 |
Crionics LOGO
|
|
NavigationBar Click here to upgrade the flash player
|
|
 |
|
TUTORIALS
How to use Signer: Validating document signatures
As easy as 1, 2, 3...
This document assumes that you have read the previous introductory tutorials - especially the ones about key store management and signature generation.
Introduction
We've seen in the previous tutorials how to generate both a visible and an invisible signature on a given document. Now it's time to show how to validate them - and eventually detect if the document has been altered.
Signatures can have three states:
- BLANK: When a signature was created and NOT signed.
- PENDING: When a signature is created and signed but NOT saved to disk.
- SIGNED: When a signature is created, calculated and saved to disk.
A signature can only be validated when it's in a SIGNED state; otherwise jPDF will raise an objection. Always remember that signature generation and validation is a HEAVY process that requires a lot of cpu cycles.
Validating
But let's see how it works. The code below validates all the signatures in a document.// Open the document:
PdfDocument doc = new PdfDocument("mysigneddoc.pdf");
// Get the list of signatures:
List list=doc.getSignerModule().getSignatureList();
for(Iterator itr=list.iterator(); itr.hasNext(); ) {SignatureField signature = (SignatureField)itr.next();}
// Validate the signatures:
ValidationResults status = signature.validate();
System.out.println("Signature "+ signature.getName() +" is "+status.isValid());
// Close the document:
doc.close();While signature.validate() is being called, the following validations are performed by jPDF:
Signature encoding jPDF checks the PDF signature encoding and the byte ranges of the signature calculation. If an error is raised it means the encoding is malformed or an incremental update was performed on the document. Signature value The signature computation is then performed and compared to the one in the document. If the value is different, the document was changed. Due to its nature, this operation can be resource intensive. Certificate validation jPDF checks to see if the certificate was actually signed by its parents in the certification chain. Signing dates Checks to see if the certificates were valide at the time the document was signed. Revocation list Finally, the signature can be checked against the revocation list. This action is performed when validation(true) is called on the signature. It requires an HTTP connection to the third party authority to dynamically validate if any certificates that are part of the chain were revoked at the time of signing. Validation checks are non-blocking and the results are recorded in the ValidationResults object. You can then call isValid() to check if it contains any major errors.
| © 2000-2007 Crionics Inc. |  Report issues with this page |