/**
* Add verification for a particular signature
* @param signatureName the signature to validate (it may be a timestamp)
* @param ocsp the interface to get the OCSP
* @param crl the interface to get the CRL
* @param certOption
* @param level the validation options to include
* @param certInclude
* @return true if a validation was generated, false otherwise
* @throws Exception
*/
virtual public bool AddVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, CertificateOption certOption, Level level, CertificateInclusion certInclude) {
if (used)
throw new InvalidOperationException(MessageLocalization.GetComposedMessage("verification.already.output"));
PdfPKCS7 pk = acroFields.VerifySignature(signatureName);
LOGGER.Info("Adding verification for " + signatureName);
X509Certificate[] xc = pk.Certificates;
X509Certificate cert;
X509Certificate signingCert = pk.SigningCertificate;
ValidationData vd = new ValidationData();
for (int k = 0; k < xc.Length; ++k) {
cert = xc[k];
LOGGER.Info("Certificate: " + cert.SubjectDN);
if (certOption == CertificateOption.SIGNING_CERTIFICATE
&& !cert.Equals(signingCert)) {
continue;
}
byte[] ocspEnc = null;
if (ocsp != null && level != Level.CRL) {
ocspEnc = ocsp.GetEncoded(cert, GetParent(cert, xc), null);
if (ocspEnc != null) {
vd.ocsps.Add(BuildOCSPResponse(ocspEnc));
LOGGER.Info("OCSP added");
}
}
if (crl != null && (level == Level.CRL || level == Level.OCSP_CRL || (level == Level.OCSP_OPTIONAL_CRL && ocspEnc == null))) {
ICollection<byte[]> cims = crl.GetEncoded(xc[k], null);
if (cims != null) {
foreach (byte[] cim in cims) {
bool dup = false;
foreach (byte[] b in vd.crls) {
if (Arrays.AreEqual(b, cim)) {
dup = true;
break;
}
}
if (!dup) {
vd.crls.Add(cim);
LOGGER.Info("CRL added");
}
}
}
}
if (certInclude == CertificateInclusion.YES) {
vd.certs.Add(xc[k].GetEncoded());
}
}
if (vd.crls.Count == 0 && vd.ocsps.Count == 0)
return false;
validated[GetSignatureHashKey(signatureName)] = vd;
return true;
}
/**
* Add verification for a particular signature
* @param signatureName the signature to validate (it may be a timestamp)
* @param ocsp the interface to get the OCSP
* @param crl the interface to get the CRL
* @param certOption
* @param level the validation options to include
* @param certInclude
* @return true if a validation was generated, false otherwise
* @throws Exception
*/
public bool AddVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, CertificateOption certOption, Level level, CertificateInclusion certInclude) {
if (used)
throw new InvalidOperationException(MessageLocalization.GetComposedMessage("verification.already.output"));
PdfPKCS7 pk = acroFields.VerifySignature(signatureName);
X509Certificate[] xc = pk.SignCertificateChain;
ValidationData vd = new ValidationData();
for (int k = 0; k < xc.Length; ++k) {
byte[] ocspEnc = null;
if (ocsp != null && level != Level.CRL && k < xc.Length - 1) {
ocspEnc = ocsp.GetEncoded(xc[k], xc[k + 1], null);
if (ocspEnc != null)
vd.ocsps.Add(BuildOCSPResponse(ocspEnc));
}
if (crl != null && (level == Level.CRL || level == Level.OCSP_CRL || (level == Level.OCSP_OPTIONAL_CRL && ocspEnc == null))) {
byte[] cim = crl.GetEncoded(xc[k], null);
if (cim != null) {
bool dup = false;
foreach (byte[] b in vd.crls) {
if (Arrays.AreEqual(b, cim)) {
dup = true;
break;
}
}
if (!dup)
vd.crls.Add(cim);
}
}
if (certOption == CertificateOption.SIGNING_CERTIFICATE)
break;
}
if (vd.crls.Count == 0 && vd.ocsps.Count == 0)
return false;
if (certInclude == CertificateInclusion.YES) {
foreach (X509Certificate c in xc) {
vd.certs.Add(c.GetEncoded());
}
}
validated[GetSignatureHashKey(signatureName)] = vd;
return true;
}
/**
* Add verification for a particular signature
* @param signatureName the signature to validate (it may be a timestamp)
* @param ocsp the interface to get the OCSP
* @param crl the interface to get the CRL
* @param certOption
* @param level the validation options to include
* @param certInclude
* @return true if a validation was generated, false otherwise
* @throws Exception
*/
public bool AddVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, CertificateOption certOption, Level level, CertificateInclusion certInclude)
{
if (used)
{
throw new InvalidOperationException(MessageLocalization.GetComposedMessage("verification.already.output"));
}
PdfPKCS7 pk = acroFields.VerifySignature(signatureName);
LOGGER.Info("Adding verification for " + signatureName);
X509Certificate[] xc = pk.Certificates;
X509Certificate cert;
X509Certificate signingCert = pk.SigningCertificate;
ValidationData vd = new ValidationData();
for (int k = 0; k < xc.Length; ++k)
{
cert = xc[k];
LOGGER.Info("Certificate: " + cert.SubjectDN);
if (certOption == CertificateOption.SIGNING_CERTIFICATE &&
!cert.Equals(signingCert))
{
continue;
}
byte[] ocspEnc = null;
if (ocsp != null && level != Level.CRL)
{
ocspEnc = ocsp.GetEncoded(cert, GetParent(cert, xc), null);
if (ocspEnc != null)
{
vd.ocsps.Add(BuildOCSPResponse(ocspEnc));
LOGGER.Info("OCSP added");
}
}
if (crl != null && (level == Level.CRL || level == Level.OCSP_CRL || (level == Level.OCSP_OPTIONAL_CRL && ocspEnc == null)))
{
ICollection <byte[]> cims = crl.GetEncoded(xc[k], null);
if (cims != null)
{
foreach (byte[] cim in cims)
{
bool dup = false;
foreach (byte[] b in vd.crls)
{
if (Arrays.AreEqual(b, cim))
{
dup = true;
break;
}
}
if (!dup)
{
vd.crls.Add(cim);
LOGGER.Info("CRL added");
}
}
}
}
if (certInclude == CertificateInclusion.YES)
{
vd.certs.Add(xc[k].GetEncoded());
}
}
if (vd.crls.Count == 0 && vd.ocsps.Count == 0)
{
return(false);
}
validated[GetSignatureHashKey(signatureName)] = vd;
return(true);
}
/**
* Add verification for a particular signature
* @param signatureName the signature to validate (it may be a timestamp)
* @param ocsp the interface to get the OCSP
* @param crl the interface to get the CRL
* @param certOption
* @param level the validation options to include
* @param certInclude
* @return true if a validation was generated, false otherwise
* @throws Exception
*/
public bool AddVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, CertificateOption certOption, Level level, CertificateInclusion certInclude)
{
if (used)
{
throw new InvalidOperationException(MessageLocalization.GetComposedMessage("verification.already.output"));
}
PdfPKCS7 pk = acroFields.VerifySignature(signatureName);
X509Certificate[] xc = pk.SignCertificateChain;
ValidationData vd = new ValidationData();
for (int k = 0; k < xc.Length; ++k)
{
byte[] ocspEnc = null;
if (ocsp != null && level != Level.CRL && k < xc.Length - 1)
{
ocspEnc = ocsp.GetEncoded(xc[k], xc[k + 1], null);
if (ocspEnc != null)
{
vd.ocsps.Add(BuildOCSPResponse(ocspEnc));
}
}
if (crl != null && (level == Level.CRL || level == Level.OCSP_CRL || (level == Level.OCSP_OPTIONAL_CRL && ocspEnc == null)))
{
ICollection <byte[]> cims = crl.GetEncoded((X509Certificate)xc[k], null);
if (cims != null)
{
foreach (byte[] cim in cims)
{
bool dup = false;
foreach (byte[] b in vd.crls)
{
if (Arrays.AreEqual(b, cim))
{
dup = true;
break;
}
}
if (!dup)
{
vd.crls.Add(cim);
}
}
}
}
if (certOption == CertificateOption.SIGNING_CERTIFICATE)
{
break;
}
}
if (vd.crls.Count == 0 && vd.ocsps.Count == 0)
{
return(false);
}
if (certInclude == CertificateInclusion.YES)
{
foreach (X509Certificate c in xc)
{
vd.certs.Add(c.GetEncoded());
}
}
validated[GetSignatureHashKey(signatureName)] = vd;
return(true);
}
