From 535a04fa05f739ec16dd81666e3b0f82dfbd442d Mon Sep 17 00:00:00 2001 From: tknall Date: Wed, 9 Jan 2013 15:41:29 +0000 Subject: pdf-as-lib maven project files moved to pdf-as-lib git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/pdf-as/trunk@926 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- .../main/java/demo/SignatureVerificationDemo.java | 265 +++++++++++++++++++++ 1 file changed, 265 insertions(+) create mode 100644 pdf-as-lib/src/main/java/demo/SignatureVerificationDemo.java (limited to 'pdf-as-lib/src/main/java/demo/SignatureVerificationDemo.java') diff --git a/pdf-as-lib/src/main/java/demo/SignatureVerificationDemo.java b/pdf-as-lib/src/main/java/demo/SignatureVerificationDemo.java new file mode 100644 index 0000000..878ff08 --- /dev/null +++ b/pdf-as-lib/src/main/java/demo/SignatureVerificationDemo.java @@ -0,0 +1,265 @@ +/** + * Copyright 2006 by Know-Center, Graz, Austria + * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a + * joint initiative of the Federal Chancellery Austria and Graz University of + * Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package demo; + +import java.io.File; +import java.io.IOException; +import java.io.PrintWriter; +import java.util.Iterator; +import java.util.List; + +import at.gv.egiz.pdfas.PdfAsFactory; +import at.gv.egiz.pdfas.api.PdfAs; +import at.gv.egiz.pdfas.api.analyze.AnalyzeParameters; +import at.gv.egiz.pdfas.api.analyze.AnalyzeResult; +import at.gv.egiz.pdfas.api.analyze.NonTextObjectInfo; +import at.gv.egiz.pdfas.api.commons.Constants; +import at.gv.egiz.pdfas.api.commons.SignatureInformation; +import at.gv.egiz.pdfas.api.exceptions.PdfAsException; +import at.gv.egiz.pdfas.api.io.DataSource; +import at.gv.egiz.pdfas.api.verify.VerifyAfterAnalysisParameters; +import at.gv.egiz.pdfas.api.verify.VerifyAfterReconstructXMLDsigParameters; +import at.gv.egiz.pdfas.api.verify.VerifyResult; +import at.gv.egiz.pdfas.api.verify.VerifyResults; +import at.gv.egiz.pdfas.api.xmldsig.ExtendedSignatureInformation; +import at.gv.egiz.pdfas.api.xmldsig.ReconstructXMLDsigAfterAnalysisParameters; +import at.gv.egiz.pdfas.api.xmldsig.ReconstructXMLDsigResult; +import at.gv.egiz.pdfas.api.xmldsig.XMLDsigData; +import at.gv.egiz.pdfas.commandline.Main; +import at.gv.egiz.pdfas.exceptions.ErrorCode; +import at.gv.egiz.pdfas.exceptions.ErrorCodeHelper; +import at.gv.egiz.pdfas.framework.config.SettingsHelper; +import at.gv.egiz.pdfas.framework.vfilter.VerificationFilterParameters; +import at.gv.egiz.pdfas.io.FileBasedDataSource; + +public class SignatureVerificationDemo { + + /** + * Starts a demo that verifies a document. + * + * @param args + * The parameter(s). + */ + public static void main(String[] args) { + + if (args == null || args.length == 0) { + System.err.println("Please provide path of file to be verified."); + System.exit(1); + } + + File configdir = new File("./work"); + File signedFile = new File(args[0]); + + AnalyzeResult analyzeResult = null; + + try { + + // instantiate api + PdfAs pdfasAPI = PdfAsFactory.createPdfAs(configdir); + + // set source + DataSource dataSource = new FileBasedDataSource(signedFile, "application/pdf"); + + // evaluate settings + VerificationFilterParameters parameters = SettingsHelper.readVerificationFilterParametersFromSettings(); + String verifyMode = Constants.VERIFY_MODE_FULL_CONSERVATIVE; + + if (parameters.extractBinarySignaturesOnly()) { + verifyMode = Constants.VERIFY_MODE_BINARY_ONLY; + } else if (parameters.assumeOnlySignatureUpdateBlocks()) { + verifyMode = Constants.VERIFY_MODE_SEMI_CONSERVATIVE; + } else { + verifyMode = Constants.VERIFY_MODE_FULL_CONSERVATIVE; + } + + // configure analyze parameters + AnalyzeParameters analyzeParameters = new AnalyzeParameters(); + analyzeParameters.setDocument(dataSource); + analyzeParameters.setVerifyMode(verifyMode); + analyzeParameters.setReturnNonTextualObjects(true); + + // analyze + System.out.println("Analyzing..."); + analyzeResult = pdfasAPI.analyze(analyzeParameters); + System.out.println("Successfully analyzed."); + + // information on non-textual objects can be used after analysis step and/or after verification + List signatures = analyzeResult.getSignatures(); + if (signatures != null && !signatures.isEmpty()) { + int counter = 0; + Iterator sigIterator = signatures.iterator(); + while (sigIterator.hasNext()) { + counter++; + SignatureInformation sigInfo = (SignatureInformation) sigIterator.next(); + System.out.println("\n------------------------ SIGNATURE #" + counter + " ------------------------"); + if (sigInfo.hasNonTextualObjects()) { + System.out.println("\nWARNING: " + sigInfo.getNonTextualObjects().size() + " non textual object(s) detected for this signature."); + Iterator noit = sigInfo.getNonTextualObjects().iterator(); + while (noit.hasNext()) { + NonTextObjectInfo info = (NonTextObjectInfo) noit.next(); + System.out.println(" -> " + info.toString()); + } + System.out.println(); + + } else { + System.out.println("\nNo non-textual objects detected for this signature."); + } + } + } else { + if (analyzeResult != null && analyzeResult.hasBeenCorrected()) { + System.err.println("The document could not been processed, maybe due to modification by third party tools. An attempt to correct the document was successful but no verifiable signatures could be found. This/these signature(s) - if any - might got lost."); + } else { + System.err.println("No signatures found."); + } + System.exit(1); + } + + // retrieve reconstructed signature + ReconstructXMLDsigAfterAnalysisParameters recstrParams = new ReconstructXMLDsigAfterAnalysisParameters(); + recstrParams.setAnalyzeResult(analyzeResult); + recstrParams.setSignatureDevice(Constants.SIGNATURE_DEVICE_MOA); + ReconstructXMLDsigResult recstrResult = pdfasAPI.reconstructXMLDSIG(recstrParams); + + // it is now possible to retrieve the reconstructed XMLDSig and the underlying signed + // data without invoking signature verification. Just enable the following block + /* + List extSigInfoList = recstrResult.getExtendedSignatures(); + if (extSigInfoList != null && !extSigInfoList.isEmpty()) { + Iterator it = extSigInfoList.iterator(); + while (it.hasNext()) { + ExtendedSignatureInformation extSigInfo = (ExtendedSignatureInformation) it.next(); + SignatureInformation sigInfo = extSigInfo.getSignatureInformation(); + XMLDsigData xmlDSigData = extSigInfo.getXmlDsigData(); + // output XMLDSIG somewhere: xmlDSigData.getXmlDsig() + if (xmlDSigData.isDetached()) { + DataSource signedDataSource = sigInfo.getSignedData(); + // output signed data somewhere: signedDataSource.getAsByteArray() + } + } + } + */ + + // setup verification + + // verification without intermediate step of reconstruction + /* + VerifyAfterAnalysisParameters vaap = new VerifyAfterAnalysisParameters(); + vaap.setAnalyzeResult(analyzeResult); + vaap.setReturnHashInputData(true); + vaap.setSignatureDevice(Constants.SIGNATURE_DEVICE_MOA); + vaap.setVerificationTime(null); + // try to validate all signatures (do not throw exceptions while validating single signatures) + // use result.isVerificationDone() in order to find out if a signatures was successfully verified + vaap.setSuppressVerifyExceptions(true); + */ + + // verification with intermediate step of reconstruction + VerifyAfterReconstructXMLDsigParameters varp = new VerifyAfterReconstructXMLDsigParameters(); + varp.setReconstructXMLDsigResult(recstrResult); + varp.setReturnHashInputData(true); + // not needed since already set in recstrParams (the reconstruction step) + // varp.setSignatureDevice(Constants.SIGNATURE_DEVICE_MOA); + varp.setVerificationTime(null); + // try to validate all signatures (do not throw exceptions while validating single signatures) + // use result.isVerificationDone() in order to find out if a signatures was successfully verified + varp.setSuppressVerifyExceptions(true); + + // invoke verification + System.out.println("Verifying..."); + + // without intermediate step of reconstruction + /* + VerifyResults verifyResults = pdfasAPI.verify(vaap); + */ + + // with intermediate step of reconstruction + VerifyResults verifyResults = pdfasAPI.verify(varp); + + // retrieve results + List verifyResultList = verifyResults.getResults(); + System.out.println("Verification complete.\n"); + + // iterate over results + PrintWriter out = new PrintWriter(System.out); + Iterator it = verifyResultList.iterator(); + int counter = 0; + while (it.hasNext()) { + counter++; + VerifyResult result = (VerifyResult) it.next(); + out.println("\n------------------------ SIGNATURE #" + counter + " ------------------------\n"); + + // check if signature verification of the current signature was successfully completed (independent from result) + if (!result.isVerificationDone()) { + PdfAsException ex = result.getVerificationException(); + out.println(ErrorCodeHelper.formErrorMessage(ex)); + continue; + } + + Main.formatVerifyResult(result, out); + XMLDsigData xmlDSigData = result.getReconstructedXMLDsig(); + if (xmlDSigData != null) { + out.println("\n --- XMLDSIG start ---"); + out.println(" " + xmlDSigData.getXmlDsig()); + out.println(" --- XMLDSIG end ---"); + // fetch data + // either use result.getHashInputData() (provided varp.setReturnHashInputData(...) has been set true + // or use + byte[] data = result.getSignedData().getAsByteArray(); + out.println("\n Signed Data: " + data.length + " bytes (" + result.getSignatureType() + ")"); + } + + // check if there are timestamps + if (result.getTimeStampValue() != null) { + out.println("\n TimeStamp value available for this signature"); + } + + // check if non textual elements have been detected for this signature + if (result.hasNonTextualObjects()) { + out.println("\n WARNING: " + result.getNonTextualObjects().size() + " non textual object(s) detected for this signature"); + Iterator noit = result.getNonTextualObjects().iterator(); + while (noit.hasNext()) { + NonTextObjectInfo info = (NonTextObjectInfo) noit.next(); + out.println(" -> " + info.toString()); + } + out.println(); + + } else { + out.println("\n No non-textual objects detected for this signature."); + } + } + out.flush(); + + } catch (PdfAsException e) { + if (ErrorCode.DOCUMENT_NOT_SIGNED == e.getErrorCode() && analyzeResult != null && analyzeResult.hasBeenCorrected()) { + System.err.println("\nThe document could not been processed, maybe due to modification by third party tools. An attempt to correct the document was successful but no verifiable signatures could be found. This/these signature(s) - if any - might got lost."); + } else { + e.printStackTrace(); + } + } catch (IOException e) { + e.printStackTrace(); + } + + } + +} -- cgit v1.2.3