All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
pdftron::PDF::DigitalSignatureField Class Reference

#include <DigitalSignatureField.h>

Public Types

enum  SubFilterType {
  e_adbe_x509_rsa_sha1 = 0, e_adbe_pkcs7_detached = 1, e_adbe_pkcs7_sha1 = 2, e_ETSI_CAdES_detached = 3,
  e_ETSI_RFC3161 = 4, e_unknown = 5, e_absent = 6
}
 
enum  DocumentPermissions { e_no_changes_allowed = 1, e_formfilling_signing_allowed = 2, e_annotating_formfilling_signing_allowed = 3, e_unrestricted = 4 }
 
enum  FieldPermissions { e_lock_all = 0, e_include = 1, e_exclude = 2 }
 

Public Member Functions

 DigitalSignatureField (const DigitalSignatureField &other)
 
DigitalSignatureFieldoperator= (const DigitalSignatureField &other)
 
 DigitalSignatureField (const PDF::Field &in_field)
 
bool HasCryptographicSignature () const
 
SubFilterType GetSubFilter () const
 
UString GetSignatureName () const
 
Date GetSigningTime () const
 
UString GetLocation () const
 
UString GetReason () const
 
UString GetContactInfo () const
 
std::vector< UCharGetCert (UInt32 in_index) const
 
UInt32 GetCertCount () const
 
bool HasVisibleAppearance () const
 
void SetContactInfo (const UString &in_contact_info)
 
void SetLocation (const UString &in_location)
 
void SetReason (const UString &in_reason)
 
void SetFieldPermissions (const FieldPermissions in_action, const std::vector< UString > &in_field_names_list=std::vector< UString >())
 
void SetFieldPermissions (const FieldPermissions in_action, const UString *in_field_names_list, const size_t in_field_names_list_size)
 
void SetDocumentPermissions (DocumentPermissions in_perms)
 
void SignOnNextSave (const UString &in_pkcs12_keyfile_path, const UString &in_password)
 
void SignOnNextSave (const UChar *in_pkcs12_buffer, size_t in_buf_size, const UString &in_password)
 
void SignOnNextSaveWithCustomHandler (const SDF::SignatureHandlerId in_signature_handler_id)
 
void CertifyOnNextSave (const UString &in_pkcs12_keyfile_path, const UString &in_password)
 
void CertifyOnNextSave (const UChar *in_pkcs12_buffer, size_t in_buf_size, const UString &in_password)
 
void CertifyOnNextSaveWithCustomHandler (const SDF::SignatureHandlerId in_signature_handler_id)
 
SDF::Obj GetSDFObj () const
 
bool IsLockedByDigitalSignature () const
 
std::vector< UStringGetLockedFields () const
 
DocumentPermissions GetDocumentPermissions () const
 
void ClearSignature ()
 
VerificationResult Verify (const VerificationOptions &in_opts) const
 
bool IsCertification () const
 
Crypto::X509Certificate GetSignerCertFromCMS () const
 
std::vector< Common::ByteRangeGetByteRanges () const
 
std::vector< std::vector
< Crypto::X509Certificate > > 
GetCertPathsFromCMS () const
 
bool EnableLTVOfflineVerification (const VerificationResult &in_verification_result) const
 
void TimestampOnNextSave (const TimestampingConfiguration &in_timestamping_config, const VerificationOptions &in_timestamp_response_verification_options)
 
TimestampingResult GenerateContentsWithEmbeddedTimestamp (const TimestampingConfiguration &in_timestamping_config, const VerificationOptions &in_timestamp_response_verification_options)
 
void UseSubFilter (const SubFilterType in_subfilter_type, const bool in_make_mandatory=true)
 
std::vector< UCharCalculateDigest (const Crypto::DigestAlgorithm::Type in_digest_algorithm_type=Crypto::DigestAlgorithm::e_SHA256) const
 
void SetPreferredDigestAlgorithm (Crypto::DigestAlgorithm::Type in_digest_algorithm_type, const bool in_make_mandatory=true)
 
void CreateSigDictForCustomCertification (const UString &in_filter_name, const SubFilterType &in_subfilter_type, const UInt32 in_contents_size_to_reserve)
 
void CreateSigDictForCustomSigning (const UString &in_filter_name, const SubFilterType &in_subfilter_type, const UInt32 in_contents_size_to_reserve)
 
void SetSigDictTimeOfSigning (const PDF::Date &in_date)
 

Static Public Member Functions

static std::vector< UCharSignDigest (const std::vector< UChar > &in_digest, const UString &in_pkcs12_keyfile_path, const UString &in_keyfile_password, const bool in_pades_mode, const Crypto::DigestAlgorithm::Type in_digest_algorithm_type)
 
static std::vector< UCharSignDigest (const std::vector< UChar > &in_digest, const std::vector< UChar > &in_pkcs12_buffer, const UString &in_keyfile_password, const bool in_pades_mode, const Crypto::DigestAlgorithm::Type in_digest_algorithm_type)
 
static std::vector< UCharSignDigest (const UChar *in_digest, const size_t in_digest_size, const UString &in_pkcs12_keyfile_path, const UString &in_keyfile_password, const bool in_pades_mode, const Crypto::DigestAlgorithm::Type in_digest_algorithm_type)
 
static std::vector< UCharSignDigest (const UChar *in_digest, const size_t in_digest_size, const UChar *in_pkcs12_buffer, const size_t in_pkcs12_buffer_size, const UString &in_keyfile_password, const bool in_pades_mode, const Crypto::DigestAlgorithm::Type in_digest_algorithm_type)
 
static std::vector< UCharGenerateESSSigningCertPAdESAttribute (const Crypto::X509Certificate &in_signer_cert, const Crypto::DigestAlgorithm::Type in_digest_algorithm_type)
 
static std::vector< UCharGenerateCMSSignedAttributes (const std::vector< UChar > &in_digest_buf, const std::vector< UChar > &in_custom_signedattributes_buf=std::vector< UChar >())
 
static std::vector< UCharGenerateCMSSignedAttributes (const UChar *in_digest_buf, const size_t in_digest_buf_size, const UChar *in_custom_signedattributes_buf=NULL, const size_t in_custom_signedattributes_buf_size=0)
 
static std::vector< UCharGenerateCMSSignature (const Crypto::X509Certificate &in_signer_cert, const std::vector< Crypto::X509Certificate > &in_chain_certs_list, const Crypto::ObjectIdentifier &in_digest_algorithm_oid, const Crypto::ObjectIdentifier &in_signature_algorithm_oid, const std::vector< UChar > &in_signature_value_buf, const std::vector< UChar > &in_signedattributes_buf)
 
static std::vector< UCharGenerateCMSSignature (const Crypto::X509Certificate &in_signer_cert, const Crypto::X509Certificate *in_chain_certs_list, const size_t in_chain_certs_list_size, const Crypto::ObjectIdentifier &in_digest_algorithm_oid, const Crypto::ObjectIdentifier &in_signature_algorithm_oid, const UChar *in_signature_value_buf, const size_t in_signature_value_buf_size, const UChar *in_signedattributes_buf, const size_t in_signedattributes_buf_size)
 
static std::vector< UCharGenerateCMSSignature (const Crypto::X509Certificate &signer_cert, const std::vector< Crypto::X509Certificate > &chain_certs_list, const Crypto::AlgorithmIdentifier &digest_algorithm_id, const Crypto::AlgorithmIdentifier &signature_algorithm_id, const std::vector< UChar > &signature_value_buf, const std::vector< UChar > &signedattributes_buf, const CMSSignatureOptions &cms_options=CMSSignatureOptions())
 
static std::vector< UCharGenerateCMSSignature (const Crypto::X509Certificate &signer_cert, const Crypto::X509Certificate *chain_certs_list, const size_t chain_certs_list_size, const Crypto::AlgorithmIdentifier &digest_algorithm_id, const Crypto::AlgorithmIdentifier &signature_algorithm_id, const UChar *signature_value_buf, const size_t signature_value_buf_size, const UChar *signedattributes_buf, const size_t signedattributes_buf_size, const CMSSignatureOptions &cms_options=CMSSignatureOptions())
 
static bool SetDigSigLogFilename (const UString &filename)
 

Detailed Description

A class representing a digital signature form field.

Definition at line 29 of file DigitalSignatureField.h.

Member Enumeration Documentation

Enumerator
e_no_changes_allowed 
e_formfilling_signing_allowed 
e_annotating_formfilling_signing_allowed 
e_unrestricted 

Definition at line 43 of file DigitalSignatureField.h.

Enumerator
e_lock_all 
e_include 
e_exclude 

Definition at line 53 of file DigitalSignatureField.h.

Enumerator
e_adbe_x509_rsa_sha1 
e_adbe_pkcs7_detached 
e_adbe_pkcs7_sha1 
e_ETSI_CAdES_detached 
e_ETSI_RFC3161 
e_unknown 
e_absent 

Definition at line 34 of file DigitalSignatureField.h.

Constructor & Destructor Documentation

pdftron::PDF::DigitalSignatureField::DigitalSignatureField ( const DigitalSignatureField other)
pdftron::PDF::DigitalSignatureField::DigitalSignatureField ( const PDF::Field in_field)

Constructs a PDF::DigitalSignatureField from a PDF::Field.

Parameters
in_field– the PDF::Field to construct the DigitalSignatureField from.

Member Function Documentation

std::vector<UChar> pdftron::PDF::DigitalSignatureField::CalculateDigest ( const Crypto::DigestAlgorithm::Type  in_digest_algorithm_type = Crypto::DigestAlgorithm::e_SHA256) const

Calculates the digest of the relevant bytes of the document for this signature field, in order to allow the caller to perform custom signing/processing. Signature field must first be prepared using one of the non-sign overloads (CreateSigDictForCustomSigning/Certification), and then the document must be saved; after that, this function can be called. The ByteRanges that the most recent save has entered into the signature dictionary within this signature field will be used to calculate the digest.

Parameters
in_digest_algorithm_type– the enumerated type of digest algorithm to use for the calculation. The default is SHA-256.
Returns
an array of bytes containing the digest value
void pdftron::PDF::DigitalSignatureField::CertifyOnNextSave ( const UString in_pkcs12_keyfile_path,
const UString in_password 
)

Must be called to prepare a signature for certification, which is done afterwards by calling Save. Throws if document already certified. Default document permission level is e_annotating_formfilling_signing_allowed. Throws if signature field already has a digital signature dictionary.

Parameters
in_pkcs12_keyfile_path– The path to the PKCS #12 private keyfile to use to certify this digital signature.
in_password– The password to use to parse the PKCS #12 keyfile.
void pdftron::PDF::DigitalSignatureField::CertifyOnNextSave ( const UChar in_pkcs12_buffer,
size_t  in_buf_size,
const UString in_password 
)

Must be called to prepare a signature for certification, which is done afterwards by calling Save. Throws if document already certified. Default document permission level is e_annotating_formfilling_signing_allowed. Throws if signature field already has a digital signature dictionary.

Parameters
in_pkcs12_buffer– A buffer of bytes containing the PKCS #12 private key certificate store to use to certify this digital signature.
in_buf_size– buffer size.
in_password– The password to use to parse the PKCS #12 buffer.
void pdftron::PDF::DigitalSignatureField::CertifyOnNextSaveWithCustomHandler ( const SDF::SignatureHandlerId  in_signature_handler_id)

Must be called to prepare a signature for certification, which is done afterwards by calling Save. Throws if document already certified. Default document permission level is e_annotating_formfilling_signing_allowed. Throws if signature field already has a digital signature dictionary.

Parameters
in_signature_handler_id– The unique id of the signature handler to use to certify this digital signature.
void pdftron::PDF::DigitalSignatureField::ClearSignature ( )

Clears cryptographic signature, if present. Otherwise, does nothing. Do not need to call HasCryptographicSignature before calling this. After clearing, other signatures should still pass validation if saving after clearing was done incrementally. Clears the appearance as well.

void pdftron::PDF::DigitalSignatureField::CreateSigDictForCustomCertification ( const UString in_filter_name,
const SubFilterType in_subfilter_type,
const UInt32  in_contents_size_to_reserve 
)

Prepares the field for certification without actually performing certification. Useful for custom signing workflows. It is not necessary to call HasCryptographicSignature before calling this function.

Parameters
in_filter_namethe Filter name to use, representing the name of the signature handler that will be used to sign and verify the signature (e.g. Adobe.PPKLite)
in_subfilter_typethe SubFilter name to use, representing an interoperable signature type identifier for third-party verification (e.g. adbe.pkcs7.detached, ETSI.CAdES.detached, etc.)
in_contents_size_to_reserveThe size of the empty Contents entry to create. For security reasons, set the contents size to a value greater than but as close as possible to the size you expect your final signature to be.
void pdftron::PDF::DigitalSignatureField::CreateSigDictForCustomSigning ( const UString in_filter_name,
const SubFilterType in_subfilter_type,
const UInt32  in_contents_size_to_reserve 
)

Prepares the field for approval signing without actually performing signing. Useful for custom signing workflows. It is not necessary to call HasCryptographicSignature before calling this function.

Parameters
in_filter_namethe Filter name to use, representing the name of the signature handler that will be used to sign and verify the signature (e.g. Adobe.PPKLite)
in_subfilter_typethe SubFilter name to use, representing an interoperable signature type identifier for third-party verification (e.g. adbe.pkcs7.detached, ETSI.CAdES.detached, etc.)
in_contents_size_to_reserveThe size of the empty Contents entry to create. For security reasons, set the contents size to a value greater than but as close as possible to the size you expect your final signature to be.
bool pdftron::PDF::DigitalSignatureField::EnableLTVOfflineVerification ( const VerificationResult in_verification_result) const

Given a successful verification result that required online information to verify trust (trust verification must have been enabled and successful during the verification), embeds data into the PDF document that allows the signature to be verified offline. (This is accomplished using DSS and VRI dictionaries.) When this operation is successfully completed, one of the two components of secure long term validation (LTV) will be in place. The other necessary component of secure long term validation is to make sure to timestamp the document appropriately while the signature is still verifiable to maintain a chain of unexpired secure timestamps attesting to the integrity of the document. The verifiability of the signature should thereafter be maintainable in such a fashion despite any possible certificate expiry, algorithm compromise, or key compromise that would have otherwise rendered it invalid if it were to be verified using a time in the future rather than a securely-signed timestamp-derived time nearer the time of signing (at which which the signature was verifiable without extra data). This function, if given a good verification result, is also capable of making timestamp (DocTimeStamp ETSI.RFC3161) signatures LTV-enabled, which is necessary to do first when you intend to add another timestamp around an already-timestamped document to extend or enhance its verifiability (as described above), as per the PDF 2.0 and ETSI TS 102 778-4 (PAdES Level 4) specifications.

Parameters
in_verification_result– a successful verification result containing a successful TrustVerificationResult
Returns
a boolean status that reflects whether offline verification information was added successfully
Note
It is necessary to save the document incrementally after this function completes successfully in order to actually write the LTV data into the document.
static std::vector<UChar> pdftron::PDF::DigitalSignatureField::GenerateCMSSignature ( const Crypto::X509Certificate in_signer_cert,
const std::vector< Crypto::X509Certificate > &  in_chain_certs_list,
const Crypto::ObjectIdentifier in_digest_algorithm_oid,
const Crypto::ObjectIdentifier in_signature_algorithm_oid,
const std::vector< UChar > &  in_signature_value_buf,
const std::vector< UChar > &  in_signedattributes_buf 
)
static

Low-level function belonging to custom-signing APIs. Using low-level inputs that permit incorporation of remote key usage (cloud keystore, Hardware Security Module (HSM) device, etc.), generates bytes representing a Cryptographic Message Syntax (CMS)-format signature encoded in DER. The resulting data can be passed to SaveCustomSignature.

Parameters
in_signer_cert– the X509 public-key certificate of the signature's signer (mathematically associated with private key used)
in_chain_certs_list– the intermediate and root certificates to include in the CMS to allow verifiers to establish the chain/path of trust
in_digest_algorithm_oid– the OID of the digest algorithm used, for embedding in the CMS
in_signature_algorithm_oid– the OID of the signature algorithm used, for embedding in the CMS
in_signature_value_buf– a buffer containing the signature value to embed in the CMS
in_signedattributes_buf– a buffer containing signedAttributes for embedding into the CMS (must exactly match those used when creating signature value)
Returns
finished CMS data for embedding into the document using SaveCustomSignature
static std::vector<UChar> pdftron::PDF::DigitalSignatureField::GenerateCMSSignature ( const Crypto::X509Certificate in_signer_cert,
const Crypto::X509Certificate in_chain_certs_list,
const size_t  in_chain_certs_list_size,
const Crypto::ObjectIdentifier in_digest_algorithm_oid,
const Crypto::ObjectIdentifier in_signature_algorithm_oid,
const UChar in_signature_value_buf,
const size_t  in_signature_value_buf_size,
const UChar in_signedattributes_buf,
const size_t  in_signedattributes_buf_size 
)
static

Low-level function belonging to custom-signing APIs. Using low-level inputs that permit incorporation of remote key usage (cloud keystore, Hardware Security Module (HSM) device, etc.), generates bytes representing a Cryptographic Message Syntax (CMS)-format signature encoded in DER. The resulting data can be passed to SaveCustomSignature.

Parameters
in_signer_cert– the X509 public-key certificate of the signature's signer (mathematically associated with private key used)
in_chain_certs_list– the intermediate and root certificates to include in the CMS to allow verifiers to establish the chain/path of trust
in_chain_certs_list_size– the size of in_chain_certs_buf, measured in the number of certificates
in_digest_algorithm_oid– the OID of the digest algorithm used, for embedding in the CMS
in_signature_algorithm_oid– the OID of the signature algorithm used, for embedding in the CMS
in_signature_value_buf– a buffer containing the signature value to embed in the CMS
in_signature_value_buf_size– the size of the signature value buffer
in_signedattributes_buf– a buffer containing signedAttributes for embedding into the CMS (must exactly match those used when creating signature value)
in_signedattributes_buf_size– the size of the signedAttributes buffer
Returns
finished CMS data for embedding into the document using SaveCustomSignature
static std::vector<UChar> pdftron::PDF::DigitalSignatureField::GenerateCMSSignature ( const Crypto::X509Certificate signer_cert,
const std::vector< Crypto::X509Certificate > &  chain_certs_list,
const Crypto::AlgorithmIdentifier digest_algorithm_id,
const Crypto::AlgorithmIdentifier signature_algorithm_id,
const std::vector< UChar > &  signature_value_buf,
const std::vector< UChar > &  signedattributes_buf,
const CMSSignatureOptions cms_options = CMSSignatureOptions() 
)
static

Low-level function belonging to custom-signing APIs. Using low-level inputs that permit incorporation of remote key usage (cloud keystore, Hardware Security Module (HSM) device, etc.), generates bytes representing a Cryptographic Message Syntax (CMS)-format signature encoded in DER. The resulting data can be passed to SaveCustomSignature.

Parameters
signer_certThe X509 public-key certificate of the signature's signer (mathematically associated with private key used).
chain_certs_listThe intermediate and root certificates to include in the CMS to allow verifiers to establish the chain/path of trust.
digest_algorithm_idThe digest algorithm used, for embedding in the CMS.
signature_algorithm_idThe signature algorithm used, for embedding in the CMS.
signature_value_bufA buffer containing the signature value to embed in the CMS.
signedattributes_bufA buffer containing signedAttributes for embedding into the CMS (must exactly match those used when creating signature value).
cms_optionsOptional extra data to store in the CMS.
Returns
The finished CMS data for embedding into the document using SaveCustomSignature.
static std::vector<UChar> pdftron::PDF::DigitalSignatureField::GenerateCMSSignature ( const Crypto::X509Certificate signer_cert,
const Crypto::X509Certificate chain_certs_list,
const size_t  chain_certs_list_size,
const Crypto::AlgorithmIdentifier digest_algorithm_id,
const Crypto::AlgorithmIdentifier signature_algorithm_id,
const UChar signature_value_buf,
const size_t  signature_value_buf_size,
const UChar signedattributes_buf,
const size_t  signedattributes_buf_size,
const CMSSignatureOptions cms_options = CMSSignatureOptions() 
)
static

Low-level function belonging to custom-signing APIs. Using low-level inputs that permit incorporation of remote key usage (cloud keystore, Hardware Security Module (HSM) device, etc.), generates bytes representing a Cryptographic Message Syntax (CMS)-format signature encoded in DER. The resulting data can be passed to SaveCustomSignature.

Parameters
signer_certThe X509 public-key certificate of the signature's signer (mathematically associated with private key used).
chain_certs_listThe intermediate and root certificates to include in the CMS to allow verifiers to establish the chain/path of trust.
chain_certs_list_sizeThe size of in_chain_certs_buf, measured in the number of certificates.
digest_algorithm_idThe digest algorithm used, for embedding in the CMS.
signature_algorithm_idThe signature algorithm used, for embedding in the CMS.
signature_value_bufA buffer containing the signature value to embed in the CMS.
signature_value_buf_sizeThe size of the signature value buffer.
signedattributes_bufA buffer containing signedAttributes for embedding into the CMS (must exactly match those used when creating signature value).
signedattributes_buf_sizeThe size of the signedAttributes buffer.
cms_optionsOptional extra data to store in the CMS.
Returns
The finished CMS data for embedding into the document using SaveCustomSignature.
static std::vector<UChar> pdftron::PDF::DigitalSignatureField::GenerateCMSSignedAttributes ( const std::vector< UChar > &  in_digest_buf,
const std::vector< UChar > &  in_custom_signedattributes_buf = std::vector< UChar >() 
)
static

Low-level function belonging to custom-signing APIs. Creates the signedAttributes component of Cryptographic Message Syntax (CMS). The result of this function can then be encrypted by a remote private key (cloud service, Hardware Security Module (HSM) device, etc.), using some external API that returns the bytes of a not-already-CMS-embedded signature value (e.g. RSA PKCS #1 v1.5 format). Following that, CMS generation can be performed using GenerateCMSSignature, after which the resulting signature can be inserted into a resulting signed version of the PDF document using the PDFDoc function SaveCustomSignature.

Parameters
in_digest_buf– a buffer containing the digest of the document within ByteRanges of this DigitalSignatureField (see CalculateDigest)
in_custom_signedattributes_buf– a buffer containing any optional custom BER-encoded signedAttributes to add, including potentially the PAdES one (see GenerateESSSigningCertPAdESAttribute). (Do not place an ASN.1 constructed type around all of the attributes.) Do not pass any of the normal attributes (content type or message digest) as custom attributes because otherwise they will be duplicated.
Returns
the BER-encoded bytes of the future signedAttrs component of a CMS signature, with no surrounding constructed type
static std::vector<UChar> pdftron::PDF::DigitalSignatureField::GenerateCMSSignedAttributes ( const UChar in_digest_buf,
const size_t  in_digest_buf_size,
const UChar in_custom_signedattributes_buf = NULL,
const size_t  in_custom_signedattributes_buf_size = 0 
)
static

Low-level function belonging to custom-signing APIs. Creates the signedAttributes component of Cryptographic Message Syntax (CMS). The result of this function can then be encrypted by a remote private key (cloud service, Hardware Security Module (HSM) device, etc.), using some external API that returns the bytes of a not-already-CMS-embedded signature value (e.g. RSA PKCS #1 v1.5 format). Following that, CMS generation can be performed using GenerateCMSSignature, after which the resulting signature can be inserted into a resulting signed version of the PDF document using the PDFDoc function SaveCustomSignature.

Parameters
in_digest_buf– a buffer containing the digest of the document within ByteRanges of this DigitalSignatureField (see CalculateDigest)
in_digest_buf_size– the length of the buffer represented by in_digest_buf
in_custom_signedattributes_buf– a buffer containing any optional custom BER-encoded signedAttributes to add, including potentially the PAdES one (see GenerateESSSigningCertPAdESAttribute). (Do not place an ASN.1 constructed type around all of the attributes.) Do not pass any of the normal attributes (content type or message digest) as custom attributes because otherwise they will be duplicated.
in_custom_signedattributes_buf_size– the length of the custom attributes buffer
Returns
the BER-encoded bytes of the future signedAttrs component of a CMS signature, with no surrounding constructed type
TimestampingResult pdftron::PDF::DigitalSignatureField::GenerateContentsWithEmbeddedTimestamp ( const TimestampingConfiguration in_timestamping_config,
const VerificationOptions in_timestamp_response_verification_options 
)

Contacts a remote timestamp authority over network, sends CMS digest, receives and verifies timestamp token, combines the timestamp token and the data of an existing CMS-type (adbe.pkcs7.detached or ETSI.CAdES.detached subfilter) main document signature, and then returns that data to the user. At least one signing time, whether "M" (see SetSigDictTimeOfSigning) or a secure embedded timestamp, is required to be added in order to create a PAdES signature.

Note
This function does not insert the final CMS-type document signature into the document. You must retrieve it from the result using GetData and then pass that to PDFDoc SaveCustomSignature.
Parameters
in_timestamping_config– Configuration options to store for timestamping. These will include various items related to contacting a timestamping authority. Incorrect configuration will result in an exception being thrown. The usability of a combination of a TimestampingConfiguration and VerificationOptions can be checked ahead of time to prevent exceptions by calling TestConfiguration on TimestampingConfiguration and passing VerificationOptions.
in_timestamp_response_verification_options– Options for the timestamp response verification step (which is required by RFC 3161 to be done as part of timestamping). These response verification options should include the root certificate of the timestamp authority, so that the trust status of the timestamp signature can be verified. The options that should be passed are the same ones that one expects the timestamp to be verifiable with in the future (once it is embedded in the document), except the response verification requires online revocation information whereas the later verification may not (depending on whether LTV offline verification information for the embedded timestamp gets embedded into the document by that time). The timestamp response verification step makes sure that (a) the timestamp response has a success status, which is the only time that this is verified in the entire workflow, which prevents embedding an unsuccessful response; (b) that it digests the main signature digest correctly and is otherwise generally verifiable; and (c) that the nonce is correct (which is the only time that this is verifiable in the entire workflow) to prevent replay attacks (if it was not requested in the TimestampingConfiguration that the nonce mechanism should be disabled).
Returns
The result of the timestamp request, including the final document signature as DER-encoded CMS with a timestamp embedded
static std::vector<UChar> pdftron::PDF::DigitalSignatureField::GenerateESSSigningCertPAdESAttribute ( const Crypto::X509Certificate in_signer_cert,
const Crypto::DigestAlgorithm::Type  in_digest_algorithm_type 
)
static

Low-level optional function belonging to custom-signing APIs allowing creation of PAdES signatures with key elsewhere, allowing CMS to be generated automatically later. Represents one the components of the functionality of SignDigest which are not key-related. Creates the necessary attribute for a PAdES signature (ETSI.CAdES.detached subfilter type). The result of this function can be passed as a contiguous part of the custom attributes buffer parameter of GenerateCMSSignedAttributes. At least one signing time, whether "M" (see SetSigDictTimeOfSigning) or a secure embedded timestamp (see GenerateContentsWithEmbeddedTimestamp), is also required to be added in order to create a PAdES signature.

The result will be either the BER-serialized bytes of an ESS_signing_cert or ESS_signing_cert_V2 CMS Attribute (an ASN.1 SEQUENCE containing the correct OID and ESSCertID or ESSCertIDv2), as is appropriate, depending on what digest algorithm type is provided (see RFC 5035).

Parameters
in_signer_cert– the X509 public-key certificate of the signature's signer (mathematically associated with private key to be used)
in_digest_algorithm_type– the digest algorithm to be used
Returns
the BER-serialized bytes of an ESS_signing_cert or ESS_signing_cert_V2 CMS attribute
std::vector<Common::ByteRange> pdftron::PDF::DigitalSignatureField::GetByteRanges ( ) const

Retrieves the ranges of byte indices within the document over which this signature is intended to apply/be verifiable.

Returns
a container of byte range objects
Note
This function does not verify that the signature is valid over its byte ranges. It merely returns them. This can be useful when a document consists of multiple incremental revisions, the latter of which may or may not have been signed, for telling which revisions were actually signed by which signature. The outputs of this function can also be used to truncate the document at the end of a signed byte range, in order that the signed document revision may be retrieved from a document with later incremental revisions. Of course, to be certain that the signature is valid, it must also then be verified using the verification API. Also, the caller is responsible for making sure that the byte ranges returned from this function actually make sense (i.e. fit inside the document).
std::vector<UChar> pdftron::PDF::DigitalSignatureField::GetCert ( UInt32  in_index) const

Gets a certificate in the certificate chain (Cert entry) of the digital signature dictionary by index. Throws if Cert is not Array or String, throws if index is out of range and Cert is Array, throws if index is > 1 and Cert is string, otherwise retrieves the certificate. Only to be used for old-style adbe.x509.rsa_sha1 signatures; for other signatures, use CMS getter functions instead.

Parameters
in_index– An integral index which must be greater than 0 and less than the cert count as retrieved using GetCertCount.
Returns
A vector of bytes containing the certificate at the index. Returns empty vector if Cert is missing.
UInt32 pdftron::PDF::DigitalSignatureField::GetCertCount ( ) const

Gets number of certificates in certificate chain (Cert entry of digital signature dictionary). Must call HasCryptographicSignature first and use it to check whether the signature is signed. Only to be used for old-style adbe.x509.rsa_sha1 signatures; for other signatures, use CMS getter functions instead.

Returns
An integer value - the number of certificates in the Cert entry of the digital signature dictionary.
std::vector<std::vector<Crypto::X509Certificate> > pdftron::PDF::DigitalSignatureField::GetCertPathsFromCMS ( ) const

Retrieves all constructible certificate paths from an adbe.pkcs7.detached or ETSI.CAdES.detached digital signature. The signer will always be returned if the signature is CMS-based and not corrupt. Must only be called on signed adbe.pkcs7.detached signatures. The order of the certificates in each of the paths returned is as follows: the signer will be first, and issuers come after it in order of the issuer of the previous certificate. The default behaviour is to return a sub-path for each marginal issuer in a max-length path.

Returns
a container of X509Certificate objects
Note
This function does not verify the paths. It merely extracts certificates and constructs paths. This function only works when the build has support for verification-related APIs.
UString pdftron::PDF::DigitalSignatureField::GetContactInfo ( ) const

Should not be called when SubFilter is ETSI.RFC3161 (i.e. on a DocTimeStamp). Returns the contact information of the signer from the digital signature dictionary. Must call HasCryptographicSignature first and use it to check whether the signature is signed.

Returns
A unicode string containing the contact information of the signer from within the digital signature dictionary. Empty if ContactInfo entry not present.
DocumentPermissions pdftron::PDF::DigitalSignatureField::GetDocumentPermissions ( ) const

If HasCryptographicSignature, returns most restrictive permissions found in any reference entries in this digital signature. Returns Lock-resident (i.e. tentative) permissions otherwise. Throws if invalid permission value is found.

Returns
An enumeration value representing the level of restrictions (potentially) placed on the document by this signature.
UString pdftron::PDF::DigitalSignatureField::GetLocation ( ) const

Should not be called when SubFilter is ETSI.RFC3161 (i.e. on a DocTimeStamp). Returns the Location of the signature from the digital signature dictionary. Must call HasCryptographicSignature first and use it to check whether the signature is signed.

Returns
A unicode string containing the signing location from within the digital signature dictionary. Empty if Location entry not present.
std::vector<UString> pdftron::PDF::DigitalSignatureField::GetLockedFields ( ) const

Returns the fully-qualified names of all fields locked by this signature using the field permissions feature. Retrieves from the digital signature dictionary if the form field HasCryptographicSignature. Otherwise, retrieves from the Lock entry of the digital signature form field. Result is invalidated by any field additions or removals. Does not take document permissions restrictions into account.

Returns
A vector of UStrings representing the fully-qualified names of all fields locked by this signature.
UString pdftron::PDF::DigitalSignatureField::GetReason ( ) const

Should not be called when SubFilter is ETSI.RFC3161 (i.e. on a DocTimeStamp). Returns the Reason for the signature from the digital signature dictionary. Must call HasCryptographicSignature first and use it to check whether the signature is signed.

Returns
A unicode string containing the reason for the signature from within the digital signature dictionary. Empty if Reason entry not present.
SDF::Obj pdftron::PDF::DigitalSignatureField::GetSDFObj ( ) const

Retrieves the SDF Obj of the digital signature field.

Returns
the underlying SDF/Cos object.
UString pdftron::PDF::DigitalSignatureField::GetSignatureName ( ) const

Should not be called when SubFilter is ETSI.RFC3161 (i.e. on a DocTimeStamp). Returns the name of the signer of the signature from the digital signature dictionary. Must call HasCryptographicSignature first and use it to check whether the signature is signed.

Returns
A unicode string containing the name of the signer from within the digital signature dictionary. Empty if Name entry not present.
Crypto::X509Certificate pdftron::PDF::DigitalSignatureField::GetSignerCertFromCMS ( ) const

Returns the signing certificate. Must only be called on signed adbe.pkcs7.detached or ETSI.CAdES.detached signatures.

Returns
An X509Certificate object.
Note
This function does not verify the signature. It merely extracts the claimed signing certificate. This function only works when the build has support for verification-related APIs.
Date pdftron::PDF::DigitalSignatureField::GetSigningTime ( ) const

Should not be called when SubFilter is ETSI.RFC3161 (i.e. on a DocTimeStamp). Returns the "M" entry from the digital signature dictionary, which represents the signing date/time. Must call HasCryptographicSignature first and use it to check whether the signature is signed.

Returns
A PDF::Date object holding the signing date/time from within the digital signature dictionary. Returns a default-constructed PDF::Date if no date is present.
SubFilterType pdftron::PDF::DigitalSignatureField::GetSubFilter ( ) const

Returns the SubFilter type of the digital signature. Specification says that one must check the SubFilter before using various getters. Must call HasCryptographicSignature first and use it to check whether the signature is signed.

Returns
An enumeration describing what the SubFilter of the digital signature is from within the digital signature dictionary.
bool pdftron::PDF::DigitalSignatureField::HasCryptographicSignature ( ) const

Returns whether the digital signature field has been cryptographically signed. Checks whether there is a digital signature dictionary in the field and whether it has a Contents entry. Must be called before using various digital signature dictionary-related functions. Does not check validity - will return true even if a valid hash has not yet been generated (which will be the case after [Certify/Sign]OnNextSave[WithCustomHandler] has been called on the signature but even before Save is called on the document).

Returns
A boolean value representing whether the digital signature field has a digital signature dictionary with a Contents entry.
bool pdftron::PDF::DigitalSignatureField::HasVisibleAppearance ( ) const

Returns whether the field has a visible appearance. Can be called without checking HasCryptographicSignature first, since it operates on the surrounding Field dictionary, not the "V" entry (i.e. digital signature dictionary). Performs the zero-width+height check, the Hidden bit check, and the NoView bit check as described by the PDF 2.0 specification, section 12.7.5.5 "Signature fields".

Returns
A boolean representing whether or not the signature field has a visible signature.
bool pdftron::PDF::DigitalSignatureField::IsCertification ( ) const

Returns whether or not this signature is a certification.

Returns
a boolean value representing whether or not this signature is a certification.
bool pdftron::PDF::DigitalSignatureField::IsLockedByDigitalSignature ( ) const

Returns whether this digital signature field is locked against modifications by any digital signatures. Can be called when this field is unsigned.

Returns
A boolean representing whether this digital signature field is locked against modifications by any digital signatures in the document.
DigitalSignatureField& pdftron::PDF::DigitalSignatureField::operator= ( const DigitalSignatureField other)
void pdftron::PDF::DigitalSignatureField::SetContactInfo ( const UString in_contact_info)

Should not be called when SubFilter is ETSI.RFC3161 (i.e. on a DocTimeStamp). Sets the ContactInfo entry in the digital signature dictionary. Must create a digital signature dictionary first using [Certify/Sign]OnNextSave[WithCustomHandler]. If this function is called on a digital signature field that has already been cryptographically signed with a valid hash, the hash will no longer be valid, so do not call Save (to sign/create the hash) until after you call this function, if you need to call this function in the first place. Essentially, call this function after [Certify/Sign]OnNextSave[WithCustomHandler] and before Save.

Parameters
in_contact_info– A string containing the ContactInfo to be set.
static bool pdftron::PDF::DigitalSignatureField::SetDigSigLogFilename ( const UString filename)
static

Sets the digital signature logging filename, and enables the logging. This function is expected to be called only once. Subsequent calls to the function will have no effect.

Parameters
filenameThe name (and path) of the log file.
Returns
True if this operation was successful and false if it failed because the logging process has already started.
void pdftron::PDF::DigitalSignatureField::SetDocumentPermissions ( DocumentPermissions  in_perms)

Sets the document locking permission level for this digital signature field. Call only on unsigned signatures, otherwise a valid hash will be invalidated.

Parameters
in_perms– An enumerated value representing the document locking permission level to set.
void pdftron::PDF::DigitalSignatureField::SetFieldPermissions ( const FieldPermissions  in_action,
const std::vector< UString > &  in_field_names_list = std::vector< UString >() 
)

Tentatively sets which fields are to be locked by this digital signature upon signing. It is not necessary to call HasCryptographicSignature before using this function. Throws if non-empty array of field names is passed along with FieldPermissions Action == e_lock_all.

Parameters
in_action– An enumerated value representing which sort of field locking should be done. Options are All (lock all fields), Include (lock listed fields), and Exclude (lock all fields except listed fields).
in_field_names– A list of field names; can be empty (and must be empty, if Action is set to All). Empty by default. Tentatively sets which fields are to be locked by this digital signature upon signing. It is not necessary to call HasCryptographicSignature before using this function. Throws if non-empty array of field names is passed along with FieldPermissions Action == e_lock_all.
in_action– An enumerated value representing which sort of field locking should be done. Options are All (lock all fields), Include (lock listed fields), and Exclude (lock all fields except listed fields).
in_field_names_list– A list of field names; can be empty (and must be empty, if Action is set to All). Empty by default.
void pdftron::PDF::DigitalSignatureField::SetFieldPermissions ( const FieldPermissions  in_action,
const UString in_field_names_list,
const size_t  in_field_names_list_size 
)
void pdftron::PDF::DigitalSignatureField::SetLocation ( const UString in_location)

Should not be called when SubFilter is ETSI.RFC3161 (i.e. on a DocTimeStamp). Sets the Location entry in the digital signature dictionary. Must create a digital signature dictionary first using [Certify/Sign]OnNextSave[WithCustomHandler]. If this function is called on a digital signature field that has already been cryptographically signed with a valid hash, the hash will no longer be valid, so do not call Save (to sign/create the hash) until after you call this function, if you need to call this function in the first place. Essentially, call this function after [Certify/Sign]OnNextSave[WithCustomHandler] and before Save.

Parameters
in_location– A string containing the Location to be set.
void pdftron::PDF::DigitalSignatureField::SetPreferredDigestAlgorithm ( Crypto::DigestAlgorithm::Type  in_digest_algorithm_type,
const bool  in_make_mandatory = true 
)

Sets the preferred digest algorithm to use when signing this field. This is done by setting DigestMethod in the Seed Value dictionary. This function can be called before a signature field is even prepared for signing.

Parameters
in_digest_algorithm_type– the digest algorithm to use
in_make_mandatory– whether to tell signing software to give up if the preferred algorithm is unsupported. Default value for this parameter is true.
void pdftron::PDF::DigitalSignatureField::SetReason ( const UString in_reason)

Should not be called when SubFilter is ETSI.RFC3161 (i.e. on a DocTimeStamp). Sets the Reason entry in the digital signature dictionary. Must create a digital signature dictionary first using [Certify/Sign]OnNextSave[WithCustomHandler]. If this function is called on a digital signature field that has already been cryptographically signed with a valid hash, the hash will no longer be valid, so do not call Save (to sign/create the hash) until after you call this function, if you need to call this function in the first place. Essentially, call this function after [Certify/Sign]OnNextSave[WithCustomHandler] and before Save.

Parameters
in_reason– A string containing the Reason to be set.
void pdftron::PDF::DigitalSignatureField::SetSigDictTimeOfSigning ( const PDF::Date in_date)

Adds the "M" key and value, representing the PDF-time-of-signing (not to be confused with embedded timestamps, DocTimeStamps, or CMS signing time), to the digital signature dictionary. The digital signature field must have been prepared for signing first. This function should only be used if no secure embedded timestamping support is available from your signing provider. Useful for custom signing workflows, where signing time is not set automatically by the Apryse SDK, unlike in the usual standard handler signing workflow. A secure embedded timestamp can also be added later and should override this "M" date entry when the signature is read by signature-verifying PDF processor applications. At least one signing time, whether "M" or a secure embedded timestamp (see GenerateContentsWithEmbeddedTimestamp), is required to be added in order to create a PAdES signature.

Parameters
in_datethe PDF Date datetime value to set
static std::vector<UChar> pdftron::PDF::DigitalSignatureField::SignDigest ( const std::vector< UChar > &  in_digest,
const UString in_pkcs12_keyfile_path,
const UString in_keyfile_password,
const bool  in_pades_mode,
const Crypto::DigestAlgorithm::Type  in_digest_algorithm_type 
)
static

Returns a CMS detached signature incorporating a digest that is provided using the provided PKCS #12 key file (.pfx). This function is part of the custom signing API, but cannot be used for workflows where the key is not in PFX format or when the signature comes from a source that cannot generate CMS signatures (e.g. Hardware Security Modules (HSM) devices, cloud signing services). In such cases, the low-level parts of the custom signing API should be used instead of this function (e.g. GenerateESSSigningCertPAdESAttribute, GenerateCMSSignedAttributes, GenerateCMSSignature). This function is a shortcut for situations in which use of more low-level custom signing functions is unnecessary. Therefore, this function will generate necessary CMS components, such as signedAttrs, internally.

Note
This function does not change the DigitalSignatureField. Call SaveCustomSignature to write a signature to its PDFDoc.
Parameters
in_digest– the document digest value to use
in_pkcs12_keyfile_path– the path to the PKCS #12 key file (usually has a .pfx extension) to use for signing
in_keyfile_password– the password to use to decrypt the PKCS #12 key file
in_pades_mode– whether to create a PAdES-type signature (PDF Advanced Electronic Signatures standards)
in_digest_algorithm_type– the identifier to use to write the digest algorithm
Returns
the DER-serialized bytes of a CMS detached signature (CMS ContentInfo)
static std::vector<UChar> pdftron::PDF::DigitalSignatureField::SignDigest ( const std::vector< UChar > &  in_digest,
const std::vector< UChar > &  in_pkcs12_buffer,
const UString in_keyfile_password,
const bool  in_pades_mode,
const Crypto::DigestAlgorithm::Type  in_digest_algorithm_type 
)
static

Returns a CMS detached signature incorporating a digest that is provided using the provided PKCS #12 key buffer (.pfx). This function is part of the custom signing API, but cannot be used for workflows where the key is not in PFX format or when the signature comes from a source that cannot generate CMS signatures (e.g. Hardware Security Modules (HSM) devices, cloud signing services). In such cases, the low-level parts of the custom signing API should be used instead of this function (e.g. GenerateESSSigningCertPAdESAttribute, GenerateCMSSignedAttributes, GenerateCMSSignature). This function is a shortcut for situations in which use of more low-level custom signing functions is unnecessary. Therefore, this function will generate necessary CMS components, such as signedAttrs, internally.

Note
This function does not change the DigitalSignatureField. Call SaveCustomSignature to write a signature to its PDFDoc.
Parameters
in_digest– the document digest value to use
in_pkcs12_buffer– a buffer containing the PKCS #12 key (as usually stored in .pfx files) to use for signing
in_keyfile_password– the password to use to decrypt the PKCS #12 key file data in the buffer
in_pades_mode– whether to create a PAdES-type signature (PDF Advanced Electronic Signatures standards)
in_digest_algorithm_type– the identifier to use to write the digest algorithm
Returns
the DER-serialized bytes of a CMS detached signature (CMS ContentInfo)
static std::vector<UChar> pdftron::PDF::DigitalSignatureField::SignDigest ( const UChar in_digest,
const size_t  in_digest_size,
const UString in_pkcs12_keyfile_path,
const UString in_keyfile_password,
const bool  in_pades_mode,
const Crypto::DigestAlgorithm::Type  in_digest_algorithm_type 
)
static

Returns a CMS detached signature incorporating a digest that is provided using the provided PKCS #12 key file (.pfx). This function is part of the custom signing API, but cannot be used for workflows where the key is not in PFX format or when the signature comes from a source that cannot generate CMS signatures (e.g. Hardware Security Modules (HSM) devices, cloud signing services). In such cases, the low-level parts of the custom signing API should be used instead of this function (e.g. GenerateESSSigningCertPAdESAttribute, GenerateCMSSignedAttributes, GenerateCMSSignature). This function is a shortcut for situations in which use of more low-level custom signing functions is unnecessary. Therefore, this function will generate necessary CMS components, such as signedAttrs, internally.

Note
This function does not change the DigitalSignatureField. Call SaveCustomSignature to write a signature to its PDFDoc.
Parameters
in_digest– the document digest value to use
in_digest_size– the size of the document digest buffer
in_pkcs12_keyfile_path– the path to the PKCS #12 key file (usually has a .pfx extension) to use for signing
in_keyfile_password– the password to use to decrypt the PKCS #12 key file
in_pades_mode– whether to create a PAdES-type signature (PDF Advanced Electronic Signatures standards)
in_digest_algorithm_type– the identifier to use to write the digest algorithm
Returns
the DER-serialized bytes of a CMS detached signature (CMS ContentInfo)
static std::vector<UChar> pdftron::PDF::DigitalSignatureField::SignDigest ( const UChar in_digest,
const size_t  in_digest_size,
const UChar in_pkcs12_buffer,
const size_t  in_pkcs12_buffer_size,
const UString in_keyfile_password,
const bool  in_pades_mode,
const Crypto::DigestAlgorithm::Type  in_digest_algorithm_type 
)
static

Returns a CMS detached signature incorporating a digest that is provided using the provided PKCS #12 key buffer (.pfx). This function is part of the custom signing API, but cannot be used for workflows where the key is not in PFX format or when the signature comes from a source that cannot generate CMS signatures (e.g. Hardware Security Modules (HSM) devices, cloud signing services). In such cases, the low-level parts of the custom signing API should be used instead of this function (e.g. GenerateESSSigningCertPAdESAttribute, GenerateCMSSignedAttributes, GenerateCMSSignature). This function is a shortcut for situations in which use of more low-level custom signing functions is unnecessary. Therefore, this function will generate necessary CMS components, such as signedAttrs, internally.

Note
This function does not change the DigitalSignatureField. Call SaveCustomSignature to write a signature to its PDFDoc.
Parameters
in_digest– the document digest value to use
in_digest_size– the size of the document digest buffer
in_pkcs12_buffer– a buffer containing the PKCS #12 key (as usually stored in .pfx files) to use for signing
in_pkcs12_buffer_size– the size of the PKCS #12 key buffer
in_keyfile_password– the password to use to decrypt the PKCS #12 key file data in the buffer
in_pades_mode– whether to create a PAdES-type signature (PDF Advanced Electronic Signatures standards)
in_digest_algorithm_type– the identifier to use to write the digest algorithm
Returns
the DER-serialized bytes of a CMS detached signature (CMS ContentInfo)
void pdftron::PDF::DigitalSignatureField::SignOnNextSave ( const UString in_pkcs12_keyfile_path,
const UString in_password 
)

Must be called to prepare a signature for signing, which is done afterwards by calling Save. Cannot sign two signatures during one save (throws). Default document permission level is e_annotating_formfilling_signing_allowed. Throws if signature field already has a digital signature dictionary.

Parameters
in_pkcs12_keyfile_path– The path to the PKCS #12 private keyfile to use to sign this digital signature.
in_password– The password to use to parse the PKCS #12 keyfile.
void pdftron::PDF::DigitalSignatureField::SignOnNextSave ( const UChar in_pkcs12_buffer,
size_t  in_buf_size,
const UString in_password 
)

Must be called to prepare a signature for signing, which is done afterwards by calling Save. Cannot sign two signatures during one save (throws). Default document permission level is e_annotating_formfilling_signing_allowed. Throws if signature field already has a digital signature dictionary.

Parameters
in_pkcs12_buffer– A buffer of bytes containing the PKCS #12 private key certificate store to use to sign this digital signature.
in_buf_size– buffer size.
in_password– The password to use to parse the PKCS #12 buffer.
void pdftron::PDF::DigitalSignatureField::SignOnNextSaveWithCustomHandler ( const SDF::SignatureHandlerId  in_signature_handler_id)

Must be called to prepare a signature for signing, which is done afterwards by calling Save. Cannot sign two signatures during one save (throws). Default document permission level is e_annotating_formfilling_signing_allowed. Throws if signature field already has a digital signature dictionary.

Parameters
in_signature_handler_id– The unique id of the signature handler to use to sign this digital signature.
void pdftron::PDF::DigitalSignatureField::TimestampOnNextSave ( const TimestampingConfiguration in_timestamping_config,
const VerificationOptions in_timestamp_response_verification_options 
)

Must be called to prepare a secure PDF-embedded timestamp signature (RFC 3161 DocTimeStamp) for signing, which is done afterwards by calling Save on the document with an e_incremental flag. Throws if document is locked by other signatures, if signature is already signed, or if another signature has already been prepared for signing on the next save (because only one signing operation can be done per incremental save). Default document permission level is e_annotating_formfilling_signing_allowed.

Parameters
in_timestamping_config– Configuration options to store for timestamping. These will include various items related to contacting a timestamping authority. Incorrect configuration will result in document Save throwing an exception. The usability of a combination of a TimestampingConfiguration and VerificationOptions can be checked ahead of time to prevent exceptions by calling TestConfiguration on TimestampingConfiguration and passing VerificationOptions.
in_timestamp_response_verification_options– Options for the timestamp response verification step (which is required by RFC 3161 to be done as part of timestamping). These response verification options should include the root certificate of the timestamp authority, so that the trust status of the timestamp signature can be verified. The options that should be passed are the same ones that one expects the timestamp to be verifiable with in the future (once it is embedded in the document), except the response verification requires online revocation information whereas the later verification may not (depending on whether LTV offline verification information for the timestamp signature gets embedded into the document by that time). The timestamp response verification step makes sure that (a) the timestamp response has a success status, which is the only time that this is verified in the entire workflow, which prevents embedding an unsuccessful response; (b) that it digests the document correctly and is otherwise generally verifiable; and (c) that the nonce is correct (which is the only time that this is verifiable in the entire workflow) to prevent replay attacks (if it was not requested in the TimestampingConfiguration that the nonce mechanism should be disabled).
Note
A failure in timestamp response verification will result in document Save throwing an exception. It is recommended to use TimestampingConfiguration.TestConfiguration with the VerificationOptions ahead of time to avoid this.
void pdftron::PDF::DigitalSignatureField::UseSubFilter ( const SubFilterType  in_subfilter_type,
const bool  in_make_mandatory = true 
)

Sets the requested SubFilter value (which identifies a signature type) as the only one to use during future signing, overwriting all such previous settings. It is not necessary to call HasCryptographicSignature before calling this function. For example, this function can be used to switch to PAdES signing mode.

Parameters
in_subfilter_type– The SubFilter type to set.
in_make_mandatory– Whether to make usage of this SubFilter mandatory for future signing applications. Default value for this parameter is true.
VerificationResult pdftron::PDF::DigitalSignatureField::Verify ( const VerificationOptions in_opts) const

Verifies this cryptographic digital signature in the manner specified by the VerificationOptions.

Parameters
in_opts– The options specifying how to do the verification.
Returns
A VerificationResult object containing various information about the verifiability of the cryptographic digital signature.

The documentation for this class was generated from the following file: