aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/at/knowcenter/wag
diff options
context:
space:
mode:
authortknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c>2010-08-12 07:50:58 +0000
committertknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c>2010-08-12 07:50:58 +0000
commitad806535da32c317abba16d29326e65b7c10bf13 (patch)
treee7f05f795ae9e88e7609203a7fab11f6fc270ef5 /src/main/java/at/knowcenter/wag
parent19049a1a803b1732090487b5b432bea4203b8998 (diff)
downloadpdf-as-3-ad806535da32c317abba16d29326e65b7c10bf13.tar.gz
pdf-as-3-ad806535da32c317abba16d29326e65b7c10bf13.tar.bz2
pdf-as-3-ad806535da32c317abba16d29326e65b7c10bf13.zip
more logging
new errorcode for invalid signature dictionary (232) detect invalid signature dictionary detect errors (invalid glyph mappings) when extracting text remove useless certificate digest calculation remove invocation of erroneous getCertDigest method webapp: hotfix for NPE adjustments for new mocca (applet) version (layout) POM: removed deprecated maven elements git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@587 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
Diffstat (limited to 'src/main/java/at/knowcenter/wag')
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java2
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/PdfASID.java6
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/pdf/AbsoluteTextSignature.java11
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/pdf/BinarySignature.java3
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java1
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/pdf/TextualSignature.java7
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java61
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java2
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/tools/CodingHelper.java1
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyPreviewServlet.java11
10 files changed, 88 insertions, 17 deletions
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java b/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java
index 424aad1..59c6b93 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java
@@ -100,7 +100,7 @@ public abstract class PdfAS
* The current version of the pdf-as library. This version string is logged on every invocation
* of the api or the web application.
*/
- public static final String PDFAS_VERSION = "3.1.1-snapshot (20100408)";
+ public static final String PDFAS_VERSION = "3.1.1-snapshot (20100812)";
/**
* The key of the strict mode setting.
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/PdfASID.java b/src/main/java/at/knowcenter/wag/egov/egiz/PdfASID.java
index 7e4b9c0..79591bd 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/PdfASID.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/PdfASID.java
@@ -90,17 +90,17 @@ public class PdfASID implements Serializable
if (tokens.length != 5)
{
- throw new InvalidIDException(ErrorCode.UNABLE_TO_PARSE_ID, "The doesn't have enough tokens (" + id + ")");
+ throw new InvalidIDException(ErrorCode.UNABLE_TO_PARSE_ID, "The method doesn't have enough tokens (" + id + ")");
}
if (!tokens[0].equals(URN))
{
- throw new InvalidIDException(ErrorCode.UNABLE_TO_PARSE_ID, "The id must start with " + URN + " (" + id + ")");
+ throw new InvalidIDException(ErrorCode.UNABLE_TO_PARSE_ID, "The method must start with " + URN + " (" + id + ")");
}
if (!tokens[1].equals(NAMESPACE))
{
- throw new InvalidIDException(ErrorCode.UNABLE_TO_PARSE_ID, "The namespace of the id must be " + NAMESPACE + " (" + id + ")");
+ throw new InvalidIDException(ErrorCode.UNABLE_TO_PARSE_ID, "The namespace of the method must be " + NAMESPACE + " (" + id + ")");
}
set(tokens[2], tokens[3], tokens[4]);
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/AbsoluteTextSignature.java b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/AbsoluteTextSignature.java
index a036772..817eb20 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/AbsoluteTextSignature.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/AbsoluteTextSignature.java
@@ -311,6 +311,17 @@ public class AbsoluteTextSignature
{
potential_block_end = findEndOfValue(text, potential_block_end);
}
+
+ // FIXME: complete HOTFIX
+ /*
+ int extendedValueEnd = potential_block_end;
+ String cv;
+ do {
+ extendedValueEnd = findEndOfValue(text, extendedValueEnd);
+ cv = text.substring(last_caption_index + current_last_caption.length()+1, extendedValueEnd);
+ } while (extendedValueEnd < text.length());
+ */
+
logger.debug("potential_block_end = " + potential_block_end);
List found_keys = PdfAS.findBlockInText(text.substring(0, potential_block_end), block_type, old_style); // findRestKeys(text,
// keys,
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/BinarySignature.java b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/BinarySignature.java
index 32871e8..ec6f567 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/BinarySignature.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/BinarySignature.java
@@ -1940,6 +1940,9 @@ public abstract class BinarySignature
if (cur_ri == null || !ByteArrayUtils.compareByteArrays(cur_ri.brev, 0, brevs[cur]))
{
+ if (cur >= encodings.length) {
+ throw new PDFDocumentException(ErrorCode.INVALID_SIGNATURE_DICTIONARY, "Invalid EGIZ signature dictionary.");
+ }
cur_ri = new ReplaceInfo();
cur_ri.replaces = new ArrayList();
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java
index a843369..39b5daf 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java
@@ -496,7 +496,6 @@ public class PDFSignatureObjectIText implements PDFSignatureObject
{
pdf_cell.setColspan(cell.getColSpan());
}
- // TODO[tknall]: Check if cell nowrap may be used to prevent wrapping of cells containing keys.
if (cell.isNoWrap())
{
pdf_cell.setNoWrap(true);
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/TextualSignature.java b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/TextualSignature.java
index 85bc4fd..4a9814d 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/TextualSignature.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/TextualSignature.java
@@ -167,7 +167,12 @@ public class TextualSignature
// stripper.setStartPage(4);
// stripper.setEndPage(4);
logger_.debug("TextualSignator extractTextTextual: Begin stripping text");
- String text = stripper.getText(doc, encoding);
+ String text;
+ try {
+ text = stripper.getText(doc, encoding);
+ } catch (Exception e) {
+ throw new PDFDocumentException(ErrorCode.TEXT_EXTRACTION_EXCEPTION, "Unable to extract textual content.", e);
+ }
logger_.debug("TextualSignator extractTextTextual: Stripping text ended");
doc.close();
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java
index 66daf57..0b39a5b 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java
@@ -570,7 +570,7 @@ public class SignatureObject implements Serializable
{
setSigValue(SignatureTypes.SIG_ISSUER, cert.getIssuerName());
setSigValue(SIG_CER, cert.getCertString());
- setSigValue(SIG_CER_DIG, cert.getCertDigest());
+ // setSigValue(SIG_CER_DIG, cert.getCertDigest());
x509Cert_ = cert;
}
issuer = getSigValue(SignatureTypes.SIG_ISSUER);
@@ -670,13 +670,13 @@ public class SignatureObject implements Serializable
{
setSigValue(SignatureTypes.SIG_ISSUER, cert.getIssuerName());
setSigValue(SIG_CER, cert.getCertString());
- setSigValue(SIG_CER_DIG, cert.getCertDigest());
+ // setSigValue(SIG_CER_DIG, cert.getCertDigest());
x509Cert_ = cert;
}
}
/**
- * @return the current X509CertificateDigest value.
+ * @return the current X509CertificateDigest value (as SHA1 digest).
*/
public String getX509CertificateDigest()
{
@@ -684,7 +684,10 @@ public class SignatureObject implements Serializable
if (dig == null)
{
loadCurrentCert();
- dig = getSigValue(SIG_CER_DIG);
+ byte[] cert_b64 = CodingHelper.decodeBase64(x509Cert_.getCertString());
+ byte[] cert_hash = CodingHelper.buildDigest(cert_b64, "SHA");
+ dig = new String(CodingHelper.encodeBase64(cert_hash));
+ setSigValue(SIG_CER_DIG, dig);
}
return dig;
}
@@ -710,7 +713,7 @@ public class SignatureObject implements Serializable
public void setX509Certificate(String x509Certificate)
{
setSigValue(SIG_CER, x509Certificate);
- storeCertificate(getSignationSerialNumber(), getSignationIssuer(), x509Certificate, getX509CertificateDigest());
+ storeCertificate(getSignationSerialNumber(), getSignationIssuer(), x509Certificate);
}
public void setX509Certificate(X509Certificate cert)
@@ -722,7 +725,7 @@ public class SignatureObject implements Serializable
// setX509Certificate(certStr);
X509Cert knowcenterCert = X509Cert.initByX509Certificate(cert);
setSigValue(SIG_CER, knowcenterCert.getCertString());
- storeCertificate(cert.getSerialNumber().toString(), knowcenterCert.getIssuerName(), knowcenterCert.getCertString(), knowcenterCert.getCertDigest());
+ storeCertificate(cert.getSerialNumber().toString(), knowcenterCert.getIssuerName(), knowcenterCert.getCertString());
}
catch (CertificateEncodingException e)
{
@@ -1339,9 +1342,51 @@ public class SignatureObject implements Serializable
* @param x509Digest
* the digest value of the given x509Certificate
* @return true the certificate is stored completely, false otherwise
+ * @deprecated Use {@link #storeCertificate(String, String, String)} instead.
*/
private boolean storeCertificate(String serialNumber, String issuer,
- String x509Certificate, String x509Digest)
+ String x509Certificate, String x509Digest)
+ {
+ return storeCertificate(serialNumber, issuer, x509Certificate);
+ }
+
+ /**
+ * This method stores a X509v3 certificate to the filesystem. The reference to
+ * the stored certificate is build by the serialNumber and the issuer string.
+ * The issuer string is normalized because if getting this value from a pdf
+ * extraction it can be splited into more sections or necessary spaces are
+ * removed. The real issuer value is stored in the certificates meta file. The
+ * certficate is devided into two files: certificate.der (the binary value)
+ * and the meta information used in SignatureObjects as well in
+ * SignatureImages of a signed pdf-document. The storing path of the
+ * certificate is build by:
+ * <ol>
+ * <li>normalize the issuer string</li>
+ * <li>reduce all white spaces in the normalized issuer string</li>
+ * <li>build a hash value of this reduced string</li>
+ * <li>code this hash value as base64 value</li>
+ * <li>add the base64 normalized issuer hash value to the certificate base
+ * store path</li>
+ * <li>add the serialNumber to the cert path</li>
+ * <li>add the <code>.der</code> extension to get the certificate binary</li>
+ * <li>add the <code>.txt</code> extension to get the meta information of
+ * the certificate</li>
+ * </ol>
+ *
+ * The certificate meta file is build by the base64 coded issuer string and
+ * the cert digest value devided by the <code>@</code> char.
+ *
+ * @param serialNumber
+ * the file name of the certificate .der|.txt
+ * @param issuer
+ * the issuer string for the file path value of the certificate and
+ * for metainformation
+ * @param x509Certificate
+ * the x509v3 binary string
+ * @return true the certificate is stored completely, false otherwise
+ */
+ private boolean storeCertificate(String serialNumber, String issuer,
+ String x509Certificate)
{
boolean store_complete = false;
if (issuer != null && serialNumber != null)
@@ -1377,7 +1422,7 @@ public class SignatureObject implements Serializable
}
return store_complete;
}
-
+
/**
* @return Returns the AbstractTable.
* @see at.knowcenter.wag.egov.egiz.table.Table
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java
index fbd89fa..3e230c5 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java
@@ -316,6 +316,7 @@ public class X509Cert implements Serializable
/**
* @return Returns the certificate digest value.
+ * @deprecated Should not be used any more.
*/
public String getCertDigest()
{
@@ -324,7 +325,6 @@ public class X509Cert implements Serializable
if (certString_ != null)
{
byte[] cert_b64 = CodingHelper.decodeBase64(certString_);
- // dferbas: read digest method from certificate
String sigAlgName = this.x509Cert_.getSigAlgName();
String digestAlg = sigAlgName.split("/")[0];
if (sigAlgName.toLowerCase().indexOf("with") != -1 ) {
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/tools/CodingHelper.java b/src/main/java/at/knowcenter/wag/egov/egiz/tools/CodingHelper.java
index 8d05960..bed1cb3 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/tools/CodingHelper.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/tools/CodingHelper.java
@@ -18,7 +18,6 @@
package at.knowcenter.wag.egov.egiz.tools;
import java.io.IOException;
-import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyPreviewServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyPreviewServlet.java
index 0eb417b..11f9db4 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyPreviewServlet.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyPreviewServlet.java
@@ -341,12 +341,21 @@ public class VerifyPreviewServlet extends HttpServlet
writer.println("<table cellpadding=\"2\" cellspacing=\"0\" class=\"pdfaslisttable\">");
// just render useful information
- String[] rkeys = { SignatureTypes.SIG_NAME, SignatureTypes.SIG_DATE, SignatureTypes.SIG_ISSUER, SignatureTypes.SIG_NUMBER}; // SignatureTypes.REQUIRED_SIG_KEYS;
+ // FIXME: NPE in case SignatureTypes.SIG_NAME is not used (in case of friendly signer name)
+ // Problem: SignatureTypes.SIG_NAME is defined as Signer-RFC2253Name, but there is not certain
+ // key for friendly name (e.g. SIG_SUBJECT or SIG_FOO), therefore we do not know which key contains
+ // the friendly signer name
+
+ // workaround: include "SIG_SUBJECT" since it is usually used
+ String[] rkeys = { SignatureTypes.SIG_NAME, "SIG_SUBJECT", SignatureTypes.SIG_DATE, SignatureTypes.SIG_ISSUER, SignatureTypes.SIG_NUMBER}; // SignatureTypes.REQUIRED_SIG_KEYS;
for (int key_idx = 0; key_idx < rkeys.length; key_idx++)
{
String key = rkeys[key_idx];
SignatureEntry entry = signature_object.getSigEntry(key);
+ if (entry == null) {
+ continue;
+ }
String caption = entry.getCaption();
String value = entry.getValue();
if (caption == null || value == null) {