When your workflow relies on certain properties of the processed PDF, who garanties that the PDF complies with a given specification? A “certified PDF document” gives this garantee.

A “certified PDF” is a regular PDF with additional information. It contains information about the profile which was used in the certification process and it contains a log of all changes to the PDF after it was certified. These changes can be rolled back.

PDFUnit provides this tag:

<!-- Tag to verify certification: -->

<isCertified for=".."   (optional) 
/>

<!-- The allowed values are defined as constants: -->
for="NOT_CERTIFIED"
for="NO_CHANGES_ALLOWED"
for="FORM_FILLING"
for="FORM_FILLING_AND_ANNOTATIONS"

PDFUnit's constants correspond to iText's PdfSignatureAppearance.CERTIFIED_*.

Important hint, don't confuse “certified PDF” with the “certificate” of a signature.

First you can check that a document is certified at all:

<testcase name="isCertified">
  <assertThat testDocument="certified/sampleCertifiedPDF.pdf">
    <isCertified />
  </assertThat>
</testcase>

Next you can check the level of certification:

<testcase name="isCertifiedFor_NoChangesAllowed"
          errorExpected="YES"
>
  <assertThat testDocument="signed/sampleSignedPDFDocument.pdf">
    <isCertified for="NO_CHANGES_ALLOWED" />
  </assertThat>
</testcase>