Include project files
Include the necessary files in your development
project. If you are creating a client application using Java, include
the necessary JAR files. If you are using web services, include
the proxy files.
The following JAR files must be added to
your project’s classpath:
adobe-livecycle-client.jar
adobe-usermanager-client.jar
adobe-signatures-client.jar
adobe-utilities.jar (required if LiveCycle is deployed
on JBoss)
jbossall-client.jar (required if LiveCycle is deployed
on JBoss)
For information about the location of
these JAR files, see Including LiveCycle Java library files.
Set PKI run-time options
Set these PKI run-time options that
the Signature service uses when verifying signatures in a PDF document:
Verification time
Revocation checking
Time-stamping values
As part of setting these
options, you can specify verification time. For example, you can
select current time (the time on the validator’s computer), which
indicates to use the current time. For information about the different
time values, see the VerificationTime enumeration
value in LiveCycle API Reference.
You
can also specify whether to perform revocation checking as part
of the verification process. For example, you can perform a revocation
check to determine whether the certificate is revoked. For information
about the revocation-checking options, see the RevocationCheckStyle enumeration
value in LiveCycle API Reference.
To
perform revocation checking on a certificate, specify a URL to a
certificate revocation list (CRL) server by using a CRLOptionSpec object.
However, if you do not specify a URL to CRL server, the Signature
service obtains the URL from the certificate.
Instead of using
a CRL server, you can use an online certificate status protocol
(OCSP) server when performing revocation checking. Typically, when using
an OCSP server as opposed to a CRL server, the revocation check
is performed faster. (See Online
Certificate Status Protocol.)
You can set the CRL and
OCSP server order that the Signature service uses by using Adobe
Applications and Services. For example, if the OCSP server is set
first in Adobe Applications and Services, then the OCSP server is
checked, followed by the CRL server.
If you do not perform
revocation checking, the Signature service does not check whether
the certificate is revoked. That is, CRL and OCSP server information
is ignored.
Hinweis: You can override the URL specified
in the certificate by using a CRLOptionSpec and
an OCSPOptionSpec object. For example, to override
the CRL server, you can invoke the CRLOptionSpec object’s setLocalURI method.
Time
stamping is the process of tracking the time when a signed or certified document
was modified. After a document is signed, no one can modify it.
Time stamping helps enforce the validity of a signed or certified
document. You can set time stamping options using a TSPOptionSpec object. For
example, you can specify the URL of a time stamping provider (TSP)
server.
Hinweis: In the Java and web service quick
starts, the verification time is set to VerificationTime.CURRENT_TIME and
revocation checking is set to RevocationCheckStyle.BestEffort.
Because no CRL or OCSP server information is specified, the server
information is obtained from the certificate.
Verify the digital signature
To successfully verify a signature,
specify the fully qualified name of the signature field that contains
the signature, such as form1[0].#subform[1].SignatureField3[3]. When
using an XFA form field, you can also use the partial name of the
signature field : SignatureField3.
By default,
the Signature service limits the amount of time that a document can
be signed after validation time to 65 min. If a user attempts to
verify a signature at current time and the sign time is later than
the current time and is within 65 min, the Signature service does
not create a verification error.