aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2014-02-18 11:06:49 +0100
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2014-02-18 11:07:40 +0100
commit0decd9fd4799557f9ec77c6309381fe9f22c15dd (patch)
treee66542c53f319395aec3a5895ab3e72762ff4d9d
parent9496bb87c0789d819689a8750385079e44f515ee (diff)
downloadpdf-as-4-0decd9fd4799557f9ec77c6309381fe9f22c15dd.tar.gz
pdf-as-4-0decd9fd4799557f9ec77c6309381fe9f22c15dd.tar.bz2
pdf-as-4-0decd9fd4799557f9ec77c6309381fe9f22c15dd.zip
blacking out signature content in verification to produce valid verified
PDF Documents Signed-off-by: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java2
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IVerifyFilter.java2
-rw-r--r--signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java5
-rw-r--r--signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java5
4 files changed, 8 insertions, 6 deletions
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java
index 2553ccf3..d477ee0f 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java
@@ -266,7 +266,7 @@ public class PdfAsImpl implements PdfAs, IConfigurationConstants {
List<VerifyResult> results = verifyFilter.verify(
contentData.toByteArray(),
content.getBytes(),
- parameter.getVerificationTime());
+ parameter.getVerificationTime(), bytes);
if (results != null && !results.isEmpty()) {
result.addAll(results);
}
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IVerifyFilter.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IVerifyFilter.java
index e83b6132..a13e384f 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IVerifyFilter.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IVerifyFilter.java
@@ -9,6 +9,6 @@ import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
public interface IVerifyFilter {
public void setConfiguration(Configuration config);
- public List<VerifyResult> verify(byte[] contentData, byte[] signatureContent, Date verificationTime) throws PdfAsException;
+ public List<VerifyResult> verify(byte[] contentData, byte[] signatureContent, Date verificationTime, int[] byteRange) throws PdfAsException;
public List<FilterEntry> getFiters();
}
diff --git a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java
index 3298f92b..dcd7f45b 100644
--- a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java
+++ b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java
@@ -27,6 +27,7 @@ import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureRespons
import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureResponseTypeSequence;
import at.gv.egiz.moa.SignatureVerificationServiceStub.X509DataTypeSequence;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
+import at.gv.egiz.pdfas.common.utils.PDFUtils;
import at.gv.egiz.pdfas.common.utils.StreamUtils;
import at.gv.egiz.pdfas.lib.api.Configuration;
import at.gv.egiz.pdfas.lib.api.verify.SignatureCheck;
@@ -52,7 +53,7 @@ public class PAdESVerifier implements IVerifyFilter {
@SuppressWarnings("rawtypes")
public List<VerifyResult> verify(byte[] contentData,
- byte[] signatureContent, Date verificationTime)
+ byte[] signatureContent, Date verificationTime, int[] byteRange)
throws PdfAsException {
List<VerifyResult> resultList = new ArrayList<VerifyResult>();
@@ -125,7 +126,7 @@ public class PAdESVerifier implements IVerifyFilter {
KeyInfoTypeChoice[] keyInfo = verifySequence[i].getSignerInfo()
.getKeyInfoTypeChoice();
KeyInfoTypeChoice choice = keyInfo[0];
- result.setSignatureData(data);
+ result.setSignatureData(PDFUtils.blackOutSignature(data, byteRange));
// extract certificate
if (choice.isX509DataSpecified()) {
diff --git a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
index 41d8f902..7de51d7e 100644
--- a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
+++ b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
@@ -19,6 +19,7 @@ import org.slf4j.LoggerFactory;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException;
+import at.gv.egiz.pdfas.common.utils.PDFUtils;
import at.gv.egiz.pdfas.lib.api.Configuration;
import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
import at.gv.egiz.pdfas.lib.impl.verify.FilterEntry;
@@ -33,7 +34,7 @@ public class PKCS7DetachedVerifier implements IVerifyFilter {
public PKCS7DetachedVerifier() {
}
- public List<VerifyResult> verify(byte[] contentData, byte[] signatureContent, Date verificationTime)
+ public List<VerifyResult> verify(byte[] contentData, byte[] signatureContent, Date verificationTime, int[] byteRange)
throws PdfAsException {
try {
List<VerifyResult> result = new ArrayList<VerifyResult>();
@@ -56,7 +57,7 @@ public class PKCS7DetachedVerifier implements IVerifyFilter {
// verify the signatures
for (int i = 0; i < signerInfos.length; i++) {
VerifyResultImpl verifyResult = new VerifyResultImpl();
- verifyResult.setSignatureData(contentData);
+ verifyResult.setSignatureData(PDFUtils.blackOutSignature(contentData, byteRange));
try {
// verify the signature for SignerInfo at index i
X509Certificate signer_cert = signedData.verify(i);