From 61a2d23ef72630934c603fe9ffb96ebebff6ee09 Mon Sep 17 00:00:00 2001
From: netconomy <netconomy@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c>
Date: Thu, 29 Nov 2007 12:00:22 +0000
Subject: PDF-AS API

git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@233 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
---
 src/main/java/at/gv/egiz/pdfas/api/PdfAs.java      | 123 ++++++++++++++
 .../egiz/pdfas/api/analyze/AnalyzeParameters.java  |  69 ++++++++
 .../gv/egiz/pdfas/api/analyze/AnalyzeResult.java   |  30 ++++
 .../at/gv/egiz/pdfas/api/commons/Constants.java    |  77 +++++++++
 .../pdfas/api/commons/SignatureInformation.java    |  97 +++++++++++
 .../egiz/pdfas/api/commons/SignatureProfile.java   |  29 ++++
 .../egiz/pdfas/api/exceptions/PdfAsException.java  |  78 +++++++++
 .../java/at/gv/egiz/pdfas/api/io/DataSink.java     |  75 ++++++++
 .../java/at/gv/egiz/pdfas/api/io/DataSource.java   |  74 ++++++++
 .../java/at/gv/egiz/pdfas/api/io/FileBased.java    |  31 ++++
 .../java/at/gv/egiz/pdfas/api/io/TextBased.java    |  30 ++++
 .../at/gv/egiz/pdfas/api/sign/SignParameters.java  | 173 +++++++++++++++++++
 .../java/at/gv/egiz/pdfas/api/sign/SignResult.java |  49 ++++++
 .../egiz/pdfas/api/sign/pos/SignaturePosition.java |  52 ++++++
 .../pdfas/api/sign/pos/SignaturePositioning.java   | 189 +++++++++++++++++++++
 .../api/sign/pos/axis/AbsoluteAxisAlgorithm.java   |  35 ++++
 .../pdfas/api/sign/pos/axis/AutoAxisAlgorithm.java |  14 ++
 .../pdfas/api/sign/pos/axis/AxisAlgorithm.java     |  14 ++
 .../api/sign/pos/page/AbsolutePageAlgorithm.java   |  37 ++++
 .../pdfas/api/sign/pos/page/AutoPageAlgorithm.java |  20 +++
 .../pdfas/api/sign/pos/page/NewPageAlgorithm.java  |  14 ++
 .../pdfas/api/sign/pos/page/PageAlgorithm.java     |  14 ++
 .../gv/egiz/pdfas/api/verify/SignatureCheck.java   |  31 ++++
 .../api/verify/VerifyAfterAnalysisParameters.java  | 117 +++++++++++++
 .../gv/egiz/pdfas/api/verify/VerifyParameters.java | 183 ++++++++++++++++++++
 .../at/gv/egiz/pdfas/api/verify/VerifyResult.java  |  97 +++++++++++
 .../at/gv/egiz/pdfas/api/verify/VerifyResults.java |  27 +++
 27 files changed, 1779 insertions(+)
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/PdfAs.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/analyze/AnalyzeParameters.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/analyze/AnalyzeResult.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/commons/Constants.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/commons/SignatureInformation.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/commons/SignatureProfile.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/exceptions/PdfAsException.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/io/DataSink.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/io/DataSource.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/io/FileBased.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/io/TextBased.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/sign/SignParameters.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/sign/SignResult.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/sign/pos/SignaturePosition.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/sign/pos/SignaturePositioning.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/sign/pos/axis/AbsoluteAxisAlgorithm.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/sign/pos/axis/AutoAxisAlgorithm.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/sign/pos/axis/AxisAlgorithm.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/sign/pos/page/AbsolutePageAlgorithm.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/sign/pos/page/AutoPageAlgorithm.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/sign/pos/page/NewPageAlgorithm.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/sign/pos/page/PageAlgorithm.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/verify/SignatureCheck.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/verify/VerifyAfterAnalysisParameters.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/verify/VerifyParameters.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResult.java
 create mode 100644 src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResults.java

(limited to 'src/main/java/at/gv/egiz/pdfas/api')

diff --git a/src/main/java/at/gv/egiz/pdfas/api/PdfAs.java b/src/main/java/at/gv/egiz/pdfas/api/PdfAs.java
new file mode 100644
index 0000000..4a8a0e0
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/PdfAs.java
@@ -0,0 +1,123 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api;
+
+import java.util.List;
+
+import at.gv.egiz.pdfas.api.analyze.AnalyzeParameters;
+import at.gv.egiz.pdfas.api.analyze.AnalyzeResult;
+import at.gv.egiz.pdfas.api.commons.SignatureProfile;
+import at.gv.egiz.pdfas.api.exceptions.PdfAsException;
+import at.gv.egiz.pdfas.api.sign.SignParameters;
+import at.gv.egiz.pdfas.api.sign.SignResult;
+import at.gv.egiz.pdfas.api.verify.VerifyAfterAnalysisParameters;
+import at.gv.egiz.pdfas.api.verify.VerifyParameters;
+import at.gv.egiz.pdfas.api.verify.VerifyResult;
+import at.gv.egiz.pdfas.api.verify.VerifyResults;
+
+/**
+ * The PDF-AS API main interface.
+ * 
+ * <p>
+ * Create an Object implementing this interface using the proper factory.
+ * </p>
+ * 
+ * @author wprinz
+ */
+public interface PdfAs
+{
+
+  /**
+   * Signs a PDF document using PDF-AS.
+   * 
+   * @param signParameters
+   *          The sign parameters.
+   * @return Returns the signed document plus additional information.
+   * @throws PdfAsException
+   *           Thrown, if an error occurs.
+   * 
+   * @see SignParameters
+   * @see SignResult
+   */
+  public SignResult sign(SignParameters signParameters) throws PdfAsException;
+
+  /**
+   * Verifies a document with (potentially multiple) PDF-AS signatures.
+   * 
+   * @param verifyParameters
+   *          The verify parameters.
+   * @return Returns the verification results.
+   * @throws PdfAsException
+   *           Thrown, if an error occurs.
+   * 
+   * @see VerifyParameters
+   * @see VerifyResults
+   * @see VerifyResult
+   */
+  public VerifyResults verify(VerifyParameters verifyParameters) throws PdfAsException;
+
+  /**
+   * Analyzes a document for signatures and returns a verify-able list of such.
+   * 
+   * @param analyzeParameters
+   *          The analyzation parameters.
+   * @return Returns a list of verify-able signatures that were found in the
+   *         document.
+   * @throws PdfAsException
+   *           Thrown on error.
+   * 
+   * @see AnalyzeParameters
+   * @see AnalyzeResult
+   * @see {@link #verify(AnalyzeResult)}
+   */
+  public AnalyzeResult analyze(AnalyzeParameters analyzeParameters) throws PdfAsException;
+
+  /**
+   * Verifies a list of signatures that have been analyzed previously.
+   * 
+   * @param verifyAfterAnalysisParameters The parameters.
+   * 
+   * @return Returns the verification results.
+   * @throws PdfAsException
+   *           Thrown on error.
+   * 
+   * @see AnalyzeResult
+   * @see VerifyAfterAnalysisParameters
+   * @see VerifyResults
+   * @see VerifyResult
+   * @see {@link #analyze(AnalyzeParameters)}
+   */
+  public VerifyResults verify(VerifyAfterAnalysisParameters verifyAfterAnalysisParameters) throws PdfAsException;
+
+  /**
+   * Reloads the configuration from the work directory.
+   * 
+   * @throws PdfAsException
+   *           Thrown, if an error occurs.
+   */
+  public void reloadConfig() throws PdfAsException;
+
+  /**
+   * Returns the list of information objects about the profiles available in the
+   * configuration.
+   * 
+   * <p>
+   * Note: Currently the profile information consists of the profile Id and the
+   * MOA Key Id only.
+   * </p>
+   * <p>
+   * Note: In near future the profile management will be moved out of the config
+   * file into an API class representation of the profiles which may render this
+   * (and related) methods obsolete.
+   * </p>
+   * 
+   * @return Returns the list of {@link SignatureProfile} objects with
+   *         information about the profiles available in the configuration.
+   * @throws PdfAsException
+   *           Thrown on error.
+   * 
+   * @see SignatureProfile
+   */
+  public List getProfileInformation() throws PdfAsException;
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/analyze/AnalyzeParameters.java b/src/main/java/at/gv/egiz/pdfas/api/analyze/AnalyzeParameters.java
new file mode 100644
index 0000000..0ab854c
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/analyze/AnalyzeParameters.java
@@ -0,0 +1,69 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.analyze;
+
+import at.gv.egiz.pdfas.api.commons.Constants;
+import at.gv.egiz.pdfas.api.io.DataSource;
+
+/**
+ * Parameter object that holds the analyze parameters.
+ * 
+ * @author wprinz
+ */
+public class AnalyzeParameters
+{
+
+  /**
+   * The document to be analyzed.
+   */
+  protected DataSource document = null;
+
+  /**
+   * The mode of operation how the document is analyzed.
+   * 
+   * <p>
+   * May be {@link Constants#VERIFY_MODE_BINARY_ONLY} to check the document for
+   * binary signatures only (very fast). Or may be
+   * {@link Constants#VERIFY_MODE_SEMI_CONSERVATIVE} to perform a semi
+   * conservative (optimized) text and binary verification (slow). Or may be
+   * {@link Constants#VERIFY_MODE_FULL_CONSERVATIVE} to perform a full
+   * conservative text and binary verification (very slow).
+   * </p>
+   */
+  protected String verifyMode = Constants.VERIFY_MODE_FULL_CONSERVATIVE;
+
+  /**
+   * @return the document
+   */
+  public DataSource getDocument()
+  {
+    return this.document;
+  }
+
+  /**
+   * @param document the document to set
+   */
+  public void setDocument(DataSource document)
+  {
+    this.document = document;
+  }
+
+  /**
+   * @return the verifyMode
+   */
+  public String getVerifyMode()
+  {
+    return this.verifyMode;
+  }
+
+  /**
+   * @param verifyMode the verifyMode to set
+   */
+  public void setVerifyMode(String verifyMode)
+  {
+    this.verifyMode = verifyMode;
+  }
+
+  
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/analyze/AnalyzeResult.java b/src/main/java/at/gv/egiz/pdfas/api/analyze/AnalyzeResult.java
new file mode 100644
index 0000000..098f309
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/analyze/AnalyzeResult.java
@@ -0,0 +1,30 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.analyze;
+
+import java.util.List;
+
+import at.gv.egiz.pdfas.api.commons.SignatureInformation;
+import at.gv.egiz.pdfas.api.exceptions.PdfAsException;
+
+/**
+ * The result of an analyze operation, which is a list of verifyable signatures.
+ * 
+ * @author wprinz
+ * 
+ */
+public interface AnalyzeResult
+{
+  /**
+   * Returns the list of found signatures.
+   * 
+   * @return Returns a list of {@link SignatureInformation} objects representing all
+   *         found signatures.
+   * @throws PdfAsException
+   *           Thrown on error.
+   * 
+   * @see SignatureInformation
+   */
+  public List getSignatures() throws PdfAsException;
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/commons/Constants.java b/src/main/java/at/gv/egiz/pdfas/api/commons/Constants.java
new file mode 100644
index 0000000..e8ebc16
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/commons/Constants.java
@@ -0,0 +1,77 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.commons;
+
+/**
+ * Contains commonly used constants.
+ * 
+ * @author wprinz
+ */
+public final class Constants
+{
+
+  /**
+   * Hidden default constructor.
+   */
+  private Constants()
+  {
+    // empty
+  }
+
+  /**
+   * A binary signature.
+   */
+  public static String SIGNATURE_TYPE_BINARY = "binary";
+
+  /**
+   * A textual signature.
+   */
+  public static String SIGNATURE_TYPE_TEXTUAL = "textual";
+
+  /**
+   * A "detached" textual signature.
+   * 
+   * <p>
+   * The document text is signed, but instead of returning the pdf with the signature block,
+   * the sign result XML of the connector is returned.
+   * </p>
+   */
+  public static String SIGNATURE_TYPE_DETACHEDTEXTUAL = "detachedtextual";
+
+  /**
+   * The signature device moa.
+   */
+  public static String SIGNATURE_DEVICE_MOA = "moa";
+
+  /**
+   * The signature device bku.
+   */
+  public static String SIGNATURE_DEVICE_BKU = "bku";
+
+  /**
+   * Only binary signatures are verified.
+   */
+  public static String VERIFY_MODE_BINARY_ONLY = "binaryOnly";
+
+  /**
+   * Binary and textual signatures are verified with time optimization.
+   * 
+   * <p>
+   * This mode of operation tries to minimize the numbers of text extractions,
+   * which are very time intensive, at the cost of some rare cases, in which some
+   * signatures may not be found.
+   * </p>
+   */
+  public static String VERIFY_MODE_SEMI_CONSERVATIVE = "semiConservative";
+
+  /**
+   * Binary and textual signatures are verified.
+   */
+  public static String VERIFY_MODE_FULL_CONSERVATIVE = "fullConservative";
+
+  /**
+   * All signatures are verified.
+   */
+  public static int VERIFY_ALL = -1;
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/commons/SignatureInformation.java b/src/main/java/at/gv/egiz/pdfas/api/commons/SignatureInformation.java
new file mode 100644
index 0000000..d8c2a34
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/commons/SignatureInformation.java
@@ -0,0 +1,97 @@
+/**
+ * <copyright> Copyright (c) 2006 by Know-Center, Graz, Austria </copyright>
+ * 
+ * This software is the confidential and proprietary information of Know-Center,
+ * Graz, Austria. You shall not disclose such Confidential Information and shall
+ * use it only in accordance with the terms of the license agreement you entered
+ * into with Know-Center.
+ * 
+ * KNOW-CENTER MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY OF
+ * THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
+ * NON-INFRINGEMENT. KNOW-CENTER SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY
+ * LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES.
+ * 
+ * $Id: SignatureHolder.java,v 1.3 2006/10/11 07:57:58 wprinz Exp $
+ */
+package at.gv.egiz.pdfas.api.commons;
+
+import java.security.cert.X509Certificate;
+import java.util.Date;
+
+import at.gv.egiz.pdfas.api.io.DataSource;
+
+/**
+ * Holds the information of one found signature block, which is the signed data
+ * and the corresponding signature information.
+ * 
+ * @author wprinz
+ */
+public interface SignatureInformation
+{
+  /**
+   * Returns the type of this signature (binary/textual).
+   * 
+   * <p>
+   * May be {@link Constants#SIGNATURE_TYPE_BINARY} or
+   * {@link Constants#SIGNATURE_TYPE_TEXTUAL}.
+   * </p>
+   * 
+   * @return Returns the type of this signature (binary/textual).
+   */
+  public String getSignatureType();
+
+  /**
+   * Returns the DataSource providing the data that was signed.
+   * 
+   * <p>
+   * Note that this is the signed data as sent to the verification device by
+   * PDF-AS. The verification device (e.g. MOA) may perform several other
+   * transformations on the data before feeding it to the signature hash
+   * function. To get the actual hashed data use the ReturnHashInputData mechanism (which is very slow).
+   * </p>
+   * 
+   * @return Returns the DataSource providing the data that was signed.
+   * 
+   * @see at.gv.egiz.pdfas.api.verify.VerifyParameters#setReturnHashInputData(boolean)
+   * @see at.gv.egiz.pdfas.api.verify.VerifyResult#getHashInputData()
+   * 
+   */
+  public DataSource getSignedData();
+
+  /**
+   * Returns the certificate of the signer.
+   * 
+   * <p>
+   * Information like subject name, issuer name or serial number can be
+   * retrieved form this certificate.
+   * </p>
+   * 
+   * @return Returns the certificate of the signer.
+   */
+  public X509Certificate getSignerCertificate();
+
+  /**
+   * Returns the signing time, which is the time when the signature was created.
+   * 
+   * @return Returns the signing time, which is the time when the signature was
+   *         created.
+   */
+  public Date getSigningTime();
+
+  /**
+   * Returns additional, internal information about the found signature.
+   * 
+   * <p>
+   * Note that this provides a way for developers to gather core information
+   * about the signature. What information is returned strongly depends on the
+   * core implementation.
+   * </p>
+   * 
+   * @return Returns additional, internal information about the signature. Null
+   *         means that no additional information is available.
+   */
+  public Object getInternalSignatureInformation();
+
+}
\ No newline at end of file
diff --git a/src/main/java/at/gv/egiz/pdfas/api/commons/SignatureProfile.java b/src/main/java/at/gv/egiz/pdfas/api/commons/SignatureProfile.java
new file mode 100644
index 0000000..52bd27f
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/commons/SignatureProfile.java
@@ -0,0 +1,29 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.commons;
+
+/**
+ * Definition of a signature profile.
+ * 
+ * @author wprinz
+ */
+public interface SignatureProfile
+{
+  // TODO: the full profile information will be implemented in future
+
+  /**
+   * Returns the profile id.
+   * 
+   * @return Returns the profile id.
+   */
+  public String getProfileId();
+
+  /**
+   * Returns the MOA KeyIdentifier.
+   * 
+   * @return Returns the MOA KeyIdentifier.
+   */
+  public String getMOAKeyIdentifier();
+
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/exceptions/PdfAsException.java b/src/main/java/at/gv/egiz/pdfas/api/exceptions/PdfAsException.java
new file mode 100644
index 0000000..2986f81
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/exceptions/PdfAsException.java
@@ -0,0 +1,78 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.exceptions;
+
+/**
+ * This exception is the base for all PDF-AS exceptions.
+ * 
+ * <p>
+ * Every PDF-AS Exception has an error code.
+ * </p>
+ * 
+ * @author wprinz
+ */
+public abstract class PdfAsException extends Exception
+{
+  /**
+   * The error code.
+   */
+  protected int errorCode = -1;
+
+  /**
+   * Constructor.
+   * 
+   * @param errorCode
+   *          The error code.
+   * @param message
+   *          The detail message.
+   */
+  public PdfAsException(int errorCode, String message)
+  {
+    super(message);
+
+    this.errorCode = errorCode;
+  }
+
+  /**
+   * Constructor.
+   * 
+   * @param errorCode
+   *          The error code.
+   * @param message
+   *          The detail message.
+   * @param cause
+   *          The cause.
+   */
+  public PdfAsException(int errorCode, String message, Throwable cause)
+  {
+    super(message, cause);
+
+    this.errorCode = errorCode;
+  }
+
+  /**
+   * Constructor.
+   * 
+   * @param errorCode
+   *          The error code.
+   * @param cause
+   *          The cause.
+   */
+  public PdfAsException(int errorCode, Throwable cause)
+  {
+    super(cause);
+
+    this.errorCode = errorCode;
+  }
+
+  /**
+   * Returns the error code of this exception.
+   * 
+   * @return Returns the error code of this exception.
+   */
+  public int getErrorCode()
+  {
+    return this.errorCode;
+  }
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/io/DataSink.java b/src/main/java/at/gv/egiz/pdfas/api/io/DataSink.java
new file mode 100644
index 0000000..0136cf7
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/io/DataSink.java
@@ -0,0 +1,75 @@
+package at.gv.egiz.pdfas.api.io;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+/**
+ * Output document data sink.
+ * 
+ * <p>
+ * Actually, the DataSink can be seen as a factory for creating OutputStreams
+ * with mime type and character encoding provided. This allows the API user to
+ * decide how data is to be stored (e.g. in a file, in a byte array, etc.).
+ * </p>
+ * 
+ * @author wprinz
+ */
+public interface DataSink
+{
+  /**
+   * Creates an OutputStream for binary data.
+   * 
+   * <p>
+   * Note that the stream may be written only once. Creating another stream
+   * overwrites the existing one.
+   * </p>
+   * 
+   * @param mimeType
+   *          The mime type of the output data.
+   * @return Returns the created output stream.
+   * @throws IOException
+   *           Thrown if the stream cannot be created.
+   */
+  public OutputStream createOutputStream(String mimeType) throws IOException;
+
+  /**
+   * Creates an OutputStream for character data.
+   * 
+   * <p>
+   * This is basically the same as {@link #createOutputStream(String)}, but
+   * allows to specify the character encoding.
+   * </p>
+   * 
+   * @param mimeType
+   *          The mime type of the output data.
+   * @param characterEncoding
+   *          The character encoding of the data.
+   * @return Returns the created output stream.
+   * @throws IOException
+   *           Thrown if the stream cannot be created.
+   */
+  public OutputStream createOutputStream(String mimeType, String characterEncoding) throws IOException;
+
+  /**
+   * Returns the mime type of the data stream.
+   * 
+   * <p>
+   * This is only valid after a stream has been created.
+   * </p>
+   * 
+   * @return Returns the mime type of the data stream.
+   */
+  public String getMimeType();
+
+  /**
+   * Returns the character encoding of the data stream.
+   * 
+   * <p>
+   * This is only valid after a stream has been created. Null means that no
+   * character encoding was specified for the data (e.g. if the data is binary).
+   * </p>
+   * 
+   * @return Returns the character encoding of the data stream.
+   */
+  public String getCharacterEncoding();
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/io/DataSource.java b/src/main/java/at/gv/egiz/pdfas/api/io/DataSource.java
new file mode 100644
index 0000000..bd8e0db
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/io/DataSource.java
@@ -0,0 +1,74 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.io;
+
+import java.io.InputStream;
+
+/**
+ * Input document data source.
+ * 
+ * <p>
+ * This allows the holder of the data to decide how the data is to be stored (e.g. in a File or in a byte array).
+ * </p>
+ * 
+ * @author wprinz
+ * 
+ */
+public interface DataSource
+{
+  /**
+   * Creates a new InputStream that allows to read out the document's binary
+   * data from the beginning.
+   * 
+   * @return Returns the InputStream with the binary data.
+   */
+  public InputStream createInputStream();
+
+  /**
+   * Returns the length (number of bytes) of the stream.
+   * 
+   * @return Returns the length (number of bytes) of the stream.
+   */
+  public int getLength();
+
+  /**
+   * Returns the data of this DataSource as a byte array for random read only access.
+   * 
+   * <p>
+   * Calling this method indicates that you need a byte array for random
+   * <strong>read only</strong> access. The DataSource implementation should of
+   * course cache this byte array to avoid too much memory usage.
+   * </p>
+   * <p>
+   * Performance analysis has shown that the libraries internally convert the
+   * streams to byte arrays and that file system access is very slow.
+   * </p>
+   * <p>
+   * Never write to this byte array!
+   * </p>
+   * 
+   * @return Returns the data of this DataSource as a byte array for random read only access.
+   */
+  public byte[] getAsByteArray();
+
+  /**
+   * Returns the mime type of the data.
+   * 
+   * @return Returns the mime type of the data.
+   */
+  public String getMimeType();
+
+  /**
+   * Returns the character encoding of the data.
+   * 
+   * <p>
+   * This makes only sense for character based mime types.
+   * </p>
+   * 
+   * @return Returns the character encoding of the data or null if no encoding
+   *         is applicable (e.g. if the data is binary).
+   */
+  public String getCharacterEncoding();
+
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/io/FileBased.java b/src/main/java/at/gv/egiz/pdfas/api/io/FileBased.java
new file mode 100644
index 0000000..555b630
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/io/FileBased.java
@@ -0,0 +1,31 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.io;
+
+import java.io.File;
+
+/**
+ * Tells that the IO element (DataSink or DataSource) is backed by a file in the local file system.
+ * 
+ * <p>
+ * This is a hint that may be used by PDF-AS to optimize data access.
+ * </p>
+ * 
+ * @author wprinz
+ */
+public interface FileBased
+{
+  
+  /**
+   * Returns the File "behind" this io element.
+   * 
+   * <p>
+   * This is usually used to determine the file name itself.
+   * </p>
+   * 
+   * @return Returns the File "behind" this io element.
+   */
+  public File getFile ();
+
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/io/TextBased.java b/src/main/java/at/gv/egiz/pdfas/api/io/TextBased.java
new file mode 100644
index 0000000..68b5729
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/io/TextBased.java
@@ -0,0 +1,30 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.io;
+
+/**
+ * Tells, that the IO Element (DataSink - but mostly DataSource) is based upon
+ * character data.
+ * 
+ * <p>
+ * This can be used to retrieve the character text directly with the correct
+ * encoding etc.
+ * </p>
+ * <p>
+ * This makes most sense for text DataSources.
+ * </p>
+ * 
+ * @author wprinz
+ */
+public interface TextBased
+{
+
+  /**
+   * Returns the text.
+   * 
+   * @return Returns the text.
+   */
+  public String getText();
+
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/sign/SignParameters.java b/src/main/java/at/gv/egiz/pdfas/api/sign/SignParameters.java
new file mode 100644
index 0000000..cc59cbd
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/sign/SignParameters.java
@@ -0,0 +1,173 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.sign;
+
+import at.gv.egiz.pdfas.api.commons.Constants;
+import at.gv.egiz.pdfas.api.io.DataSink;
+import at.gv.egiz.pdfas.api.io.DataSource;
+import at.gv.egiz.pdfas.api.sign.pos.SignaturePositioning;
+
+/**
+ * Parameter object that holds the sign parameters.
+ * 
+ * @author wprinz
+ */
+public class SignParameters
+{
+  /**
+   * The document to be signed.
+   * 
+   * <p>
+   * The DataSource implementation encapsulates the actual representaion of the
+   * data. E.g. the DataSource may be File based or byte array based. See
+   * package at.gv.egiz.pdfas.framework.input and at.gv.pdfas.impl.input
+   * </p>
+   */
+  protected DataSource document = null;
+
+  /**
+   * The type of the signature.
+   * 
+   * <p>
+   * May be {@link Constants#SIGNATURE_TYPE_BINARY} or
+   * {@link Constants#SIGNATURE_TYPE_TEXTUAL}.
+   * </p>
+   */
+  protected String signatureType = Constants.SIGNATURE_TYPE_BINARY;
+
+  /**
+   * The signature device to perform the actual signature.
+   * 
+   * <p>
+   * May be {@link Constants#SIGNATURE_DEVICE_MOA} or
+   * {@link Constants#SIGNATURE_DEVICE_BKU}.
+   * </p>
+   */
+  protected String signatureDevice = Constants.SIGNATURE_DEVICE_MOA;
+
+  /**
+   * The signature profile identifier identifying the profile to be used in the
+   * config file.
+   * 
+   * <p>
+   * Note: In near future it will be possible to provide a full specified
+   * profile here instead of the profile id.
+   * </p>
+   */
+  protected String signatureProfileId = null;;
+
+  /**
+   * The signature position. Consult the PDF-AS documentation section
+   * Commandline.
+   */
+  protected SignaturePositioning signaturePositioning = null;
+
+  /**
+   * The output DataSink that will receive the signed document.
+   */
+  protected DataSink output = null;
+
+  /**
+   * @return the document
+   */
+  public DataSource getDocument()
+  {
+    return document;
+  }
+
+  /**
+   * @param document
+   *          the document to set
+   */
+  public void setDocument(DataSource document)
+  {
+    this.document = document;
+  }
+
+  /**
+   * @return the signatureType
+   */
+  public String getSignatureType()
+  {
+    return signatureType;
+  }
+
+  /**
+   * @param signatureType
+   *          the signatureType to set
+   */
+  public void setSignatureType(String signatureType)
+  {
+    this.signatureType = signatureType;
+  }
+
+  /**
+   * @return the signatureDevice
+   */
+  public String getSignatureDevice()
+  {
+    return signatureDevice;
+  }
+
+  /**
+   * @param signatureDevice
+   *          the signatureDevice to set
+   */
+  public void setSignatureDevice(String signatureDevice)
+  {
+    this.signatureDevice = signatureDevice;
+  }
+
+  /**
+   * @return the signatureProfileId
+   */
+  public String getSignatureProfileId()
+  {
+    return signatureProfileId;
+  }
+
+  /**
+   * @param signatureProfileId
+   *          the signatureProfileId to set
+   */
+  public void setSignatureProfileId(String signatureProfileId)
+  {
+    this.signatureProfileId = signatureProfileId;
+  }
+
+  /**
+   * @return the signaturePositioning
+   */
+  public SignaturePositioning getSignaturePositioning()
+  {
+    return this.signaturePositioning;
+  }
+
+  /**
+   * @param signaturePositioning
+   *          the signaturePositioning to set
+   */
+  public void setSignaturePositioning(SignaturePositioning signaturePositioning)
+  {
+    this.signaturePositioning = signaturePositioning;
+  }
+
+  /**
+   * @return the output
+   */
+  public DataSink getOutput()
+  {
+    return output;
+  }
+
+  /**
+   * @param output
+   *          the output to set
+   */
+  public void setOutput(DataSink output)
+  {
+    this.output = output;
+  }
+
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/sign/SignResult.java b/src/main/java/at/gv/egiz/pdfas/api/sign/SignResult.java
new file mode 100644
index 0000000..519a9e1
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/sign/SignResult.java
@@ -0,0 +1,49 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.sign;
+
+import java.security.cert.X509Certificate;
+
+import at.gv.egiz.pdfas.api.io.DataSink;
+import at.gv.egiz.pdfas.api.sign.pos.SignaturePosition;
+
+/**
+ * The result of a sign operation.
+ * 
+ * @author wprinz
+ */
+public interface SignResult
+{
+
+  /**
+   * Returns the filled output data sink.
+   * 
+   * @return Returns the filled output data sink.
+   */
+  public DataSink getOutputDocument();
+
+  /**
+   * Returns the certificate of the signer.
+   * 
+   * @return Returns the certificate of the signer.
+   */
+  public X509Certificate getSignerCertificate();
+
+  /**
+   * Returns the position where the signature is finally placed.
+   * 
+   * <p>
+   * This information can be useful for post-processing the document.
+   * </p>
+   * 
+   * <p>
+   * Consult the PDF-AS documentation section Commandline for further
+   * information about positioning.
+   * </p>
+   * 
+   * @return Returns the position where the signature is finally placed. May
+   *         return null if no position information is available.
+   */
+  public SignaturePosition getSignaturePosition();
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/sign/pos/SignaturePosition.java b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/SignaturePosition.java
new file mode 100644
index 0000000..8dc6b6c
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/SignaturePosition.java
@@ -0,0 +1,52 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.sign.pos;
+
+/**
+ * Holds the actual, absolute signature position where a signature was placed.
+ * 
+ * <p>
+ * This is usually returned after signing.
+ * </p>
+ * 
+ * @author wprinz
+ */
+public interface SignaturePosition
+{
+  /**
+   * Returns the page on which the signature was placed.
+   * 
+   * @return Returns the page on which the signature was placed.
+   */
+  public int getPage();
+
+  /**
+   * Returns the x position.
+   * 
+   * @return Returns the x position.
+   */
+  public float getX();
+
+  /**
+   * Returns the y position.
+   * 
+   * @return Returns the y position.
+   */
+  public float getY();
+
+  /**
+   * Returns the width of the signature.
+   * 
+   * @return Returns the width of the signature.
+   */
+  public float getWidth();
+
+  /**
+   * Returns the height of the signature.
+   * 
+   * @return Returns the height of the signature.
+   */
+  public float getHeight();
+
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/sign/pos/SignaturePositioning.java b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/SignaturePositioning.java
new file mode 100644
index 0000000..b9e2c8a
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/SignaturePositioning.java
@@ -0,0 +1,189 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.sign.pos;
+
+import at.gv.egiz.pdfas.api.sign.pos.axis.AbsoluteAxisAlgorithm;
+import at.gv.egiz.pdfas.api.sign.pos.axis.AutoAxisAlgorithm;
+import at.gv.egiz.pdfas.api.sign.pos.axis.AxisAlgorithm;
+import at.gv.egiz.pdfas.api.sign.pos.page.AbsolutePageAlgorithm;
+import at.gv.egiz.pdfas.api.sign.pos.page.AutoPageAlgorithm;
+import at.gv.egiz.pdfas.api.sign.pos.page.NewPageAlgorithm;
+import at.gv.egiz.pdfas.api.sign.pos.page.PageAlgorithm;
+
+/**
+ * Defines how the signature positioning is to be performed.
+ * 
+ * <p>
+ * This positioning allows to select the location where the signature block is
+ * placed in the document.
+ * </p>
+ * 
+ * @author wprinz
+ */
+public class SignaturePositioning
+{
+  /**
+   * The x axis algorithm.
+   * 
+   * <p>
+   * May be {@link AutoAxisAlgorithm} or {@link AbsoluteAxisAlgorithm}
+   * </p>
+   */
+  protected AxisAlgorithm xAlgorithm = new AutoAxisAlgorithm();
+
+  /**
+   * The y axis algorithm.
+   * 
+   * <p>
+   * May be {@link AutoAxisAlgorithm} or {@link AbsoluteAxisAlgorithm}
+   * </p>
+   */
+  protected AxisAlgorithm yAlgorithm = new AutoAxisAlgorithm();
+
+  /**
+   * The width algorithm.
+   * 
+   * <p>
+   * May be {@link AutoAxisAlgorithm} or {@link AbsoluteAxisAlgorithm}
+   * </p>
+   */
+  protected AxisAlgorithm widthAlgorithm = new AutoAxisAlgorithm();
+
+  /**
+   * The page algorithm.
+   * 
+   * <p>
+   * May be {@link AutoPageAlgorithm}, {@link AbsolutePageAlgorithm} or
+   * {@link NewPageAlgorithm}
+   * </p>
+   */
+  protected PageAlgorithm pageAlgorithm = new AutoPageAlgorithm();
+
+  /**
+   * Provides the position of the footline.
+   * 
+   * <p>
+   * Only used if the pageAlgorithm is {@link AutoPageAlgorithm} and the
+   * yAlgorithm is {@link AutoAxisAlgorithm}
+   * </p>
+   */
+  protected float footerLine = 0.0f;
+
+  protected void checkAxisAlgorithm(AxisAlgorithm algorithm)
+  {
+    if (algorithm == null)
+    {
+      throw new IllegalArgumentException("The algorithm must not be null.");
+    }
+    if (!(algorithm instanceof AutoAxisAlgorithm) && !(algorithm instanceof AbsoluteAxisAlgorithm))
+    {
+      throw new IllegalArgumentException("The algorithm must be either Auto or Absolute.");
+    }
+  }
+
+  protected void checkPageAlgorithm(PageAlgorithm algorithm)
+  {
+    if (algorithm == null)
+    {
+      throw new IllegalArgumentException("The algorithm must not be null.");
+    }
+    if (!(algorithm instanceof AutoPageAlgorithm) && !(algorithm instanceof AbsolutePageAlgorithm) && !(algorithm instanceof NewPageAlgorithm))
+    {
+      throw new IllegalArgumentException("The algorithm must be either Auto or Absolute.");
+    }
+
+  }
+
+  /**
+   * @return the xAlgorithm
+   */
+  public AxisAlgorithm getXAlgorithm()
+  {
+    return this.xAlgorithm;
+  }
+
+  /**
+   * @param algorithm
+   *          the xAlgorithm to set
+   */
+  public void setXAlgorithm(AxisAlgorithm algorithm)
+  {
+    checkAxisAlgorithm(algorithm);
+    xAlgorithm = algorithm;
+  }
+
+  /**
+   * @return the yAlgorithm
+   */
+  public AxisAlgorithm getYAlgorithm()
+  {
+    return this.yAlgorithm;
+  }
+
+  /**
+   * @param algorithm
+   *          the yAlgorithm to set
+   */
+  public void setYAlgorithm(AxisAlgorithm algorithm)
+  {
+    checkAxisAlgorithm(algorithm);
+
+    yAlgorithm = algorithm;
+  }
+
+  /**
+   * @return the widthAlgorithm
+   */
+  public AxisAlgorithm getWidthAlgorithm()
+  {
+    return this.widthAlgorithm;
+  }
+
+  /**
+   * @param widthAlgorithm
+   *          the widthAlgorithm to set
+   */
+  public void setWidthAlgorithm(AxisAlgorithm widthAlgorithm)
+  {
+    checkAxisAlgorithm(widthAlgorithm);
+
+    this.widthAlgorithm = widthAlgorithm;
+  }
+
+  /**
+   * @return the pageAlgorithm
+   */
+  public PageAlgorithm getPageAlgorithm()
+  {
+    return this.pageAlgorithm;
+  }
+
+  /**
+   * @param pageAlgorithm
+   *          the pageAlgorithm to set
+   */
+  public void setPageAlgorithm(PageAlgorithm pageAlgorithm)
+  {
+    checkPageAlgorithm(pageAlgorithm);
+    this.pageAlgorithm = pageAlgorithm;
+  }
+
+  /**
+   * @return the footerLine
+   */
+  public float getFooterLine()
+  {
+    return this.footerLine;
+  }
+
+  /**
+   * @param footerLine
+   *          the footerLine to set
+   */
+  public void setFooterLine(float footerLine)
+  {
+    this.footerLine = footerLine;
+  }
+
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/sign/pos/axis/AbsoluteAxisAlgorithm.java b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/axis/AbsoluteAxisAlgorithm.java
new file mode 100644
index 0000000..234484c
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/axis/AbsoluteAxisAlgorithm.java
@@ -0,0 +1,35 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.sign.pos.axis;
+
+/**
+ * An absolute positioned element.
+ * @author wprinz
+ */
+public class AbsoluteAxisAlgorithm extends AxisAlgorithm
+{
+
+  /**
+   * The absolute positioning value on the axis.
+   */
+  protected float absoluteValue = 0.0f;
+  
+  /**
+   * Constructor.
+   * @param absoluteValue The absolute positioning value on the axis.
+   */
+  public AbsoluteAxisAlgorithm (float absoluteValue)
+  {
+    this.absoluteValue = absoluteValue;
+  }
+
+  /**
+   * Returns absolute positioning value on the axis.
+   * @return the absoluteValue Returns absolute positioning value on the axis.
+   */
+  public float getAbsoluteValue()
+  {
+    return this.absoluteValue;
+  }
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/sign/pos/axis/AutoAxisAlgorithm.java b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/axis/AutoAxisAlgorithm.java
new file mode 100644
index 0000000..4c5459f
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/axis/AutoAxisAlgorithm.java
@@ -0,0 +1,14 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.sign.pos.axis;
+
+/**
+ * Auto positioning for this element.
+ * 
+ * @author wprinz
+ */
+public class AutoAxisAlgorithm extends AxisAlgorithm
+{
+// empty
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/sign/pos/axis/AxisAlgorithm.java b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/axis/AxisAlgorithm.java
new file mode 100644
index 0000000..a4baac6
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/axis/AxisAlgorithm.java
@@ -0,0 +1,14 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.sign.pos.axis;
+
+/**
+ * Determines how a certain position is chosen on the axis (x, y, width).
+ * 
+ * @author wprinz
+ */
+public abstract class AxisAlgorithm
+{
+// base class
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/sign/pos/page/AbsolutePageAlgorithm.java b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/page/AbsolutePageAlgorithm.java
new file mode 100644
index 0000000..206aa19
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/page/AbsolutePageAlgorithm.java
@@ -0,0 +1,37 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.sign.pos.page;
+
+/**
+ * The page is selected absolutely by giving the page number directly.
+ * 
+ * @author wprinz
+ */
+public class AbsolutePageAlgorithm extends PageAlgorithm
+{
+  /**
+   * The page.
+   */
+  protected int page = -1;
+
+  /**
+   * Constructor.
+   * 
+   * @param page
+   *          The page.
+   */
+  public AbsolutePageAlgorithm(int page)
+  {
+    this.page = page;
+  }
+
+  /**
+   * @return the page
+   */
+  public int getPage()
+  {
+    return this.page;
+  }
+
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/sign/pos/page/AutoPageAlgorithm.java b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/page/AutoPageAlgorithm.java
new file mode 100644
index 0000000..0070d5e
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/page/AutoPageAlgorithm.java
@@ -0,0 +1,20 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.sign.pos.page;
+
+/**
+ * The page for placing the signature is selected automatically.
+ * 
+ * <p>
+ * The algorithm first tries to place the signature on the free space of the
+ * last page (considering the footer). If there is not enough space on the last
+ * page, a new page is appended and the signature is placed there.
+ * </p>
+ * 
+ * @author wprinz
+ */
+public class AutoPageAlgorithm extends PageAlgorithm
+{
+// empty
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/sign/pos/page/NewPageAlgorithm.java b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/page/NewPageAlgorithm.java
new file mode 100644
index 0000000..2a8f67c
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/page/NewPageAlgorithm.java
@@ -0,0 +1,14 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.sign.pos.page;
+
+/**
+ * Places the signature on a new Page.
+ * 
+ * @author wprinz
+ */
+public class NewPageAlgorithm extends PageAlgorithm
+{
+  // empty block
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/sign/pos/page/PageAlgorithm.java b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/page/PageAlgorithm.java
new file mode 100644
index 0000000..9b0fe8a
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/sign/pos/page/PageAlgorithm.java
@@ -0,0 +1,14 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.sign.pos.page;
+
+/**
+ * Determines how the page on which the signature is to be placed is selected.
+ * 
+ * @author wprinz
+ */
+public abstract class PageAlgorithm
+{
+  // empty
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/verify/SignatureCheck.java b/src/main/java/at/gv/egiz/pdfas/api/verify/SignatureCheck.java
new file mode 100644
index 0000000..df29570
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/verify/SignatureCheck.java
@@ -0,0 +1,31 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.verify;
+
+/**
+ * The result of a signature check performed by a verification device.
+ * 
+ * @see VerifyResult
+ * 
+ * @author wprinz
+ */
+public interface SignatureCheck
+{
+  /**
+   * Returns the response code of the check.
+   * 
+   * @return Returns the response code of the check.
+   */
+  public int getCode();
+
+  /**
+   * Returns the textual response message of the check (corresponding to the
+   * code).
+   * 
+   * @return Returns the textual response message of the check (corresponding to
+   *         the code).
+   */
+  public String getMessage();
+
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyAfterAnalysisParameters.java b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyAfterAnalysisParameters.java
new file mode 100644
index 0000000..dd50d79
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyAfterAnalysisParameters.java
@@ -0,0 +1,117 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.verify;
+
+import java.util.Date;
+
+import at.gv.egiz.pdfas.api.analyze.AnalyzeResult;
+import at.gv.egiz.pdfas.api.commons.Constants;
+
+/**
+ * Parameter object that holds the verify after analysis parameters.
+ * 
+ * @author wprinz
+ */
+public class VerifyAfterAnalysisParameters
+{
+
+  /**
+   * The list of signatures to be verified.
+   */
+  protected AnalyzeResult analyzeResult = null;
+
+  /**
+   * The signature device to perform the actual signature.
+   * 
+   * <p>
+   * May be {@link Constants#SIGNATURE_DEVICE_MOA} or
+   * {@link Constants#SIGNATURE_DEVICE_BKU}.
+   * </p>
+   */
+  protected String signatureDevice = Constants.SIGNATURE_DEVICE_MOA;
+
+  /**
+   * Allows to pass a VerificationTime to the signature device.
+   */
+  protected Date verificationTime = null;
+
+  /**
+   * Tells the signature device (e.g. MOA) to return the signature hash input
+   * data (which is the probably transformed signed data).
+   * 
+   * <p>
+   * Note that this forces MOA to return the potentially large signature data to
+   * be returned in the result XML, which may result in very bad performance.
+   * </p>
+   */
+  protected boolean returnHashInputData = false;
+
+  /**
+   * @return the analyzeResult
+   */
+  public AnalyzeResult getAnalyzeResult()
+  {
+    return this.analyzeResult;
+  }
+
+  /**
+   * @param analyzeResult
+   *          the analyzeResult to set
+   */
+  public void setAnalyzeResult(AnalyzeResult analyzeResult)
+  {
+    this.analyzeResult = analyzeResult;
+  }
+
+  /**
+   * @return the signatureDevice
+   */
+  public String getSignatureDevice()
+  {
+    return this.signatureDevice;
+  }
+
+  /**
+   * @param signatureDevice
+   *          the signatureDevice to set
+   */
+  public void setSignatureDevice(String signatureDevice)
+  {
+    this.signatureDevice = signatureDevice;
+  }
+
+  /**
+   * @return the verificationTime
+   */
+  public Date getVerificationTime()
+  {
+    return this.verificationTime;
+  }
+
+  /**
+   * @param verificationTime the verificationTime to set
+   */
+  public void setVerificationTime(Date verificationTime)
+  {
+    this.verificationTime = verificationTime;
+  }
+
+  /**
+   * @return the returnHashInputData
+   */
+  public boolean isReturnHashInputData()
+  {
+    return this.returnHashInputData;
+  }
+
+  /**
+   * @param returnHashInputData
+   *          the returnHashInputData to set
+   */
+  public void setReturnHashInputData(boolean returnHashInputData)
+  {
+    this.returnHashInputData = returnHashInputData;
+  }
+
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyParameters.java b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyParameters.java
new file mode 100644
index 0000000..fb3b8b8
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyParameters.java
@@ -0,0 +1,183 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.verify;
+
+import java.util.Date;
+
+import at.gv.egiz.pdfas.api.commons.Constants;
+import at.gv.egiz.pdfas.api.io.DataSource;
+
+/**
+ * Parameter object that holds the verify parameters.
+ * 
+ * @author wprinz
+ */
+public class VerifyParameters
+{
+  // This would be a perfect point for multiple inheritance in Java.
+  // VerifyParameters extends AnalyzeParameters, VerifyAfterAnalysisParameters
+  // Then a lot of code could be easily reused in the PdfAsObject's check*Parameters methods.
+
+  /**
+   * The document to be verified.
+   */
+  protected DataSource document = null;
+
+  /**
+   * The signature device to perform the actual signature.
+   * 
+   * <p>
+   * May be {@link Constants#SIGNATURE_DEVICE_MOA} or
+   * {@link Constants#SIGNATURE_DEVICE_BKU}.
+   * </p>
+   */
+  protected String signatureDevice = Constants.SIGNATURE_DEVICE_MOA;
+
+  /**
+   * The mode of operation how the document is analyzed.
+   * 
+   * <p>
+   * May be {@link Constants#VERIFY_MODE_BINARY_ONLY} to check the document for
+   * binary signatures only (very fast). Or may be
+   * {@link Constants#VERIFY_MODE_SEMI_CONSERVATIVE} to perform a semi
+   * conservative (optimized) text and binary verification (slow). Or may be
+   * {@link Constants#VERIFY_MODE_FULL_CONSERVATIVE} to perform a full
+   * conservative text and binary verification (very slow).
+   * </p>
+   */
+  protected String verifyMode = Constants.VERIFY_MODE_FULL_CONSERVATIVE;
+
+  /**
+   * The (zero based) index of the signature to verify.
+   * 
+   * <p>
+   * This allows to verify only one found signature instead of all. {@link Constants#VERIFY_ALL} means to
+   * verify all found signatures.
+   * </p>
+   */
+  protected int signatureToVerify = Constants.VERIFY_ALL;
+
+  /**
+   * Allows to pass a VerificationTime to the verification device.
+   * 
+   * <p>
+   * Note that the actual usage of this parameter depends on the verification device.
+   * </p>
+   */
+  protected Date verificationTime = null;
+
+  /**
+   * Tells the signature device (e.g. MOA) to return the signature hash input
+   * data (which is the probably transformed signed data).
+   * 
+   * <p>
+   * Note that this forces MOA to return the potentially large signature data to
+   * be returned in the result XML, which may result in very bad performance.
+   * </p>
+   */
+  protected boolean returnHashInputData = false;
+
+  /**
+   * @return the document
+   */
+  public DataSource getDocument()
+  {
+    return this.document;
+  }
+
+  /**
+   * @param document
+   *          the document to set
+   */
+  public void setDocument(DataSource document)
+  {
+    this.document = document;
+  }
+
+  /**
+   * @return the signatureDevice
+   */
+  public String getSignatureDevice()
+  {
+    return this.signatureDevice;
+  }
+
+  /**
+   * @param signatureDevice
+   *          the signatureDevice to set
+   */
+  public void setSignatureDevice(String signatureDevice)
+  {
+    this.signatureDevice = signatureDevice;
+  }
+
+  /**
+   * @return the verifyMode
+   */
+  public String getVerifyMode()
+  {
+    return this.verifyMode;
+  }
+
+  /**
+   * @param verifyMode
+   *          the verifyMode to set
+   */
+  public void setVerifyMode(String verifyMode)
+  {
+    this.verifyMode = verifyMode;
+  }
+
+  /**
+   * @return the signatureToVerify
+   */
+  public int getSignatureToVerify()
+  {
+    return this.signatureToVerify;
+  }
+
+  /**
+   * @param signatureToVerify
+   *          the signatureToVerify to set
+   */
+  public void setSignatureToVerify(int signatureToVerify)
+  {
+    this.signatureToVerify = signatureToVerify;
+  }
+
+  /**
+   * @return the verificationTime
+   */
+  public Date getVerificationTime()
+  {
+    return this.verificationTime;
+  }
+
+  /**
+   * @param verificationTime
+   *          the verificationTime to set
+   */
+  public void setVerificationTime(Date verificationTime)
+  {
+    this.verificationTime = verificationTime;
+  }
+
+  /**
+   * @return the returnHashInputData
+   */
+  public boolean isReturnHashInputData()
+  {
+    return this.returnHashInputData;
+  }
+
+  /**
+   * @param returnHashInputData
+   *          the returnHashInputData to set
+   */
+  public void setReturnHashInputData(boolean returnHashInputData)
+  {
+    this.returnHashInputData = returnHashInputData;
+  }
+
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResult.java b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResult.java
new file mode 100644
index 0000000..be5a88f
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResult.java
@@ -0,0 +1,97 @@
+package at.gv.egiz.pdfas.api.verify;
+
+import java.util.Date;
+import java.util.List;
+
+import at.gv.egiz.pdfas.api.commons.SignatureInformation;
+
+/**
+ * Encapsulates the data of a verification of one signature.
+ * 
+ * @author wprinz
+ */
+public interface VerifyResult extends SignatureInformation
+{
+  /**
+   * Returns the result of the certificate check.
+   * 
+   * @return Returns the result of the certificate check.
+   */
+  public SignatureCheck getCertificateCheck();
+
+  /**
+   * Returns the result of the value (and hash) check.
+   * 
+   * @return Returns the result of the value (and hash) check.
+   */
+  public SignatureCheck getValueCheckCode();
+
+  /**
+   * Returns the result of the manifest check.
+   * 
+   * @return Returns the result of the manifest check.
+   */
+  public SignatureCheck getManifestCheckCode();
+
+  /**
+   * Returns true, if the signer's certificate is a qualified certificate.
+   * 
+   * @return Returns true, if the signer's certificate is a qualified
+   *         certificate.
+   */
+  public boolean isQualifiedCertificate();
+
+  /**
+   * Returns a list of Strings each stating one public property of the
+   * certificate.
+   * 
+   * <p>
+   * Such public properties are certificate extensions each being assigned an
+   * own OID. For example the public property "Verwaltungseigenschaft" has the
+   * OID "1.2.40.0.10.1.1.1".
+   * </p>
+   * 
+   * @return Returns the list of Strings representing the public properties of
+   *         this certificate, if any.
+   */
+  public List getPublicProperties();
+
+  /**
+   * Returns the verification time, which is the time when the signature was
+   * verified.
+   * 
+   * <p>
+   * Note that this is actually the Date passed to the verify methods over
+   * {@link VerifyParameters#setVerificationTime(Date)} or
+   * {@link VerifyAfterAnalysisParameters#setVerificationTime(Date)}. The
+   * signature devices don't respond the actual verification time so there is no
+   * guarantee that the set verification time was actually used as time of
+   * verification. Please consult the device's documentation for more
+   * information.
+   * </p>
+   * 
+   * @return Returns the verification time, which is the time when the signature
+   *         was verified.
+   */
+  public Date getVerificationTime();
+
+  /**
+   * Returns the hash input data as returned by MOA.
+   * 
+   * <p>
+   * This will only return a value other than null if the corresponding
+   * VerifyParameter was set to true.
+   * </p>
+   * <p>
+   * Note that the HashInputData does not necessarily have to be exactly the
+   * same as the signed date return by the
+   * {@link SignatureInformation#getSignedData()} method.
+   * </p>
+   * 
+   * @return Returns the hash input data as returned by MOA.
+   * 
+   * @see SignatureInformation#getSignedData()
+   */
+  public String getHashInputData();
+
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResults.java b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResults.java
new file mode 100644
index 0000000..abda1fe
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResults.java
@@ -0,0 +1,27 @@
+/**
+ * 
+ */
+package at.gv.egiz.pdfas.api.verify;
+
+import java.util.List;
+
+/**
+ * The result of the verification of a document.
+ * 
+ * <p>
+ * Currently, this is not more than a list of VerifyResult objects, one for each
+ * verified signature. There may be additional items in future PDF-AS versions.
+ * </p>
+ * 
+ * @author wprinz
+ */
+public interface VerifyResults
+{
+  /**
+   * Returns the List of VerifyResult objects, one for each verified signature.
+   * 
+   * @return Returns the List of VerifyResult objects, one for each verified
+   *         signature.
+   */
+  public List getResults();
+}
-- 
cgit v1.2.3