diff options
author | pdanner <pdanner@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> | 2010-11-26 12:01:18 +0000 |
---|---|---|
committer | pdanner <pdanner@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> | 2010-11-26 12:01:18 +0000 |
commit | 1b337e50a9edb280aea49879f901613e1fe17b55 (patch) | |
tree | 8f0d6b59de02936320f2e4c180fde02a50c1fc7a /src/main/java/at/gv/egiz/pdfas | |
parent | 7040bdb8ace897f0cfdd43bd0304f3487b27df22 (diff) | |
download | pdf-as-3-1b337e50a9edb280aea49879f901613e1fe17b55.tar.gz pdf-as-3-1b337e50a9edb280aea49879f901613e1fe17b55.tar.bz2 pdf-as-3-1b337e50a9edb280aea49879f901613e1fe17b55.zip |
Changes for xmldsig reconstruction
git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@612 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
Diffstat (limited to 'src/main/java/at/gv/egiz/pdfas')
10 files changed, 885 insertions, 33 deletions
diff --git a/src/main/java/at/gv/egiz/pdfas/api/PdfAs.java b/src/main/java/at/gv/egiz/pdfas/api/PdfAs.java index 6e63b85..a58fa7c 100644 --- a/src/main/java/at/gv/egiz/pdfas/api/PdfAs.java +++ b/src/main/java/at/gv/egiz/pdfas/api/PdfAs.java @@ -12,9 +12,13 @@ import at.gv.egiz.pdfas.api.exceptions.PdfAsException; import at.gv.egiz.pdfas.api.sign.SignParameters;
import at.gv.egiz.pdfas.api.sign.SignResult;
import at.gv.egiz.pdfas.api.verify.VerifyAfterAnalysisParameters;
+import at.gv.egiz.pdfas.api.verify.VerifyAfterReconstructXMLDsigParameters;
import at.gv.egiz.pdfas.api.verify.VerifyParameters;
import at.gv.egiz.pdfas.api.verify.VerifyResult;
import at.gv.egiz.pdfas.api.verify.VerifyResults;
+import at.gv.egiz.pdfas.api.xmldsig.ReconstructXMLDsigAfterAnalysisParameters;
+import at.gv.egiz.pdfas.api.xmldsig.ReconstructXMLDsigParameters;
+import at.gv.egiz.pdfas.api.xmldsig.ReconstructXMLDsigResult;
/**
* The PDF-AS API main interface.
@@ -24,9 +28,14 @@ import at.gv.egiz.pdfas.api.verify.VerifyResults; * </p>
*
* @author wprinz
+ * @author exthex
*/
public interface PdfAs
{
+// 23.11.2010 changed by exthex - added:
+// reconstructXMLDSIG(ReconstructXMLDsigParameters reconstructXMLDsigParameters)
+// reconstructXMLDSIG(ReconstructXMLDsigAfterAnalysisParameters reconstructXMLDsigParameters)
+// verify(VerifyAfterReconstructXMLDsigParameters verifyAfterReconstructXMLDsigParameters)
/**
* Signs a PDF document using PDF-AS.
@@ -74,6 +83,26 @@ public interface PdfAs public AnalyzeResult analyze(AnalyzeParameters analyzeParameters) throws PdfAsException;
/**
+ * Reconstruct the <xmldsig:Signature> from the given parameters.
+ *
+ * @param reconstructXMLDsigParameters
+ * The data from which to reconstruct the xmldsig
+ * @return a list of xmldsigs, one for each signature in the document
+ * @throws PdfAsException if the reconstruction fails
+ */
+ public ReconstructXMLDsigResult reconstructXMLDSIG(ReconstructXMLDsigParameters reconstructXMLDsigParameters) throws PdfAsException;
+
+ /**
+ * Reconstruct the <xmldsig:Signature> from the given parameters.
+ *
+ * @param reconstructXMLDsigParameters
+ * The data from which to reconstruct the xmldsigs
+ * @return a list of xmldsigs, one for each signature in the document
+ * @throws PdfAsException
+ */
+ public ReconstructXMLDsigResult reconstructXMLDSIG(ReconstructXMLDsigAfterAnalysisParameters reconstructXMLDsigParameters) throws PdfAsException;
+
+ /**
* Verifies a list of signatures that have been analyzed previously.
*
* @param verifyAfterAnalysisParameters The parameters.
@@ -91,6 +120,17 @@ public interface PdfAs public VerifyResults verify(VerifyAfterAnalysisParameters verifyAfterAnalysisParameters) throws PdfAsException;
/**
+ * Verifies a list of signatures that have been analyzed previously and the xmldsigs have been reconstructed.
+ *
+ * @param verifyAfterReconstructXMLDsigParameters
+ * The parameters.
+ * @return the verification results.
+ * @throws PdfAsException
+ * Thrown on error.
+ */
+ public VerifyResults verify(VerifyAfterReconstructXMLDsigParameters verifyAfterReconstructXMLDsigParameters) throws PdfAsException;
+
+ /**
* Reloads the configuration from the work directory.
*
* @throws PdfAsException
diff --git a/src/main/java/at/gv/egiz/pdfas/api/sign/SignParameters.java b/src/main/java/at/gv/egiz/pdfas/api/sign/SignParameters.java index 7dd2f6d..fc4ebaf 100644 --- a/src/main/java/at/gv/egiz/pdfas/api/sign/SignParameters.java +++ b/src/main/java/at/gv/egiz/pdfas/api/sign/SignParameters.java @@ -16,6 +16,27 @@ import at.gv.egiz.pdfas.api.timestamp.TimeStamper; */
public class SignParameters
{
+// 23.11.2010 changed by exthex - added parameters for placeholder handling
+ /**
+ * Strict matching mode for placeholder extraction.<br/>
+ * If the placeholder with the given id is not found in the document, an exception will be thrown.
+ */
+ public static final int PLACEHOLDER_MATCH_MODE_STRICT = 0;
+
+ /**
+ * A moderate matching mode for placeholder extraction.<br/>
+ * If the placeholder with the given id is not found in the document, the first placeholder without an id will be taken.<br/>
+ * If there is no such placeholder, the signature will be placed as usual, according to the pos parameter of the signature profile used.
+ */
+ public static final int PLACEHOLDER_MATCH_MODE_MODERATE = 1;
+
+ /**
+ * A more lenient matching mode for placeholder extraction.<br/>
+ * If the placeholder with the given id is not found in the document, the first found placeholder will be taken, regardless if it has an id set, or not.<br/>
+ * If there is no placeholder at all, the signature will be placed as usual, according to the pos parameter of the signature profile used.
+ */
+ public static final int PLACEHOLDER_MATCH_MODE_LENIENT = 2;
+
/**
* The document to be signed.
*
@@ -99,8 +120,26 @@ public class SignParameters protected DataSink output = null;
protected TimeStamper timeStamperImpl;
+
+ /**
+ *
+ */
+ protected boolean checkForPlaceholder;
+
+ /**
+ * The id of the placeholder which should be replaced.
+ */
+ protected String placeholderId;
+
+ /**
+ * The matching mode for placeholder extraction.<br/>
+ * If a {@link SignParameters#placeholderId} is set, the match mode determines what is to be done, if no matching placeholder is found in the document.
+ * <br/>
+ * Defaults to {@link SignParameters#PLACEHOLDER_MATCH_MODE_MODERATE}.
+ */
+ protected int placeholderMatchMode = PLACEHOLDER_MATCH_MODE_MODERATE;
-
+
/**
* {@link #setTimeStamperImpl(TimeStamper)}
* @return
@@ -236,5 +275,51 @@ public class SignParameters this.signatureKeyIdentifier = signatureKeyIdentifier;
}
+ /**
+ *
+ * @return
+ */
+ public boolean isCheckForPlaceholder() {
+ return this.checkForPlaceholder;
+ }
+
+ /**
+ *
+ * @param check
+ */
+ public void setCheckForPlaceholder(boolean check) {
+ this.checkForPlaceholder = check;
+ }
+
+ /**
+ *
+ * @param placeholderId
+ */
+ public void setPlaceholderId(String placeholderId) {
+ this.placeholderId = placeholderId;
+ }
+
+ /**
+ *
+ * @return the placeholderId
+ */
+ public String getPlaceholderId() {
+ return placeholderId;
+ }
+
+ /**
+ *
+ * @param placeholderMatchMode
+ */
+ public void setPlaceholderMatchMode(int placeholderMatchMode) {
+ this.placeholderMatchMode = placeholderMatchMode;
+ }
+ /**
+ *
+ * @return the placeholderMatchMode
+ */
+ public int getPlaceholderMatchMode() {
+ return this.placeholderMatchMode;
+ }
}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyAfterReconstructXMLDsigParameters.java b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyAfterReconstructXMLDsigParameters.java new file mode 100644 index 0000000..11ddb28 --- /dev/null +++ b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyAfterReconstructXMLDsigParameters.java @@ -0,0 +1,114 @@ +package at.gv.egiz.pdfas.api.verify;
+
+import java.util.Date;
+
+import at.gv.egiz.pdfas.api.commons.Constants;
+import at.gv.egiz.pdfas.api.xmldsig.ReconstructXMLDsigResult;
+
+/**
+ * This class represents the parameters needed for verify after reconstructXMLDsig has already been executed.
+ *
+ * @author exthex
+ *
+ */
+public class VerifyAfterReconstructXMLDsigParameters {
+
+ /**
+ * The list of signatures to be verified.
+ */
+ protected ReconstructXMLDsigResult reconstructXMLDsigResult = null;
+
+ /**
+ * The signature device to perform the actual signature.
+ *
+ * <p>
+ * May be {@link Constants#SIGNATURE_DEVICE_MOA} or
+ * {@link Constants#SIGNATURE_DEVICE_BKU}.
+ * </p>
+ */
+ protected String signatureDevice = Constants.SIGNATURE_DEVICE_MOA;
+
+ /**
+ * Allows to pass a VerificationTime to the signature device.
+ */
+ protected Date verificationTime = null;
+
+ /**
+ * Tells the signature device (e.g. MOA) to return the signature hash input
+ * data (which is the probably transformed signed data).
+ *
+ * <p>
+ * Note that this forces MOA to return the potentially large signature data to
+ * be returned in the result XML, which may result in very bad performance.
+ * </p>
+ */
+ protected boolean returnHashInputData = false;
+
+ /**
+ * @return the reconstructXMLDsigResult
+ */
+ public ReconstructXMLDsigResult getReconstructXMLDsigResult()
+ {
+ return this.reconstructXMLDsigResult;
+ }
+
+ /**
+ * @param reconstructXMLDsigResult
+ * the reconstructXMLDsigResult to set
+ */
+ public void setReconstructXMLDsigResult(ReconstructXMLDsigResult reconstructXMLDsigResult)
+ {
+ this.reconstructXMLDsigResult = reconstructXMLDsigResult;
+ }
+
+ /**
+ * @return the signatureDevice
+ */
+ public String getSignatureDevice()
+ {
+ return this.signatureDevice;
+ }
+
+ /**
+ * @param signatureDevice
+ * the signatureDevice to set
+ */
+ public void setSignatureDevice(String signatureDevice)
+ {
+ this.signatureDevice = signatureDevice;
+ }
+
+ /**
+ * @return the verificationTime
+ */
+ public Date getVerificationTime()
+ {
+ return this.verificationTime;
+ }
+
+ /**
+ * @param verificationTime the verificationTime to set
+ */
+ public void setVerificationTime(Date verificationTime)
+ {
+ this.verificationTime = verificationTime;
+ }
+
+ /**
+ * @return the returnHashInputData
+ */
+ public boolean isReturnHashInputData()
+ {
+ return this.returnHashInputData;
+ }
+
+ /**
+ * @param returnHashInputData
+ * the returnHashInputData to set
+ */
+ public void setReturnHashInputData(boolean returnHashInputData)
+ {
+ this.returnHashInputData = returnHashInputData;
+ }
+
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ExtendedSignatureInformation.java b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ExtendedSignatureInformation.java new file mode 100644 index 0000000..2d805c2 --- /dev/null +++ b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ExtendedSignatureInformation.java @@ -0,0 +1,46 @@ +package at.gv.egiz.pdfas.api.xmldsig;
+
+import at.gv.egiz.pdfas.api.commons.SignatureInformation;
+
+/**
+ * A wrapper to combine {@link SignatureInformation} and {@link XMLDsigData}
+ *
+ * @author exthex
+ *
+ */
+public class ExtendedSignatureInformation {
+
+ private final SignatureInformation signatureInformation;
+
+ private final XMLDsigData xmlDsigData;
+
+ /**
+ * Constructor.
+ *
+ * @param siginfo
+ * The signature information
+ * @param dsigData
+ * The matching xmldsig to the signature information.
+ */
+ public ExtendedSignatureInformation(SignatureInformation siginfo, XMLDsigData dsigData) {
+ this.signatureInformation = siginfo;
+ this.xmlDsigData = dsigData;
+ }
+
+ /**
+ *
+ * @return the signatureInformation
+ */
+ public SignatureInformation getSignatureInformation() {
+ return signatureInformation;
+ }
+
+ /**
+ *
+ * @return the xmlDsigData
+ */
+ public XMLDsigData getXmlDsigData() {
+ return xmlDsigData;
+ }
+
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigAfterAnalysisParameters.java b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigAfterAnalysisParameters.java new file mode 100644 index 0000000..1f0ecc5 --- /dev/null +++ b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigAfterAnalysisParameters.java @@ -0,0 +1,115 @@ +package at.gv.egiz.pdfas.api.xmldsig;
+
+import java.util.Date;
+
+import at.gv.egiz.pdfas.api.analyze.AnalyzeResult;
+import at.gv.egiz.pdfas.api.commons.Constants;
+
+/**
+ * Parameters for the reconstructXMLDsig method which is to be called after a analyze call.
+ *
+ * @author exthex
+ *
+ */
+public class ReconstructXMLDsigAfterAnalysisParameters {
+
+
+ /**
+ * The list of signatures to be verified.
+ */
+ protected AnalyzeResult analyzeResult = null;
+
+ /**
+ * The signature device to perform the actual signature.
+ *
+ * <p>
+ * May be {@link Constants#SIGNATURE_DEVICE_MOA} or
+ * {@link Constants#SIGNATURE_DEVICE_BKU}.
+ * </p>
+ */
+ protected String signatureDevice = Constants.SIGNATURE_DEVICE_MOA;
+
+ /**
+ * Allows to pass a VerificationTime to the signature device.
+ */
+ protected Date verificationTime = null;
+
+ /**
+ * Tells the signature device (e.g. MOA) to return the signature hash input
+ * data (which is the probably transformed signed data).
+ *
+ * <p>
+ * Note that this forces MOA to return the potentially large signature data to
+ * be returned in the result XML, which may result in very bad performance.
+ * </p>
+ */
+ protected boolean returnHashInputData = false;
+
+ /**
+ * @return the analyzeResult
+ */
+ public AnalyzeResult getAnalyzeResult()
+ {
+ return this.analyzeResult;
+ }
+
+ /**
+ * @param analyzeResult
+ * the analyzeResult to set
+ */
+ public void setAnalyzeResult(AnalyzeResult analyzeResult)
+ {
+ this.analyzeResult = analyzeResult;
+ }
+
+ /**
+ * @return the signatureDevice
+ */
+ public String getSignatureDevice()
+ {
+ return this.signatureDevice;
+ }
+
+ /**
+ * @param signatureDevice
+ * the signatureDevice to set
+ */
+ public void setSignatureDevice(String signatureDevice)
+ {
+ this.signatureDevice = signatureDevice;
+ }
+
+ /**
+ * @return the verificationTime
+ */
+ public Date getVerificationTime()
+ {
+ return this.verificationTime;
+ }
+
+ /**
+ * @param verificationTime the verificationTime to set
+ */
+ public void setVerificationTime(Date verificationTime)
+ {
+ this.verificationTime = verificationTime;
+ }
+
+ /**
+ * @return the returnHashInputData
+ */
+ public boolean isReturnHashInputData()
+ {
+ return this.returnHashInputData;
+ }
+
+ /**
+ * @param returnHashInputData
+ * the returnHashInputData to set
+ */
+ public void setReturnHashInputData(boolean returnHashInputData)
+ {
+ this.returnHashInputData = returnHashInputData;
+ }
+
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigParameters.java b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigParameters.java new file mode 100644 index 0000000..346cc70 --- /dev/null +++ b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigParameters.java @@ -0,0 +1,195 @@ +package at.gv.egiz.pdfas.api.xmldsig;
+
+import java.util.Date;
+
+import at.gv.egiz.pdfas.api.PdfAs;
+import at.gv.egiz.pdfas.api.commons.Constants;
+import at.gv.egiz.pdfas.api.io.DataSource;
+
+/**
+ * Parameters for the {@link PdfAs#reconstructXMLDSIG(ReconstructXMLDsigParameters)} method.
+ * No need to call analyze before calling this method.
+ *
+ * @author exthex
+ *
+ */
+public class ReconstructXMLDsigParameters {
+
+ /**
+ * The document to be verified.
+ */
+ protected DataSource document = null;
+
+ /**
+ * The signature device to perform the actual signature.
+ *
+ * <p>
+ * May be {@link Constants#SIGNATURE_DEVICE_MOA} or
+ * {@link Constants#SIGNATURE_DEVICE_BKU}.
+ * </p>
+ */
+ protected String signatureDevice = Constants.SIGNATURE_DEVICE_MOA;
+
+ /**
+ * The mode of operation how the document is analyzed.
+ *
+ * <p>
+ * May be {@link Constants#VERIFY_MODE_BINARY_ONLY} to check the document for
+ * binary signatures only (very fast). Or may be
+ * {@link Constants#VERIFY_MODE_SEMI_CONSERVATIVE} to perform a semi
+ * conservative (optimized) text and binary verification (slow). Or may be
+ * {@link Constants#VERIFY_MODE_FULL_CONSERVATIVE} to perform a full
+ * conservative text and binary verification (very slow).
+ * </p>
+ */
+ protected String verifyMode = Constants.VERIFY_MODE_FULL_CONSERVATIVE;
+
+ /**
+ * The (zero based) index of the signature to verify.
+ *
+ * <p>
+ * This allows to verify only one found signature instead of all. {@link Constants#VERIFY_ALL} means to
+ * verify all found signatures.
+ * </p>
+ */
+ protected int signatureToVerify = Constants.VERIFY_ALL;
+
+ /**
+ * Allows to pass a VerificationTime to the verification device.
+ *
+ * <p>
+ * Note that the actual usage of this parameter depends on the verification device.
+ * </p>
+ */
+ protected Date verificationTime = null;
+
+ /**
+ * Tells the signature device (e.g. MOA) to return the signature hash input
+ * data (which is the probably transformed signed data).
+ *
+ * <p>
+ * Note that this forces MOA to return the potentially large signature data to
+ * be returned in the result XML, which may result in very bad performance.
+ * </p>
+ */
+ protected boolean returnHashInputData = false;
+
+ protected boolean returnNonTextualObjects = false;
+
+ /**
+ * @return the document
+ */
+ public DataSource getDocument()
+ {
+ return this.document;
+ }
+
+ /**
+ * @param document
+ * the document to set
+ */
+ public void setDocument(DataSource document)
+ {
+ this.document = document;
+ }
+
+ /**
+ * @return the signatureDevice
+ */
+ public String getSignatureDevice()
+ {
+ return this.signatureDevice;
+ }
+
+ /**
+ * @param signatureDevice
+ * the signatureDevice to set
+ */
+ public void setSignatureDevice(String signatureDevice)
+ {
+ this.signatureDevice = signatureDevice;
+ }
+
+ /**
+ * @return the verifyMode
+ */
+ public String getVerifyMode()
+ {
+ return this.verifyMode;
+ }
+
+ /**
+ * @param verifyMode
+ * the verifyMode to set
+ */
+ public void setVerifyMode(String verifyMode)
+ {
+ this.verifyMode = verifyMode;
+ }
+
+ /**
+ * @return the signatureToVerify
+ */
+ public int getSignatureToVerify()
+ {
+ return this.signatureToVerify;
+ }
+
+ /**
+ * @param signatureToVerify
+ * the signatureToVerify to set
+ */
+ public void setSignatureToVerify(int signatureToVerify)
+ {
+ this.signatureToVerify = signatureToVerify;
+ }
+
+ /**
+ * @return the verificationTime
+ */
+ public Date getVerificationTime()
+ {
+ return this.verificationTime;
+ }
+
+ /**
+ * @param verificationTime
+ * the verificationTime to set
+ */
+ public void setVerificationTime(Date verificationTime)
+ {
+ this.verificationTime = verificationTime;
+ }
+
+ /**
+ * @return the returnHashInputData
+ */
+ public boolean isReturnHashInputData()
+ {
+ return this.returnHashInputData;
+ }
+
+ /**
+ * @param returnHashInputData
+ * the returnHashInputData to set
+ */
+ public void setReturnHashInputData(boolean returnHashInputData)
+ {
+ this.returnHashInputData = returnHashInputData;
+ }
+
+ public boolean isReturnNonTextualObjects() {
+ return this.returnNonTextualObjects;
+ }
+
+ /**
+ * Tells if non text object of the signed pdf should be extracted and returned.
+ * One should show this to the user, especially in case of textual signature.
+ * Defaults to <tt>false</tt>
+ *
+ * @param returnNonTextualObjects
+ */
+ public void setReturnNonTextualObjects(boolean returnNonTextualObjects) {
+ this.returnNonTextualObjects = returnNonTextualObjects;
+ }
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigResult.java b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigResult.java new file mode 100644 index 0000000..078167d --- /dev/null +++ b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigResult.java @@ -0,0 +1,41 @@ +package at.gv.egiz.pdfas.api.xmldsig;
+
+import java.util.List;
+
+import at.gv.egiz.pdfas.api.commons.SignatureInformation;
+
+/**
+ * The result of a reconstructXMLDsig call.<br/>
+ * This is just a wrapper for a list of {@link ExtendedSignatureInformation}s
+ *
+ *
+ * @author exthex
+ */
+public class ReconstructXMLDsigResult {
+
+ private List extendedSignatures;
+
+ /**
+ * Set the extendedSignatures.
+ *
+ * @param extendedSignatures
+ * The list of {@link ExtendedSignatureInformation}s to set
+ * @return this
+ */
+ public ReconstructXMLDsigResult setExtendedSignatures(List extendedSignatures) {
+ this.extendedSignatures = extendedSignatures;
+ return this;
+ }
+
+ /**
+ * Returns the list of found signatures.
+ *
+ * @return Returns a list of {@link ExtendedSignatureInformation} objects representing all
+ * found signatures + {@link XMLDsigData}.
+ * @see SignatureInformation
+ */
+ public List getExtendedSignatures() {
+ return this.extendedSignatures;
+ }
+
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/api/xmldsig/XMLDsigData.java b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/XMLDsigData.java new file mode 100644 index 0000000..ee83ea6 --- /dev/null +++ b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/XMLDsigData.java @@ -0,0 +1,60 @@ +package at.gv.egiz.pdfas.api.xmldsig;
+
+/**
+ * A container for XMLDsig data.
+ *
+ * @author exthex
+ *
+ */
+public class XMLDsigData {
+
+ private String xmlDsig;
+
+ private boolean detached;
+
+ /**
+ * Constructor.
+ *
+ * @param xmldsig the xml string of the xmldsig.
+ * @param detached true if detached, false otherwise
+ */
+ public XMLDsigData(String xmldsig, boolean detached) {
+ this.xmlDsig = xmldsig;
+ this.detached = detached;
+ }
+
+ /**
+ * Get the xmldsig string
+ * @return
+ */
+ public String getXmlDsig() {
+ return xmlDsig;
+ }
+
+ /**
+ * Set the xmldsig string.
+ *
+ * @param xmlDsig
+ */
+ public void setXmlDsig(String xmlDsig) {
+ this.xmlDsig = xmlDsig;
+ }
+
+ /**
+ *
+ * @return true if detached, false otherwise
+ */
+ public boolean isDetached() {
+ return detached;
+ }
+
+ /**
+ * Set the detached.
+ *
+ * @param detached
+ */
+ public void setDetached(boolean detached) {
+ this.detached = detached;
+ }
+
+}
diff --git a/src/main/java/at/gv/egiz/pdfas/impl/api/PdfAsObject.java b/src/main/java/at/gv/egiz/pdfas/impl/api/PdfAsObject.java index 2923347..c5322e7 100644 --- a/src/main/java/at/gv/egiz/pdfas/impl/api/PdfAsObject.java +++ b/src/main/java/at/gv/egiz/pdfas/impl/api/PdfAsObject.java @@ -24,9 +24,15 @@ import at.gv.egiz.pdfas.api.exceptions.PdfAsException; import at.gv.egiz.pdfas.api.sign.SignParameters;
import at.gv.egiz.pdfas.api.sign.SignResult;
import at.gv.egiz.pdfas.api.verify.VerifyAfterAnalysisParameters;
+import at.gv.egiz.pdfas.api.verify.VerifyAfterReconstructXMLDsigParameters;
import at.gv.egiz.pdfas.api.verify.VerifyParameters;
import at.gv.egiz.pdfas.api.verify.VerifyResult;
import at.gv.egiz.pdfas.api.verify.VerifyResults;
+import at.gv.egiz.pdfas.api.xmldsig.ExtendedSignatureInformation;
+import at.gv.egiz.pdfas.api.xmldsig.ReconstructXMLDsigAfterAnalysisParameters;
+import at.gv.egiz.pdfas.api.xmldsig.ReconstructXMLDsigParameters;
+import at.gv.egiz.pdfas.api.xmldsig.ReconstructXMLDsigResult;
+import at.gv.egiz.pdfas.api.xmldsig.XMLDsigData;
import at.gv.egiz.pdfas.commandline.CommandlineConnectorChooser;
import at.gv.egiz.pdfas.exceptions.ErrorCode;
import at.gv.egiz.pdfas.framework.config.SettingsHelper;
@@ -46,6 +52,10 @@ import at.gv.egiz.pdfas.impl.api.verify.VerifyResultAdapter; import at.gv.egiz.pdfas.impl.api.verify.VerifyResultsImpl;
import at.gv.egiz.pdfas.impl.input.DelimitedPdfDataSource;
import at.gv.egiz.pdfas.impl.vfilter.VerificationFilterParametersImpl;
+import at.gv.egiz.pdfas.impl.xmldsig.XMLDsigReconstructor;
+import at.gv.egiz.pdfas.placeholder.SignaturePlaceholderContext;
+import at.gv.egiz.pdfas.placeholder.SignaturePlaceholderData;
+import at.gv.egiz.pdfas.placeholder.SignaturePlaceholderExtractor;
import at.gv.egiz.pdfas.utils.ConfigUtils;
import at.knowcenter.wag.egov.egiz.PdfAS;
import at.knowcenter.wag.egov.egiz.PdfASID;
@@ -72,6 +82,7 @@ import at.knowcenter.wag.egov.egiz.sig.SignatureTypes; */
public class PdfAsObject implements PdfAs
{
+//23.11.2010 changed by exthex - added methods for reconstructXMLDsig
/**
* The log.
@@ -250,6 +261,21 @@ public class PdfAsObject implements PdfAs signParameters.setDocument(PdfAS.applyStrictMode(signParameters.getDocument()));
+ SignaturePlaceholderData spd = null;
+ SignaturePlaceholderContext.setSignaturePlaceholderData(null);
+ if (signParameters.isCheckForPlaceholder()) {
+ spd = SignaturePlaceholderExtractor.extract(signParameters.getDocument().createInputStream(), signParameters.getPlaceholderId(), signParameters.getPlaceholderMatchMode());
+ if (spd != null){
+ if (spd.getProfile() != null)
+ signParameters.setSignatureProfileId(spd.getProfile());
+ if (spd.getType() != null)
+ signParameters.setSignatureType(spd.getType());
+ if (spd.getKey() != null)
+ signParameters.setSignatureKeyIdentifier(spd.getKey());
+ }
+ }
+ CheckHelper.checkSignParameters(signParameters);
+
if (signParameters.getSignatureProfileId() == null)
{
SettingsReader settings = SettingsReader.getInstance();
@@ -271,7 +297,11 @@ public class PdfAsObject implements PdfAs signatorId = SignatorFactory.MOST_RECENT_DETACHEDTEXT_SIGNATOR_ID;
}
- TablePos pos = PosHelper.formTablePos(signParameters.getSignaturePositioning());
+ TablePos pos = null;
+ if (spd != null && spd.getTablePos() != null)
+ pos = spd.getTablePos();
+ else
+ pos = PosHelper.formTablePos(signParameters.getSignaturePositioning());
String connectorId = CommandlineConnectorChooser.chooseCommandlineConnectorForSign(signParameters.getSignatureDevice());
@@ -344,6 +374,13 @@ public class PdfAsObject implements PdfAs ap.setReturnNonTextualObjects(vp.isReturnNonTextualObjects());
}
+ protected void fillAnalyzeParametersWithReconstructXMLDsigParameters(AnalyzeParameters ap, ReconstructXMLDsigParameters rxp)
+ {
+ ap.setDocument(rxp.getDocument());
+ ap.setVerifyMode(rxp.getVerifyMode());
+ ap.setReturnNonTextualObjects(rxp.isReturnNonTextualObjects());
+ }
+
/**
* Copies all adequate parameters from the {@link VerifyParameters} to the
* {@link VerifyAfterAnalysisParameters}.
@@ -360,6 +397,16 @@ public class PdfAsObject implements PdfAs vaap.setReturnHashInputData(vp.isReturnHashInputData());
}
+
+ protected void fillReconstructXMLDsigAfterAnalysisParametersWithVerifyAfterAnalysisParameters(
+ ReconstructXMLDsigAfterAnalysisParameters reconstructParams,
+ VerifyAfterAnalysisParameters verifyAfterAnalysisParameters) {
+ reconstructParams.setAnalyzeResult(verifyAfterAnalysisParameters.getAnalyzeResult());
+ reconstructParams.setReturnHashInputData(verifyAfterAnalysisParameters.isReturnHashInputData());
+ reconstructParams.setSignatureDevice(verifyAfterAnalysisParameters.getSignatureDevice());
+ reconstructParams.setVerificationTime(verifyAfterAnalysisParameters.getVerificationTime());
+ }
+
/**
* @see at.gv.egiz.pdfas.api.PdfAs#analyze(at.gv.egiz.pdfas.api.analyze.AnalyzeParameters)
*/
@@ -465,40 +512,96 @@ public class PdfAsObject implements PdfAs throw new PDFDocumentException(ErrorCode.DOCUMENT_NOT_SIGNED, "PDF document not signed."); //$NON-NLS-1$
}
- List signature_holders = new ArrayList(signatures.size());
- Iterator it = signatures.iterator();
- while (it.hasNext())
- {
- SignatureInformation si = (SignatureInformation) it.next();
- SignatureHolder sh = (SignatureHolder) si.getInternalSignatureInformation();
- signature_holders.add(sh);
- }
- assert signature_holders.size() == signatures.size();
+ ReconstructXMLDsigAfterAnalysisParameters rxaap = new ReconstructXMLDsigAfterAnalysisParameters();
+ fillReconstructXMLDsigAfterAnalysisParametersWithVerifyAfterAnalysisParameters(rxaap, verifyAfterAnalysisParameters);
+ ReconstructXMLDsigResult reconstructResult = reconstructXMLDSIG(rxaap);
- try {
- List results = PdfAS.verifySignatureHolders(signature_holders, verifyAfterAnalysisParameters.getSignatureDevice(), verifyAfterAnalysisParameters.isReturnHashInputData(), verifyAfterAnalysisParameters.getVerificationTime());
-
- List vrs = new ArrayList(results.size());
-
- assert signature_holders.size() == results.size() : "Not all signatures were verified.";
-
- for (int i = 0; i < signature_holders.size(); i++)
- {
- SignatureResponse response = (SignatureResponse) results.get(i);
- SignatureHolder holder = (SignatureHolder) signature_holders.get(i);
-
- VerifyResult vr = new VerifyResultAdapter(response, holder, verifyAfterAnalysisParameters.getVerificationTime());
- vr.setNonTextualObjects( ((SignatureInformation) signatures.get(i)).getNonTextualObjects());
-
- vrs.add(vr);
- }
+ VerifyAfterReconstructXMLDsigParameters varxp = new VerifyAfterReconstructXMLDsigParameters();
+ fillVerifyAfterReconstructXMLDsigParametersWithVerifyAfterAnalysisParameters(varxp, verifyAfterAnalysisParameters);
+ varxp.setReconstructXMLDsigResult(reconstructResult);
+
+ return verify(varxp);
- VerifyResultsImpl verifyResults = new VerifyResultsImpl(vrs);
- return verifyResults;
- } catch (java.lang.OutOfMemoryError e) {
- throw new OutOfMemoryException(ErrorCode.OUT_OF_MEMORY_ERROR, "Insufficient memory allocated to virtual machine. Start Java with parameters \"-Xms128m -Xmx786m -XX:MaxPermSize=256m\".", e);
+ }
+
+ protected void fillVerifyAfterReconstructXMLDsigParametersWithVerifyAfterAnalysisParameters(
+ VerifyAfterReconstructXMLDsigParameters varxp,
+ VerifyAfterAnalysisParameters verifyAfterAnalysisParameters) {
+ varxp.setReturnHashInputData(verifyAfterAnalysisParameters.isReturnHashInputData());
+ varxp.setSignatureDevice(verifyAfterAnalysisParameters.getSignatureDevice());
+ varxp.setVerificationTime(verifyAfterAnalysisParameters.getVerificationTime());
+ }
+
+ public ReconstructXMLDsigResult reconstructXMLDSIG(
+ ReconstructXMLDsigParameters reconstructXMLDsigParameters)
+ throws PdfAsException {
+
+ AnalyzeParameters analyzeParameters = new AnalyzeParameters();
+ fillAnalyzeParametersWithReconstructXMLDsigParameters(analyzeParameters, reconstructXMLDsigParameters);
+ AnalyzeResult ar = analyze(analyzeParameters);
+
+ ReconstructXMLDsigAfterAnalysisParameters rxaap = new ReconstructXMLDsigAfterAnalysisParameters();
+ fillReconstructXMLDsigAfterAnalysisParametersWithReconstructXMLDsigParameters(rxaap, reconstructXMLDsigParameters);
+ rxaap.setAnalyzeResult(ar);
+
+ return reconstructXMLDSIG(rxaap);
+ }
+
+ protected void fillReconstructXMLDsigAfterAnalysisParametersWithReconstructXMLDsigParameters(
+ ReconstructXMLDsigAfterAnalysisParameters rxaap,
+ ReconstructXMLDsigParameters reconstructXMLDsigParameters) {
+ rxaap.setReturnHashInputData(reconstructXMLDsigParameters.isReturnHashInputData());
+ rxaap.setSignatureDevice(reconstructXMLDsigParameters.getSignatureDevice());
+ rxaap.setVerificationTime(reconstructXMLDsigParameters.getVerificationTime());
+ }
+
+ public ReconstructXMLDsigResult reconstructXMLDSIG(
+ ReconstructXMLDsigAfterAnalysisParameters reconstructXMLDsigParameters)
+ throws PdfAsException {
+
+ AnalyzeResult ar = reconstructXMLDsigParameters.getAnalyzeResult();
+ List extendedSignatureInfos = new Vector();
+ for (int i = 0; i < ar.getSignatures().size(); i++)
+ {
+ SignatureInformation si = (SignatureInformation)ar.getSignatures().get(i);
+ XMLDsigData dsigData = XMLDsigReconstructor.reconstruct(si, reconstructXMLDsigParameters.getSignatureDevice());
+ extendedSignatureInfos.add(new ExtendedSignatureInformation(si, dsigData));
}
-
+ return new ReconstructXMLDsigResult().setExtendedSignatures(extendedSignatureInfos);
+ }
+
+ public VerifyResults verify(
+ VerifyAfterReconstructXMLDsigParameters verifyAfterReconstructXMLDsigParameters)
+ throws PdfAsException {
+
+ try {
+ List extSignatures = verifyAfterReconstructXMLDsigParameters.getReconstructXMLDsigResult().getExtendedSignatures();
+ List results = PdfAS.verifyExtendedSignatureHolders(extSignatures,
+ verifyAfterReconstructXMLDsigParameters.getSignatureDevice(),
+ verifyAfterReconstructXMLDsigParameters.isReturnHashInputData(),
+ verifyAfterReconstructXMLDsigParameters.getVerificationTime());
+
+ List vrs = new ArrayList(results.size());
+
+ assert extSignatures.size() == results.size() : "Not all signatures were verified.";
+
+ for (int i = 0; i < extSignatures.size(); i++)
+ {
+ SignatureResponse response = (SignatureResponse) results.get(i);
+ ExtendedSignatureInformation extSigInfo = (ExtendedSignatureInformation)extSignatures.get(i);
+ SignatureHolder holder = (SignatureHolder) extSigInfo.getSignatureInformation().getInternalSignatureInformation();
+
+ VerifyResult vr = new VerifyResultAdapter(response, holder, verifyAfterReconstructXMLDsigParameters.getVerificationTime());
+ vr.setNonTextualObjects( extSigInfo.getSignatureInformation().getNonTextualObjects());
+
+ vrs.add(vr);
+ }
+
+ VerifyResultsImpl verifyResults = new VerifyResultsImpl(vrs);
+ return verifyResults;
+ } catch (java.lang.OutOfMemoryError e) {
+ throw new OutOfMemoryException(ErrorCode.OUT_OF_MEMORY_ERROR, "Insufficient memory allocated to virtual machine. Start Java with parameters \"-Xms128m -Xmx786m -XX:MaxPermSize=256m\".", e);
+ }
}
}
diff --git a/src/main/java/at/gv/egiz/pdfas/impl/xmldsig/XMLDsigReconstructor.java b/src/main/java/at/gv/egiz/pdfas/impl/xmldsig/XMLDsigReconstructor.java new file mode 100644 index 0000000..86c6e43 --- /dev/null +++ b/src/main/java/at/gv/egiz/pdfas/impl/xmldsig/XMLDsigReconstructor.java @@ -0,0 +1,53 @@ +package at.gv.egiz.pdfas.impl.xmldsig;
+
+import at.gv.egiz.pdfas.api.commons.SignatureInformation;
+import at.gv.egiz.pdfas.api.xmldsig.XMLDsigData;
+import at.gv.egiz.pdfas.commandline.CommandlineConnectorChooser;
+import at.gv.egiz.pdfas.framework.ConnectorParameters;
+import at.knowcenter.wag.egov.egiz.PdfAS;
+import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
+import at.knowcenter.wag.egov.egiz.exceptions.ConnectorFactoryException;
+import at.knowcenter.wag.egov.egiz.exceptions.SignatureException;
+import at.knowcenter.wag.egov.egiz.pdf.SignatureHolder;
+import at.knowcenter.wag.egov.egiz.sig.SignatureData;
+import at.knowcenter.wag.egov.egiz.sig.SignatureObject;
+import at.knowcenter.wag.egov.egiz.sig.connectors.Connector;
+import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject;
+import at.knowcenter.wag.egov.egiz.sig.signatureobject.SignatureObjectHelper;
+
+/**
+ * Utility class for reconstructing xmldsig
+ *
+ * @author exthex
+ *
+ */
+public class XMLDsigReconstructor {
+
+ /**
+ * Reconstructs the xmldsig from the given parameters.
+ *
+ * @param si the signature information from which to reconstruct the xmldsig
+ * @param connectorType the type of connector (usually BKU or MOA) to use to create the xmldsig
+ * @return
+ * @throws ConnectorException
+ * @throws ConnectorFactoryException
+ * @throws SignatureException
+ */
+ public static XMLDsigData reconstruct(SignatureInformation si, String connectorType) throws ConnectorException, ConnectorFactoryException, SignatureException {
+ SignatureHolder holder = (SignatureHolder)si.getInternalSignatureInformation();
+ SignatureObject sigObject = holder.getSignatureObject();
+
+ SignSignatureObject so = SignatureObjectHelper.convertSignatureObjectToSignSignatureObject(sigObject);
+ SignatureData sd = PdfAS.convertSignatureHolderToSignatureData(holder);
+
+ String profile = sigObject.getSignatureTypeDefinition().getType();
+ String connectorId = CommandlineConnectorChooser.chooseCommandlineConnectorForVerify(connectorType, sigObject.getKZ(), so.id, profile);
+
+ ConnectorParameters cp = new ConnectorParameters();
+ cp.setProfileId(profile);
+ Connector c = at.gv.egiz.pdfas.framework.ConnectorFactory.createConnector(connectorId, cp);
+
+ return c.reconstructXMLDsig(sd, so);
+ }
+
+}
|