diff options
Diffstat (limited to 'pdf-as-lib/src/main/java/demo/SignatureVerificationDemo.java')
| -rw-r--r-- | pdf-as-lib/src/main/java/demo/SignatureVerificationDemo.java | 265 |
1 files changed, 265 insertions, 0 deletions
diff --git a/pdf-as-lib/src/main/java/demo/SignatureVerificationDemo.java b/pdf-as-lib/src/main/java/demo/SignatureVerificationDemo.java new file mode 100644 index 0000000..878ff08 --- /dev/null +++ b/pdf-as-lib/src/main/java/demo/SignatureVerificationDemo.java @@ -0,0 +1,265 @@ +/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package demo;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Iterator;
+import java.util.List;
+
+import at.gv.egiz.pdfas.PdfAsFactory;
+import at.gv.egiz.pdfas.api.PdfAs;
+import at.gv.egiz.pdfas.api.analyze.AnalyzeParameters;
+import at.gv.egiz.pdfas.api.analyze.AnalyzeResult;
+import at.gv.egiz.pdfas.api.analyze.NonTextObjectInfo;
+import at.gv.egiz.pdfas.api.commons.Constants;
+import at.gv.egiz.pdfas.api.commons.SignatureInformation;
+import at.gv.egiz.pdfas.api.exceptions.PdfAsException;
+import at.gv.egiz.pdfas.api.io.DataSource;
+import at.gv.egiz.pdfas.api.verify.VerifyAfterAnalysisParameters;
+import at.gv.egiz.pdfas.api.verify.VerifyAfterReconstructXMLDsigParameters;
+import at.gv.egiz.pdfas.api.verify.VerifyResult;
+import at.gv.egiz.pdfas.api.verify.VerifyResults;
+import at.gv.egiz.pdfas.api.xmldsig.ExtendedSignatureInformation;
+import at.gv.egiz.pdfas.api.xmldsig.ReconstructXMLDsigAfterAnalysisParameters;
+import at.gv.egiz.pdfas.api.xmldsig.ReconstructXMLDsigResult;
+import at.gv.egiz.pdfas.api.xmldsig.XMLDsigData;
+import at.gv.egiz.pdfas.commandline.Main;
+import at.gv.egiz.pdfas.exceptions.ErrorCode;
+import at.gv.egiz.pdfas.exceptions.ErrorCodeHelper;
+import at.gv.egiz.pdfas.framework.config.SettingsHelper;
+import at.gv.egiz.pdfas.framework.vfilter.VerificationFilterParameters;
+import at.gv.egiz.pdfas.io.FileBasedDataSource;
+
+public class SignatureVerificationDemo {
+
+ /**
+ * Starts a demo that verifies a document.
+ *
+ * @param args
+ * The parameter(s).
+ */
+ public static void main(String[] args) {
+
+ if (args == null || args.length == 0) {
+ System.err.println("Please provide path of file to be verified.");
+ System.exit(1);
+ }
+
+ File configdir = new File("./work");
+ File signedFile = new File(args[0]);
+
+ AnalyzeResult analyzeResult = null;
+
+ try {
+
+ // instantiate api
+ PdfAs pdfasAPI = PdfAsFactory.createPdfAs(configdir);
+
+ // set source
+ DataSource dataSource = new FileBasedDataSource(signedFile, "application/pdf");
+
+ // evaluate settings
+ VerificationFilterParameters parameters = SettingsHelper.readVerificationFilterParametersFromSettings();
+ String verifyMode = Constants.VERIFY_MODE_FULL_CONSERVATIVE;
+
+ if (parameters.extractBinarySignaturesOnly()) {
+ verifyMode = Constants.VERIFY_MODE_BINARY_ONLY;
+ } else if (parameters.assumeOnlySignatureUpdateBlocks()) {
+ verifyMode = Constants.VERIFY_MODE_SEMI_CONSERVATIVE;
+ } else {
+ verifyMode = Constants.VERIFY_MODE_FULL_CONSERVATIVE;
+ }
+
+ // configure analyze parameters
+ AnalyzeParameters analyzeParameters = new AnalyzeParameters();
+ analyzeParameters.setDocument(dataSource);
+ analyzeParameters.setVerifyMode(verifyMode);
+ analyzeParameters.setReturnNonTextualObjects(true);
+
+ // analyze
+ System.out.println("Analyzing...");
+ analyzeResult = pdfasAPI.analyze(analyzeParameters);
+ System.out.println("Successfully analyzed.");
+
+ // information on non-textual objects can be used after analysis step and/or after verification
+ List signatures = analyzeResult.getSignatures();
+ if (signatures != null && !signatures.isEmpty()) {
+ int counter = 0;
+ Iterator sigIterator = signatures.iterator();
+ while (sigIterator.hasNext()) {
+ counter++;
+ SignatureInformation sigInfo = (SignatureInformation) sigIterator.next();
+ System.out.println("\n------------------------ SIGNATURE #" + counter + " ------------------------");
+ if (sigInfo.hasNonTextualObjects()) {
+ System.out.println("\nWARNING: " + sigInfo.getNonTextualObjects().size() + " non textual object(s) detected for this signature.");
+ Iterator noit = sigInfo.getNonTextualObjects().iterator();
+ while (noit.hasNext()) {
+ NonTextObjectInfo info = (NonTextObjectInfo) noit.next();
+ System.out.println(" -> " + info.toString());
+ }
+ System.out.println();
+
+ } else {
+ System.out.println("\nNo non-textual objects detected for this signature.");
+ }
+ }
+ } else {
+ if (analyzeResult != null && analyzeResult.hasBeenCorrected()) {
+ System.err.println("The document could not been processed, maybe due to modification by third party tools. An attempt to correct the document was successful but no verifiable signatures could be found. This/these signature(s) - if any - might got lost.");
+ } else {
+ System.err.println("No signatures found.");
+ }
+ System.exit(1);
+ }
+
+ // retrieve reconstructed signature
+ ReconstructXMLDsigAfterAnalysisParameters recstrParams = new ReconstructXMLDsigAfterAnalysisParameters();
+ recstrParams.setAnalyzeResult(analyzeResult);
+ recstrParams.setSignatureDevice(Constants.SIGNATURE_DEVICE_MOA);
+ ReconstructXMLDsigResult recstrResult = pdfasAPI.reconstructXMLDSIG(recstrParams);
+
+ // it is now possible to retrieve the reconstructed XMLDSig and the underlying signed
+ // data without invoking signature verification. Just enable the following block
+ /*
+ List extSigInfoList = recstrResult.getExtendedSignatures();
+ if (extSigInfoList != null && !extSigInfoList.isEmpty()) {
+ Iterator it = extSigInfoList.iterator();
+ while (it.hasNext()) {
+ ExtendedSignatureInformation extSigInfo = (ExtendedSignatureInformation) it.next();
+ SignatureInformation sigInfo = extSigInfo.getSignatureInformation();
+ XMLDsigData xmlDSigData = extSigInfo.getXmlDsigData();
+ // output XMLDSIG somewhere: xmlDSigData.getXmlDsig()
+ if (xmlDSigData.isDetached()) {
+ DataSource signedDataSource = sigInfo.getSignedData();
+ // output signed data somewhere: signedDataSource.getAsByteArray()
+ }
+ }
+ }
+ */
+
+ // setup verification
+
+ // verification without intermediate step of reconstruction
+ /*
+ VerifyAfterAnalysisParameters vaap = new VerifyAfterAnalysisParameters();
+ vaap.setAnalyzeResult(analyzeResult);
+ vaap.setReturnHashInputData(true);
+ vaap.setSignatureDevice(Constants.SIGNATURE_DEVICE_MOA);
+ vaap.setVerificationTime(null);
+ // try to validate all signatures (do not throw exceptions while validating single signatures)
+ // use result.isVerificationDone() in order to find out if a signatures was successfully verified
+ vaap.setSuppressVerifyExceptions(true);
+ */
+
+ // verification with intermediate step of reconstruction
+ VerifyAfterReconstructXMLDsigParameters varp = new VerifyAfterReconstructXMLDsigParameters();
+ varp.setReconstructXMLDsigResult(recstrResult);
+ varp.setReturnHashInputData(true);
+ // not needed since already set in recstrParams (the reconstruction step)
+ // varp.setSignatureDevice(Constants.SIGNATURE_DEVICE_MOA);
+ varp.setVerificationTime(null);
+ // try to validate all signatures (do not throw exceptions while validating single signatures)
+ // use result.isVerificationDone() in order to find out if a signatures was successfully verified
+ varp.setSuppressVerifyExceptions(true);
+
+ // invoke verification
+ System.out.println("Verifying...");
+
+ // without intermediate step of reconstruction
+ /*
+ VerifyResults verifyResults = pdfasAPI.verify(vaap);
+ */
+
+ // with intermediate step of reconstruction
+ VerifyResults verifyResults = pdfasAPI.verify(varp);
+
+ // retrieve results
+ List verifyResultList = verifyResults.getResults();
+ System.out.println("Verification complete.\n");
+
+ // iterate over results
+ PrintWriter out = new PrintWriter(System.out);
+ Iterator it = verifyResultList.iterator();
+ int counter = 0;
+ while (it.hasNext()) {
+ counter++;
+ VerifyResult result = (VerifyResult) it.next();
+ out.println("\n------------------------ SIGNATURE #" + counter + " ------------------------\n");
+
+ // check if signature verification of the current signature was successfully completed (independent from result)
+ if (!result.isVerificationDone()) {
+ PdfAsException ex = result.getVerificationException();
+ out.println(ErrorCodeHelper.formErrorMessage(ex));
+ continue;
+ }
+
+ Main.formatVerifyResult(result, out);
+ XMLDsigData xmlDSigData = result.getReconstructedXMLDsig();
+ if (xmlDSigData != null) {
+ out.println("\n --- XMLDSIG start ---");
+ out.println(" " + xmlDSigData.getXmlDsig());
+ out.println(" --- XMLDSIG end ---");
+ // fetch data
+ // either use result.getHashInputData() (provided varp.setReturnHashInputData(...) has been set true
+ // or use
+ byte[] data = result.getSignedData().getAsByteArray();
+ out.println("\n Signed Data: " + data.length + " bytes (" + result.getSignatureType() + ")");
+ }
+
+ // check if there are timestamps
+ if (result.getTimeStampValue() != null) {
+ out.println("\n TimeStamp value available for this signature");
+ }
+
+ // check if non textual elements have been detected for this signature
+ if (result.hasNonTextualObjects()) {
+ out.println("\n WARNING: " + result.getNonTextualObjects().size() + " non textual object(s) detected for this signature");
+ Iterator noit = result.getNonTextualObjects().iterator();
+ while (noit.hasNext()) {
+ NonTextObjectInfo info = (NonTextObjectInfo) noit.next();
+ out.println(" -> " + info.toString());
+ }
+ out.println();
+
+ } else {
+ out.println("\n No non-textual objects detected for this signature.");
+ }
+ }
+ out.flush();
+
+ } catch (PdfAsException e) {
+ if (ErrorCode.DOCUMENT_NOT_SIGNED == e.getErrorCode() && analyzeResult != null && analyzeResult.hasBeenCorrected()) {
+ System.err.println("\nThe document could not been processed, maybe due to modification by third party tools. An attempt to correct the document was successful but no verifiable signatures could be found. This/these signature(s) - if any - might got lost.");
+ } else {
+ e.printStackTrace();
+ }
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+
+ }
+
+}
|