static void addLTVToStream(Stream source, Stream destination, IOcspClient ocsp, ICrlClient crl,
LtvVerification.Level timestampLevel, LtvVerification.Level signatureLevel)
{
PdfDocument pdfDoc = new PdfDocument(new PdfReader(source),
new PdfWriter(destination),
new StampingProperties().UseAppendMode());
LtvVerification v = new LtvVerification(pdfDoc);
SignatureUtil signatureUtil = new SignatureUtil(pdfDoc);
IList <string> names = signatureUtil.GetSignatureNames();
String sigName = names[(names.Count - 1)];
PdfPKCS7 pkcs7 = signatureUtil.ReadSignatureData(sigName);
if (pkcs7.IsTsp())
{
v.AddVerification(sigName, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN,
timestampLevel, LtvVerification.CertificateInclusion.YES);
}
else
{
foreach (String name in names)
{
v.AddVerification(name, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN,
signatureLevel, LtvVerification.CertificateInclusion.YES);
}
}
v.Merge();
pdfDoc.Close();
}
/// <summary>Add verification for a particular signature.</summary>
/// <param name="signatureName">the signature to validate (it may be a timestamp)</param>
/// <param name="ocsp">the interface to get the OCSP</param>
/// <param name="crl">the interface to get the CRL</param>
/// <param name="certOption">options as to how many certificates to include</param>
/// <param name="level">the validation options to include</param>
/// <param name="certInclude">certificate inclusion options</param>
/// <returns>true if a validation was generated, false otherwise</returns>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
/// <exception cref="System.IO.IOException"/>
public virtual bool AddVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, LtvVerification.CertificateOption
certOption, LtvVerification.Level level, LtvVerification.CertificateInclusion certInclude)
{
if (used)
{
throw new InvalidOperationException(PdfException.VerificationAlreadyOutput);
}
PdfPKCS7 pk = sgnUtil.VerifySignature(signatureName);
LOGGER.Info("Adding verification for " + signatureName);
X509Certificate[] xc = pk.GetCertificates();
X509Certificate cert;
X509Certificate signingCert = pk.GetSigningCertificate();
LtvVerification.ValidationData vd = new LtvVerification.ValidationData();
for (int k = 0; k < xc.Length; ++k)
{
cert = (X509Certificate)xc[k];
LOGGER.Info("Certificate: " + cert.SubjectDN);
if (certOption == LtvVerification.CertificateOption.SIGNING_CERTIFICATE && !cert.Equals(signingCert))
{
continue;
}
byte[] ocspEnc = null;
if (ocsp != null && level != LtvVerification.Level.CRL)
{
ocspEnc = ocsp.GetEncoded(cert, GetParent(cert, xc), null);
if (ocspEnc != null)
{
vd.ocsps.Add(BuildOCSPResponse(ocspEnc));
LOGGER.Info("OCSP added");
}
}
if (crl != null && (level == LtvVerification.Level.CRL || level == LtvVerification.Level.OCSP_CRL || (level
== LtvVerification.Level.OCSP_OPTIONAL_CRL && ocspEnc == null)))
{
ICollection <byte[]> cims = crl.GetEncoded(cert, null);
if (cims != null)
{
foreach (byte[] cim in cims)
{
bool dup = false;
foreach (byte[] b in vd.crls)
{
if (JavaUtil.ArraysEquals(b, cim))
{
dup = true;
break;
}
}
if (!dup)
{
vd.crls.Add(cim);
LOGGER.Info("CRL added");
}
}
}
}
if (certInclude == LtvVerification.CertificateInclusion.YES)
{
vd.certs.Add(cert.GetEncoded());
}
}
if (vd.crls.Count == 0 && vd.ocsps.Count == 0)
{
return(false);
}
validated.Put(GetSignatureHashKey(signatureName), vd);
return(true);
}
