aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoremusic <emina.music@egiz.gv.at>2018-01-18 17:36:08 +0100
committeremusic <emina.music@egiz.gv.at>2018-03-21 13:34:03 +0100
commit89f53d196e10a1874cd61e3ee42f57dfd77eb856 (patch)
treef3409f6ca4cb559571e00c8ed29895c2f10b7eb2
parentaf86c24f4f7cc81c5a4603cd8ee4fcaa0cee9eff (diff)
downloadpdf-as-4-89f53d196e10a1874cd61e3ee42f57dfd77eb856.tar.gz
pdf-as-4-89f53d196e10a1874cd61e3ee42f57dfd77eb856.tar.bz2
pdf-as-4-89f53d196e10a1874cd61e3ee42f57dfd77eb856.zip
protecting pdf file
# Conflicts: # pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java
-rw-r--r--.idea/libraries/Gradle__org_bouncycastle_bcprov_jdk15on_1_59.xml11
-rw-r--r--pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/Main.java3
-rw-r--r--pdf-as-lib/build.gradle3
-rw-r--r--pdf-as-lib/libs/bcprov-jdk15on-159.jarbin0 -> 4092400 bytes
-rw-r--r--pdf-as-lib/src/configuration/cfg/advancedconfig.properties6
-rw-r--r--pdf-as-lib/src/configuration/cfg/config.properties3
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/IConfigurationConstants.java12
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/PdfAsFactory.java8
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/configuration/GlobalConfiguration.java18
-rw-r--r--pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java104
10 files changed, 128 insertions, 40 deletions
diff --git a/.idea/libraries/Gradle__org_bouncycastle_bcprov_jdk15on_1_59.xml b/.idea/libraries/Gradle__org_bouncycastle_bcprov_jdk15on_1_59.xml
new file mode 100644
index 00000000..ef62e981
--- /dev/null
+++ b/.idea/libraries/Gradle__org_bouncycastle_bcprov_jdk15on_1_59.xml
@@ -0,0 +1,11 @@
+<component name="libraryTable">
+ <library name="Gradle: org.bouncycastle:bcprov-jdk15on:1.59">
+ <CLASSES>
+ <root url="jar://$USER_HOME$/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.59/2507204241ab450456bdb8e8c0a8f986e418bd99/bcprov-jdk15on-1.59.jar!/" />
+ </CLASSES>
+ <JAVADOC />
+ <SOURCES>
+ <root url="jar://$USER_HOME$/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.59/85a78cf9aa7020b89cd8c14daf4b7d2a397abe91/bcprov-jdk15on-1.59-sources.jar!/" />
+ </SOURCES>
+ </library>
+</component> \ No newline at end of file
diff --git a/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/Main.java b/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/Main.java
index 7c1255cf..6cae9b63 100644
--- a/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/Main.java
+++ b/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/Main.java
@@ -434,7 +434,7 @@ public class Main {
SignResult result = null;
try {
- result = pdfAs.sign(signParameter);
+ result = pdfAs.sign(signParameter);
} finally {
if (result != null) {
Iterator<Entry<String, String>> infoIt = result
@@ -450,6 +450,7 @@ public class Main {
fos.close();
System.out.println("Signed document " + outputFile);
+
}
private static void perform_verify(CommandLine cli) throws Exception {
diff --git a/pdf-as-lib/build.gradle b/pdf-as-lib/build.gradle
index d2345648..d6e813ac 100644
--- a/pdf-as-lib/build.gradle
+++ b/pdf-as-lib/build.gradle
@@ -58,6 +58,9 @@ dependencies {
compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.3.2'
compile group: 'org.apache.httpcomponents', name: 'httpmime', version: '4.3.5'
compile group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.3.5'
+
+ compile group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.59'
+
compile group: 'commons-io', name: 'commons-io', version: '2.4'
compile 'org.apache.commons:commons-collections4:4.0'
compile group: 'ognl', name: 'ognl', version: '3.0.8'
diff --git a/pdf-as-lib/libs/bcprov-jdk15on-159.jar b/pdf-as-lib/libs/bcprov-jdk15on-159.jar
new file mode 100644
index 00000000..9049e565
--- /dev/null
+++ b/pdf-as-lib/libs/bcprov-jdk15on-159.jar
Binary files differ
diff --git a/pdf-as-lib/src/configuration/cfg/advancedconfig.properties b/pdf-as-lib/src/configuration/cfg/advancedconfig.properties
index 5fd8b5cb..726deba8 100644
--- a/pdf-as-lib/src/configuration/cfg/advancedconfig.properties
+++ b/pdf-as-lib/src/configuration/cfg/advancedconfig.properties
@@ -87,12 +87,10 @@
#default.adobeSignReasonValue=Informationen zur Pr\u00FCfung finden Sie unter http://www.signaturpruefung.gv.at
-
# Standard Prueflink fuer die Adobe Signaturkennzeichnung (nur relevant falls Adobe Plugin fuer Pruefung verwendet wird)
#default.verifyURL=http://www.signaturpruefung.gv.at
-
# Standard Alternativer Text fuer den Signaturblock (WAI) (globale Einstellung)
#default.sigLogoAltText=Abgebildet ist eine Standard-Signaturbildmarke.
@@ -108,3 +106,7 @@ default.verifier.01=at.gv.egiz.pdfas.sigs.pades.PAdESVerifier
#sigblock.placement.debug.file=/home/user/temp/debugImg.png
#runtime.backend=PDFBOX_2_BACKEND
+##################
+# Protect PDF files from copying and extractiong content
+# Set values to be true|false|unchanged
+
diff --git a/pdf-as-lib/src/configuration/cfg/config.properties b/pdf-as-lib/src/configuration/cfg/config.properties
index f9eaeb98..fe2385a8 100644
--- a/pdf-as-lib/src/configuration/cfg/config.properties
+++ b/pdf-as-lib/src/configuration/cfg/config.properties
@@ -102,3 +102,6 @@ include.01 = profiles/*.properties
# Legt das Standard-Signaturprofil fest
sig_obj.type.default=SIGNATURBLOCK_SMALL_DE_NOTE
+##################
+# Protect PDF files from copying and extractiong content
+# Set values to be true|false|unchanged
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/IConfigurationConstants.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/IConfigurationConstants.java
index f8f71f2f..713948ba 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/IConfigurationConstants.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/IConfigurationConstants.java
@@ -108,12 +108,18 @@ public interface IConfigurationConstants {
public static final String BG_COLOR_DETECTION = "sigblock.placement.bgcolor.detection.enabled";
public static final String SIG_PLACEMENT_DEBUG_OUTPUT = "sigblock.placement.debug.file";
-
-
-
/**
* PADES Constants
*/
public static final String SIG_PADES_FORCE_FLAG= SIG_OBJECT + SEPERATOR+"PAdESCompatibility";
public static final String SIG_PADES_INTELL_FLAG = SIG_OBJECT + SEPERATOR+"CheckPAdESCompatibility";
+
+
+ /**
+ * Protect PDF file from copying content and extracting
+ */
+
+ public static final String DEFAULT_CONFIG_PROTECT_COPY_PDF = DEFAULT_CONFIG_PROTECT_PDF + SEPERATOR + "accessCopy";
+ public static final String DEFAULT_CONFIG_PROTECT_EXTRACT_PDF = DEFAULT_CONFIG_PROTECT_PDF + SEPERATOR + "canModify";
+
}
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/PdfAsFactory.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/PdfAsFactory.java
index 72d182ed..c3c2b6fd 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/PdfAsFactory.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/PdfAsFactory.java
@@ -61,6 +61,11 @@ import at.gv.egiz.pdfas.lib.impl.SignParameterImpl;
import at.gv.egiz.pdfas.lib.impl.VerifyParameterImpl;
import at.gv.egiz.pdfas.lib.impl.configuration.ConfigValidatorLoader;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
public class PdfAsFactory implements IConfigurationConstants {
private static final Logger logger = LoggerFactory
@@ -118,6 +123,9 @@ public class PdfAsFactory implements IConfigurationConstants {
// TODO: register ECCelerate in second position when TLS issue is
// fixed
registerProvider(new ECCelerate(), -1);
+
+ registerProvider( new BouncyCastleProvider(), -2);
+
} else {
logger.info("Skipping Security Provider registration!");
}
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/configuration/GlobalConfiguration.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/configuration/GlobalConfiguration.java
index d04f6878..a40c336d 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/configuration/GlobalConfiguration.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/configuration/GlobalConfiguration.java
@@ -21,6 +21,7 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
******************************************************************************/
+
package at.gv.egiz.pdfas.lib.impl.configuration;
import at.gv.egiz.pdfas.common.settings.ISettings;
@@ -46,5 +47,20 @@ public class GlobalConfiguration extends SpecificBaseConfiguration
}
return null;
}
-
+
+ public String getDefaultCopyProtection() {
+ if(this.configuration.hasValue(DEFAULT_CONFIG_PROTECT_COPY_PDF)) {
+ return this.configuration.getValue(DEFAULT_CONFIG_PROTECT_COPY_PDF);
+ }
+ return null;
+ }
+
+ public String getDefaultExtractProtection() {
+ if(this.configuration.hasValue(DEFAULT_CONFIG_PROTECT_EXTRACT_PDF)) {
+ return this.configuration.getValue(DEFAULT_CONFIG_PROTECT_EXTRACT_PDF);
+ }
+ return null;
+ }
+
+
}
diff --git a/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java b/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java
index e27597d1..a7b1655f 100644
--- a/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java
+++ b/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java
@@ -24,7 +24,6 @@
package at.gv.egiz.pdfas.lib.impl.signing.pdfbox2;
import at.gv.egiz.pdfas.lib.api.Configuration;
-import at.gv.egiz.pdfas.lib.util.PDDocumentUtil;
import iaik.x509.X509Certificate;
import java.awt.Graphics2D;
@@ -114,7 +113,6 @@ import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature;
import at.knowcenter.wag.egov.egiz.pdf.PositioningInstruction;
import at.knowcenter.wag.egov.egiz.pdf.TablePos;
import at.knowcenter.wag.egov.egiz.table.Table;
-
import javax.activation.DataSource;
public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
@@ -603,6 +601,7 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
try {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ /*/ Check if document should be protected*/
synchronized (doc) {
doc.saveIncremental(bos);
@@ -612,45 +611,76 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
}
+ /*
+ Check if resulting pdf is PDF-A conform
+ */
+ if (signatureProfileSettings.isPDFA()) {
+ runPDFAPreflight(new ByteArrayDataSource(pdfObject.getSignedDocument()));
+ }
+
+ /*Check if doc has to be protected*/
+ /* if (requestedSignature.getStatus().getSettings().hasValue(DEFAULT_CONFIG_PROTECT_PDF)) {
+ if (IConfigurationConstants.TRUE.equalsIgnoreCase(requestedSignature.getStatus().getSettings().getValue(IConfigurationConstants.DEFAULT_CONFIG_PROTECT_PDF)))
+ { //Protect document before setting output
+ //Policies for docs
+ AccessPermission ap = doc.getCurrentAccessPermission();
+ ap.setReadOnly();
+ ap.setCanModify(false);
+ ap.setCanExtractForAccessibility(false);
+ doc = new PDDocument(doc.getDocument(),null,ap);
+ logger.info("Added Protection Parameters");
+ }
+
+ }
+*/
+ /*Check if doc has to be protected*/
- /*/ Check if document should be protected*/
- //Check if doc has to be protected//
- if (requestedSignature.getStatus().getSettings().hasValue(DEFAULT_CONFIG_PROTECT_PDF)) {
- //TODO: Test and Check ProtectionSettings// --> overwritten DefaultSecHandler and PDDocumentUtil
- if (IConfigurationConstants.TRUE.equalsIgnoreCase(requestedSignature.getStatus().getSettings().getValue(IConfigurationConstants.DEFAULT_CONFIG_PROTECT_PDF)))
- { //Protect document before setting output
- //Policies for docs
+ if (requestedSignature.getStatus().getSettings().hasValue(DEFAULT_CONFIG_PROTECT_COPY_PDF))
+ {
AccessPermission ap = doc.getCurrentAccessPermission();
- ap.setCanModify(false);
- ap.setCanExtractForAccessibility(false);
- ap.setCanAssembleDocument(false);
- ap.setCanExtractContent(false);
- //StandardProtectionPolicy spp = new StandardProtectionPolicy("", "", ap);
- //doc = PDDocument.load(pdfObject.getSignedDocument(), spp.getOwnerPassword());
- //PDDocumentUtil docProtected = new PDDocumentUtil();
- //docProtected.protect(spp);
-
- //TODO Save File Settings to signed document//
- //Byte-Array and PDF-File//
- //doc = docProtected;
- //doc.close();
-
- logger.info("Added Protection Parameters");
- }
+ if (IConfigurationConstants.TRUE.equalsIgnoreCase(requestedSignature.getStatus().getSettings().getValue(IConfigurationConstants.DEFAULT_CONFIG_PROTECT_COPY_PDF)))
+ {
+ try {
+ if (doc.isEncrypted()) { //remove the security before adding protections
+ //doc.decrypt("");
+ doc.setAllSecurityToBeRemoved(true);
+ }
+ String ownerPassword = "";
+ String userPassword = "";
+ ap.setCanExtractContent(false);
+ ap.setCanModify(false);
+ ap.setCanPrint(false);
+ ap.setReadOnly();
+ ap.setCanExtractForAccessibility(false);
+ StandardProtectionPolicy policy = new StandardProtectionPolicy(ownerPassword,userPassword,ap);
+ doc.protect(policy);
- }
+ //doc = new PDDocument(doc.getDocument(),null,ap);
+ logger.info("Added Protection Parameters");
+ AccessPermission ap_new = doc.getCurrentAccessPermission();
- /*
- Check if resulting pdf is PDF-A conform
- */
- if (signatureProfileSettings.isPDFA()) {
- runPDFAPreflight(new ByteArrayDataSource(pdfObject.getSignedDocument()));
- }
+ Boolean canextract = ap_new.canExtractContent();
+ Boolean bool = ap_new.isReadOnly();
+ }
+ catch (Exception e)
+ {
+ logger.info("Error message" + e.getMessage());
+ }
+ }
+ else if (IConfigurationConstants.FALSE.equalsIgnoreCase(requestedSignature.getStatus().getSettings().getValue(IConfigurationConstants.DEFAULT_CONFIG_PROTECT_COPY_PDF)))
+ {
+ /*ap.setCanExtractContent(true);
+ doc = new PDDocument(doc.getDocument(),null,ap);
+ logger.info("Added Protection Parameters");*/
+ }
+
+ }
+
} catch (IOException e1) {
e1.printStackTrace();
}
@@ -671,6 +701,14 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
if (doc != null) {
try {
doc.close();
+
+
+ AccessPermission ap_new = doc.getCurrentAccessPermission();
+
+
+ Boolean canextract = ap_new.canExtractContent();
+ Boolean bool = ap_new.isReadOnly();
+ String test = "";
} catch (IOException e) {
logger.debug("Failed to close COS Doc!", e);
// Ignore
@@ -890,4 +928,4 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
}
return null;
}
-}
+} \ No newline at end of file