Class SignatureValidator

java.lang.Object
cloud.opencode.base.pdf.signature.SignatureValidator
public final class SignatureValidator extends Object
PDF Signature Validator PDF 签名验证器

Validates digital signatures in PDF documents.

验证 PDF 文档中的数字签名。

Features | 主要功能:

  • Signature integrity validation - 签名完整性验证
  • Certificate chain validation - 证书链验证
  • Timestamp validation - 时间戳验证
  • Revocation checking (CRL/OCSP) - 吊销检查

Usage Examples | 使用示例:

// Validate signatures
List<ValidationResult> results = SignatureValidator.create()
    .checkRevocation(true)
    .validate(Path.of("signed.pdf"));

for (ValidationResult result : results) {
    System.out.println("Valid: " + result.isFullyValid());
}

Security | 安全性:

  • Thread-safe: No — not designed for concurrent use - 线程安全: 否 — 非并发设计
  • Null-safe: Yes — parameters are validated - 空值安全: 是 — 参数已验证
  • Sensitive data: Trust store passwords are cloned defensively - 敏感数据: 信任库密码进行了防御性克隆
Since:
JDK 25, opencode-base-pdf V1.0.0
Author:
Leon Soo www.LeonSoo.com
See Also:

  • Method Details

    • trustedCertificates

      public SignatureValidator trustedCertificates(List<X509Certificate> trustedCerts)
      Sets trusted certificates for validation. 设置用于验证的受信任证书。
      Parameters:
      trustedCerts - trusted certificates | 受信任证书
      Returns:
      this validator | 当前验证器

    • addTrustedCertificate

      public SignatureValidator addTrustedCertificate(X509Certificate certificate)
      Adds a trusted certificate. 添加受信任证书。
      Parameters:
      certificate - trusted certificate | 受信任证书
      Returns:
      this validator | 当前验证器

    • trustStore

      public SignatureValidator trustStore(Path trustStorePath, char[] password)
      Sets trust store for validation. 设置用于验证的信任库。
      Parameters:
      trustStorePath - trust store path | 信任库路径
      password - trust store password | 信任库密码
      Returns:
      this validator | 当前验证器

    • checkRevocation

      public SignatureValidator checkRevocation(boolean enable)
      Enables certificate revocation checking. 启用证书吊销检查。
      Parameters:
      enable - whether to enable | 是否启用
      Returns:
      this validator | 当前验证器

    • checkOcsp

      public SignatureValidator checkOcsp(boolean enable)
      Enables OCSP checking. 启用 OCSP 检查。
      Parameters:
      enable - whether to enable | 是否启用
      Returns:
      this validator | 当前验证器

    • validate

      public List<SignatureValidator.ValidationResult> validate(Path source)
      Validates all signatures in a PDF. 验证 PDF 中的所有签名。
      Parameters:
      source - PDF file path | PDF 文件路径
      Returns:
      validation results | 验证结果
      Throws:
      OpenPdfException - if validation fails | 验证失败时抛出异常

    • validate

      public List<SignatureValidator.ValidationResult> validate(PdfDocument document)
      Validates all signatures in a PDF document. 验证 PDF 文档中的所有签名。
      Parameters:
      document - PDF document | PDF 文档
      Returns:
      validation results | 验证结果
      Throws:
      OpenPdfException - if validation fails | 验证失败时抛出异常

    • validate

      public SignatureValidator.ValidationResult validate(Path source, String fieldName)
      Validates a specific signature. 验证特定签名。
      Parameters:
      source - PDF file path | PDF 文件路径
      fieldName - signature field name | 签名字段名
      Returns:
      validation result | 验证结果
      Throws:
      OpenPdfException - if validation fails | 验证失败时抛出异常

    • getTrustedCertificates

      public List<X509Certificate> getTrustedCertificates()

    • getTrustStorePath

      public Path getTrustStorePath()

    • isCheckRevocation

      public boolean isCheckRevocation()

    • isCheckOcsp

      public boolean isCheckOcsp()

    • create

      public static SignatureValidator create()
      Creates a new validator. 创建新的验证器。
      Returns:
      signature validator | 签名验证器