To verify multiple digital signature,
perform the following tasks:
Include project files
Include the necessary files in your development
project. If you are creating a client application using Java, include
the necessary JAR files. If you are using web services, include
the proxy files.
The following JAR files must be added to
your project’s classpath:
-
adobe-livecycle-client.jar
-
adobe-usermanager-client.jar
-
adobe-signatures-client.jar
-
adobe-utilities.jar (required if LiveCycle is deployed
on JBoss)
-
jbossall-client.jar (required if LiveCycle is deployed
on JBoss)
For information about the location of
these JAR files, see
Including LiveCycle Java library files
.
Set PKI runtime options
Set these PKI run-time options that
the Signature service uses when verifying all signatures in a PDF
document:
-
Verification time
-
Revocation checking
-
Time-stamping values
As part of setting
these options, you can specify verification time. For example, you
can select current time (the time on the validator’s computer), which
indicates to use the current time. For information about the different
time values, see the
VerificationTime
enumeration
value in
LiveCycle API Reference
.
You
can also specify whether to perform revocation checking as part
of the verification process. For example, you can perform a revocation
check to determine whether the certificate is revoked. For information
about the revocation-checking options, see the
RevocationCheckStyle
enumeration
value in
LiveCycle API Reference
.
To
perform revocation checking on a certificate, specify a URL to a
certificate revocation list (CRL) server by using a
CRLOptionSpec
object.
However, if you do not specify a URL to a CRL server, the Signature
service obtains the URL from the certificate.
Instead of using
a CRL server, you can use an online certificate status protocol
(OCSP) server when performing revocation checking. Typically, when using
an OCSP server instead of a CRL server, the revocation check is
performed faster. (See
Online Certificate Status Protocol
.)
You
can set the CRL and OCSP server order that the Signature service
uses by using Adobe Applications and Services. For example, if the
OCSP server is set first in Adobe Applications and Services, the
OCSP server is checked, followed by the CRL server.
If you
do not perform revocation checking, the Signature service does not check
whether the certificate is revoked. That is, CRL and OCSP server
information is ignored.
Note:
You can override
the URL specified in the certificate by using a
CRLOptionSpec
and
an
OCSPOptionSpec
object. For example, to override
the CRL server, you can invoke the
CRLOptionSpec
object’s
setLocalURI
method.
Time
stamping is the process of tracking the time when a signed or certified document
was modified. After a document is signed, no one can modify it.
Time stamping helps enforce the validity of a signed or certified
document. You can set time stamping options by using a
TSPOptionSpec
object.
For example, you can specify the URL of a time stamping provider
(TSP) server.
Note:
In the Java and web service
quick starts, the verification time is set to
VerificationTime.CURRENT_TIME
and
revocation checking is set to
RevocationCheckStyle.BestEffort
.
Because no CRL or OCSP server information is specified, the server
information is obtained from the certificate.
Retrieve all digital signatures
To verify all digital signatures
located in a PDF document, retrieve the digital signatures from
the PDF document. All signatures are returned in a list. As part
of verifying a digital signature, check the status of the signature.
Note:
Unlike when you verify a single digital signature,
when you verify multiple signatures, you are not required to specify
the signature field name.