com.qoppa.pdf

Class SignatureValidity

java.lang.Object

com.qoppa.pdf.SignatureValidity

public class SignatureValidity
extends Object

This class returns information about the validity of a signature within the PDF document. To determine whether a signature is completely valid, the host application can call the isAllValid() method. If isAllValid returns false, the application can call isValidWithWarning() to determine if the signature is valid but has warnings or isNotValid() to determine if the signature is not valid at all.

The host application can use any of the is...() methods to determine the cause of the signature status and it can also call getValidityText() to get a textual description of the signature status.

Author:

Qoppa Software

Constructor Summary

Constructors

Constructor and Description
SignatureValidity()

Method Summary

Modifier and Type	Method and Description
void	drawSmallIcon(Component c, Graphics2D g2d) Draws a small icon that reflects the validity state of the signature.
Throwable	getException() Returns any exception when reading the signature.
String	getExceptionMessage() Returns a message associated with an exception when reading the signature.
Icon	getLargeIcon() Returns an Icon that will draw the status of the signature with the same rules as drawSmallIcon().
Icon	getSmallIcon()
List<String>	getValidationMessages() This method returns a list of messages related to the validity of the certificates, timestamp, key usage, and byte range.
String	getValidityText() Returns a textual description of the state of the signature.
boolean	isAllValid() Checks if the signature is completely valid.
boolean	isContentAppended() Gets a flag that indicates if there has been any content appended to this PDF.
boolean	isDocReconstructed() Gets the value of the document reconstructed flag.
boolean	isDocumentTimestamp() Return a flag indicating whether this signature is a document timestamp.
boolean	isNotValid() This method checks if the signature is considered NOT VALID.
boolean	isTested() Returns a flag indicating if this signature has been tested.
boolean	isTrustedChain() Gets the value of the trusted chain flag.
boolean	isTSTrustedChain() Returns whether the TSA certificate chain is trusted.
boolean	isTSValid() If there is a time stamp token, returns whether it is valid.
boolean	isTSValidCertificate() If there is a time stamp token, returns whether its certificate is valid.
boolean	isValidByteRange() Gets the value of the byte range flag.
boolean	isValidCertificateChain() Returns the status of the certificate chain validity.
boolean	isValidExpiration() Gets the value of the valid expiration flag.
boolean	isValidKeyUsage() Returns whether the key usage is valid.
boolean	isValidPadesCertificate() Returns true if this is a PAdES signature and the certificate is valid OR if this is not a PAdES signature.
boolean	isValidRevocationList() Returns the status of the revocation list validity.
boolean	isValidSignatureHash() Returns a flag indicating whether the stored signature hash matches the calculated signature hash.
boolean	isValidSignatureObject() Gets a flag that indicates whether the signature object was readable.
boolean	isValidTimestamp() Returns a flag indicating whether the signature has a valid timestamp.
boolean	isValidWithWarning() Returns true if the signature is considered valid but has warnings associated with it.
void	setContentAppended(boolean contentAppended) Sets the content appended flag.
void	setDocReconstructed(boolean docReconstructed) Sets the value of the document reconstructed flag.
void	setDocumentTimestamp(boolean documentTimestamp) Set the document timestamp flag.
void	setException(Throwable t, String msg) Sets the exception when reading the signature.
void	setTested(boolean tested) Sets flag indicating that this signature has been tested.
void	setTrustedChain(boolean trustedChain) Sets the value of the trusted chain flag.
void	setTSTrustedChain(boolean tsTrustedChain) Sets the flag to indicate if the TSA certificate chain is trusted.
void	setTSValid(boolean valid) Sets the flag to indicate that if a time stamp is present, if it is valid
void	setTSValidCertificate(boolean valid) Sets the flag to indicate that if a time stamp is present that its certificate is valid.
void	setValidByteRange(boolean validByteRange) Sets the value of the byte range flag.
void	setValidCertificateChain(boolean validCertificateChain) Sets the status of the certificate chain validity.
void	setValidExpiration(boolean validExpiration) Sets the value of the expiration flag.
void	setValidKeyUsage(boolean validKeyUsage) Sets the flag to indicate that the key usage is valid.
void	setValidPadesCertificate(boolean validPadesCertificate) Set the flag to indicate if the PAdES certificate is valid.
void	setValidRevocationList(boolean validRevocationList) Sets the status of the revocation list validity.
void	setValidSignatureHash(boolean validSignatureHash) Sets the flag that indicates that the stored signature hash matches the calculated signature hash.
void	setValidSignatureObject(boolean validSignatureObject) Sets the value of the valid signature object flag.
void	setValidTimestamp(boolean validTimestamp) Sets the valid timestamp flag.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SignatureValidity

public SignatureValidity()

Method Detail

isValidCertificateChain

public boolean isValidCertificateChain()

Returns the status of the certificate chain validity.

Returns:

true if the certificate chain is valid, false o.w.

setValidCertificateChain

public void setValidCertificateChain(boolean validCertificateChain)

Sets the status of the certificate chain validity. This method is used internally by the library when verifying a signature.

Parameters:

validCertificateChain - The status of the certificate chain validity.

isValidRevocationList

public boolean isValidRevocationList()

Returns the status of the revocation list validity. When this is false, at least one of the certificates in the certificate chain has been revoked.

Returns:

true if none of the certificates has been revoked.

setValidRevocationList

public void setValidRevocationList(boolean validRevocationList)

Sets the status of the revocation list validity. This method is used internally by the library when verifying a signature.

Parameters:

validRevocationList - The status of the revocation list validity.

isValidSignatureHash

public boolean isValidSignatureHash()

Returns a flag indicating whether the stored signature hash matches the calculated signature hash.

Returns:

true if the stored signature hash matches the calculated signature hash.

setValidSignatureHash

public void setValidSignatureHash(boolean validSignatureHash)

Sets the flag that indicates that the stored signature hash matches the calculated signature hash. This method is used internally by the library when verifying a signature.

Parameters:

validSignatureHash - Whether the signature hashes match.

isDocumentTimestamp

public boolean isDocumentTimestamp()

Return a flag indicating whether this signature is a document timestamp.

Returns:

true if this signature is a document timestamp.

setDocumentTimestamp

public void setDocumentTimestamp(boolean documentTimestamp)

Set the document timestamp flag.

Parameters:

documentTimestamp - The new value of the document timestamp flag.

isValidTimestamp

public boolean isValidTimestamp()

Returns a flag indicating whether the signature has a valid timestamp.

Returns:

true if the signature has a valid timestamp.

setValidTimestamp

public void setValidTimestamp(boolean validTimestamp)

Sets the valid timestamp flag. This method is used internally by the library when verifying a signature.

Parameters:

validTimestamp - The new value of the valid timestamp flag.

isAllValid

public boolean isAllValid()

Checks if the signature is completely valid. The signature is completely valid if it passes all checks:

- There were no errors reading and decoding the signature. - The stored signature hash matches the calculated signature hash. - There were no errors reading the certificate chain. - None of the certificates in the certificate chain are revoked. - The start and expiration dates are valid. - The signature timestamp is valid. - The certificate chain starts with a trusted CA. - No content changed or appended to the document. - The key usage is valid.

Returns:

true if the signature is completely valid, false o.w.

isValidWithWarning

public boolean isValidWithWarning()

Returns true if the signature is considered valid but has warnings associated with it. When this method returns false, it is equivalent to the condition where a viewer would display a question mark on the signature.

Returns:

true If the signature is completely valid or it is valid but has warnings.

isNotValid

public boolean isNotValid()

This method checks if the signature is considered NOT VALID. A signature is not valid under the following conditions:

- There was an error decoding the signature.
- The stored signature hash does not match the calculated signature hash (isValidSignatureHash() == false)
- One of the certificates in the signature has been revoked (isValidRevocationList() == false)
- There was an exception reading the certificate chain in the signature (isValidCertificateChain() == false)
- The key usage is invalid

Returns:

true if the signature is NOT VALID, false o.w.

isValidExpiration

public boolean isValidExpiration()

Gets the value of the valid expiration flag. This flag indicates whether the start and expiration dates on the signature are valid and within range.

Returns:

The value of the expiration flag.

setValidExpiration

public void setValidExpiration(boolean validExpiration)

Sets the value of the expiration flag. This method is used internally by the library when verifying a signature.

Parameters:

validExpiration - The new value of the expiration flag.

isTrustedChain

public boolean isTrustedChain()

Gets the value of the trusted chain flag. This flag indicates whether the chain of certificates in the signature starts with a certificate from a trusted certificate authority (CA)

Returns:

The value of the trusted chain flag.

setTrustedChain

public void setTrustedChain(boolean trustedChain)

Sets the value of the trusted chain flag. This method is used internally by the library when verifying a signature.

Parameters:

trustedChain - The new value of the trusted chain flag.

isValidByteRange

public boolean isValidByteRange()

Gets the value of the byte range flag. This flag indicates whether the byte range in the signature covers the entire file, including the signature dictionary but excluding the signature value itself.

Returns:

The value of the byte range flag.

setValidByteRange

public void setValidByteRange(boolean validByteRange)

Sets the value of the byte range flag. This method is used internally by the library when verifying a signature.

Parameters:

validByteRange - The new value of the byte range flag.

isDocReconstructed

public boolean isDocReconstructed()

Gets the value of the document reconstructed flag. This flag indicates whether there was a problem reading the xref table that resulted in the document being reconstructed.

Returns:

The value of the document reconstructed flag.

setDocReconstructed

public void setDocReconstructed(boolean docReconstructed)

Sets the value of the document reconstructed flag. This method is used internally by the library when verifying a signature.

Parameters:

docReconstructed - The new value of the document reconstructed flag.

drawSmallIcon

public void drawSmallIcon(Component c,
                          Graphics2D g2d)

Draws a small icon that reflects the validity state of the signature. The icon can be a green checkmark if the signature is completely valid, a warning symbol if the signature is valid but has warnings or a red X if the signature is not valid.

Parameters:

c - The component used to obtain relevant properties.

g2d - The graphics object on which to draw the icon.

getLargeIcon

public Icon getLargeIcon()

Returns an Icon that will draw the status of the signature with the same rules as drawSmallIcon().

Returns:

Returns an icon that represents the status of this signature:

- Green check mark when the signature is valid. - Blue question mark when the signature has some warnings. - Red X when the signature is invalid.

getSmallIcon

public Icon getSmallIcon()

getValidityText

public String getValidityText()

Returns a textual description of the state of the signature. This method looks at all the different flags and composes a human readable description of the validity of the signature.

Returns:

A text description of the signature validity.

getValidationMessages

public List<String> getValidationMessages()

This method returns a list of messages related to the validity of the certificates, timestamp, key usage, and byte range. This covers a subset of the validation flags, so check individual flags to get the complete validation.

Returns:

a list of messages related to the validity of the certificates, timestamp, key usage, and byte range. This covers a subset of the validation flags, so check individual flags to get the complete validation.

isValidSignatureObject

public boolean isValidSignatureObject()

Gets a flag that indicates whether the signature object was readable. If there are any errors reading the signature object, this flag is set to false.

Returns:

Flag indicating whether the library was able to read the signature object.

setValidSignatureObject

public void setValidSignatureObject(boolean validSignatureObject)

Sets the value of the valid signature object flag. This method is used internally by the library when verifying a signature.

Parameters:

validSignatureObject - The new value of the valid signature object flag.

getExceptionMessage

public String getExceptionMessage()

Returns a message associated with an exception when reading the signature. If there is an exception reading the signature, the library will set this message to describe the nature of the exception. If there were no exceptions, this method will return null.

Returns:

A message describing an exception if there was one when reading the signature.

getException

public Throwable getException()

Returns any exception when reading the signature.

Returns:

Any exception when reading the signature.

setException

public void setException(Throwable t,
                         String msg)

Sets the exception when reading the signature. This method is used internally by the library when verifying a signature.

Parameters:

t - The exception.

msg - Any message associated with the exception.

isTested

public boolean isTested()

Returns a flag indicating if this signature has been tested.

Returns:

Flag indicating whether this signature has been tested.

setTested

public void setTested(boolean tested)

Sets flag indicating that this signature has been tested. This method is used internally by the library when testing a signature.

Parameters:

tested - The new value of the tested flag.

isContentAppended

public boolean isContentAppended()

Gets a flag that indicates if there has been any content appended to this PDF. If content has been appended, the signature does not cover the additional content, but might still be valid for the original content, if it has not been modified.

Returns:

Flag indicating if content has been added to the PDF.

setContentAppended

public void setContentAppended(boolean contentAppended)

Sets the content appended flag. This method is used internally by the library when verifying a signature.

Parameters:

contentAppended - The new value of the content appended flag.

setTSValid

public void setTSValid(boolean valid)

Sets the flag to indicate that if a time stamp is present, if it is valid

Parameters:

valid - Validity of the timestamp.

isTSValid

public boolean isTSValid()

If there is a time stamp token, returns whether it is valid.

Returns:

true if there is a time stamp token and it is valid.

setTSValidCertificate

public void setTSValidCertificate(boolean valid)

Sets the flag to indicate that if a time stamp is present that its certificate is valid.

Parameters:

valid - Validity of the timestamp certificate.

isTSValidCertificate

public boolean isTSValidCertificate()

If there is a time stamp token, returns whether its certificate is valid.

Returns:

true if the time stamp token certificate is valid.

setValidKeyUsage

public void setValidKeyUsage(boolean validKeyUsage)

Sets the flag to indicate that the key usage is valid.

Parameters:

validKeyUsage - Validity of the key usage.

isValidKeyUsage

public boolean isValidKeyUsage()

Returns whether the key usage is valid.

Returns:

true if the KU field allows for signing documents

setTSTrustedChain

public void setTSTrustedChain(boolean tsTrustedChain)

Sets the flag to indicate if the TSA certificate chain is trusted.

Parameters:

tsTrustedChain - Trusted status of the TSA certificate chain.

isTSTrustedChain

public boolean isTSTrustedChain()

Returns whether the TSA certificate chain is trusted.

Returns:

true if the TSA certificate chain is trusted.

setValidPadesCertificate

public void setValidPadesCertificate(boolean validPadesCertificate)

Set the flag to indicate if the PAdES certificate is valid.

Parameters:

validPadesCertificate - true if the PAdES certificate is valid.

isValidPadesCertificate

public boolean isValidPadesCertificate()

Returns true if this is a PAdES signature and the certificate is valid OR if this is not a PAdES signature. False if it's a CAdES signature with an invalid certificate.

Returns:

true if this is a PAdES signature and the certificate is valid OR if this is not a PAdES signature. False if it's a CAdES signature with an invalid certificate.