/// <summary>Adds verification to the signature.</summary>
/// <param name="signatureName">name of the signature</param>
/// <param name="ocsps">collection of ocsp responses</param>
/// <param name="crls">collection of crls</param>
/// <param name="certs">collection of certificates</param>
/// <returns>boolean</returns>
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
public virtual bool AddVerification(String signatureName, ICollection <byte[]> ocsps, ICollection <byte[]> crls
, ICollection <byte[]> certs)
{
if (used)
{
throw new InvalidOperationException(PdfException.VerificationAlreadyOutput);
}
LtvVerification.ValidationData vd = new LtvVerification.ValidationData();
if (ocsps != null)
{
foreach (byte[] ocsp in ocsps)
{
vd.ocsps.Add(BuildOCSPResponse(ocsp));
}
}
if (crls != null)
{
foreach (byte[] crl in crls)
{
vd.crls.Add(crl);
}
}
if (certs != null)
{
foreach (byte[] cert in certs)
{
vd.certs.Add(cert);
}
}
validated.Put(GetSignatureHashKey(signatureName), vd);
return(true);
}
/// <summary>Add verification for a particular signature.</summary>
/// <param name="signatureName">the signature to validate (it may be a timestamp)</param>
/// <param name="ocsp">the interface to get the OCSP</param>
/// <param name="crl">the interface to get the CRL</param>
/// <param name="certOption">options as to how many certificates to include</param>
/// <param name="level">the validation options to include</param>
/// <param name="certInclude">certificate inclusion options</param>
/// <returns>true if a validation was generated, false otherwise</returns>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
/// <exception cref="System.IO.IOException"/>
public virtual bool AddVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, LtvVerification.CertificateOption
certOption, LtvVerification.Level level, LtvVerification.CertificateInclusion certInclude)
{
if (used)
{
throw new InvalidOperationException(PdfException.VerificationAlreadyOutput);
}
PdfPKCS7 pk = sgnUtil.VerifySignature(signatureName);
LOGGER.Info("Adding verification for " + signatureName);
X509Certificate[] xc = pk.GetCertificates();
X509Certificate cert;
X509Certificate signingCert = pk.GetSigningCertificate();
LtvVerification.ValidationData vd = new LtvVerification.ValidationData();
for (int k = 0; k < xc.Length; ++k)
{
cert = (X509Certificate)xc[k];
LOGGER.Info("Certificate: " + cert.SubjectDN);
if (certOption == LtvVerification.CertificateOption.SIGNING_CERTIFICATE && !cert.Equals(signingCert))
{
continue;
}
byte[] ocspEnc = null;
if (ocsp != null && level != LtvVerification.Level.CRL)
{
ocspEnc = ocsp.GetEncoded(cert, GetParent(cert, xc), null);
if (ocspEnc != null)
{
vd.ocsps.Add(BuildOCSPResponse(ocspEnc));
LOGGER.Info("OCSP added");
}
}
if (crl != null && (level == LtvVerification.Level.CRL || level == LtvVerification.Level.OCSP_CRL || (level
== LtvVerification.Level.OCSP_OPTIONAL_CRL && ocspEnc == null)))
{
ICollection <byte[]> cims = crl.GetEncoded(cert, null);
if (cims != null)
{
foreach (byte[] cim in cims)
{
bool dup = false;
foreach (byte[] b in vd.crls)
{
if (JavaUtil.ArraysEquals(b, cim))
{
dup = true;
break;
}
}
if (!dup)
{
vd.crls.Add(cim);
LOGGER.Info("CRL added");
}
}
}
}
if (certInclude == LtvVerification.CertificateInclusion.YES)
{
vd.certs.Add(cert.GetEncoded());
}
}
if (vd.crls.Count == 0 && vd.ocsps.Count == 0)
{
return(false);
}
validated.Put(GetSignatureHashKey(signatureName), vd);
return(true);
}