Package se.swedenconnect.sigval.pdf.pdfstruct

Interface PDFSignatureContext

All Known Implementing Classes:
DefaultPDFSignatureContext
public interface PDFSignatureContext
The PDFSignatureContext interface provides a standard set of functions that can be used to determine the state of a PDF document before and after it was signed such as:
  • Extract the version of the document that was signed by a particular signature
  • Determine if a document has non signature updates applied to the document after the document was signed
  • Determine if a signature covers the visual content that is shown if the full document is displayed
Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

  • Method Summary

    Modifier and Type
    Method
    Description
    List<PDFDocRevision>
    getPdfDocRevisions()
    Getter for PDF document revision data
    List<org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature>
    getSignatures()
    Getter for PDF signature objects in the examined document.
    byte[]
    getSignedDocument(org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature signature)
    Extracts the bytes of the PDF document that was signed by the provided signature
    boolean
    isCoversWholeDocument(org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature signature)
    Test if this signature covers the whole document.
    boolean
    isSignatureExtendedByNonSafeUpdates(org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature signature)
    Check if the pdf document was updated by unsafe updates after this signature was added to the document, where the new update may alter the visual content of the document.

  • Method Details

    • getSignedDocument

      byte[] getSignedDocument(org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature signature) throws IllegalArgumentException
      Extracts the bytes of the PDF document that was signed by the provided signature
      Parameters:
      signature - pdf signature
      Returns:
      the byes signed by the provided signature
      Throws:
      IllegalArgumentException - if the signature is not found or no signed data can be located

    • isSignatureExtendedByNonSafeUpdates

      boolean isSignatureExtendedByNonSafeUpdates(org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature signature) throws IllegalArgumentException
      Check if the pdf document was updated by unsafe updates after this signature was added to the document, where the new update may alter the visual content of the document. Allowed updates are new signatures, document timestamps, DSS extensions and safe context updates such as document info updates in the document trailer caused by re-save by Acrobat reader.

      An update to a PDF document applied after the PDF document was signed invalidates any existing signature unless the update is not a new signature, document timestamp, a DSS store, or safe metadata update

      Some validation policies may require that any new signatures or document timestamps must be trusted and verified for it to be an acceptable update to a signed document

      Parameters:
      signature - the PDF signature
      Returns:
      true if the provided signature was updated by a non signature update
      Throws:
      IllegalArgumentException - on failure to test if the signature was updated by a non signature update

    • isCoversWholeDocument

      boolean isCoversWholeDocument(org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature signature) throws IllegalArgumentException
      Test if this signature covers the whole document.

      Signature is considered to cover the whole document if it is the last update to the PDF document (byte range covers the whole document) or:

      • All new updates are signature, doc timestamp or DSS updates, and
      • Updates to existing objects is limited to the root object, and
      • Root objects contains no changes but allows added items, and
      • Where added items to the root object is limited to "DSS" and "AcroForm
      Parameters:
      signature - The signature tested if it covers the whole document
      Returns:
      true if the signature covers the whole document
      Throws:
      IllegalArgumentException

    • getPdfDocRevisions

      List<PDFDocRevision> getPdfDocRevisions()
      Getter for PDF document revision data
      Returns:
      PDF document revision data for all document revisions

    • getSignatures

      List<org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature> getSignatures()
      Getter for PDF signature objects in the examined document. The purpose of this function is that it avoids creating a new load of the document to obtain the signatures in cases where this signature context processor is used.
      Returns:
      signatures