Java 类com.itextpdf.text.pdf.security.CrlClient 实例源码

项目:PdfUtil    文件:PdfSignerV4.java   
public void sign(
    char[] cardPassword, SignatureProcessSettings settings, List<PdfDocument> pdfDocumentsList 
) throws IOException, GeneralSecurityException, DocumentException, HttpException, CertificateException {

    notifyListeners("Lendo SmartCard.");
    certificateProcessor.loadKeystore(cardPassword);

    notifyListeners("Obtendo Alias do Certificado.");
    String firstAlias = certificateProcessor.getFirstAlias();

    if(settings.isValidateSignerCertificateAlias()){
        String validSignerCertificateAlias = settings.getValidSignerCertificateAlias();
        if(!StringValidator.validateString(validSignerCertificateAlias) || !validSignerCertificateAlias.equalsIgnoreCase(firstAlias)){
            notifyListeners("Certificado N�o Autorizado.");
            throw new CertificateException(
                "USU\u00C1RIO N\u00C3O AUTORIZADO A ASSINAR."
                + "\nCERTIFICADO ESPERADO: " + validSignerCertificateAlias
                + "\nCERTIFICADO NO CARTAO: " + firstAlias
            );
        }
    }

    notifyListeners("Lendo Cadeia de Certificados.");
    Certificate[] certificateChain = certificateProcessor.getCertificateChain();

    if(settings.isCheckCertificateValidity()){
        notifyListeners("Checando Validade Do Certificado.");
        boolean isCertificateChainValid = certificateProcessor.isFirstCertificateChainValid();

        if(isCertificateChainValid == false){
            notifyListeners("Certificado Inv�lido.");
            throw new CertificateException("CERTIFICADO EXPIRADO");
        }
    }

    if(settings.isCheckCertificateRevocation()){
        notifyListeners("Checando Revoga��o do Certificado.");
        boolean isCertificateChainRevoked = certificateProcessor.isFirstCertificateRevoked();

        if(isCertificateChainRevoked == true){
            notifyListeners("Certificado Revogado");
            throw new CertificateException("CERTIFICADO REVOGADO");
        }
    }

    notifyListeners("Obtendo Chave Privada.");
    PrivateKey certificatePrivateKey = certificateProcessor.getFirstCertificatePrivateKey(cardPassword);

    notifyListeners("Gerando Carimbo de Tempo.");
    TSAClientBouncyCastle tsaClient = generateTSAClientBouncyCastleInstance(certificateChain);

    List<CrlClient> crlList = null;
    if(settings.isEmbedCRLZip()){
        notifyListeners("Gerando Lista de CRL.");
        crlList = generateCRLClientList(certificateChain);
    }

    sign(
        pdfDocumentsList, settings, firstAlias, certificateChain, certificatePrivateKey, 
        digestAlgorithm, certificateProcessor.getProviderName(), cryptographySpecification, 
        crlList, tsaClient, 0
    );
}
项目:PdfUtil    文件:PdfSignerV4.java   
private List<CrlClient> generateCRLClientList(Certificate[] chain){ 
    List<CrlClient> crlList = new ArrayList<CrlClient>();
    crlList.add(new CrlClientOnline(chain));
    return crlList;
}
项目:testarea-itext5    文件:AddLtvCrls.java   
/**
 * <a href="http://stackoverflow.com/questions/35134568/itext-ltv-enabled-how-to-add-more-crls">
 * iText LTV enabled - how to add more CRLs?
 * </a>
 * <p>
 * The original addLtv method of the OP modified merely to allow the
 * source PDF to be given as {@link InputStream} instead of {@link String}.
 * </p>
 */
public void addLtvJanPokorny(InputStream src, String dest) throws IOException, DocumentException, GeneralSecurityException
{
    PdfReader r = new PdfReader(src);
    FileOutputStream fos = new FileOutputStream(dest);
    PdfStamper stp = new PdfStamper(r, fos, '\0', true);
    LtvVerification v = stp.getLtvVerification();
    AcroFields fields = stp.getAcroFields();

    ArrayList<String> names = fields.getSignatureNames();
    String sigName = names.get(names.size() - 1);
    System.out.println("found signature: " + sigName);
    PdfPKCS7 pkcs7 = fields.verifySignature(sigName);

    //add LTV
    OcspClient ocsp = new OcspClientBouncyCastle();
    CrlClient crlClient1 = new CrlClientOnline("http://www.postsignum.cz/crl/psrootqca2.crl");
    ArrayList<CrlClient> crllist = new ArrayList<CrlClient>();
    crllist.add(crlClient1);
    CrlClient crlClient2 = new CrlClientOnline("http://www.postsignum.cz/crl/pspublicca2.crl");
    crllist.add(crlClient2);
    System.out.println("crllist.size=" + crllist.size());

    if (pkcs7.isTsp())
    {
        for (CrlClient crlclient : crllist)
        {
            if (v.addVerification(sigName, new OcspClientBouncyCastle(), crlclient,
                    LtvVerification.CertificateOption.SIGNING_CERTIFICATE,
                    LtvVerification.Level.CRL,
                    LtvVerification.CertificateInclusion.NO))
            {
                System.out.println("crl " + crlclient.toString() + " added to timestamp");
            }
        }
    }
    else
    {
        for (String name : names)
        {
            for (int i = 0; i < crllist.size(); i++) {
                if (v.addVerification(name, ocsp, crllist.get(i),
                        LtvVerification.CertificateOption.WHOLE_CHAIN,
                        LtvVerification.Level.CRL,
                        LtvVerification.CertificateInclusion.NO))
                {
                    System.out.println("crl " + crllist.get(i).toString() + " added to " + name);
                }
                if (i > 0)
                {
                    System.out.println("found verification, merge");
                    v.merge();
                }
            }
        }
    }
    stp.close();
}
项目:testarea-itext5    文件:AddLtvCrls.java   
/**
 * <a href="http://stackoverflow.com/questions/35134568/itext-ltv-enabled-how-to-add-more-crls">
 * iText LTV enabled - how to add more CRLs?
 * </a>
 * <p>
 * The original addLtv method of the OP modified to allow the source PDF
 * to be given as {@link InputStream} instead of {@link String} and fixed
 * to properly use multiple CRLs.
 * </p>
 */
public void addLtvFixed(InputStream src, String dest) throws IOException, DocumentException, GeneralSecurityException
{
    PdfReader r = new PdfReader(src);
    FileOutputStream fos = new FileOutputStream(dest);
    PdfStamper stp = new PdfStamper(r, fos, '\0', true);
    LtvVerification v = stp.getLtvVerification();
    AcroFields fields = stp.getAcroFields();

    ArrayList<String> names = fields.getSignatureNames();
    String sigName = names.get(names.size() - 1);
    System.out.println("found signature: " + sigName);
    PdfPKCS7 pkcs7 = fields.verifySignature(sigName);

    //add LTV
    OcspClient ocsp = new OcspClientBouncyCastle();
    CrlClient crlClient = new CrlClientOnline("http://www.postsignum.cz/crl/psrootqca2.crl", "http://www.postsignum.cz/crl/pspublicca2.crl");

    if (pkcs7.isTsp())
    {
        if (v.addVerification(sigName, new OcspClientBouncyCastle(), crlClient,
                LtvVerification.CertificateOption.SIGNING_CERTIFICATE,
                LtvVerification.Level.CRL,
                LtvVerification.CertificateInclusion.NO))
        {
            System.out.println("crl " + crlClient.toString() + " added to timestamp");
        }
    }
    else
    {
        for (String name : names)
        {
            if (v.addVerification(name, ocsp, crlClient,
                    LtvVerification.CertificateOption.WHOLE_CHAIN,
                    LtvVerification.Level.CRL,
                    LtvVerification.CertificateInclusion.NO))
            {
                System.out.println("crl " + crlClient.toString() + " added to " + name);
            }
        }
    }
    stp.close();
}