that time. This mode will not be useful for old archival-type ('LTV') documents verified in archiving-and-compatibility security mode, because their online OCSP and/or CRL responder servers may not be alive anymore. However, such LTV documents can be created (if the CRL responder servers are still active) by enabling online checking, verifying, and then embedding the data using DigitalSignatureField.EnableLTVOfflineVerification.
Parameters
| in_on_or_off | -- what setting to use. |
|---|
Throws
| PDFNetException |
|---|
public void enableTrustVerification (boolean in_on_or_off)
Sets a flag that can turn on or off the verification of the trust status of a digital signature.
Parameters
| in_on_or_off | -- A boolean. |
|---|
Throws
| PDFNetException |
|---|
public X509Certificate getTrustedCertificate (int index)
Get the certificate at a specific position in the current list of trusted certificates.
Parameters
| index | -- the index of the certificate in the current list |
|---|
Returns
- the certificate at position index in the list
Throws
| PDFNetException |
|---|
public int getTrustedCertificateCount ()
Get the number of trusted certificates that have been added.
Returns
- the number of trusted certificates
Throws
| PDFNetException |
|---|
public void loadTrustList (FDFDoc in_fdf_cert_exchange_data)
Bulk trust list loading API with trust flag support. Loads a trust list that is structured in Acrobat's FDF Data/Cert Exchange format into the VerificationOptions certificate store. Use of this function is strongly recommended instead of the P7C API (i.e. AddTrustedCertificates). Certificates inside the FDF trust list that cannot be decoded and loaded, will be skipped.
Parameters
| in_fdf_cert_exchange_data | -- an FDFDoc from the FDF cert exchange data |
|---|
Throws
| PDFNetException |
|---|
public void setRevocationTimeout (long in_revocation_timeout_milliseconds)
Sets the timeout for online revocation requests.
Parameters
| in_revocation_timeout_milliseconds | The timeout value in milliseconds. |
|---|
Throws
| PDFNetException |
|---|