Doc/PDFNetC/_verification_options_8h_source.html

//---------------------------------------------------------------------------------------

// Copyright (c) 2001-2025 by Apryse Software Inc. All Rights Reserved.

// Consult legal.txt regarding legal and license information.

//---------------------------------------------------------------------------------------


#ifndef PDFTRON_H_CPPPDFVerificationOptions

#define PDFTRON_H_CPPPDFVerificationOptions

#include <C/PDF/TRN_VerificationOptions.h>


#include <Common/BasicTypes.h>

#include <Common/UString.h>

#include <PDF/PDFDoc.h>

#include <Crypto/X509Certificate.h>


namespace pdftron { namespace PDF {


class VerificationOptions

{

public:

    //enums:


    // An enumeration representing the level of security to use when verifying digital signatures.


    enum SecurityLevel {

        // For compatibility with other vendors such as Acrobat, one can use e_compatibility_and_archiving.

        e_compatibility_and_archiving = 0,

        // The e_maximum mode is a highly-restrictive mode which disables many common features of PDF digital signatures.

        e_maximum = 1

    };


    /* An enumeration representing the least-secure type of reference-time to use when verifying digital signatures.

    One can choose the time of signing (not very secure), timestamp time (more secure), current time (most secure, lower verification rate).

    Note: this is orthogonal to the expiry verification mode (shell/chain/hybrid). */


    enum TimeMode {

        /* If secure timestamp available, check signature certificates against the secure timestamp. Otherwise,

        if available, check signature certificates against the signingTime attribute in the PKCS #7/CMS of the signature.

        Otherwise, use the current time. This is the default option. Less secure. Suitable for archiving

        and interoperability with other vendors. */

        e_signing = 0,

        /* If available, check signature certificates against the signingTime attribute in the PKCS #7/CMS data

        of the signature. Otherwise, use the current time. */

        e_timestamp = 1,

        /* Check signature certificates against the current time.

        This is the most secure, and the most restrictive option. */

        e_current = 2

    };


    // An enumeration representing the level of trust associated with a particular certificate. Multiple flag values can be combined using bitwise operators.


    enum CertificateTrustFlag {

        e_signing_trust = 1, // analogous to "kPSSigTrustSigning" in FDF cert exchange specification. Automatically set even when not specified, just like in Acrobat.

        e_certification_trust = 2, // analogous to "kPSSigTrustAuthenticDocuments" in FDF cert exchange specification. Allows certifications using this identity to be verified.

        e_dynamic_content = 4, /* analogous to "kPSSigTrustDynamicContent" in FDF cert exchange specification. Just like in Acrobat, does not invalidate dynamic documents,

            just intended to stop viewers from allowing its use on documents which are not trusted for it. */

        e_javascript = 16, /* analogous to "kPSSigTrustJavaScript" in FDF cert exchange specification. Just like in Acrobat, does not invalidate JavaScript-containing documents,

            just intended to stop viewers from allowing its use on documents which are not trusted for it. */

        e_identity = 32, // analogous to "kPSSigTrustIdentity" in FDF cert exchange specification. If this flag is not set, all other flags are ignored, and certificate is used only for path building.

        e_trust_anchor = 64, // analogous to "kPSSigTrustAnchor" in FDF cert exchange specification. If this flag is set, paths may end with this certificate, and no revocation checks are done for it.

        e_default_trust = 97, // handy shortcut for what Acrobat does by default -- trust for everything except certification, javascript, and dynamic

        e_complete_trust = 119 // another handy shortcut for testing

    };


    VerificationOptions(const VerificationOptions& other);

    VerificationOptions(TRN_VerificationOptions impl);

    VerificationOptions& operator= (const VerificationOptions& other);

    ~VerificationOptions();


    void Destroy();


    //methods:


    VerificationOptions(SecurityLevel level);


    void AddTrustedCertificate(const UChar* in_certificate_buf, size_t in_buf_size, const UInt16 in_trust_flags = e_default_trust);


    void AddTrustedCertificate(const UString& in_filepath, const UInt16 in_trust_flags = e_default_trust);


    void AddTrustedCertificates(const UChar* in_P7C_binary_DER_certificates_file_data, const size_t in_size);


    void LoadTrustList(const FDF::FDFDoc& in_fdf_cert_exchange_data);


    void EnableModificationVerification(bool in_on_or_off);


    void EnableDigestVerification(bool in_on_or_off);


    void EnableTrustVerification(bool in_on_or_off);


    void SetRevocationTimeout(const UInt32 in_revocation_timeout_milliseconds);


    void EnableOnlineCRLRevocationChecking(bool in_on_or_off);


    void EnableOnlineOCSPRevocationChecking(bool in_on_or_off);


    void EnableOnlineRevocationChecking(bool in_on_or_off);


    UInt32 GetTrustedCertificateCount();


    Crypto::X509Certificate GetTrustedCertificate(const UInt32 index);


#ifndef SWIGHIDDEN

    TRN_VerificationOptions m_impl;

#endif


private:


#ifndef SWIGHIDDEN

    mutable bool m_owner;

#endif

};


#include <Impl/VerificationOptions.inl>

} //end pdftron

} //end PDF


#endif //PDFTRON_H_CPPPDFVerificationOptions

BasicTypes.h

PDFDoc.h

UString.h

X509Certificate.h

pdftron::Crypto::X509Certificate
Definition X509Certificate.h:23

pdftron::FDF::FDFDoc
Definition FDFDoc.h:46

pdftron::PDF::VerificationOptions::VerificationOptions
VerificationOptions(const VerificationOptions &other)

pdftron::PDF::VerificationOptions::m_impl
TRN_VerificationOptions m_impl
Definition VerificationOptions.h:218

pdftron::PDF::VerificationOptions::EnableModificationVerification
void EnableModificationVerification(bool in_on_or_off)

pdftron::PDF::VerificationOptions::LoadTrustList
void LoadTrustList(const FDF::FDFDoc &in_fdf_cert_exchange_data)

pdftron::PDF::VerificationOptions::EnableDigestVerification
void EnableDigestVerification(bool in_on_or_off)

pdftron::PDF::VerificationOptions::SecurityLevel
SecurityLevel
Definition VerificationOptions.h:27

pdftron::PDF::VerificationOptions::e_maximum
@ e_maximum
Definition VerificationOptions.h:31

pdftron::PDF::VerificationOptions::e_compatibility_and_archiving
@ e_compatibility_and_archiving
Definition VerificationOptions.h:29

pdftron::PDF::VerificationOptions::VerificationOptions
VerificationOptions(TRN_VerificationOptions impl)

pdftron::PDF::VerificationOptions::Destroy
void Destroy()

pdftron::PDF::VerificationOptions::SetRevocationTimeout
void SetRevocationTimeout(const UInt32 in_revocation_timeout_milliseconds)

pdftron::PDF::VerificationOptions::GetTrustedCertificateCount
UInt32 GetTrustedCertificateCount()

pdftron::PDF::VerificationOptions::TimeMode
TimeMode
Definition VerificationOptions.h:37

pdftron::PDF::VerificationOptions::e_timestamp
@ e_timestamp
Definition VerificationOptions.h:45

pdftron::PDF::VerificationOptions::e_signing
@ e_signing
Definition VerificationOptions.h:42

pdftron::PDF::VerificationOptions::e_current
@ e_current
Definition VerificationOptions.h:48

pdftron::PDF::VerificationOptions::GetTrustedCertificate
Crypto::X509Certificate GetTrustedCertificate(const UInt32 index)

pdftron::PDF::VerificationOptions::CertificateTrustFlag
CertificateTrustFlag
Definition VerificationOptions.h:52

pdftron::PDF::VerificationOptions::e_certification_trust
@ e_certification_trust
Definition VerificationOptions.h:54

pdftron::PDF::VerificationOptions::e_dynamic_content
@ e_dynamic_content
Definition VerificationOptions.h:55

pdftron::PDF::VerificationOptions::e_identity
@ e_identity
Definition VerificationOptions.h:59

pdftron::PDF::VerificationOptions::e_trust_anchor
@ e_trust_anchor
Definition VerificationOptions.h:60

pdftron::PDF::VerificationOptions::e_signing_trust
@ e_signing_trust
Definition VerificationOptions.h:53

pdftron::PDF::VerificationOptions::e_complete_trust
@ e_complete_trust
Definition VerificationOptions.h:62

pdftron::PDF::VerificationOptions::e_javascript
@ e_javascript
Definition VerificationOptions.h:57

pdftron::PDF::VerificationOptions::e_default_trust
@ e_default_trust
Definition VerificationOptions.h:61

pdftron::PDF::VerificationOptions::AddTrustedCertificate
void AddTrustedCertificate(const UChar *in_certificate_buf, size_t in_buf_size, const UInt16 in_trust_flags=e_default_trust)

pdftron::PDF::VerificationOptions::EnableTrustVerification
void EnableTrustVerification(bool in_on_or_off)

pdftron::PDF::VerificationOptions::AddTrustedCertificate
void AddTrustedCertificate(const UString &in_filepath, const UInt16 in_trust_flags=e_default_trust)

pdftron::PDF::VerificationOptions::AddTrustedCertificates
void AddTrustedCertificates(const UChar *in_P7C_binary_DER_certificates_file_data, const size_t in_size)

pdftron::PDF::VerificationOptions::~VerificationOptions
~VerificationOptions()

pdftron::PDF::VerificationOptions::operator=
VerificationOptions & operator=(const VerificationOptions &other)

pdftron::PDF::VerificationOptions::EnableOnlineRevocationChecking
void EnableOnlineRevocationChecking(bool in_on_or_off)

pdftron::PDF::VerificationOptions::VerificationOptions
VerificationOptions(SecurityLevel level)

pdftron::PDF::VerificationOptions::EnableOnlineOCSPRevocationChecking
void EnableOnlineOCSPRevocationChecking(bool in_on_or_off)

pdftron::PDF::VerificationOptions::EnableOnlineCRLRevocationChecking
void EnableOnlineCRLRevocationChecking(bool in_on_or_off)

pdftron::UString
Definition UString.h:28

pdftron::PDF
Definition Action.h:15

pdftron
Definition BasicTypes.h:10

pdftron::UInt32
TRN_UInt32 UInt32
Definition BasicTypes.h:13

pdftron::UChar
TRN_UChar UChar
Definition BasicTypes.h:12

pdftron::UInt16
TRN_UInt16 UInt16
Definition BasicTypes.h:14