/// <summary>
/// Checks if the signature covers the whole document
/// and throws an exception if the document was altered
/// </summary>
/// <returns>a PdfPKCS7 object</returns>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
protected internal virtual PdfPKCS7 CoversWholeDocument()
{
PdfPKCS7 pkcs7 = sgnUtil.VerifySignature(signatureName);
if (sgnUtil.SignatureCoversWholeDocument(signatureName))
{
LOGGER.Info("The timestamp covers whole document.");
}
else
{
throw new VerificationException((X509Certificate)null, "Signature doesn't cover whole document.");
}
if (pkcs7.Verify())
{
LOGGER.Info("The signed document has not been modified.");
return(pkcs7);
}
else
{
throw new VerificationException((X509Certificate)null, "The document was altered after the final signature was applied."
);
}
}
/// <summary>Add verification for a particular signature.</summary>
/// <param name="signatureName">the signature to validate (it may be a timestamp)</param>
/// <param name="ocsp">the interface to get the OCSP</param>
/// <param name="crl">the interface to get the CRL</param>
/// <param name="certOption">options as to how many certificates to include</param>
/// <param name="level">the validation options to include</param>
/// <param name="certInclude">certificate inclusion options</param>
/// <returns>true if a validation was generated, false otherwise</returns>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
/// <exception cref="System.IO.IOException"/>
public virtual bool AddVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, LtvVerification.CertificateOption
certOption, LtvVerification.Level level, LtvVerification.CertificateInclusion certInclude)
{
if (used)
{
throw new InvalidOperationException(PdfException.VerificationAlreadyOutput);
}
PdfPKCS7 pk = sgnUtil.VerifySignature(signatureName);
LOGGER.Info("Adding verification for " + signatureName);
X509Certificate[] xc = pk.GetCertificates();
X509Certificate cert;
X509Certificate signingCert = pk.GetSigningCertificate();
LtvVerification.ValidationData vd = new LtvVerification.ValidationData();
for (int k = 0; k < xc.Length; ++k)
{
cert = (X509Certificate)xc[k];
LOGGER.Info("Certificate: " + cert.SubjectDN);
if (certOption == LtvVerification.CertificateOption.SIGNING_CERTIFICATE && !cert.Equals(signingCert))
{
continue;
}
byte[] ocspEnc = null;
if (ocsp != null && level != LtvVerification.Level.CRL)
{
ocspEnc = ocsp.GetEncoded(cert, GetParent(cert, xc), null);
if (ocspEnc != null)
{
vd.ocsps.Add(BuildOCSPResponse(ocspEnc));
LOGGER.Info("OCSP added");
}
}
if (crl != null && (level == LtvVerification.Level.CRL || level == LtvVerification.Level.OCSP_CRL || (level
== LtvVerification.Level.OCSP_OPTIONAL_CRL && ocspEnc == null)))
{
ICollection <byte[]> cims = crl.GetEncoded(cert, null);
if (cims != null)
{
foreach (byte[] cim in cims)
{
bool dup = false;
foreach (byte[] b in vd.crls)
{
if (JavaUtil.ArraysEquals(b, cim))
{
dup = true;
break;
}
}
if (!dup)
{
vd.crls.Add(cim);
LOGGER.Info("CRL added");
}
}
}
}
if (certInclude == LtvVerification.CertificateInclusion.YES)
{
vd.certs.Add(cert.GetEncoded());
}
}
if (vd.crls.Count == 0 && vd.ocsps.Count == 0)
{
return(false);
}
validated.Put(GetSignatureHashKey(signatureName), vd);
return(true);
}