public final class

SignatureManager

extends Object
java.lang.Object
   ↳ com.pspdfkit.signatures.SignatureManager

Class Overview

Handles digital signature certificates.

Summary

Public Methods
static void addSigner(String identifier, Signer signer)
Register a single Signer.
static void addTrustedCertificate(X509Certificate certificate)
Adds a new trusted certificate to the keystore to be used for verification of valid signatures.
static void addTrustedCertificate(InputStream pkcs7certificateInputStream)
Adds a new trusted certificate to the keystore to be used for verification of valid signatures.
static void addTrustedCertificatesFromAdobeCa()
Loads Adobe CA trusted certificates.
static void addTrustedCertificatesFromOs()
Loads and add certificate from operating system root certificate store.
static void clearSigners()
Removes all previously registered Signer instances.
static void clearTrustedCertificates()
Clears all certificates from keystore.
static Map<StringSigner> getSigners()
Returns all registered Signer instances.
static List<X509Certificate> getTrustedCertificates()
Returns list of trusted CA certificates used for verification of signatures in the documents.
static X509Certificate loadCertificateFromFile(File file)
Convenience method to load a X.509 certificate from a File.
static X509Certificate loadCertificateFromStream(InputStream inputStream)
Convenience method to load a X.509 certificate from an InputStream.
static KeyStore.PrivateKeyEntry loadPrivateKeyFromFile(File file, String password, String alias, String keyPassword)
Convenience method to load a certificate/private key pair from a PKCS#12 file (usually with .p12 extension).
static KeyStore.PrivateKeyEntry loadPrivateKeyPairFromStream(InputStream inputStream, String password, String alias, String keyPassword)
Convenience method to load a certificate/private key pair from a PKCS#12 file (usually with .p12 extension).
static void removeSigner(String identifier)
Unregister a previously registered Signer.
[Expand]
Inherited Methods
From class java.lang.Object

Public Methods

public static void addSigner (String identifier, Signer signer)

Register a single Signer. A registered signer will be available in various components, for example the SignatureSignerDialog. Each identifier can only be used once, or a signer with the same identifier will be replaced. To remove a previously registered signer, use removeSigner(String). To get a list of all registered signers call getSigners().

Parameters
identifier A unique string identifier for referencing the signer.
signer A Signer to register.

public static void addTrustedCertificate (X509Certificate certificate)

Adds a new trusted certificate to the keystore to be used for verification of valid signatures.

Parameters
certificate A X.509 certificate with public key.

public static void addTrustedCertificate (InputStream pkcs7certificateInputStream)

Adds a new trusted certificate to the keystore to be used for verification of valid signatures.

Parameters
pkcs7certificateInputStream Input stream containing a X.509 certificate in PKCS#7 form. Can be java.io.FileInputStream, android.content.res.AssetManager.AssetInputStream or any related type.

public static void addTrustedCertificatesFromAdobeCa ()

Loads Adobe CA trusted certificates. This is already done by default and this call should only be used if clearTrustedCertificates() has been called for any reason.

public static void addTrustedCertificatesFromOs ()

Loads and add certificate from operating system root certificate store. This is already done by default and this call should only be used if clearTrustedCertificates() has been called for any reason.

public static void clearSigners ()

Removes all previously registered Signer instances. A signer can be registered using addSigner(String, Signer). To unregister a single signer instance use removeSigner(String).

public static void clearTrustedCertificates ()

Clears all certificates from keystore. Unless a new certificate is added to it later, signatures in documents won't be checked for validity and all the validation methods will return at least a WARNING.

public static Map<StringSigner> getSigners ()

Returns all registered Signer instances. A signer can be registered using addSigner(String, Signer) and unregistered using removeSigner(String).

Returns
  • An unmodifiable set of all registered Signer instances. If no signers are registered, this method returns an empty set.
See Also

public static List<X509Certificate> getTrustedCertificates ()

Returns list of trusted CA certificates used for verification of signatures in the documents. By default this list is initialized from Android's OS CA certificate store and Adobe PDF CA store.

Returns
  • List of trusted CA certificates.

public static X509Certificate loadCertificateFromFile (File file)

Convenience method to load a X.509 certificate from a File.

Parameters
file File containing certificate in PKCS#7 format.
Returns
Throws
CertificateException If loading failed or certificate isn't of X.509 type.

public static X509Certificate loadCertificateFromStream (InputStream inputStream)

Convenience method to load a X.509 certificate from an InputStream.

Parameters
inputStream Input stream containing certificate in PKCS#7 format.
Returns
Throws
CertificateException If loading failed or certificate isn't of X.509 type.

public static KeyStore.PrivateKeyEntry loadPrivateKeyFromFile (File file, String password, String alias, String keyPassword)

Convenience method to load a certificate/private key pair from a PKCS#12 file (usually with .p12 extension).

Parameters
file PKCS#12 (.p12) keystore file.
password Password for the keystore, may be null if keystore isn't password protected.
alias Key pair alias (name) inside the keystore.
keyPassword Password for the keypair inside the keystore, may be null if key isn't password protected.
Returns
Throws
IOException if keystore can't be opened and read.
GeneralSecurityException if key or keystore passwords don't match the ones in the actual file.

public static KeyStore.PrivateKeyEntry loadPrivateKeyPairFromStream (InputStream inputStream, String password, String alias, String keyPassword)

Convenience method to load a certificate/private key pair from a PKCS#12 file (usually with .p12 extension).

Parameters
inputStream Input stream reading a p12 file.
password Password for the keystore, may be null if keystore isn't password protected.
alias Key pair alias (name) inside the keystore. If null, uses the first one found.
keyPassword Password for the keypair inside the keystore, may be null if key isn't password protected.
Returns
Throws
IOException if keystore can't be opened and read.
GeneralSecurityException if key or keystore passwords don't match the ones in the actual file.

public static void removeSigner (String identifier)

Unregister a previously registered Signer. Once unregistered, the signer will no longer be available in digital signature components. To unregister all previously registered signers use clearSigners().

Parameters
identifier The unique identifier that was previously used to register a Signer.