private List<CrlClient> generateCRLClientList(Certificate[] chain){ List<CrlClient> crlList = new ArrayList<CrlClient>(); crlList.add(new CrlClientOnline(chain)); return crlList; }
/** * <a href="http://stackoverflow.com/questions/35134568/itext-ltv-enabled-how-to-add-more-crls"> * iText LTV enabled - how to add more CRLs? * </a> * <p> * The original addLtv method of the OP modified merely to allow the * source PDF to be given as {@link InputStream} instead of {@link String}. * </p> */ public void addLtvJanPokorny(InputStream src, String dest) throws IOException, DocumentException, GeneralSecurityException { PdfReader r = new PdfReader(src); FileOutputStream fos = new FileOutputStream(dest); PdfStamper stp = new PdfStamper(r, fos, '\0', true); LtvVerification v = stp.getLtvVerification(); AcroFields fields = stp.getAcroFields(); ArrayList<String> names = fields.getSignatureNames(); String sigName = names.get(names.size() - 1); System.out.println("found signature: " + sigName); PdfPKCS7 pkcs7 = fields.verifySignature(sigName); //add LTV OcspClient ocsp = new OcspClientBouncyCastle(); CrlClient crlClient1 = new CrlClientOnline("http://www.postsignum.cz/crl/psrootqca2.crl"); ArrayList<CrlClient> crllist = new ArrayList<CrlClient>(); crllist.add(crlClient1); CrlClient crlClient2 = new CrlClientOnline("http://www.postsignum.cz/crl/pspublicca2.crl"); crllist.add(crlClient2); System.out.println("crllist.size=" + crllist.size()); if (pkcs7.isTsp()) { for (CrlClient crlclient : crllist) { if (v.addVerification(sigName, new OcspClientBouncyCastle(), crlclient, LtvVerification.CertificateOption.SIGNING_CERTIFICATE, LtvVerification.Level.CRL, LtvVerification.CertificateInclusion.NO)) { System.out.println("crl " + crlclient.toString() + " added to timestamp"); } } } else { for (String name : names) { for (int i = 0; i < crllist.size(); i++) { if (v.addVerification(name, ocsp, crllist.get(i), LtvVerification.CertificateOption.WHOLE_CHAIN, LtvVerification.Level.CRL, LtvVerification.CertificateInclusion.NO)) { System.out.println("crl " + crllist.get(i).toString() + " added to " + name); } if (i > 0) { System.out.println("found verification, merge"); v.merge(); } } } } stp.close(); }
/** * <a href="http://stackoverflow.com/questions/35134568/itext-ltv-enabled-how-to-add-more-crls"> * iText LTV enabled - how to add more CRLs? * </a> * <p> * The original addLtv method of the OP modified to allow the source PDF * to be given as {@link InputStream} instead of {@link String} and fixed * to properly use multiple CRLs. * </p> */ public void addLtvFixed(InputStream src, String dest) throws IOException, DocumentException, GeneralSecurityException { PdfReader r = new PdfReader(src); FileOutputStream fos = new FileOutputStream(dest); PdfStamper stp = new PdfStamper(r, fos, '\0', true); LtvVerification v = stp.getLtvVerification(); AcroFields fields = stp.getAcroFields(); ArrayList<String> names = fields.getSignatureNames(); String sigName = names.get(names.size() - 1); System.out.println("found signature: " + sigName); PdfPKCS7 pkcs7 = fields.verifySignature(sigName); //add LTV OcspClient ocsp = new OcspClientBouncyCastle(); CrlClient crlClient = new CrlClientOnline("http://www.postsignum.cz/crl/psrootqca2.crl", "http://www.postsignum.cz/crl/pspublicca2.crl"); if (pkcs7.isTsp()) { if (v.addVerification(sigName, new OcspClientBouncyCastle(), crlClient, LtvVerification.CertificateOption.SIGNING_CERTIFICATE, LtvVerification.Level.CRL, LtvVerification.CertificateInclusion.NO)) { System.out.println("crl " + crlClient.toString() + " added to timestamp"); } } else { for (String name : names) { if (v.addVerification(name, ocsp, crlClient, LtvVerification.CertificateOption.WHOLE_CHAIN, LtvVerification.Level.CRL, LtvVerification.CertificateInclusion.NO)) { System.out.println("crl " + crlClient.toString() + " added to " + name); } } } stp.close(); }