diff options
author | emusic <emina.music@egiz.gv.at> | 2018-01-18 17:36:08 +0100 |
---|---|---|
committer | emusic <emina.music@egiz.gv.at> | 2018-03-21 13:34:03 +0100 |
commit | 89f53d196e10a1874cd61e3ee42f57dfd77eb856 (patch) | |
tree | f3409f6ca4cb559571e00c8ed29895c2f10b7eb2 | |
parent | af86c24f4f7cc81c5a4603cd8ee4fcaa0cee9eff (diff) | |
download | pdf-as-4-89f53d196e10a1874cd61e3ee42f57dfd77eb856.tar.gz pdf-as-4-89f53d196e10a1874cd61e3ee42f57dfd77eb856.tar.bz2 pdf-as-4-89f53d196e10a1874cd61e3ee42f57dfd77eb856.zip |
protecting pdf file
# Conflicts:
# pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java
10 files changed, 128 insertions, 40 deletions
diff --git a/.idea/libraries/Gradle__org_bouncycastle_bcprov_jdk15on_1_59.xml b/.idea/libraries/Gradle__org_bouncycastle_bcprov_jdk15on_1_59.xml new file mode 100644 index 00000000..ef62e981 --- /dev/null +++ b/.idea/libraries/Gradle__org_bouncycastle_bcprov_jdk15on_1_59.xml @@ -0,0 +1,11 @@ +<component name="libraryTable"> + <library name="Gradle: org.bouncycastle:bcprov-jdk15on:1.59"> + <CLASSES> + <root url="jar://$USER_HOME$/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.59/2507204241ab450456bdb8e8c0a8f986e418bd99/bcprov-jdk15on-1.59.jar!/" /> + </CLASSES> + <JAVADOC /> + <SOURCES> + <root url="jar://$USER_HOME$/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.59/85a78cf9aa7020b89cd8c14daf4b7d2a397abe91/bcprov-jdk15on-1.59-sources.jar!/" /> + </SOURCES> + </library> +</component>
\ No newline at end of file diff --git a/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/Main.java b/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/Main.java index 7c1255cf..6cae9b63 100644 --- a/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/Main.java +++ b/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/Main.java @@ -434,7 +434,7 @@ public class Main { SignResult result = null; try { - result = pdfAs.sign(signParameter); + result = pdfAs.sign(signParameter); } finally { if (result != null) { Iterator<Entry<String, String>> infoIt = result @@ -450,6 +450,7 @@ public class Main { fos.close(); System.out.println("Signed document " + outputFile); + } private static void perform_verify(CommandLine cli) throws Exception { diff --git a/pdf-as-lib/build.gradle b/pdf-as-lib/build.gradle index d2345648..d6e813ac 100644 --- a/pdf-as-lib/build.gradle +++ b/pdf-as-lib/build.gradle @@ -58,6 +58,9 @@ dependencies { compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.3.2' compile group: 'org.apache.httpcomponents', name: 'httpmime', version: '4.3.5' compile group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.3.5' + + compile group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.59' + compile group: 'commons-io', name: 'commons-io', version: '2.4' compile 'org.apache.commons:commons-collections4:4.0' compile group: 'ognl', name: 'ognl', version: '3.0.8' diff --git a/pdf-as-lib/libs/bcprov-jdk15on-159.jar b/pdf-as-lib/libs/bcprov-jdk15on-159.jar Binary files differnew file mode 100644 index 00000000..9049e565 --- /dev/null +++ b/pdf-as-lib/libs/bcprov-jdk15on-159.jar diff --git a/pdf-as-lib/src/configuration/cfg/advancedconfig.properties b/pdf-as-lib/src/configuration/cfg/advancedconfig.properties index 5fd8b5cb..726deba8 100644 --- a/pdf-as-lib/src/configuration/cfg/advancedconfig.properties +++ b/pdf-as-lib/src/configuration/cfg/advancedconfig.properties @@ -87,12 +87,10 @@ #default.adobeSignReasonValue=Informationen zur Pr\u00FCfung finden Sie unter http://www.signaturpruefung.gv.at
-
# Standard Prueflink fuer die Adobe Signaturkennzeichnung (nur relevant falls Adobe Plugin fuer Pruefung verwendet wird)
#default.verifyURL=http://www.signaturpruefung.gv.at
-
# Standard Alternativer Text fuer den Signaturblock (WAI) (globale Einstellung)
#default.sigLogoAltText=Abgebildet ist eine Standard-Signaturbildmarke.
@@ -108,3 +106,7 @@ default.verifier.01=at.gv.egiz.pdfas.sigs.pades.PAdESVerifier #sigblock.placement.debug.file=/home/user/temp/debugImg.png
#runtime.backend=PDFBOX_2_BACKEND
+##################
+# Protect PDF files from copying and extractiong content
+# Set values to be true|false|unchanged
+
diff --git a/pdf-as-lib/src/configuration/cfg/config.properties b/pdf-as-lib/src/configuration/cfg/config.properties index f9eaeb98..fe2385a8 100644 --- a/pdf-as-lib/src/configuration/cfg/config.properties +++ b/pdf-as-lib/src/configuration/cfg/config.properties @@ -102,3 +102,6 @@ include.01 = profiles/*.properties # Legt das Standard-Signaturprofil fest
sig_obj.type.default=SIGNATURBLOCK_SMALL_DE_NOTE
+##################
+# Protect PDF files from copying and extractiong content
+# Set values to be true|false|unchanged
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/IConfigurationConstants.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/IConfigurationConstants.java index f8f71f2f..713948ba 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/IConfigurationConstants.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/IConfigurationConstants.java @@ -108,12 +108,18 @@ public interface IConfigurationConstants { public static final String BG_COLOR_DETECTION = "sigblock.placement.bgcolor.detection.enabled"; public static final String SIG_PLACEMENT_DEBUG_OUTPUT = "sigblock.placement.debug.file"; - - - /** * PADES Constants */ public static final String SIG_PADES_FORCE_FLAG= SIG_OBJECT + SEPERATOR+"PAdESCompatibility"; public static final String SIG_PADES_INTELL_FLAG = SIG_OBJECT + SEPERATOR+"CheckPAdESCompatibility"; + + + /** + * Protect PDF file from copying content and extracting + */ + + public static final String DEFAULT_CONFIG_PROTECT_COPY_PDF = DEFAULT_CONFIG_PROTECT_PDF + SEPERATOR + "accessCopy"; + public static final String DEFAULT_CONFIG_PROTECT_EXTRACT_PDF = DEFAULT_CONFIG_PROTECT_PDF + SEPERATOR + "canModify"; + } diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/PdfAsFactory.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/PdfAsFactory.java index 72d182ed..c3c2b6fd 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/PdfAsFactory.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/PdfAsFactory.java @@ -61,6 +61,11 @@ import at.gv.egiz.pdfas.lib.impl.SignParameterImpl; import at.gv.egiz.pdfas.lib.impl.VerifyParameterImpl; import at.gv.egiz.pdfas.lib.impl.configuration.ConfigValidatorLoader; + +import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import org.bouncycastle.jce.provider.BouncyCastleProvider; + public class PdfAsFactory implements IConfigurationConstants { private static final Logger logger = LoggerFactory @@ -118,6 +123,9 @@ public class PdfAsFactory implements IConfigurationConstants { // TODO: register ECCelerate in second position when TLS issue is // fixed registerProvider(new ECCelerate(), -1); + + registerProvider( new BouncyCastleProvider(), -2); + } else { logger.info("Skipping Security Provider registration!"); } diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/configuration/GlobalConfiguration.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/configuration/GlobalConfiguration.java index d04f6878..a40c336d 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/configuration/GlobalConfiguration.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/configuration/GlobalConfiguration.java @@ -21,6 +21,7 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. ******************************************************************************/ + package at.gv.egiz.pdfas.lib.impl.configuration; import at.gv.egiz.pdfas.common.settings.ISettings; @@ -46,5 +47,20 @@ public class GlobalConfiguration extends SpecificBaseConfiguration } return null; } - + + public String getDefaultCopyProtection() { + if(this.configuration.hasValue(DEFAULT_CONFIG_PROTECT_COPY_PDF)) { + return this.configuration.getValue(DEFAULT_CONFIG_PROTECT_COPY_PDF); + } + return null; + } + + public String getDefaultExtractProtection() { + if(this.configuration.hasValue(DEFAULT_CONFIG_PROTECT_EXTRACT_PDF)) { + return this.configuration.getValue(DEFAULT_CONFIG_PROTECT_EXTRACT_PDF); + } + return null; + } + + } diff --git a/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java b/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java index e27597d1..a7b1655f 100644 --- a/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java +++ b/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java @@ -24,7 +24,6 @@ package at.gv.egiz.pdfas.lib.impl.signing.pdfbox2; import at.gv.egiz.pdfas.lib.api.Configuration; -import at.gv.egiz.pdfas.lib.util.PDDocumentUtil; import iaik.x509.X509Certificate; import java.awt.Graphics2D; @@ -114,7 +113,6 @@ import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature; import at.knowcenter.wag.egov.egiz.pdf.PositioningInstruction; import at.knowcenter.wag.egov.egiz.pdf.TablePos; import at.knowcenter.wag.egov.egiz.table.Table; - import javax.activation.DataSource; public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants { @@ -603,6 +601,7 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants { try { ByteArrayOutputStream bos = new ByteArrayOutputStream(); + /*/ Check if document should be protected*/ synchronized (doc) { doc.saveIncremental(bos); @@ -612,45 +611,76 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants { } + /* + Check if resulting pdf is PDF-A conform + */ + if (signatureProfileSettings.isPDFA()) { + runPDFAPreflight(new ByteArrayDataSource(pdfObject.getSignedDocument())); + } + + /*Check if doc has to be protected*/ + /* if (requestedSignature.getStatus().getSettings().hasValue(DEFAULT_CONFIG_PROTECT_PDF)) { + if (IConfigurationConstants.TRUE.equalsIgnoreCase(requestedSignature.getStatus().getSettings().getValue(IConfigurationConstants.DEFAULT_CONFIG_PROTECT_PDF))) + { //Protect document before setting output + //Policies for docs + AccessPermission ap = doc.getCurrentAccessPermission(); + ap.setReadOnly(); + ap.setCanModify(false); + ap.setCanExtractForAccessibility(false); + doc = new PDDocument(doc.getDocument(),null,ap); + logger.info("Added Protection Parameters"); + } + + } +*/ + /*Check if doc has to be protected*/ - /*/ Check if document should be protected*/ - //Check if doc has to be protected// - if (requestedSignature.getStatus().getSettings().hasValue(DEFAULT_CONFIG_PROTECT_PDF)) { - //TODO: Test and Check ProtectionSettings// --> overwritten DefaultSecHandler and PDDocumentUtil - if (IConfigurationConstants.TRUE.equalsIgnoreCase(requestedSignature.getStatus().getSettings().getValue(IConfigurationConstants.DEFAULT_CONFIG_PROTECT_PDF))) - { //Protect document before setting output - //Policies for docs + if (requestedSignature.getStatus().getSettings().hasValue(DEFAULT_CONFIG_PROTECT_COPY_PDF)) + { AccessPermission ap = doc.getCurrentAccessPermission(); - ap.setCanModify(false); - ap.setCanExtractForAccessibility(false); - ap.setCanAssembleDocument(false); - ap.setCanExtractContent(false); - //StandardProtectionPolicy spp = new StandardProtectionPolicy("", "", ap); - //doc = PDDocument.load(pdfObject.getSignedDocument(), spp.getOwnerPassword()); - //PDDocumentUtil docProtected = new PDDocumentUtil(); - //docProtected.protect(spp); - - //TODO Save File Settings to signed document// - //Byte-Array and PDF-File// - //doc = docProtected; - //doc.close(); - - logger.info("Added Protection Parameters"); - } + if (IConfigurationConstants.TRUE.equalsIgnoreCase(requestedSignature.getStatus().getSettings().getValue(IConfigurationConstants.DEFAULT_CONFIG_PROTECT_COPY_PDF))) + { + try { + if (doc.isEncrypted()) { //remove the security before adding protections + //doc.decrypt(""); + doc.setAllSecurityToBeRemoved(true); + } + String ownerPassword = ""; + String userPassword = ""; + ap.setCanExtractContent(false); + ap.setCanModify(false); + ap.setCanPrint(false); + ap.setReadOnly(); + ap.setCanExtractForAccessibility(false); + StandardProtectionPolicy policy = new StandardProtectionPolicy(ownerPassword,userPassword,ap); + doc.protect(policy); - } + //doc = new PDDocument(doc.getDocument(),null,ap); + logger.info("Added Protection Parameters"); + AccessPermission ap_new = doc.getCurrentAccessPermission(); - /* - Check if resulting pdf is PDF-A conform - */ - if (signatureProfileSettings.isPDFA()) { - runPDFAPreflight(new ByteArrayDataSource(pdfObject.getSignedDocument())); - } + Boolean canextract = ap_new.canExtractContent(); + Boolean bool = ap_new.isReadOnly(); + } + catch (Exception e) + { + logger.info("Error message" + e.getMessage()); + } + } + else if (IConfigurationConstants.FALSE.equalsIgnoreCase(requestedSignature.getStatus().getSettings().getValue(IConfigurationConstants.DEFAULT_CONFIG_PROTECT_COPY_PDF))) + { + /*ap.setCanExtractContent(true); + doc = new PDDocument(doc.getDocument(),null,ap); + logger.info("Added Protection Parameters");*/ + } + + } + } catch (IOException e1) { e1.printStackTrace(); } @@ -671,6 +701,14 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants { if (doc != null) { try { doc.close(); + + + AccessPermission ap_new = doc.getCurrentAccessPermission(); + + + Boolean canextract = ap_new.canExtractContent(); + Boolean bool = ap_new.isReadOnly(); + String test = ""; } catch (IOException e) { logger.debug("Failed to close COS Doc!", e); // Ignore @@ -890,4 +928,4 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants { } return null; } -} +}
\ No newline at end of file |