You should use the AcroFields
method verifySignature(String name)
which returns a PdfPKCS7
object for continuation of the verification.
The JavaDocs of that method shows an example of its use:
KeyStore kall = PdfPKCS7.loadCacertsKeyStore();
PdfReader reader = new PdfReader("my_signed_doc.pdf");
AcroFields af = reader.getAcroFields();
ArrayList names = af.getSignatureNames();
for (int k = 0; k < names.size(); ++k) {
String name = (String)names.get(k);
System.out.println("Signature name: " + name);
System.out.println("Signature covers whole document: " + af.signatureCoversWholeDocument(name));
PdfPKCS7 pk = af.verifySignature(name);
Calendar cal = pk.getSignDate();
Certificate pkc[] = pk.getCertificates();
System.out.println("Subject: " + PdfPKCS7.getSubjectFields(pk.getSigningCertificate()));
System.out.println("Document modified: " + !pk.verify());
Object fails[] = PdfPKCS7.verifyCertificates(pkc, kall, null, cal);
if (fails == null)
System.out.println("Certificates verified against the KeyStore");
else
System.out.println("Certificate failed: " + fails[1]);
}
Here you can easily add additional code using the PdfPKCS7
instance.
Ceterum censeo... unless you are bound to that ancient iText version (e.g. due to compatibility or license concerns), though, you should consider updating to a current version.