From 1b337e50a9edb280aea49879f901613e1fe17b55 Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 26 Nov 2010 12:01:18 +0000 Subject: Changes for xmldsig reconstruction git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@612 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- src/main/java/at/gv/egiz/pdfas/api/PdfAs.java | 40 +++++ .../at/gv/egiz/pdfas/api/sign/SignParameters.java | 87 ++++++++- .../VerifyAfterReconstructXMLDsigParameters.java | 114 ++++++++++++ .../api/xmldsig/ExtendedSignatureInformation.java | 46 +++++ .../ReconstructXMLDsigAfterAnalysisParameters.java | 115 ++++++++++++ .../api/xmldsig/ReconstructXMLDsigParameters.java | 195 +++++++++++++++++++++ .../api/xmldsig/ReconstructXMLDsigResult.java | 41 +++++ .../at/gv/egiz/pdfas/api/xmldsig/XMLDsigData.java | 60 +++++++ 8 files changed, 697 insertions(+), 1 deletion(-) create mode 100644 src/main/java/at/gv/egiz/pdfas/api/verify/VerifyAfterReconstructXMLDsigParameters.java create mode 100644 src/main/java/at/gv/egiz/pdfas/api/xmldsig/ExtendedSignatureInformation.java create mode 100644 src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigAfterAnalysisParameters.java create mode 100644 src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigParameters.java create mode 100644 src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigResult.java create mode 100644 src/main/java/at/gv/egiz/pdfas/api/xmldsig/XMLDsigData.java (limited to 'src/main/java/at/gv/egiz/pdfas/api') diff --git a/src/main/java/at/gv/egiz/pdfas/api/PdfAs.java b/src/main/java/at/gv/egiz/pdfas/api/PdfAs.java index 6e63b85..a58fa7c 100644 --- a/src/main/java/at/gv/egiz/pdfas/api/PdfAs.java +++ b/src/main/java/at/gv/egiz/pdfas/api/PdfAs.java @@ -12,9 +12,13 @@ import at.gv.egiz.pdfas.api.exceptions.PdfAsException; import at.gv.egiz.pdfas.api.sign.SignParameters; import at.gv.egiz.pdfas.api.sign.SignResult; import at.gv.egiz.pdfas.api.verify.VerifyAfterAnalysisParameters; +import at.gv.egiz.pdfas.api.verify.VerifyAfterReconstructXMLDsigParameters; import at.gv.egiz.pdfas.api.verify.VerifyParameters; import at.gv.egiz.pdfas.api.verify.VerifyResult; import at.gv.egiz.pdfas.api.verify.VerifyResults; +import at.gv.egiz.pdfas.api.xmldsig.ReconstructXMLDsigAfterAnalysisParameters; +import at.gv.egiz.pdfas.api.xmldsig.ReconstructXMLDsigParameters; +import at.gv.egiz.pdfas.api.xmldsig.ReconstructXMLDsigResult; /** * The PDF-AS API main interface. @@ -24,9 +28,14 @@ import at.gv.egiz.pdfas.api.verify.VerifyResults; *

* * @author wprinz + * @author exthex */ public interface PdfAs { +// 23.11.2010 changed by exthex - added: +// reconstructXMLDSIG(ReconstructXMLDsigParameters reconstructXMLDsigParameters) +// reconstructXMLDSIG(ReconstructXMLDsigAfterAnalysisParameters reconstructXMLDsigParameters) +// verify(VerifyAfterReconstructXMLDsigParameters verifyAfterReconstructXMLDsigParameters) /** * Signs a PDF document using PDF-AS. @@ -73,6 +82,26 @@ public interface PdfAs */ public AnalyzeResult analyze(AnalyzeParameters analyzeParameters) throws PdfAsException; + /** + * Reconstruct the from the given parameters. + * + * @param reconstructXMLDsigParameters + * The data from which to reconstruct the xmldsig + * @return a list of xmldsigs, one for each signature in the document + * @throws PdfAsException if the reconstruction fails + */ + public ReconstructXMLDsigResult reconstructXMLDSIG(ReconstructXMLDsigParameters reconstructXMLDsigParameters) throws PdfAsException; + + /** + * Reconstruct the from the given parameters. + * + * @param reconstructXMLDsigParameters + * The data from which to reconstruct the xmldsigs + * @return a list of xmldsigs, one for each signature in the document + * @throws PdfAsException + */ + public ReconstructXMLDsigResult reconstructXMLDSIG(ReconstructXMLDsigAfterAnalysisParameters reconstructXMLDsigParameters) throws PdfAsException; + /** * Verifies a list of signatures that have been analyzed previously. * @@ -90,6 +119,17 @@ public interface PdfAs */ public VerifyResults verify(VerifyAfterAnalysisParameters verifyAfterAnalysisParameters) throws PdfAsException; + /** + * Verifies a list of signatures that have been analyzed previously and the xmldsigs have been reconstructed. + * + * @param verifyAfterReconstructXMLDsigParameters + * The parameters. + * @return the verification results. + * @throws PdfAsException + * Thrown on error. + */ + public VerifyResults verify(VerifyAfterReconstructXMLDsigParameters verifyAfterReconstructXMLDsigParameters) throws PdfAsException; + /** * Reloads the configuration from the work directory. * diff --git a/src/main/java/at/gv/egiz/pdfas/api/sign/SignParameters.java b/src/main/java/at/gv/egiz/pdfas/api/sign/SignParameters.java index 7dd2f6d..fc4ebaf 100644 --- a/src/main/java/at/gv/egiz/pdfas/api/sign/SignParameters.java +++ b/src/main/java/at/gv/egiz/pdfas/api/sign/SignParameters.java @@ -16,6 +16,27 @@ import at.gv.egiz.pdfas.api.timestamp.TimeStamper; */ public class SignParameters { +// 23.11.2010 changed by exthex - added parameters for placeholder handling + /** + * Strict matching mode for placeholder extraction.
+ * If the placeholder with the given id is not found in the document, an exception will be thrown. + */ + public static final int PLACEHOLDER_MATCH_MODE_STRICT = 0; + + /** + * A moderate matching mode for placeholder extraction.
+ * If the placeholder with the given id is not found in the document, the first placeholder without an id will be taken.
+ * If there is no such placeholder, the signature will be placed as usual, according to the pos parameter of the signature profile used. + */ + public static final int PLACEHOLDER_MATCH_MODE_MODERATE = 1; + + /** + * A more lenient matching mode for placeholder extraction.
+ * If the placeholder with the given id is not found in the document, the first found placeholder will be taken, regardless if it has an id set, or not.
+ * If there is no placeholder at all, the signature will be placed as usual, according to the pos parameter of the signature profile used. + */ + public static final int PLACEHOLDER_MATCH_MODE_LENIENT = 2; + /** * The document to be signed. * @@ -99,8 +120,26 @@ public class SignParameters protected DataSink output = null; protected TimeStamper timeStamperImpl; + + /** + * + */ + protected boolean checkForPlaceholder; + + /** + * The id of the placeholder which should be replaced. + */ + protected String placeholderId; + + /** + * The matching mode for placeholder extraction.
+ * If a {@link SignParameters#placeholderId} is set, the match mode determines what is to be done, if no matching placeholder is found in the document. + *
+ * Defaults to {@link SignParameters#PLACEHOLDER_MATCH_MODE_MODERATE}. + */ + protected int placeholderMatchMode = PLACEHOLDER_MATCH_MODE_MODERATE; - + /** * {@link #setTimeStamperImpl(TimeStamper)} * @return @@ -236,5 +275,51 @@ public class SignParameters this.signatureKeyIdentifier = signatureKeyIdentifier; } + /** + * + * @return + */ + public boolean isCheckForPlaceholder() { + return this.checkForPlaceholder; + } + + /** + * + * @param check + */ + public void setCheckForPlaceholder(boolean check) { + this.checkForPlaceholder = check; + } + + /** + * + * @param placeholderId + */ + public void setPlaceholderId(String placeholderId) { + this.placeholderId = placeholderId; + } + + /** + * + * @return the placeholderId + */ + public String getPlaceholderId() { + return placeholderId; + } + + /** + * + * @param placeholderMatchMode + */ + public void setPlaceholderMatchMode(int placeholderMatchMode) { + this.placeholderMatchMode = placeholderMatchMode; + } + /** + * + * @return the placeholderMatchMode + */ + public int getPlaceholderMatchMode() { + return this.placeholderMatchMode; + } } diff --git a/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyAfterReconstructXMLDsigParameters.java b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyAfterReconstructXMLDsigParameters.java new file mode 100644 index 0000000..11ddb28 --- /dev/null +++ b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyAfterReconstructXMLDsigParameters.java @@ -0,0 +1,114 @@ +package at.gv.egiz.pdfas.api.verify; + +import java.util.Date; + +import at.gv.egiz.pdfas.api.commons.Constants; +import at.gv.egiz.pdfas.api.xmldsig.ReconstructXMLDsigResult; + +/** + * This class represents the parameters needed for verify after reconstructXMLDsig has already been executed. + * + * @author exthex + * + */ +public class VerifyAfterReconstructXMLDsigParameters { + + /** + * The list of signatures to be verified. + */ + protected ReconstructXMLDsigResult reconstructXMLDsigResult = null; + + /** + * The signature device to perform the actual signature. + * + *

+ * May be {@link Constants#SIGNATURE_DEVICE_MOA} or + * {@link Constants#SIGNATURE_DEVICE_BKU}. + *

+ */ + protected String signatureDevice = Constants.SIGNATURE_DEVICE_MOA; + + /** + * Allows to pass a VerificationTime to the signature device. + */ + protected Date verificationTime = null; + + /** + * Tells the signature device (e.g. MOA) to return the signature hash input + * data (which is the probably transformed signed data). + * + *

+ * Note that this forces MOA to return the potentially large signature data to + * be returned in the result XML, which may result in very bad performance. + *

+ */ + protected boolean returnHashInputData = false; + + /** + * @return the reconstructXMLDsigResult + */ + public ReconstructXMLDsigResult getReconstructXMLDsigResult() + { + return this.reconstructXMLDsigResult; + } + + /** + * @param reconstructXMLDsigResult + * the reconstructXMLDsigResult to set + */ + public void setReconstructXMLDsigResult(ReconstructXMLDsigResult reconstructXMLDsigResult) + { + this.reconstructXMLDsigResult = reconstructXMLDsigResult; + } + + /** + * @return the signatureDevice + */ + public String getSignatureDevice() + { + return this.signatureDevice; + } + + /** + * @param signatureDevice + * the signatureDevice to set + */ + public void setSignatureDevice(String signatureDevice) + { + this.signatureDevice = signatureDevice; + } + + /** + * @return the verificationTime + */ + public Date getVerificationTime() + { + return this.verificationTime; + } + + /** + * @param verificationTime the verificationTime to set + */ + public void setVerificationTime(Date verificationTime) + { + this.verificationTime = verificationTime; + } + + /** + * @return the returnHashInputData + */ + public boolean isReturnHashInputData() + { + return this.returnHashInputData; + } + + /** + * @param returnHashInputData + * the returnHashInputData to set + */ + public void setReturnHashInputData(boolean returnHashInputData) + { + this.returnHashInputData = returnHashInputData; + } + +} diff --git a/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ExtendedSignatureInformation.java b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ExtendedSignatureInformation.java new file mode 100644 index 0000000..2d805c2 --- /dev/null +++ b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ExtendedSignatureInformation.java @@ -0,0 +1,46 @@ +package at.gv.egiz.pdfas.api.xmldsig; + +import at.gv.egiz.pdfas.api.commons.SignatureInformation; + +/** + * A wrapper to combine {@link SignatureInformation} and {@link XMLDsigData} + * + * @author exthex + * + */ +public class ExtendedSignatureInformation { + + private final SignatureInformation signatureInformation; + + private final XMLDsigData xmlDsigData; + + /** + * Constructor. + * + * @param siginfo + * The signature information + * @param dsigData + * The matching xmldsig to the signature information. + */ + public ExtendedSignatureInformation(SignatureInformation siginfo, XMLDsigData dsigData) { + this.signatureInformation = siginfo; + this.xmlDsigData = dsigData; + } + + /** + * + * @return the signatureInformation + */ + public SignatureInformation getSignatureInformation() { + return signatureInformation; + } + + /** + * + * @return the xmlDsigData + */ + public XMLDsigData getXmlDsigData() { + return xmlDsigData; + } + +} diff --git a/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigAfterAnalysisParameters.java b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigAfterAnalysisParameters.java new file mode 100644 index 0000000..1f0ecc5 --- /dev/null +++ b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigAfterAnalysisParameters.java @@ -0,0 +1,115 @@ +package at.gv.egiz.pdfas.api.xmldsig; + +import java.util.Date; + +import at.gv.egiz.pdfas.api.analyze.AnalyzeResult; +import at.gv.egiz.pdfas.api.commons.Constants; + +/** + * Parameters for the reconstructXMLDsig method which is to be called after a analyze call. + * + * @author exthex + * + */ +public class ReconstructXMLDsigAfterAnalysisParameters { + + + /** + * The list of signatures to be verified. + */ + protected AnalyzeResult analyzeResult = null; + + /** + * The signature device to perform the actual signature. + * + *

+ * May be {@link Constants#SIGNATURE_DEVICE_MOA} or + * {@link Constants#SIGNATURE_DEVICE_BKU}. + *

+ */ + protected String signatureDevice = Constants.SIGNATURE_DEVICE_MOA; + + /** + * Allows to pass a VerificationTime to the signature device. + */ + protected Date verificationTime = null; + + /** + * Tells the signature device (e.g. MOA) to return the signature hash input + * data (which is the probably transformed signed data). + * + *

+ * Note that this forces MOA to return the potentially large signature data to + * be returned in the result XML, which may result in very bad performance. + *

+ */ + protected boolean returnHashInputData = false; + + /** + * @return the analyzeResult + */ + public AnalyzeResult getAnalyzeResult() + { + return this.analyzeResult; + } + + /** + * @param analyzeResult + * the analyzeResult to set + */ + public void setAnalyzeResult(AnalyzeResult analyzeResult) + { + this.analyzeResult = analyzeResult; + } + + /** + * @return the signatureDevice + */ + public String getSignatureDevice() + { + return this.signatureDevice; + } + + /** + * @param signatureDevice + * the signatureDevice to set + */ + public void setSignatureDevice(String signatureDevice) + { + this.signatureDevice = signatureDevice; + } + + /** + * @return the verificationTime + */ + public Date getVerificationTime() + { + return this.verificationTime; + } + + /** + * @param verificationTime the verificationTime to set + */ + public void setVerificationTime(Date verificationTime) + { + this.verificationTime = verificationTime; + } + + /** + * @return the returnHashInputData + */ + public boolean isReturnHashInputData() + { + return this.returnHashInputData; + } + + /** + * @param returnHashInputData + * the returnHashInputData to set + */ + public void setReturnHashInputData(boolean returnHashInputData) + { + this.returnHashInputData = returnHashInputData; + } + +} diff --git a/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigParameters.java b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigParameters.java new file mode 100644 index 0000000..346cc70 --- /dev/null +++ b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigParameters.java @@ -0,0 +1,195 @@ +package at.gv.egiz.pdfas.api.xmldsig; + +import java.util.Date; + +import at.gv.egiz.pdfas.api.PdfAs; +import at.gv.egiz.pdfas.api.commons.Constants; +import at.gv.egiz.pdfas.api.io.DataSource; + +/** + * Parameters for the {@link PdfAs#reconstructXMLDSIG(ReconstructXMLDsigParameters)} method. + * No need to call analyze before calling this method. + * + * @author exthex + * + */ +public class ReconstructXMLDsigParameters { + + /** + * The document to be verified. + */ + protected DataSource document = null; + + /** + * The signature device to perform the actual signature. + * + *

+ * May be {@link Constants#SIGNATURE_DEVICE_MOA} or + * {@link Constants#SIGNATURE_DEVICE_BKU}. + *

+ */ + protected String signatureDevice = Constants.SIGNATURE_DEVICE_MOA; + + /** + * The mode of operation how the document is analyzed. + * + *

+ * May be {@link Constants#VERIFY_MODE_BINARY_ONLY} to check the document for + * binary signatures only (very fast). Or may be + * {@link Constants#VERIFY_MODE_SEMI_CONSERVATIVE} to perform a semi + * conservative (optimized) text and binary verification (slow). Or may be + * {@link Constants#VERIFY_MODE_FULL_CONSERVATIVE} to perform a full + * conservative text and binary verification (very slow). + *

+ */ + protected String verifyMode = Constants.VERIFY_MODE_FULL_CONSERVATIVE; + + /** + * The (zero based) index of the signature to verify. + * + *

+ * This allows to verify only one found signature instead of all. {@link Constants#VERIFY_ALL} means to + * verify all found signatures. + *

+ */ + protected int signatureToVerify = Constants.VERIFY_ALL; + + /** + * Allows to pass a VerificationTime to the verification device. + * + *

+ * Note that the actual usage of this parameter depends on the verification device. + *

+ */ + protected Date verificationTime = null; + + /** + * Tells the signature device (e.g. MOA) to return the signature hash input + * data (which is the probably transformed signed data). + * + *

+ * Note that this forces MOA to return the potentially large signature data to + * be returned in the result XML, which may result in very bad performance. + *

+ */ + protected boolean returnHashInputData = false; + + protected boolean returnNonTextualObjects = false; + + /** + * @return the document + */ + public DataSource getDocument() + { + return this.document; + } + + /** + * @param document + * the document to set + */ + public void setDocument(DataSource document) + { + this.document = document; + } + + /** + * @return the signatureDevice + */ + public String getSignatureDevice() + { + return this.signatureDevice; + } + + /** + * @param signatureDevice + * the signatureDevice to set + */ + public void setSignatureDevice(String signatureDevice) + { + this.signatureDevice = signatureDevice; + } + + /** + * @return the verifyMode + */ + public String getVerifyMode() + { + return this.verifyMode; + } + + /** + * @param verifyMode + * the verifyMode to set + */ + public void setVerifyMode(String verifyMode) + { + this.verifyMode = verifyMode; + } + + /** + * @return the signatureToVerify + */ + public int getSignatureToVerify() + { + return this.signatureToVerify; + } + + /** + * @param signatureToVerify + * the signatureToVerify to set + */ + public void setSignatureToVerify(int signatureToVerify) + { + this.signatureToVerify = signatureToVerify; + } + + /** + * @return the verificationTime + */ + public Date getVerificationTime() + { + return this.verificationTime; + } + + /** + * @param verificationTime + * the verificationTime to set + */ + public void setVerificationTime(Date verificationTime) + { + this.verificationTime = verificationTime; + } + + /** + * @return the returnHashInputData + */ + public boolean isReturnHashInputData() + { + return this.returnHashInputData; + } + + /** + * @param returnHashInputData + * the returnHashInputData to set + */ + public void setReturnHashInputData(boolean returnHashInputData) + { + this.returnHashInputData = returnHashInputData; + } + + public boolean isReturnNonTextualObjects() { + return this.returnNonTextualObjects; + } + + /** + * Tells if non text object of the signed pdf should be extracted and returned. + * One should show this to the user, especially in case of textual signature. + * Defaults to false + * + * @param returnNonTextualObjects + */ + public void setReturnNonTextualObjects(boolean returnNonTextualObjects) { + this.returnNonTextualObjects = returnNonTextualObjects; + } +} diff --git a/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigResult.java b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigResult.java new file mode 100644 index 0000000..078167d --- /dev/null +++ b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/ReconstructXMLDsigResult.java @@ -0,0 +1,41 @@ +package at.gv.egiz.pdfas.api.xmldsig; + +import java.util.List; + +import at.gv.egiz.pdfas.api.commons.SignatureInformation; + +/** + * The result of a reconstructXMLDsig call.
+ * This is just a wrapper for a list of {@link ExtendedSignatureInformation}s + * + * + * @author exthex + */ +public class ReconstructXMLDsigResult { + + private List extendedSignatures; + + /** + * Set the extendedSignatures. + * + * @param extendedSignatures + * The list of {@link ExtendedSignatureInformation}s to set + * @return this + */ + public ReconstructXMLDsigResult setExtendedSignatures(List extendedSignatures) { + this.extendedSignatures = extendedSignatures; + return this; + } + + /** + * Returns the list of found signatures. + * + * @return Returns a list of {@link ExtendedSignatureInformation} objects representing all + * found signatures + {@link XMLDsigData}. + * @see SignatureInformation + */ + public List getExtendedSignatures() { + return this.extendedSignatures; + } + +} diff --git a/src/main/java/at/gv/egiz/pdfas/api/xmldsig/XMLDsigData.java b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/XMLDsigData.java new file mode 100644 index 0000000..ee83ea6 --- /dev/null +++ b/src/main/java/at/gv/egiz/pdfas/api/xmldsig/XMLDsigData.java @@ -0,0 +1,60 @@ +package at.gv.egiz.pdfas.api.xmldsig; + +/** + * A container for XMLDsig data. + * + * @author exthex + * + */ +public class XMLDsigData { + + private String xmlDsig; + + private boolean detached; + + /** + * Constructor. + * + * @param xmldsig the xml string of the xmldsig. + * @param detached true if detached, false otherwise + */ + public XMLDsigData(String xmldsig, boolean detached) { + this.xmlDsig = xmldsig; + this.detached = detached; + } + + /** + * Get the xmldsig string + * @return + */ + public String getXmlDsig() { + return xmlDsig; + } + + /** + * Set the xmldsig string. + * + * @param xmlDsig + */ + public void setXmlDsig(String xmlDsig) { + this.xmlDsig = xmlDsig; + } + + /** + * + * @return true if detached, false otherwise + */ + public boolean isDetached() { + return detached; + } + + /** + * Set the detached. + * + * @param detached + */ + public void setDetached(boolean detached) { + this.detached = detached; + } + +} -- cgit v1.2.3