From 877758d9ec4deb53aad8a6c1d8669cc7186b1a48 Mon Sep 17 00:00:00 2001 From: tknall Date: Fri, 18 Jan 2008 15:13:13 +0000 Subject: update dealing with incremental updates (NoSignatureHolder introduced that indicates incremental updates. NoSignatureHolders are transported as SignatureHolder withing analysis but are finally removed to maintain compatibility. This allowes to show which signatures are followed by incremental updates containing no signature. If the last signature is followed by an incremental update, an exception is thrown to indicate an illegal modification. git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@248 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- .../gv/egiz/pdfas/api/analyze/AnalyzeResult.java | 2 + .../at/gv/egiz/pdfas/api/verify/VerifyResult.java | 2 +- .../at/gv/egiz/pdfas/impl/api/PdfAsObject.java | 19 +++++-- .../pdfas/impl/api/analyze/AnalyzeResultImpl.java | 31 +++++++++++ .../pdfas/impl/vfilter/VerificationFilterImpl.java | 38 ++++++++++---- .../wag/egov/egiz/pdf/NoSignatureHolder.java | 61 ++++++++++++++++++++++ .../wag/egov/egiz/web/servlets/VerifyServlet.java | 17 +++++- 7 files changed, 151 insertions(+), 19 deletions(-) create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/pdf/NoSignatureHolder.java diff --git a/src/main/java/at/gv/egiz/pdfas/api/analyze/AnalyzeResult.java b/src/main/java/at/gv/egiz/pdfas/api/analyze/AnalyzeResult.java index 098f309..d063b76 100644 --- a/src/main/java/at/gv/egiz/pdfas/api/analyze/AnalyzeResult.java +++ b/src/main/java/at/gv/egiz/pdfas/api/analyze/AnalyzeResult.java @@ -27,4 +27,6 @@ public interface AnalyzeResult * @see SignatureInformation */ public List getSignatures() throws PdfAsException; + + public List getNoSignatures(); } diff --git a/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResult.java b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResult.java index be5a88f..e830f51 100644 --- a/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResult.java +++ b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResult.java @@ -84,7 +84,7 @@ public interface VerifyResult extends SignatureInformation *

*

* Note that the HashInputData does not necessarily have to be exactly the - * same as the signed date return by the + * same as the signed data return by the * {@link SignatureInformation#getSignedData()} method. *

* diff --git a/src/main/java/at/gv/egiz/pdfas/impl/api/PdfAsObject.java b/src/main/java/at/gv/egiz/pdfas/impl/api/PdfAsObject.java index 3b5d0a6..704f9fd 100644 --- a/src/main/java/at/gv/egiz/pdfas/impl/api/PdfAsObject.java +++ b/src/main/java/at/gv/egiz/pdfas/impl/api/PdfAsObject.java @@ -45,6 +45,7 @@ import at.knowcenter.wag.egov.egiz.cfg.SettingsReader; import at.knowcenter.wag.egov.egiz.exceptions.PresentableException; import at.knowcenter.wag.egov.egiz.exceptions.SignatureException; import at.knowcenter.wag.egov.egiz.framework.SignatorFactory; +import at.knowcenter.wag.egov.egiz.pdf.NoSignatureHolder; import at.knowcenter.wag.egov.egiz.pdf.SignatureHolder; import at.knowcenter.wag.egov.egiz.pdf.TablePos; import at.knowcenter.wag.egov.egiz.sig.SignatureResponse; @@ -268,16 +269,24 @@ public class PdfAsObject implements PdfAs ExtractionStage es = new ExtractionStage(); List signature_holders = es.extractSignatureHolders(inputDataSource, parameters); - List sigInfs = new ArrayList(signature_holders.size()); +// List sigInfs = new ArrayList(signature_holders.size()); + List sigInfs = new ArrayList(); + List noSigs = new ArrayList(); Iterator it = signature_holders.iterator(); while (it.hasNext()) { SignatureHolder sh = (SignatureHolder)it.next(); - SignatureInformation si = new SignatureInformationAdapter(sh); - sigInfs.add(si); + + if(sh instanceof NoSignatureHolder) { + noSigs.add(sh); + } else { + + SignatureInformation si = new SignatureInformationAdapter(sh); + sigInfs.add(si); + } } - return new AnalyzeResultImpl(sigInfs); + return new AnalyzeResultImpl(sigInfs, noSigs); } /** @@ -308,7 +317,7 @@ public class PdfAsObject implements PdfAs { SignatureResponse response = (SignatureResponse) results.get(i); SignatureHolder holder = (SignatureHolder) signature_holders.get(i); - + VerifyResult vr = new VerifyResultAdapter(response, holder, verifyAfterAnalysisParameters.getVerificationTime()); vrs.add(vr); } diff --git a/src/main/java/at/gv/egiz/pdfas/impl/api/analyze/AnalyzeResultImpl.java b/src/main/java/at/gv/egiz/pdfas/impl/api/analyze/AnalyzeResultImpl.java index 87a14f0..7b1dffa 100644 --- a/src/main/java/at/gv/egiz/pdfas/impl/api/analyze/AnalyzeResultImpl.java +++ b/src/main/java/at/gv/egiz/pdfas/impl/api/analyze/AnalyzeResultImpl.java @@ -19,6 +19,32 @@ public class AnalyzeResultImpl implements AnalyzeResult * The found signatures. */ protected List signatures = null; + + /** + * The found non-signature update blocks. + */ + protected List noSignatures = null; + + + /** + * Constructor. + * + * @param signatures + * The found signatures. + * @param noSignatures + * The found non-signature update blocks. + */ + public AnalyzeResultImpl(List signatures, List noSignatures) + { + if (signatures == null) + { + throw new IllegalArgumentException("The list of found signatures must not be null."); + } + + this.signatures = signatures; + this.noSignatures = noSignatures; + } + /** * Constructor. @@ -44,4 +70,9 @@ public class AnalyzeResultImpl implements AnalyzeResult return this.signatures; } + public List getNoSignatures() { + + return this.noSignatures; + } + } diff --git a/src/main/java/at/gv/egiz/pdfas/impl/vfilter/VerificationFilterImpl.java b/src/main/java/at/gv/egiz/pdfas/impl/vfilter/VerificationFilterImpl.java index 2aa5c28..81b0364 100644 --- a/src/main/java/at/gv/egiz/pdfas/impl/vfilter/VerificationFilterImpl.java +++ b/src/main/java/at/gv/egiz/pdfas/impl/vfilter/VerificationFilterImpl.java @@ -37,6 +37,7 @@ import at.knowcenter.wag.egov.egiz.exceptions.SignatureException; import at.knowcenter.wag.egov.egiz.exceptions.SignatureTypesException; import at.knowcenter.wag.egov.egiz.pdf.AbsoluteTextSignature; import at.knowcenter.wag.egov.egiz.pdf.EGIZDate; +import at.knowcenter.wag.egov.egiz.pdf.NoSignatureHolder; import at.knowcenter.wag.egov.egiz.pdf.SignatureHolder; import at.knowcenter.wag.egov.egiz.pdf.TextualSignatureHolder; import at.knowcenter.wag.exactparser.parsing.results.FooterParseResult; @@ -280,10 +281,13 @@ public class VerificationFilterImpl implements VerificationFilter String check_doc = settings.getSetting(CHECK_DOCUMENT, "false"); // flags for determination of illegal incremental update - int sigs_found = 0; - int sigs_found_prev = 0; + int sigsFound = 0; + int sigsFoundPrev = 0; + boolean lastBlockWasModified = false; List partitionResults = new ArrayList(partitions.size()); + List nshList = new ArrayList(); + for (int i = 0; i < partitions.size(); i++) { Partition p = (Partition) partitions.get(i); @@ -307,8 +311,8 @@ public class VerificationFilterImpl implements VerificationFilter partitionResult = extractSignaturesFromPartition(pdf, tp); } - sigs_found_prev = sigs_found; - sigs_found = partitionResult.size(); + sigsFoundPrev = sigsFound; + sigsFound = partitionResult.size(); partitionResults.add(partitionResult); } else { // should be binary partition @@ -316,19 +320,28 @@ public class VerificationFilterImpl implements VerificationFilter BinaryPartition binpart = (BinaryPartition)p; // add number (n) of found binary signatures - if there is a subsequent textual partition, // at least n+1 sigs have to be found (note: sig-blocks of binary signatures are also extracted and detected) - sigs_found = sigs_found + binpart.blocks.size(); + sigsFound = sigsFound + binpart.blocks.size(); } } - // throw an Exception if there were already signatures, but current block does not contain any signatures - if((check_doc.equalsIgnoreCase("true"))&& ((sigs_found_prev > 0) && !(sigs_found > sigs_found_prev)) ) { - log.error("Illegal document modification!"); - throw new VerificationFilterException(ErrorCode.MODIFIED_AFTER_SIGNATION, "The document has been modified after being signed."); + // add NoSignatureHolder object if there were already signatures, but current block does not contain any signatures + if((check_doc.equalsIgnoreCase("true"))&& ((sigsFoundPrev > 0) && !(sigsFound > sigsFoundPrev)) ) { + + nshList.add(new NoSignatureHolder(sigsFound)); + + lastBlockWasModified = true; + } else { + lastBlockWasModified = false; } } + // throw an exception if the last update block does not contain a signature and signatures have been found in this document + if(lastBlockWasModified) { + throw new VerificationFilterException(ErrorCode.MODIFIED_AFTER_SIGNATION, "The document has been modified after being signed."); + } + List extractedSignatures = new ArrayList(); Iterator it = partitionResults.iterator(); List prevPartitionResult = null; @@ -355,12 +368,15 @@ public class VerificationFilterImpl implements VerificationFilter } List signatureHolderChain = intermingleSignatures(binarySignatures, extractedSignatures); - + if (oldSignature != null) { signatureHolderChain.add(0, oldSignature); } - + + // add the created NoSignatureHolders + signatureHolderChain.addAll(nshList); + return signatureHolderChain; } diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/NoSignatureHolder.java b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/NoSignatureHolder.java new file mode 100644 index 0000000..08e48bb --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/NoSignatureHolder.java @@ -0,0 +1,61 @@ +package at.knowcenter.wag.egov.egiz.pdf; + +import java.io.Serializable; + +import at.gv.egiz.pdfas.framework.input.DataSource; +import at.knowcenter.wag.egov.egiz.sig.SignatureObject; + +public class NoSignatureHolder implements Serializable, SignatureHolder { + + private static final long serialVersionUID = 1L; + + // # sigs before modification + private int position; + + public NoSignatureHolder(int pos) { + this.position = pos; + } + + public DataSource getDataSource() { + return null; + } + + public SignatureObject getSignatureObject() { + return null; + } + + public int getPosition() { + return this.position; + } + + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + this.position; + return result; + } + + public boolean equals(Object obj) { + + if (this == obj) { + return true; + } + + if (obj == null) { + return false; + } + + if (getClass() != obj.getClass()) { + return false; + } + + final NoSignatureHolder other = (NoSignatureHolder) obj; + + if (this.position != other.position) { + return false; + } + + return true; + } + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyServlet.java index 7b935de..eb07828 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyServlet.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyServlet.java @@ -20,6 +20,7 @@ package at.knowcenter.wag.egov.egiz.web.servlets; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URL; +import java.util.ArrayList; import java.util.Arrays; import java.util.Iterator; import java.util.List; @@ -50,6 +51,8 @@ import at.knowcenter.wag.egov.egiz.cfg.SettingsReader; import at.knowcenter.wag.egov.egiz.exceptions.PDFDocumentException; import at.knowcenter.wag.egov.egiz.exceptions.PresentableException; import at.knowcenter.wag.egov.egiz.exceptions.SettingNotFoundException; +import at.knowcenter.wag.egov.egiz.pdf.NoSignatureHolder; +import at.knowcenter.wag.egov.egiz.pdf.SignatureHolder; import at.knowcenter.wag.egov.egiz.sig.ConnectorFactory; import at.knowcenter.wag.egov.egiz.sig.SignatureResponse; import at.knowcenter.wag.egov.egiz.web.FormFields; @@ -324,12 +327,22 @@ public class VerifyServlet extends HttpServlet ExtractionStage es = new ExtractionStage(); List signature_holders = es.extractSignatureHolders(dataSource, parameters); - if (signature_holders.size() == 0) + // filter out NoSignatureHolders that are possibly present due to the direct call method extractSignatureHolders() + List filtered_signature_holders = new ArrayList(); + Iterator it = signature_holders.iterator(); + while(it.hasNext()) { + SignatureHolder current = (SignatureHolder) it.next(); + if(!(current instanceof NoSignatureHolder)) { + filtered_signature_holders.add(current); + } + } + + if (filtered_signature_holders.size() == 0) { throw new PDFDocumentException(206, "PDF document not signed."); //$NON-NLS-1$ } - return signature_holders; + return filtered_signature_holders; } // TODO obsolete method - remove -- cgit v1.2.3