I'm trying to 'complete to ltv' a pdf that is already signed and i found this code using itext:
http://developers.itextpdf.com/question/how-enable-ltv-timestamp-signature
public void addLtv(String src, String dest, OcspClient ocsp, CrlClient crl, TSAClient tsa)
throws IOException, DocumentException, GeneralSecurityException {
PdfReader r = new PdfReader(src);
FileOutputStream fos = new FileOutputStream(dest);
PdfStamper stp = PdfStamper.createSignature(r, fos, '\0', null, true);
LtvVerification v = stp.getLtvVerification();
AcroFields fields = stp.getAcroFields();
List<String> names = fields.getSignatureNames();
String sigName = names.get(names.size() - 1);
PdfPKCS7 pkcs7 = fields.verifySignature(sigName);
if (pkcs7.isTsp()) {
v.addVerification(sigName, ocsp, crl,
LtvVerification.CertificateOption.SIGNING_CERTIFICATE,
LtvVerification.Level.OCSP_CRL,
LtvVerification.CertificateInclusion.NO);
}
else {
for (String name : names) {
v.addVerification(name, ocsp, crl,
LtvVerification.CertificateOption.WHOLE_CHAIN,
LtvVerification.Level.OCSP_CRL,
LtvVerification.CertificateInclusion.NO);
}
}
PdfSignatureAppearance sap = stp.getSignatureAppearance();
LtvTimestamp.timestamp(sap, tsa, null);
}
I read it has a 'problem' with Adobe because the timestamp applied is not recognized as LTV-enabled and suggests applying a new dss to solve this.
My questions:
Can this info be added before applying the timestamp? If i'm adding a dss to complete, i could add TSA timestamp info (ocsp, crl...) too (maybe with a fake sign to get info) and then apply the timestamp without needing a new dss again.
If yes... this is approved by ETSI? Can iText handle it? I noticed that addVerification adds info from signatures already included, but seems i can't add the required info with this method. There's another way to add 'free' verifications or addVerification let's me and i didn't notice?
If no... Why? Then why i not need to timestamp again the new dss added?
As you can see... i'm not an expert and i need some help.
Thanks a lot for your help!