/** * Add verification for a particular signature * @param signatureName the signature to validate (it may be a timestamp) * @param ocsp the interface to get the OCSP * @param crl the interface to get the CRL * @param certOption * @param level the validation options to include * @param certInclude * @return true if a validation was generated, false otherwise * @throws Exception */ virtual public bool AddVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, CertificateOption certOption, Level level, CertificateInclusion certInclude) { if (used) throw new InvalidOperationException(MessageLocalization.GetComposedMessage("verification.already.output")); PdfPKCS7 pk = acroFields.VerifySignature(signatureName); LOGGER.Info("Adding verification for " + signatureName); X509Certificate[] xc = pk.Certificates; X509Certificate cert; X509Certificate signingCert = pk.SigningCertificate; ValidationData vd = new ValidationData(); for (int k = 0; k < xc.Length; ++k) { cert = xc[k]; LOGGER.Info("Certificate: " + cert.SubjectDN); if (certOption == CertificateOption.SIGNING_CERTIFICATE && !cert.Equals(signingCert)) { continue; } byte[] ocspEnc = null; if (ocsp != null && level != Level.CRL) { ocspEnc = ocsp.GetEncoded(cert, GetParent(cert, xc), null); if (ocspEnc != null) { vd.ocsps.Add(BuildOCSPResponse(ocspEnc)); LOGGER.Info("OCSP added"); } } if (crl != null && (level == Level.CRL || level == Level.OCSP_CRL || (level == Level.OCSP_OPTIONAL_CRL && ocspEnc == null))) { ICollection<byte[]> cims = crl.GetEncoded(xc[k], null); if (cims != null) { foreach (byte[] cim in cims) { bool dup = false; foreach (byte[] b in vd.crls) { if (Arrays.AreEqual(b, cim)) { dup = true; break; } } if (!dup) { vd.crls.Add(cim); LOGGER.Info("CRL added"); } } } } if (certInclude == CertificateInclusion.YES) { vd.certs.Add(xc[k].GetEncoded()); } } if (vd.crls.Count == 0 && vd.ocsps.Count == 0) return false; validated[GetSignatureHashKey(signatureName)] = vd; return true; }
/** * Add verification for a particular signature * @param signatureName the signature to validate (it may be a timestamp) * @param ocsp the interface to get the OCSP * @param crl the interface to get the CRL * @param certOption * @param level the validation options to include * @param certInclude * @return true if a validation was generated, false otherwise * @throws Exception */ public bool AddVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, CertificateOption certOption, Level level, CertificateInclusion certInclude) { if (used) throw new InvalidOperationException(MessageLocalization.GetComposedMessage("verification.already.output")); PdfPKCS7 pk = acroFields.VerifySignature(signatureName); X509Certificate[] xc = pk.SignCertificateChain; ValidationData vd = new ValidationData(); for (int k = 0; k < xc.Length; ++k) { byte[] ocspEnc = null; if (ocsp != null && level != Level.CRL && k < xc.Length - 1) { ocspEnc = ocsp.GetEncoded(xc[k], xc[k + 1], null); if (ocspEnc != null) vd.ocsps.Add(BuildOCSPResponse(ocspEnc)); } if (crl != null && (level == Level.CRL || level == Level.OCSP_CRL || (level == Level.OCSP_OPTIONAL_CRL && ocspEnc == null))) { byte[] cim = crl.GetEncoded(xc[k], null); if (cim != null) { bool dup = false; foreach (byte[] b in vd.crls) { if (Arrays.AreEqual(b, cim)) { dup = true; break; } } if (!dup) vd.crls.Add(cim); } } if (certOption == CertificateOption.SIGNING_CERTIFICATE) break; } if (vd.crls.Count == 0 && vd.ocsps.Count == 0) return false; if (certInclude == CertificateInclusion.YES) { foreach (X509Certificate c in xc) { vd.certs.Add(c.GetEncoded()); } } validated[GetSignatureHashKey(signatureName)] = vd; return true; }
/** * Add verification for a particular signature * @param signatureName the signature to validate (it may be a timestamp) * @param ocsp the interface to get the OCSP * @param crl the interface to get the CRL * @param certOption * @param level the validation options to include * @param certInclude * @return true if a validation was generated, false otherwise * @throws Exception */ public bool AddVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, CertificateOption certOption, Level level, CertificateInclusion certInclude) { if (used) { throw new InvalidOperationException(MessageLocalization.GetComposedMessage("verification.already.output")); } PdfPKCS7 pk = acroFields.VerifySignature(signatureName); LOGGER.Info("Adding verification for " + signatureName); X509Certificate[] xc = pk.Certificates; X509Certificate cert; X509Certificate signingCert = pk.SigningCertificate; ValidationData vd = new ValidationData(); for (int k = 0; k < xc.Length; ++k) { cert = xc[k]; LOGGER.Info("Certificate: " + cert.SubjectDN); if (certOption == CertificateOption.SIGNING_CERTIFICATE && !cert.Equals(signingCert)) { continue; } byte[] ocspEnc = null; if (ocsp != null && level != Level.CRL) { ocspEnc = ocsp.GetEncoded(cert, GetParent(cert, xc), null); if (ocspEnc != null) { vd.ocsps.Add(BuildOCSPResponse(ocspEnc)); LOGGER.Info("OCSP added"); } } if (crl != null && (level == Level.CRL || level == Level.OCSP_CRL || (level == Level.OCSP_OPTIONAL_CRL && ocspEnc == null))) { ICollection <byte[]> cims = crl.GetEncoded(xc[k], null); if (cims != null) { foreach (byte[] cim in cims) { bool dup = false; foreach (byte[] b in vd.crls) { if (Arrays.AreEqual(b, cim)) { dup = true; break; } } if (!dup) { vd.crls.Add(cim); LOGGER.Info("CRL added"); } } } } if (certInclude == CertificateInclusion.YES) { vd.certs.Add(xc[k].GetEncoded()); } } if (vd.crls.Count == 0 && vd.ocsps.Count == 0) { return(false); } validated[GetSignatureHashKey(signatureName)] = vd; return(true); }
/** * Add verification for a particular signature * @param signatureName the signature to validate (it may be a timestamp) * @param ocsp the interface to get the OCSP * @param crl the interface to get the CRL * @param certOption * @param level the validation options to include * @param certInclude * @return true if a validation was generated, false otherwise * @throws Exception */ public bool AddVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, CertificateOption certOption, Level level, CertificateInclusion certInclude) { if (used) { throw new InvalidOperationException(MessageLocalization.GetComposedMessage("verification.already.output")); } PdfPKCS7 pk = acroFields.VerifySignature(signatureName); X509Certificate[] xc = pk.SignCertificateChain; ValidationData vd = new ValidationData(); for (int k = 0; k < xc.Length; ++k) { byte[] ocspEnc = null; if (ocsp != null && level != Level.CRL && k < xc.Length - 1) { ocspEnc = ocsp.GetEncoded(xc[k], xc[k + 1], null); if (ocspEnc != null) { vd.ocsps.Add(BuildOCSPResponse(ocspEnc)); } } if (crl != null && (level == Level.CRL || level == Level.OCSP_CRL || (level == Level.OCSP_OPTIONAL_CRL && ocspEnc == null))) { ICollection <byte[]> cims = crl.GetEncoded((X509Certificate)xc[k], null); if (cims != null) { foreach (byte[] cim in cims) { bool dup = false; foreach (byte[] b in vd.crls) { if (Arrays.AreEqual(b, cim)) { dup = true; break; } } if (!dup) { vd.crls.Add(cim); } } } } if (certOption == CertificateOption.SIGNING_CERTIFICATE) { break; } } if (vd.crls.Count == 0 && vd.ocsps.Count == 0) { return(false); } if (certInclude == CertificateInclusion.YES) { foreach (X509Certificate c in xc) { vd.certs.Add(c.GetEncoded()); } } validated[GetSignatureHashKey(signatureName)] = vd; return(true); }