org.apache.pdfbox.pdmodel.interactive.digitalsignature

Class PDSeedValueCertificate

java.lang.Object

org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSeedValueCertificate

All Implemented Interfaces:

COSObjectable

public class PDSeedValueCertificate
extends Object
implements COSObjectable

This class represents a certificate seed value dictionary that is in the seed value which puts constraints on certificates when signing documents.

Author:

Hossam Hazem

Field Summary

Fields

Modifier and Type	Field and Description
static int	FLAG_ISSUER A Ff flag.
static int	FLAG_KEY_USAGE A Ff flag.
static int	FLAG_OID A Ff flag.
static int	FLAG_SUBJECT A Ff flag.
static int	FLAG_SUBJECT_DN A Ff flag.
static int	FLAG_URL A Ff flag.

Constructor Summary

Constructors

Constructor and Description
PDSeedValueCertificate() Default constructor.
PDSeedValueCertificate(COSDictionary dict) Constructor.

Method Summary

Modifier and Type	Method and Description
void	addIssuer(byte[] issuer) array of bytes containing DER-encoded X.509v3 certificates of acceptable issuers.
void	addKeyUsage(char digitalSignature, char nonRepudiation, char keyEncipherment, char dataEncipherment, char keyAgreement, char keyCertSign, char cRLSign, char encipherOnly, char decipherOnly) works like addKeyUsage(String) but enters each character separately
void	addKeyUsage(String keyUsageExtension) (Optional; PDF 1.7) specifies an acceptable key-usage extension that must be presennt in the signing certificate for works like setKeyUsage(List) but takes only one string
void	addOID(byte[] oid) works like setOID(List) but for one object
void	addSubject(byte[] subject) (Optional) byte array containing DER-encoded X.509v3 certificate that is acceptable for signing.
COSDictionary	getCOSObject() Convert this standard java object to a COS dictionary.
List<byte[]>	getIssuer() Returns list of array of bytes of DER-encoded X.509v3 certificates
List<String>	getKeyUsage() Returns list of key usages of certificate strings where each string is 9 characters long and each character is one of these values {0, 1, X} 0 for must not set, 1 for must set, X for don't care.
List<byte[]>	getOID() Returns A list of array of bytes that contain Object Identifiers (OIDs) of the certificate policies that must be present in the signing certificate
List<byte[]>	getSubject() Returns list of byte arrays that contains DER-encoded X.509v3 certificates
List<Map<String,String>>	getSubjectDN() Returns list of maps that contains subject distinguished names like [(cn: John Doe, o: Doe), (cn: John Smith)] both keys are typically of the form 'cn', 'o', 'email', '2.5.4.43'; and values are text strings.
String	getURL() returns String of the URL
String	getURLType() A name indicating the usage of the URL entry.
boolean	isIssuerRequired()
boolean	isKeyUsageRequired()
boolean	isOIDRequired()
boolean	isSubjectDNRequired()
boolean	isSubjectRequired()
boolean	isURLRequired()
void	removeIssuer(byte[] issuer) Removes an issuer from the issuers list
void	removeKeyUsage(String keyUsageExtension) Removes a key usage extension
void	removeOID(byte[] oid) removes an OID from the list
void	removeSubject(byte[] subject) removes a subject from the list
void	setIssuer(List<byte[]> issuers) (Optional) A list of array of bytes containing DER-encoded X.509v3 certificates of acceptable issuers.
void	setIssuerRequired(boolean flag) set true if Issuer shall be required as a constraint on signature.
void	setKeyUsage(List<String> keyUsageExtensions) (Optional; PDF 1.7) A List of ASCII strings, where each string specifies an acceptable key-usage extension that must be present in the signing certificate.
void	setKeyUsageRequired(boolean flag) set true if KeyUsage shall be required as a constraint on signature.
void	setOID(List<byte[]> oidByteStrings) (Optional) A list of byte arrays that contain Object Identifiers (OIDs) of the certificate policies that must be present in the signing certificate.
void	setOIDRequired(boolean flag) set true if OID shall be required as a constraint on signature.
void	setSubject(List<byte[]> subjects) (Optional) A list of byte arrays containing DER-encoded X.509v3 certificates that are acceptable for signing.
void	setSubjectDN(List<Map<String,String>> subjectDN) (Optional; PDF 1.7) A list of maps, where each map contains key value pairs, that specify the Subject Distinguished Name (DN) that must be present within the certificate for it to be acceptable for signing.
void	setSubjectDNRequired(boolean flag) set true if subject DN shall be required as a constraint on signature.
void	setSubjectRequired(boolean flag) set true if subject shall be required as a constraint on signature.
void	setURL(String url) (Optional) A URL, the use for which is defined by the URLType entry.
void	setURLRequired(boolean flag) set true if URL shall be required as a constraint on signature.
void	setURLType(String urlType) (Optional; PDF 1.7) A name indicating the usage of the URL entry.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

FLAG_SUBJECT

public static final int FLAG_SUBJECT

A Ff flag.

See Also:

Constant Field Values

FLAG_ISSUER

public static final int FLAG_ISSUER

A Ff flag.

See Also:

Constant Field Values

FLAG_OID

public static final int FLAG_OID

A Ff flag.

See Also:

Constant Field Values

FLAG_SUBJECT_DN

public static final int FLAG_SUBJECT_DN

A Ff flag.

See Also:

Constant Field Values

FLAG_KEY_USAGE

public static final int FLAG_KEY_USAGE

A Ff flag.

See Also:

Constant Field Values

FLAG_URL

public static final int FLAG_URL

A Ff flag.

See Also:

Constant Field Values

Constructor Detail

PDSeedValueCertificate

public PDSeedValueCertificate()

Default constructor.

PDSeedValueCertificate

public PDSeedValueCertificate(COSDictionary dict)

Constructor.

Parameters:

dict - The certificate seed value dictionary.

Method Detail

getCOSObject

public COSDictionary getCOSObject()

Convert this standard java object to a COS dictionary.

Specified by:

getCOSObject in interface COSObjectable

Returns:

The COS dictionary that matches this Java object.

isSubjectRequired

public boolean isSubjectRequired()

Returns:

true if the Subject is required

setSubjectRequired

public void setSubjectRequired(boolean flag)

set true if subject shall be required as a constraint on signature.

Parameters:

flag - if true, the specified Subject shall be enforced as a constraint.

isIssuerRequired

public boolean isIssuerRequired()

Returns:

true if the Issuer is required

setIssuerRequired

public void setIssuerRequired(boolean flag)

set true if Issuer shall be required as a constraint on signature.

Parameters:

flag - if true, the specified Issuer shall be enforced as a constraint.

isOIDRequired

public boolean isOIDRequired()

Returns:

true if the OID is required

setOIDRequired

public void setOIDRequired(boolean flag)

set true if OID shall be required as a constraint on signature.

Parameters:

flag - if true, the specified OID shall be enforced as a constraint.

isSubjectDNRequired

public boolean isSubjectDNRequired()

Returns:

true if the Subject DN is required

setSubjectDNRequired

public void setSubjectDNRequired(boolean flag)

set true if subject DN shall be required as a constraint on signature.

Parameters:

flag - if true, the specified Subject DN shall be enforced as a constraint.

isKeyUsageRequired

public boolean isKeyUsageRequired()

Returns:

true if the KeyUsage is required

setKeyUsageRequired

public void setKeyUsageRequired(boolean flag)

set true if KeyUsage shall be required as a constraint on signature.

Parameters:

flag - if true, the specified KeyUsage shall be enforced as a constraint.

isURLRequired

public boolean isURLRequired()

Returns:

true if the URL is required

setURLRequired

public void setURLRequired(boolean flag)

set true if URL shall be required as a constraint on signature.

Parameters:

flag - if true, the specified URL shall be enforced as a constraint.

getSubject

public List<byte[]> getSubject()

Returns list of byte arrays that contains DER-encoded X.509v3 certificates

Returns:

a list of bytes arrays representing the subject.

setSubject

public void setSubject(List<byte[]> subjects)

(Optional) A list of byte arrays containing DER-encoded X.509v3 certificates that are acceptable for signing. if Subject is not null and isSubjectRequired() is true then the subject constraint is enforced on the subjects in this array subjects.

Parameters:

subjects - list of byte arrays containing DER-encoded X.509v3 certificates that are acceptable for signing.

addSubject

public void addSubject(byte[] subject)

(Optional) byte array containing DER-encoded X.509v3 certificate that is acceptable for signing. works like setSubject(List) but one byte array

Parameters:

subject - byte array containing DER-encoded X.509v3 certificate

removeSubject

public void removeSubject(byte[] subject)

removes a subject from the list

Parameters:

subject - byte array containing DER-encoded X.509v3 certificate

getSubjectDN

public List<Map<String,String>> getSubjectDN()

Returns list of maps that contains subject distinguished names like [(cn: John Doe, o: Doe), (cn: John Smith)] both keys are typically of the form 'cn', 'o', 'email', '2.5.4.43'; and values are text strings.

Returns:

a list of maps containing the subject distinguished names

setSubjectDN

public void setSubjectDN(List<Map<String,String>> subjectDN)

(Optional; PDF 1.7) A list of maps, where each map contains key value pairs, that specify the Subject Distinguished Name (DN) that must be present within the certificate for it to be acceptable for signing. The certificate must at a minimum contain all the attributes specified in one of the maps entered.

Parameters:

subjectDN - list of maps that contains subject distinguished names

getKeyUsage

public List<String> getKeyUsage()

Returns list of key usages of certificate strings where each string is 9 characters long and each character is one of these values {0, 1, X} 0 for must not set, 1 for must set, X for don't care. each index in the string represents a key usage:

1. digitalSignature
2. non-Repudiation
3. keyEncipherment
4. dataEncipherment
5. keyAgreement
6. keyCertSign
7. cRLSign
8. encipherOnly
9. decipherOnly

Returns:

list of key usages

setKeyUsage

public void setKeyUsage(List<String> keyUsageExtensions)

(Optional; PDF 1.7) A List of ASCII strings, where each string specifies an acceptable key-usage extension that must be present in the signing certificate. Multiple strings specify a range of acceptable key-usage extensions; where each string 9 characters long and each character is one of these values {0, 1, X} 0 for must not set, 1 for must set, X for don't care. each index in the string represents a key usage:

1. digitalSignature
2. non-Repudiation
3. keyEncipherment
4. dataEncipherment
5. keyAgreement
6. keyCertSign
7. cRLSign
8. encipherOnly
9. decipherOnly

Parameters:

keyUsageExtensions - list of ASCII strings that consists only of {0, 1, X}

addKeyUsage

public void addKeyUsage(String keyUsageExtension)

(Optional; PDF 1.7) specifies an acceptable key-usage extension that must be presennt in the signing certificate for works like setKeyUsage(List) but takes only one string

Parameters:

keyUsageExtension - String that consist only of {0, 1, X}

addKeyUsage

public void addKeyUsage(char digitalSignature,
                        char nonRepudiation,
                        char keyEncipherment,
                        char dataEncipherment,
                        char keyAgreement,
                        char keyCertSign,
                        char cRLSign,
                        char encipherOnly,
                        char decipherOnly)

works like addKeyUsage(String) but enters each character separately

Parameters:

digitalSignature - char that is one of {0, 1, X}

nonRepudiation - char that is one of {0, 1, X}

keyEncipherment - char that is one of {0, 1, X}

dataEncipherment - char that is one of {0, 1, X}

keyAgreement - char that is one of {0, 1, X}

keyCertSign - char that is one of {0, 1, X}

cRLSign - char that is one of {0, 1, X}

encipherOnly - char that is one of {0, 1, X}

decipherOnly - char that is one of {0, 1, X}

removeKeyUsage

public void removeKeyUsage(String keyUsageExtension)

Removes a key usage extension

Parameters:

keyUsageExtension - ASCII string that consists of {0, 1, X}

getIssuer

public List<byte[]> getIssuer()

Returns list of array of bytes of DER-encoded X.509v3 certificates

Returns:

a list of byte arrays representing the issuer

setIssuer

public void setIssuer(List<byte[]> issuers)

(Optional) A list of array of bytes containing DER-encoded X.509v3 certificates of acceptable issuers. If the signer’s certificate chains up to any of the specified issuers (either directly or indirectly), the certificate is considered acceptable for signing.

Parameters:

issuers - A list of byte array containing DER-encoded X.509v3 certificates

addIssuer

public void addIssuer(byte[] issuer)

array of bytes containing DER-encoded X.509v3 certificates of acceptable issuers. If the signer’s certificate chains up to any of the specified issuers (either directly or indirectly), the certificate is considered acceptable for signing.

Parameters:

issuer - A byte array containing DER-encoded X.509v3 certificate

removeIssuer

public void removeIssuer(byte[] issuer)

Removes an issuer from the issuers list

Parameters:

issuer - A byte array containing DER-encoded X.509v3 certificate

getOID

public List<byte[]> getOID()

Returns A list of array of bytes that contain Object Identifiers (OIDs) of the certificate policies that must be present in the signing certificate

Returns:

an array of object identifiers.

setOID

public void setOID(List<byte[]> oidByteStrings)

(Optional) A list of byte arrays that contain Object Identifiers (OIDs) of the certificate policies that must be present in the signing certificate. This field is only applicable if the value of Issuer is not empty.

Parameters:

oidByteStrings - list of byte arrays that contain OIDs

addOID

public void addOID(byte[] oid)

works like setOID(List) but for one object

Parameters:

oid - the object identifier.

removeOID

public void removeOID(byte[] oid)

removes an OID from the list

Parameters:

oid - the object identifier to be removed.

getURL

public String getURL()

returns String of the URL

Returns:

the URL

setURL

public void setURL(String url)

(Optional) A URL, the use for which is defined by the URLType entry.

Parameters:

url - String of the URL

getURLType

public String getURLType()

A name indicating the usage of the URL entry. There are standard uses and there can be implementation-specific use for this URL. The following value specifies a valid standard usage:

• Browser, The URL references content that should be displayed in a web browser to allow enrolling for a new credential if a matching credential is not found. The Ff attribute’s URL bit is ignored for this usage.
• ASSP, The URL references a signature web service that can be used for server-based signing. If the Ff attribute’s URL bit indicates that this is a required constraint, this implies that the credential used when signing must come from this server.

Returns:

string of URL type

setURLType

public void setURLType(String urlType)

(Optional; PDF 1.7) A name indicating the usage of the URL entry. There are standard uses and there can be implementation-specific uses for this URL. The following value specifies a valid standard usage:

• Browser, The URL references content that should be displayed in a web browser to allow enrolling for a new credential if a matching credential is not found. The Ff attribute’s URL bit is ignored for this usage.
• ASSP, The URL references a signature web service that can be used for server-based signing. If the Ff attribute’s URL bit indicates that this is a required constraint, this implies that the credential used when signing must come from this server.

Third parties can extend the use of this attribute with their own attribute values, which must conform to the guidelines specified in PDF Spec 1.7 Appendix E (PDF Name Registry) if urlType is not set the default is Browser for URL

Parameters:

urlType - String of the urlType