diff options
| -rw-r--r-- | pom.xml | 2 | ||||
| -rw-r--r-- | src/main/java/at/gv/egiz/pdfas/exceptions/ErrorCode.java | 3 | ||||
| -rw-r--r-- | src/main/java/at/gv/egiz/pdfas/impl/vfilter/VerificationFilterImpl.java | 162 | ||||
| -rw-r--r-- | work/cfg/config.properties | 9 | ||||
| -rw-r--r-- | work/cfg/help_text.properties | 1 | ||||
| -rw-r--r-- | work/cfg/log4j.properties | 4 |
6 files changed, 172 insertions, 9 deletions
@@ -7,7 +7,7 @@ <groupId>knowcenter</groupId>
<artifactId>pdf-as</artifactId>
<name>PDF-AS</name>
- <version>3.0.1</version>
+ <version>3.0.2</version>
<description>Amtssignatur fuer elektronische Aktenfuehrung</description>
<url>http://www.egiz.gv.at</url>
diff --git a/src/main/java/at/gv/egiz/pdfas/exceptions/ErrorCode.java b/src/main/java/at/gv/egiz/pdfas/exceptions/ErrorCode.java index 332974b..dcb5f30 100644 --- a/src/main/java/at/gv/egiz/pdfas/exceptions/ErrorCode.java +++ b/src/main/java/at/gv/egiz/pdfas/exceptions/ErrorCode.java @@ -36,6 +36,9 @@ public final class ErrorCode public static final int CERTIFICATE_NOT_FOUND = 313;
public static final int NOT_SEMANTICALLY_EQUAL = 314;
+
+ public static final int MODIFIED_AFTER_SIGNATION = 316;
+ public static final int NON_BINARY_SIGNATURES_PRESENT = 317;
public static final int WEB_EXCEPTION = 330;
diff --git a/src/main/java/at/gv/egiz/pdfas/impl/vfilter/VerificationFilterImpl.java b/src/main/java/at/gv/egiz/pdfas/impl/vfilter/VerificationFilterImpl.java index 0c9e1f2..3fe17bf 100644 --- a/src/main/java/at/gv/egiz/pdfas/impl/vfilter/VerificationFilterImpl.java +++ b/src/main/java/at/gv/egiz/pdfas/impl/vfilter/VerificationFilterImpl.java @@ -10,6 +10,7 @@ import java.util.List; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import at.gv.egiz.pdfas.exceptions.ErrorCode;
import at.gv.egiz.pdfas.exceptions.framework.VerificationFilterException;
import at.gv.egiz.pdfas.framework.SignatureHolderHelper;
import at.gv.egiz.pdfas.framework.VerificatorFactory;
@@ -26,9 +27,11 @@ import at.gv.egiz.pdfas.impl.vfilter.partition.BinaryPartition; import at.gv.egiz.pdfas.impl.vfilter.partition.TextPartition;
import at.knowcenter.wag.egov.egiz.PdfAS;
import at.knowcenter.wag.egov.egiz.PdfASID;
+import at.knowcenter.wag.egov.egiz.cfg.SettingsReader;
import at.knowcenter.wag.egov.egiz.exceptions.NormalizeException;
import at.knowcenter.wag.egov.egiz.exceptions.PDFDocumentException;
import at.knowcenter.wag.egov.egiz.exceptions.PresentableException;
+import at.knowcenter.wag.egov.egiz.exceptions.SettingsException;
import at.knowcenter.wag.egov.egiz.exceptions.SignatureException;
import at.knowcenter.wag.egov.egiz.exceptions.SignatureTypesException;
import at.knowcenter.wag.egov.egiz.pdf.AbsoluteTextSignature;
@@ -48,6 +51,10 @@ public class VerificationFilterImpl implements VerificationFilter */
private static final Log log = LogFactory.getLog(VerificationFilterImpl.class);
+
+ // tzefferer: added
+ public static final String CHECK_DOCUMENT = "check_document";
+
/**
* @see at.gv.egiz.pdfas.framework.vfilter.VerificationFilter#extractSignatureHolders(at.gv.egiz.pdfas.framework.input.PdfDataSource,
* java.util.List,
@@ -62,9 +69,23 @@ public class VerificationFilterImpl implements VerificationFilter log.debug("Original IU blocks: " + blocks.size());
debugIUBlocks(blocks);
}
-
+
unrollLinearization(blocks);
+ // tzefferer: check document here
+ SettingsReader settings;
+ try {
+ settings = SettingsReader.getInstance();
+ } catch (SettingsException e) {
+ throw new VerificationFilterException(e);
+ }
+ String check_doc = settings.getSetting(CHECK_DOCUMENT, "false");
+
+ if(check_doc.equalsIgnoreCase("true")) {
+ checkDocument(pdf, blocks, parameters);
+ }
+ // end add
+
if (log.isDebugEnabled())
{
log.debug("IU blocks without linearization: " + blocks.size());
@@ -192,8 +213,10 @@ public class VerificationFilterImpl implements VerificationFilter protected List performSemiConservative(PdfDataSource pdf, boolean scanForOldSignatures, List blocks, List partitions) throws VerificationFilterException
{
+ log.debug("perform semiConservative()...");
List binarySignatures = extractBinarySignaturesOnly(pdf, blocks);
+ log.debug("determining last partition...");
TextPartition lastTextPartition = VerificationFilterHelper.findLastTextPartition(partitions);
List extractedSignatures = null;
if (scanForOldSignatures)
@@ -207,9 +230,11 @@ public class VerificationFilterImpl implements VerificationFilter }
else
{
+ log.debug("extracting signatures from last partition...");
extractedSignatures = extractSignaturesFromPartition(pdf, lastTextPartition);
}
-
+
+
List signatureHolderChain = intermingleSignatures(binarySignatures, extractedSignatures);
return signatureHolderChain;
@@ -284,12 +309,16 @@ public class VerificationFilterImpl implements VerificationFilter }
protected String extractText(PdfDataSource pdf, int endOfDocument) throws PresentableException
+
{
+ log.debug("EXTRACTING TEXT... end index = " + endOfDocument);
+
DelimitedPdfDataSource dds = new DelimitedPdfDataSource(pdf, endOfDocument);
//DelimitedInputStream dis = new DelimitedInputStream(pdf.createInputStream(), endOfDocument);
return PdfAS.extractNormalizedTextTextual(dds);
}
-
+
+
protected List extractNewSignaturesFromText(String text) throws VerificationFilterException
{
try
@@ -450,10 +479,12 @@ public class VerificationFilterImpl implements VerificationFilter log.debug("Extracting text from 0 to " + endOfDocument + " (total document size = " + pdf.getLength() + "):");
String extractedText = extractText(pdf, endOfDocument);
log.debug("Extracting text finished.");
+ log.debug("extracted text: " + extractedText);
log.debug("Extracting signatures:");
List extractedSignatures = extractNewSignaturesFromText(extractedText);
log.debug("Extracting signatures finished.");
+ log.debug("Number of found signatures: " + extractedSignatures.size());
if (log.isDebugEnabled())
{
@@ -519,6 +550,130 @@ public class VerificationFilterImpl implements VerificationFilter }
}
+ // tzefferer: added method
+ protected void checkDocument(PdfDataSource pdf, List blocks, VerificationFilterParameters parameters) throws VerificationFilterException {
+
+ boolean consider_old_sigs = parameters.scanForOldSignatures();
+ boolean binary_only = parameters.extractBinarySignaturesOnly();
+ boolean assume_sigs_only = parameters.assumeOnlySignatureUpdateBlocks();
+
+ if(binary_only) {
+ // check if document contains textual signatures
+ checkBinaryOnly(pdf, consider_old_sigs);
+ }
+ if(!assume_sigs_only) {
+ // check if document contains post-sign modifications
+ checkUpdateBlocks(pdf, blocks, consider_old_sigs);
+ }
+ }
+ // tzefferer: added method
+ protected void checkUpdateBlocks(PdfDataSource pdf, List blocks, boolean considerOldSigs) throws VerificationFilterException {
+
+ boolean sig_detected = false;
+
+ if(considerOldSigs) {
+
+ DelimitedPdfDataSource dds = new DelimitedPdfDataSource(pdf, pdf.getLength());
+ String text = null;
+ try {
+ text = PdfAS.extractNormalizedTextTextual(dds);
+ } catch (PresentableException e) {
+ throw new VerificationFilterException(e);
+ }
+
+ SignaturesAndOld sao = extractSignaturesAndOld(text);
+
+ if((sao != null)&&(sao.oldSignature != null)) {
+ sig_detected = true;
+ }
+ }
+
+
+ Iterator it = blocks.iterator();
+ String prev_text = null;
+
+ while (it.hasNext())
+ {
+ boolean sig_in_current_block = false;
+
+ FooterParseResult fpr = (FooterParseResult) it.next();
+
+ DelimitedPdfDataSource dds = new DelimitedPdfDataSource(pdf, fpr.next_index);
+
+ String text;
+ try {
+ text = PdfAS.extractNormalizedTextTextual(dds);
+ } catch (PresentableException e) {
+ throw new VerificationFilterException(e);
+ }
+
+ if(prev_text == null) {
+ prev_text = text;
+ } else {
+ String texttmp = text.substring(prev_text.length());
+ prev_text = text;
+ text = texttmp;
+ }
+
+ List sig_holders = null;
+ try {
+ sig_holders = AbsoluteTextSignature.extractSignatureHoldersFromText(text);
+ } catch (SignatureException e) {
+ throw new VerificationFilterException(e);
+ } catch (SignatureTypesException e) {
+ throw new VerificationFilterException(e);
+ }
+
+ if((sig_holders != null) && (sig_holders.size() > 0)) {
+ sig_detected = true;
+ sig_in_current_block = true;
+ }
+
+ if((sig_detected) && (!sig_in_current_block)) {
+ throw new VerificationFilterException(ErrorCode.MODIFIED_AFTER_SIGNATION, "The document has been modified after being signed.");
+ }
+ }
+ }
+ // tzefferer: added method
+ protected void checkBinaryOnly(PdfDataSource pdf, boolean considerOldSigs) throws VerificationFilterException {
+
+ DelimitedPdfDataSource dds = new DelimitedPdfDataSource(pdf, pdf.getLength());
+ String text = null;
+ try {
+ text = PdfAS.extractNormalizedTextTextual(dds);
+ } catch (PresentableException e) {
+ throw new VerificationFilterException(e);
+ }
+
+ List sigs = new ArrayList();
+
+ if(considerOldSigs) {
+ SignaturesAndOld sao = extractSignaturesAndOld(text);
+ if(sao != null) {
+ if(sao.newSignatures != null) {
+ sigs.addAll(sao.newSignatures);
+ }
+ if(sao.oldSignature != null) {
+ sigs.add(sao.oldSignature);
+ }
+ }
+ } else {
+ List signatures = extractSignatures(pdf, pdf.getLength());
+ if(signatures != null) {
+ sigs.addAll(signatures);
+ }
+ }
+
+ Iterator it = sigs.iterator();
+ while(it.hasNext()) {
+ SignatureHolder current = (SignatureHolder)it.next();
+ if((current != null)&&(!current.getSignatureObject().isBinary())) {
+ throw new VerificationFilterException(ErrorCode.NON_BINARY_SIGNATURES_PRESENT, "The document contains non-binary signatures.");
+ }
+ }
+ }
+
+
protected static class SignaturesAndOld
{
public List newSignatures = null;
@@ -537,6 +692,7 @@ public class VerificationFilterImpl implements VerificationFilter log.debug("Extracting old signatures:");
SignatureHolder oldSignature = extractOldSignature(text, extractedSignatures);
log.debug("Extracting old signatures finished.");
+ log.debug("oldSignature = null: " + (oldSignature==null));
SignaturesAndOld sao = new SignaturesAndOld();
sao.newSignatures = extractedSignatures;
diff --git a/work/cfg/config.properties b/work/cfg/config.properties index a5d7516..83b9c67 100644 --- a/work/cfg/config.properties +++ b/work/cfg/config.properties @@ -16,10 +16,11 @@ cert.alg.ecdsa=http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 strict_mode=false
-# Erlaube Änderungen an bereits signierten Dokumenten
-# added by tzefferer
-# obsolete due to algorithmic changes
-allow_post_sign_modifications=true
+# Überprüfe Korrektheit des Dokuments
+# bei binary_only=true: Fehler falls textuelle Signatur
+# bei assume_only_signauture_blocks=false: Fehler falls inkremetelle Updates nach Signatur
+# In beiden Fällen wird check_old_textual_sigs berücksichtigt.
+check_document=true
#VerificationFilterPatameters
# modify only if you really know the algorithms
diff --git a/work/cfg/help_text.properties b/work/cfg/help_text.properties index c03802e..0a61747 100644 --- a/work/cfg/help_text.properties +++ b/work/cfg/help_text.properties @@ -50,6 +50,7 @@ error.code.315=Beim Auffinden der Signaturen ist ein Fehler aufgetreten. Obwohl # added by tzefferer
error.code.316=Das Dokument wurde nach erfolgter Signierung verändert.
+error.code.317=Das Dokument enthält nicht-binäre Signaturen
error.code.320=Es kann keine Verbindung zur Bürgerkartenumgebung hergestellt werden.
error.code.330=Es kann keine Verbindung zu MOA hergestellt werden oder MOA hat den Request zurückgewiesen.
diff --git a/work/cfg/log4j.properties b/work/cfg/log4j.properties index f09507c..d2bd97d 100644 --- a/work/cfg/log4j.properties +++ b/work/cfg/log4j.properties @@ -6,7 +6,9 @@ # For the general syntax of property based configuration files see the # documenation of org.apache.log4j.PropertyConfigurator. -log4j.rootLogger=INFO, CA, FA +log4j.rootLogger=DEBUG, CA +log4j.logger.org.pdfbox=INFO +log4j.logger.org.apache.commons=INFO # CA is set to be a ConsoleAppender which outputs to System.out. log4j.appender.CA=org.apache.log4j.ConsoleAppender |