aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2014-11-24 15:45:18 +0100
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2014-11-24 15:45:18 +0100
commit7b402478784fe7237ade7c32d07f034fd7083bb7 (patch)
tree28244a16c2699a8e06d86aae90707bb5c846a3f7
parent2ff0b5d7489909561b2122284bd7e60fee8c5baf (diff)
downloadpdf-as-4-7b402478784fe7237ade7c32d07f034fd7083bb7.tar.gz
pdf-as-4-7b402478784fe7237ade7c32d07f034fd7083bb7.tar.bz2
pdf-as-4-7b402478784fe7237ade7c32d07f034fd7083bb7.zip
verification changes
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IntegrityVerifier.java122
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/util/SignatureUtils.java136
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java2
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PositioningInstruction.java6
-rw-r--r--pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox/positioning/Positioning.java83
-rw-r--r--pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PADESPDFBOXSigner.java46
-rw-r--r--pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PdfboxSignerWrapper.java3
-rw-r--r--signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java12
8 files changed, 319 insertions, 91 deletions
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IntegrityVerifier.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IntegrityVerifier.java
index bb0f3268..9142bc68 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IntegrityVerifier.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IntegrityVerifier.java
@@ -2,9 +2,12 @@ package at.gv.egiz.pdfas.lib.impl.verify;
import iaik.asn1.ObjectID;
import iaik.asn1.structures.AlgorithmID;
+import iaik.asn1.structures.Attribute;
import iaik.cms.ContentInfo;
import iaik.cms.SignedData;
import iaik.cms.SignerInfo;
+import iaik.smime.ess.SigningCertificate;
+import iaik.smime.ess.SigningCertificateV2;
import iaik.x509.X509Certificate;
import java.io.ByteArrayInputStream;
@@ -16,6 +19,7 @@ import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.pdfas.common.exceptions.PDFASError;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException;
import at.gv.egiz.pdfas.lib.api.Configuration;
@@ -26,25 +30,25 @@ public class IntegrityVerifier implements IVerifier {
private static final Logger logger = LoggerFactory
.getLogger(IntegrityVerifier.class);
-
+
public List<VerifyResult> verify(byte[] signature, byte[] signatureContent,
Date verificationTime) throws PdfAsException {
try {
List<VerifyResult> result = new ArrayList<VerifyResult>();
-
- SignedData signedData = new SignedData(signatureContent, new AlgorithmID[] {
- AlgorithmID.sha256, AlgorithmID.sha1, AlgorithmID.ripeMd160, AlgorithmID.ripeMd160_ISO
- });
- ContentInfo ci = new ContentInfo(new ByteArrayInputStream(signature
- ));
+
+ SignedData signedData = new SignedData(signatureContent,
+ new AlgorithmID[] { AlgorithmID.sha256, AlgorithmID.sha1,
+ AlgorithmID.ripeMd160, AlgorithmID.ripeMd160_ISO });
+ ContentInfo ci = new ContentInfo(
+ new ByteArrayInputStream(signature));
if (!ci.getContentType().equals(ObjectID.cms_signedData)) {
throw new PdfAsException("error.pdf.verify.01");
}
- //SignedData signedData = (SignedData)ci.getContent();
- //signedData.setContent(contentData);
+ // SignedData signedData = (SignedData)ci.getContent();
+ // signedData.setContent(contentData);
signedData.decode(ci.getContentInputStream());
-
+
// get the signer infos
SignerInfo[] signerInfos = signedData.getSignerInfos();
// verify the signatures
@@ -53,33 +57,97 @@ public class IntegrityVerifier implements IVerifier {
try {
// verify the signature for SignerInfo at index i
X509Certificate signer_cert = signedData.verify(i);
- logger.info("Signature Algo: {}, Digest {}",
- signedData.getSignerInfos()[i].getSignatureAlgorithm(),
+
+ // Verify signing Certificate
+ Attribute signedCertificate = signerInfos[0]
+ .getSignedAttribute(ObjectID.signingCertificate);
+
+ if (signedCertificate == null) {
+ signedCertificate = signerInfos[0]
+ .getSignedAttribute(ObjectID.signingCertificateV2);
+ if (signedCertificate == null) {
+ logger.error("Signature ERROR missing signed Signing Certificate: ");
+
+ throw new SignatureException("Signature ERROR missing signed Signing Certificate");
+ } else {
+ // Validate signingCertificate2
+ try {
+ SigningCertificateV2 signingCert = (SigningCertificateV2) signedCertificate
+ .getAttributeValue();
+
+ if (signingCert
+ .isSignerCertificate(signer_cert)) {
+ // OK
+ logger.debug("Found and verified SigningCertificateV2");
+ } else {
+ logger.error("Signature ERROR certificate missmatch: ");
+
+ throw new SignatureException("Signature ERROR certificate missmatch");
+ }
+ } catch (Throwable e) {
+ logger.error("Signature ERROR wrong encoding for ESSCertIDv2");
+
+ throw new SignatureException("Signature ERROR wrong encoding for ESSCertIDv2");
+ }
+ }
+ } else {
+ // Validate signingCertificate
+ try {
+ SigningCertificate signingCert = (SigningCertificate) signedCertificate
+ .getAttributeValue();
+ if (signingCert.isSignerCertificate(signer_cert)) {
+ // OK
+ logger.debug("Found and verified SigningCertificate");
+ } else {
+ logger.error("Signature ERROR certificate missmatch");
+
+ throw new SignatureException("Signature ERROR certificate missmatch");
+ }
+ } catch (Throwable e) {
+ logger.error("Signature ERROR wrong encoding for ESSCertIDv2");
+
+ throw new SignatureException("Signature ERROR wrong encoding for ESSCertIDv2", e);
+ }
+ }
+
+ logger.info("Signature Algo: {}, Digest {}", signedData
+ .getSignerInfos()[i].getSignatureAlgorithm(),
signedData.getSignerInfos()[i].getDigestAlgorithm());
// if the signature is OK the certificate of the
// signer is returned
logger.info("Signature OK from signer: "
+ signer_cert.getSubjectDN());
verifyResult.setSignerCertificate(signer_cert);
- verifyResult.setValueCheckCode(new SignatureCheckImpl(0, "OK"));
- verifyResult.setManifestCheckCode(new SignatureCheckImpl(99, "not checked"));
- verifyResult.setCertificateCheck(new SignatureCheckImpl(99, "not checked"));
+ verifyResult.setValueCheckCode(new SignatureCheckImpl(0,
+ "OK"));
+ verifyResult.setManifestCheckCode(new SignatureCheckImpl(
+ 99, "not checked"));
+ verifyResult.setCertificateCheck(new SignatureCheckImpl(99,
+ "not checked"));
verifyResult.setVerificationDone(true);
} catch (SignatureException ex) {
// if the signature is not OK a SignatureException
// is thrown
- logger.info("Signature ERROR from signer: "
- + signedData.getCertificate(
- signerInfos[i].getSignerIdentifier())
- .getSubjectDN(), ex);
-
- verifyResult.setSignerCertificate(
- signedData.getCertificate(signerInfos[i].getSignerIdentifier()));
- verifyResult.setValueCheckCode(new SignatureCheckImpl(1, "failed to check signature"));
- verifyResult.setManifestCheckCode(new SignatureCheckImpl(99, "not checked"));
- verifyResult.setCertificateCheck(new SignatureCheckImpl(99, "not checked"));
+ logger.info(
+ "Signature ERROR from signer: "
+ + signedData.getCertificate(
+ signerInfos[i]
+ .getSignerIdentifier())
+ .getSubjectDN(), ex);
+
+ verifyResult.setSignerCertificate(signedData
+ .getCertificate(signerInfos[i]
+ .getSignerIdentifier()));
+ verifyResult.setValueCheckCode(new SignatureCheckImpl(1,
+ "failed to check signature"));
+ verifyResult.setManifestCheckCode(new SignatureCheckImpl(
+ 99, "not checked"));
+ verifyResult.setCertificateCheck(new SignatureCheckImpl(99,
+ "not checked"));
verifyResult.setVerificationDone(false);
- verifyResult.setVerificationException(new PdfAsSignatureException("failed to check signature", ex));
+ verifyResult
+ .setVerificationException(new PdfAsSignatureException(
+ "failed to check signature", ex));
}
result.add(verifyResult);
}
@@ -91,7 +159,7 @@ public class IntegrityVerifier implements IVerifier {
}
public void setConfiguration(Configuration config) {
-
+
}
@Override
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/util/SignatureUtils.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/util/SignatureUtils.java
index 14dbdd16..ef5df8b1 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/util/SignatureUtils.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/util/SignatureUtils.java
@@ -1,19 +1,30 @@
package at.gv.egiz.pdfas.lib.util;
+import iaik.asn1.CodingException;
+import iaik.asn1.ObjectID;
+import iaik.asn1.structures.Attribute;
import iaik.cms.CMSException;
import iaik.cms.SignedData;
import iaik.cms.SignerInfo;
+import iaik.smime.ess.ESSCertID;
+import iaik.smime.ess.ESSCertIDv2;
+import iaik.smime.ess.SigningCertificate;
+import iaik.smime.ess.SigningCertificateV2;
import iaik.x509.X509Certificate;
import java.io.ByteArrayInputStream;
import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
+import java.security.cert.CertificateException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import at.gv.egiz.pdfas.common.exceptions.ErrorConstants;
import at.gv.egiz.pdfas.common.exceptions.PDFASError;
+import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException;
+import at.gv.egiz.pdfas.common.utils.StreamUtils;
import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
@@ -21,66 +32,113 @@ public class SignatureUtils implements ErrorConstants {
private static final Logger logger = LoggerFactory
.getLogger(SignatureUtils.class);
-
- public static VerifyResult verifySignature(byte[] signature, byte[] input) throws PDFASError {
- //List<VerifyResult> results = new ArrayList<VerifyResult>();
+
+ public static VerifyResult verifySignature(byte[] signature, byte[] input)
+ throws PDFASError {
+ // List<VerifyResult> results = new ArrayList<VerifyResult>();
try {
SignedData signedData = new SignedData(new ByteArrayInputStream(
signature));
signedData.setContent(input);
-
+
// get the signer infos
SignerInfo[] signerInfos = signedData.getSignerInfos();
if (signerInfos.length == 0) {
logger.error("Invalid signature (no signer information)");
throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG);
}
-
+
if (signerInfos.length != 1) {
logger.error("Invalid signature (multiple signer information)");
throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG);
}
// verify the signatures
- //for (int i = 0; i < signerInfos.length; i++) {
- VerifyResultImpl verifyResult = new VerifyResultImpl();
- //results.add(verifyResult);
- try {
- logger.debug("Signature Algo: {}, Digest {}", signedData
- .getSignerInfos()[0].getSignatureAlgorithm(),
- signedData.getSignerInfos()[0].getDigestAlgorithm());
- // verify the signature for SignerInfo at index i
- X509Certificate signer_cert = signedData.verify(0);
- // if the signature is OK the certificate of the
- // signer is returned
- logger.debug("Signature OK from signer: "
- + signer_cert.getSubjectDN());
- verifyResult.setSignerCertificate(signer_cert);
-
- } catch (SignatureException ex) {
- // if the signature is not OK a SignatureException
- // is thrown
- logger.error(
- "Signature ERROR from signer: "
- + signedData.getCertificate(
- signerInfos[0]
- .getSignerIdentifier())
- .getSubjectDN(), ex);
-
- verifyResult.setSignerCertificate(signedData
- .getCertificate(signerInfos[0]
- .getSignerIdentifier()));
- throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, ex);
+ // for (int i = 0; i < signerInfos.length; i++) {
+ VerifyResultImpl verifyResult = new VerifyResultImpl();
+ // results.add(verifyResult);
+ try {
+ logger.debug("Signature Algo: {}, Digest {}",
+ signedData.getSignerInfos()[0].getSignatureAlgorithm(),
+ signedData.getSignerInfos()[0].getDigestAlgorithm());
+ // verify the signature for SignerInfo at index i
+ X509Certificate signer_cert = signedData.verify(0);
+
+ // Must include Signing Certificate!
+ Attribute signedCertificate = signerInfos[0]
+ .getSignedAttribute(ObjectID.signingCertificate);
+
+ if (signedCertificate == null) {
+ signedCertificate = signerInfos[0]
+ .getSignedAttribute(ObjectID.signingCertificateV2);
+ if (signedCertificate == null) {
+ logger.error("Signature ERROR missing signed Signing Certificate: ");
+
+ throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG);
+ } else {
+ // Validate signingCertificate2
+ try {
+ SigningCertificateV2 signingCert = (SigningCertificateV2)signedCertificate.getAttributeValue();
+
+ if (signingCert.isSignerCertificate(signer_cert)) {
+ // OK
+ logger.debug("Found and verified SigningCertificateV2");
+ } else {
+ logger.error("Signature ERROR certificate missmatch: ");
+
+ throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG);
+ }
+ } catch (Throwable e) {
+ logger.error("Signature ERROR wrong encoding for ESSCertIDv2:");
+
+ throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, e);
+ }
+ }
+ } else {
+ // Validate signingCertificate
+ try {
+ SigningCertificate signingCert = (SigningCertificate)signedCertificate.getAttributeValue();
+ if (signingCert.isSignerCertificate(signer_cert)) {
+ // OK
+ logger.debug("Found and verified SigningCertificate");
+ } else {
+ logger.error("Signature ERROR certificate missmatch");
+
+ throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG);
+ }
+ } catch (Throwable e) {
+ logger.error("Signature ERROR wrong encoding for ESSCertIDv2");
+
+ throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, e);
+ }
}
-
- return verifyResult;
- //}
+
+ // if the signature is OK the certificate of the
+ // signer is returned
+ logger.debug("Signature OK");
+ verifyResult.setSignerCertificate(signer_cert);
+
+ } catch (SignatureException ex) {
+ // if the signature is not OK a SignatureException
+ // is thrown
+ logger.error(
+ "Signature ERROR from signer: "
+ + signedData.getCertificate(
+ signerInfos[0].getSignerIdentifier())
+ .getSubjectDN(), ex);
+
+ verifyResult.setSignerCertificate(signedData
+ .getCertificate(signerInfos[0].getSignerIdentifier()));
+ throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, ex);
+ }
+
+ return verifyResult;
+ // }
} catch (CMSException e) {
throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, e);
} catch (IOException e) {
throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, e);
}
-
-
+
}
}
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java
index f5d4ed82..6383b89b 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java
@@ -135,7 +135,7 @@ public class BKUSLConnector extends BaseSLConnector {
.create();
entityBuilder.setCharset(Charset.forName("UTF-8"));
entityBuilder.addTextBody(XMLREQUEST, xmlRequest,
- ContentType.TEXT_XML);
+ ContentType.TEXT_XML.withCharset(Charset.forName("UTF-8")));
if (parameter != null) {
String transactionId = parameter.getTransactionId();
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PositioningInstruction.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PositioningInstruction.java
index 245e864f..0448e0b1 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PositioningInstruction.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PositioningInstruction.java
@@ -170,6 +170,12 @@ public class PositioningInstruction
return this.rotation;
}
+
+ public void setRotation(float rotation)
+ {
+ this.rotation += rotation;
+ }
+
public int hashCode() {
final int prime = 31;
int result = 1;
diff --git a/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox/positioning/Positioning.java b/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox/positioning/Positioning.java
index 4efa2148..677bfc00 100644
--- a/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox/positioning/Positioning.java
+++ b/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox/positioning/Positioning.java
@@ -23,6 +23,9 @@
******************************************************************************/
package at.gv.egiz.pdfas.lib.impl.pdfbox.positioning;
+import java.awt.geom.AffineTransform;
+import java.awt.geom.Point2D;
+
import org.apache.pdfbox.pdmodel.PDDocument;
import org.apache.pdfbox.pdmodel.PDPage;
import org.apache.pdfbox.pdmodel.common.PDRectangle;
@@ -44,7 +47,7 @@ public class Positioning {
private static final Logger logger = LoggerFactory
.getLogger(Positioning.class);
-
+
/**
* The left/right margin.
*/
@@ -79,6 +82,63 @@ public class Positioning {
pdf_table, pos, legacy32);
}
+ private static PDRectangle rotateBox(PDRectangle cropBox, int rotation) {
+ if (rotation != 0) {
+ Point2D upSrc = new Point2D.Float();
+
+ upSrc.setLocation(cropBox.getUpperRightX(),
+ cropBox.getUpperRightY());
+
+ Point2D llSrc = new Point2D.Float();
+ llSrc.setLocation(cropBox.getLowerLeftX(), cropBox.getLowerLeftY());
+ AffineTransform transform = new AffineTransform();
+ transform.setToIdentity();
+ if (rotation % 360 != 0) {
+ transform.setToRotation(Math.toRadians(rotation * -1), llSrc.getX(),
+ llSrc.getY());
+ }
+ Point2D upDst = new Point2D.Float();
+ transform.transform(upSrc, upDst);
+
+ Point2D llDst = new Point2D.Float();
+ transform.transform(llSrc, llDst);
+
+ float y1 = (float) upDst.getY();
+ float y2 = (float) llDst.getY();
+
+ if(y1 > y2) {
+ float t = y1;
+ y1 = y2;
+ y2 = t;
+ }
+
+ if(y1 < 0) {
+ y2 = y2 + -1 * y1;
+ y1 = 0;
+ }
+
+ float x1 = (float) upDst.getX();
+ float x2 = (float) llDst.getX();
+
+ if(x1 > x2) {
+ float t = x1;
+ x1 = x2;
+ x2 = t;
+ }
+
+ if(x1 < 0) {
+ x2 = x2 + -1 * x1;
+ x1 = 0;
+ }
+
+ cropBox.setUpperRightX(x2);
+ cropBox.setUpperRightY(y2);
+ cropBox.setLowerLeftY(y1);
+ cropBox.setLowerLeftX(x1);
+ }
+ return cropBox;
+ }
+
/**
* Sets the width of the table according to the layout of the document and
* calculates the y position where the PDFPTable should be placed.
@@ -94,7 +154,7 @@ public class Positioning {
public static PositioningInstruction adjustSignatureTableandCalculatePosition(
final PDDocument pdfDataSource, IPDFVisualObject pdf_table,
TablePos pos, boolean legacy32) throws PdfAsException {
-
+
PdfBoxUtils.checkPDFPermissions(pdfDataSource);
// get pages of currentdocument
@@ -114,13 +174,13 @@ public class Positioning {
// ") cannot be parsed.");
}
}
-
+
PDPage pdPage = (PDPage) pdfDataSource.getDocumentCatalog()
.getAllPages().get(page - 1);
PDRectangle cropBox = pdPage.getCropBox();
// fallback to MediaBox if Cropbox not available!
-
+
if (cropBox == null) {
cropBox = pdPage.findCropBox();
}
@@ -136,9 +196,20 @@ public class Positioning {
// Integer rotation = pdPage.getRotation();
// int page_rotation = rotation.intValue();
+ int rotation = pdPage.findRotation();
+
+ logger.debug("Original CropBox: " + cropBox.toString());
+
+ //cropBox = rotateBox(cropBox, rotation);
+
+ logger.debug("Rotated CropBox: " + cropBox.toString());
+
float page_width = cropBox.getWidth();
float page_height = cropBox.getHeight();
+ logger.debug("CropBox width: " + page_width);
+ logger.debug("CropBox heigth: " + page_height);
+
// now we can calculate x-position
float pre_pos_x = SIGNATURE_MARGIN_HORIZONTAL;
if (!pos.isXauto()) {
@@ -191,11 +262,11 @@ public class Positioning {
// fit
// Now we have to getfreespace in page and reguard footerline
float footer_line = pos.getFooterLine();
-
+
float pre_page_length = PDFUtilities.calculatePageLength(pdfDataSource,
page - 1, page_height - footer_line, /* page_rotation, */
legacy32);
-
+
if (pre_page_length == Float.NEGATIVE_INFINITY) {
// we do have an empty page or nothing in area above footerline
pre_page_length = page_height;
diff --git a/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PADESPDFBOXSigner.java b/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PADESPDFBOXSigner.java
index 9d50a348..f050a977 100644
--- a/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PADESPDFBOXSigner.java
+++ b/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PADESPDFBOXSigner.java
@@ -257,6 +257,34 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
.determineTablePositioning(tablePos, "", doc,
visualObject, legacy32Position);
+ if (positioningInstruction.isMakeNewPage()) {
+ int last = doc.getNumberOfPages() - 1;
+ PDDocumentCatalog root = doc.getDocumentCatalog();
+ PDPageNode rootPages = root.getPages();
+ List<PDPage> kids = new ArrayList<PDPage>();
+ rootPages.getAllKids(kids);
+ PDPage lastPage = kids.get(last);
+ rootPages.getCOSObject().setNeedToBeUpdate(true);
+ PDPage p = new PDPage(lastPage.findMediaBox());
+ p.setResources(new PDResources());
+
+ doc.addPage(p);
+ }
+
+ // handle rotated page
+ PDDocumentCatalog documentCatalog = doc.getDocumentCatalog();
+ PDPageNode documentPages = documentCatalog.getPages();
+ List<PDPage> documentPagesKids = new ArrayList<PDPage>();
+ documentPages.getAllKids(documentPagesKids);
+ int targetPageNumber = positioningInstruction.getPage();
+ logger.debug("Target Page: " + targetPageNumber);
+ //rootPages.getAllKids(kids);
+ PDPage targetPage = documentPagesKids.get(targetPageNumber-1);
+ int rot = targetPage.findRotation();
+ logger.debug("adding Page rotation: " + rot);
+ positioningInstruction.setRotation(positioningInstruction.getRotation() + rot);
+ logger.debug("resulting Sign rotation: " + positioningInstruction.getRotation());
+
SignaturePositionImpl position = new SignaturePositionImpl();
position.setX(positioningInstruction.getX());
position.setY(positioningInstruction.getY());
@@ -278,7 +306,7 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
* sigbos.write(StreamUtils.inputStreamToByteArray(properties
* .getVisibleSignature())); sigbos.close();
*/
-
+
if (signaturePlaceholderData != null) {
// Placeholder found!
// replace placeholder
@@ -308,20 +336,6 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
+ signaturePlaceholderData.getPlaceholderName());
}
- if (positioningInstruction.isMakeNewPage()) {
- int last = doc.getNumberOfPages() - 1;
- PDDocumentCatalog root = doc.getDocumentCatalog();
- PDPageNode rootPages = root.getPages();
- List<PDPage> kids = new ArrayList<PDPage>();
- rootPages.getAllKids(kids);
- PDPage lastPage = kids.get(last);
- rootPages.getCOSObject().setNeedToBeUpdate(true);
- PDPage p = new PDPage(lastPage.findMediaBox());
- p.setResources(new PDResources());
-
- doc.addPage(p);
- }
-
if (signatureProfileSettings.isPDFA()) {
PDDocumentCatalog root = doc.getDocumentCatalog();
COSBase base = root.getCOSDictionary().getItem(
@@ -363,7 +377,7 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
// sigBlock.setTitle("Signature Table");
// }
// }
-
+
options.setPage(positioningInstruction.getPage());
options.setVisualSignature(properties.getVisibleSignature());
}
diff --git a/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PdfboxSignerWrapper.java b/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PdfboxSignerWrapper.java
index cad7536e..12b24b3f 100644
--- a/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PdfboxSignerWrapper.java
+++ b/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PdfboxSignerWrapper.java
@@ -23,10 +23,12 @@
******************************************************************************/
package at.gv.egiz.pdfas.lib.impl.signing.pdfbox;
+import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Calendar;
+import org.apache.commons.io.IOUtils;
import org.apache.pdfbox.exceptions.SignatureException;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
import org.slf4j.Logger;
@@ -68,6 +70,7 @@ public class PdfboxSignerWrapper implements PDFASPDFBOXSignatureInterface {
try {
logger.debug("Signing with Pdfbox Wrapper");
byte[] signature = signer.sign(data, byteRange, this.parameters, this.requestedSignature);
+
return signature;
} catch (PdfAsException e) {
throw new PdfAsWrappedIOException(e);
diff --git a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java
index d50a2c95..99138714 100644
--- a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java
+++ b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java
@@ -65,8 +65,10 @@ import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException;
import at.gv.egiz.pdfas.lib.api.PdfAsFactory;
import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner;
import at.gv.egiz.pdfas.lib.api.sign.SignParameter;
+import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature;
import at.gv.egiz.pdfas.lib.util.CertificateUtils;
+import at.gv.egiz.pdfas.lib.util.SignatureUtils;
public class PAdESSignerKeystore implements IPlainSigner, PAdESConstants {
@@ -305,8 +307,12 @@ public class PAdESSignerKeystore implements IPlainSigner, PAdESConstants {
while ((r = dataIs.read(buf)) > 0)
; // skip data
ContentInfo ci = new ContentInfo(si);
-
- return ci.getEncoded();
+ byte[] signature = ci.getEncoded();
+
+ VerifyResult verifyResult = SignatureUtils.verifySignature(
+ signature, input);
+
+ return signature;
} catch (NoSuchAlgorithmException e) {
throw new PdfAsSignatureException("error.pdf.sig.01", e);
} catch (iaik.cms.CMSException e) {
@@ -317,6 +323,8 @@ public class PAdESSignerKeystore implements IPlainSigner, PAdESConstants {
throw new PdfAsSignatureException("error.pdf.sig.01", e);
} catch (CodingException e) {
throw new PdfAsSignatureException("error.pdf.sig.01", e);
+ } catch (PDFASError e) {
+ throw new PdfAsSignatureException("error.pdf.sig.01", e);
}
}