Checking timestamp with iText 2.1.7

StackOverflow https://stackoverflow.com/questions/15233508

Question

I am trying to check the existence of timestamp for a given signature of a PDF file. So far I came to this code:

RandomAccessFileOrArray random = 
    new RandomAccessFileOrArray(new File("temp.pdf").getAbsolutePath());

PdfReader reader = new PdfReader(random, null);
AcroFields af = reader.getAcroFields();
ArrayList<?> names = af.getSignatureNames();

//this are the signatures?
for (Object o : names){

    AcroFields.Item item = (Item) af.getFields().get((String)o);

    //this is the class for verifying the signature, 
    //how do I get it from the item?
    PdfPKCS7 pdfPKCS7 = null; //XYZ ??? 

    Calendar signingDate = pdfPKCS7.getTimeStampDate();
}

I apparently got access to the signature, but I should get to PdfPKCS7 class for verifying the signature. Does anyone have any idea how can I get there?

Was it helpful?

Solution

You should use the AcroFields method verifySignature(String name) which returns a PdfPKCS7 object for continuation of the verification.

The JavaDocs of that method shows an example of its use:

KeyStore kall = PdfPKCS7.loadCacertsKeyStore();
PdfReader reader = new PdfReader("my_signed_doc.pdf");
AcroFields af = reader.getAcroFields();
ArrayList names = af.getSignatureNames();
for (int k = 0; k < names.size(); ++k) {
    String name = (String)names.get(k);
    System.out.println("Signature name: " + name);
    System.out.println("Signature covers whole document: " + af.signatureCoversWholeDocument(name));
    PdfPKCS7 pk = af.verifySignature(name);
    Calendar cal = pk.getSignDate();
    Certificate pkc[] = pk.getCertificates();
    System.out.println("Subject: " + PdfPKCS7.getSubjectFields(pk.getSigningCertificate()));
    System.out.println("Document modified: " + !pk.verify());
    Object fails[] = PdfPKCS7.verifyCertificates(pkc, kall, null, cal);
    if (fails == null)
        System.out.println("Certificates verified against the KeyStore");
    else
        System.out.println("Certificate failed: " + fails[1]);
}

Here you can easily add additional code using the PdfPKCS7 instance.

Ceterum censeo... unless you are bound to that ancient iText version (e.g. due to compatibility or license concerns), though, you should consider updating to a current version.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top