aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas <>2023-08-30 08:07:16 +0200
committerThomas <>2023-08-30 08:07:16 +0200
commit4b8ac0fd970aacf8fe0638fa24f6aa626b89fa56 (patch)
tree83bd7e9fb3283cb0d5018dbca5eb83658593189f
parentde806438eec6125d14c674dfd7b6c10f71649251 (diff)
downloadpdf-as-4-4b8ac0fd970aacf8fe0638fa24f6aa626b89fa56.tar.gz
pdf-as-4-4b8ac0fd970aacf8fe0638fa24f6aa626b89fa56.tar.bz2
pdf-as-4-4b8ac0fd970aacf8fe0638fa24f6aa626b89fa56.zip
style(core): just some code-style work
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java7
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/util/SignatureUtils.java250
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java3
-rw-r--r--signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java341
4 files changed, 297 insertions, 304 deletions
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java
index 22c6c9a1..1235e4e7 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java
@@ -208,9 +208,10 @@ public class PdfAsImpl implements PdfAs, IConfigurationConstants,
// Create signature
try {
- signer.signPDF(status.getPdfObject(), requestedSignature, signer
- .buildSignaturInterface(status.getSignParamter()
- .getPlainSigner(), parameter, requestedSignature));
+ signer.signPDF(status.getPdfObject(), requestedSignature,
+ signer.buildSignaturInterface(status.getSignParamter().getPlainSigner(),
+ parameter, requestedSignature));
+
} finally {
if (parameter instanceof BKUHeaderHolder) {
final BKUHeaderHolder holder = (BKUHeaderHolder) parameter;
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/util/SignatureUtils.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/util/SignatureUtils.java
index 6e584f32..6282d9c1 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/util/SignatureUtils.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/util/SignatureUtils.java
@@ -1,144 +1,138 @@
package at.gv.egiz.pdfas.lib.util;
-import iaik.asn1.CodingException;
-import iaik.asn1.ObjectID;
-import iaik.asn1.structures.Attribute;
-import iaik.cms.CMSException;
-import iaik.cms.SignedData;
-import iaik.cms.SignerInfo;
-import iaik.smime.ess.ESSCertID;
-import iaik.smime.ess.ESSCertIDv2;
-import iaik.smime.ess.SigningCertificate;
-import iaik.smime.ess.SigningCertificateV2;
-import iaik.x509.X509Certificate;
-
import java.io.ByteArrayInputStream;
import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
-import java.security.cert.CertificateException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import at.gv.egiz.pdfas.common.exceptions.ErrorConstants;
import at.gv.egiz.pdfas.common.exceptions.PDFASError;
-import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException;
-import at.gv.egiz.pdfas.common.utils.StreamUtils;
import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
+import iaik.asn1.ObjectID;
+import iaik.asn1.structures.Attribute;
+import iaik.cms.CMSException;
+import iaik.cms.SignedData;
+import iaik.cms.SignerInfo;
+import iaik.smime.ess.SigningCertificate;
+import iaik.smime.ess.SigningCertificateV2;
+import iaik.x509.X509Certificate;
public class SignatureUtils implements ErrorConstants {
-
- private static final Logger logger = LoggerFactory
- .getLogger(SignatureUtils.class);
-
- public static VerifyResult verifySignature(byte[] signature, byte[] input)
- throws PDFASError {
- // List<VerifyResult> results = new ArrayList<VerifyResult>();
- try {
- SignedData signedData = new SignedData(new ByteArrayInputStream(
- signature));
-
- signedData.setContent(input);
-
- // get the signer infos
- SignerInfo[] signerInfos = signedData.getSignerInfos();
- if (signerInfos.length == 0) {
- logger.warn("Invalid signature (no signer information)");
- throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG);
- }
-
- if (signerInfos.length != 1) {
- logger.warn("Invalid signature (multiple signer information)");
- throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG);
- }
- // verify the signatures
- // for (int i = 0; i < signerInfos.length; i++) {
- VerifyResultImpl verifyResult = new VerifyResultImpl();
- // results.add(verifyResult);
- try {
- logger.debug("Signature Algo: {}, Digest {}",
- signedData.getSignerInfos()[0].getSignatureAlgorithm(),
- signedData.getSignerInfos()[0].getDigestAlgorithm());
- // verify the signature for SignerInfo at index i
- X509Certificate signer_cert = signedData.verify(0);
-
- // Must include Signing Certificate!
- Attribute signedCertificate = signerInfos[0]
- .getSignedAttribute(ObjectID.signingCertificate);
-
- if (signedCertificate == null) {
- signedCertificate = signerInfos[0]
- .getSignedAttribute(ObjectID.signingCertificateV2);
- if (signedCertificate == null) {
- logger.warn("Signature ERROR missing signed Signing Certificate: ");
-
- throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG);
- } else {
- // Validate signingCertificate2
- try {
- SigningCertificateV2 signingCert = (SigningCertificateV2)signedCertificate.getAttributeValue();
-
- if (signingCert.isSignerCertificate(signer_cert)) {
- // OK
- logger.debug("Found and verified SigningCertificateV2");
- } else {
- logger.error("Signature ERROR certificate missmatch, misbehaving Signature Backend?");
-
- throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG);
- }
- } catch (Throwable e) {
- logger.error("Signature ERROR wrong encoding for ESSCertIDv2, misbehaving Signature Backend?");
-
- throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, e);
- }
- }
- } else {
- // Validate signingCertificate
- try {
- SigningCertificate signingCert = (SigningCertificate)signedCertificate.getAttributeValue();
- if (signingCert.isSignerCertificate(signer_cert)) {
- // OK
- logger.debug("Found and verified SigningCertificate");
- } else {
- logger.warn("Signature ERROR certificate missmatch, misbehaving Signature Backend?");
-
- throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG);
- }
- } catch (Throwable e) {
- logger.error("Signature ERROR wrong encoding for ESSCertIDv2, misbehaving Signature Backend?");
-
- throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, e);
- }
- }
-
- // if the signature is OK the certificate of the
- // signer is returned
- logger.debug("Signature OK");
- verifyResult.setSignerCertificate(signer_cert);
-
- } catch (SignatureException ex) {
- // if the signature is not OK a SignatureException
- // is thrown
- logger.warn(
- "Signature ERROR from signer: "
- + signedData.getCertificate(
- signerInfos[0].getSignerIdentifier())
- .getSubjectDN(), ex);
-
- verifyResult.setSignerCertificate(signedData
- .getCertificate(signerInfos[0].getSignerIdentifier()));
- throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, ex);
- }
-
- return verifyResult;
- // }
- } catch (CMSException e) {
- throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, e);
- } catch (IOException e) {
- throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, e);
- }
-
- }
+ private static final Logger logger = LoggerFactory.getLogger(SignatureUtils.class);
+
+ public static VerifyResult verifySignature(byte[] signature, byte[] input)
+ throws PDFASError {
+ // List<VerifyResult> results = new ArrayList<VerifyResult>();
+ try {
+ final SignedData signedData = new SignedData(new ByteArrayInputStream(signature));
+ signedData.setContent(input);
+
+ // get the signer infos
+ final SignerInfo[] signerInfos = signedData.getSignerInfos();
+ if (signerInfos.length == 0) {
+ logger.warn("Invalid signature (no signer information)");
+ throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG);
+
+ }
+
+ if (signerInfos.length != 1) {
+ logger.warn("Invalid signature (multiple signer information)");
+ throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG);
+
+ }
+ // verify the signatures
+ // for (int i = 0; i < signerInfos.length; i++) {
+ final VerifyResultImpl verifyResult = new VerifyResultImpl();
+ // results.add(verifyResult);
+ try {
+ logger.debug("Signature Algo: {}, Digest {}",
+ signedData.getSignerInfos()[0].getSignatureAlgorithm(),
+ signedData.getSignerInfos()[0].getDigestAlgorithm());
+ // verify the signature for SignerInfo at index i
+ final X509Certificate signer_cert = signedData.verify(0);
+
+ // Must include Signing Certificate!
+ Attribute signedCertificate = signerInfos[0].getSignedAttribute(ObjectID.signingCertificate);
+
+ if (signedCertificate == null) {
+ signedCertificate = signerInfos[0].getSignedAttribute(ObjectID.signingCertificateV2);
+
+ if (signedCertificate == null) {
+ logger.warn("Signature ERROR missing signed Signing Certificate: ");
+ throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG);
+
+ } else {
+ // Validate signingCertificate2
+ try {
+ final SigningCertificateV2 signingCert = (SigningCertificateV2) signedCertificate.getAttributeValue();
+ if (signingCert.isSignerCertificate(signer_cert)) {
+ // OK
+ logger.debug("Found and verified SigningCertificateV2");
+
+ } else {
+ logger.error("Signature ERROR certificate missmatch, misbehaving Signature Backend?");
+
+ throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG);
+ }
+
+ } catch (final Throwable e) {
+ logger.error("Signature ERROR wrong encoding for ESSCertIDv2, misbehaving Signature Backend?");
+ throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, e);
+
+ }
+ }
+
+ } else {
+ // Validate signingCertificate
+ try {
+ final SigningCertificate signingCert = (SigningCertificate) signedCertificate.getAttributeValue();
+ if (signingCert.isSignerCertificate(signer_cert)) {
+ // OK
+ logger.debug("Found and verified SigningCertificate");
+ } else {
+ logger.warn("Signature ERROR certificate missmatch, misbehaving Signature Backend?");
+
+ throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG);
+ }
+ } catch (final Throwable e) {
+ logger.error("Signature ERROR wrong encoding for ESSCertIDv2, misbehaving Signature Backend?");
+
+ throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, e);
+ }
+ }
+
+ // if the signature is OK the certificate of the
+ // signer is returned
+ logger.debug("Signature OK");
+ verifyResult.setSignerCertificate(signer_cert);
+
+ } catch (final SignatureException ex) {
+ // if the signature is not OK a SignatureException
+ // is thrown
+ logger.warn(
+ "Signature ERROR from signer: "
+ + signedData.getCertificate(
+ signerInfos[0].getSignerIdentifier())
+ .getSubjectDN(), ex);
+
+ verifyResult.setSignerCertificate(signedData
+ .getCertificate(signerInfos[0].getSignerIdentifier()));
+ throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, ex);
+
+ }
+
+ return verifyResult;
+ // }
+ } catch (final CMSException e) {
+ throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, e);
+
+ } catch (final IOException e) {
+ throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, e);
+
+ }
+
+ }
}
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
index 5db82e3a..8b98a322 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
@@ -553,8 +553,7 @@ public class PdfAsHelper {
PDFASVerificationResponse verResponse = new PDFASVerificationResponse();
- verResponse.setSignerCertificate(signResult.getSignerCertificate()
- .getEncoded());
+ verResponse.setSignerCertificate(signResult.getSignerCertificate().getEncoded());
SignedDocument signPdfDoc = SignedDocument.builder()
diff --git a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java
index 6845adf2..4914833e 100644
--- a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java
+++ b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java
@@ -23,23 +23,6 @@
******************************************************************************/
package at.gv.egiz.pdfas.sigs.pades;
-import at.gv.egiz.pdfas.lib.api.IConfigurationConstants;
-import iaik.asn1.ASN1Object;
-import iaik.asn1.CodingException;
-import iaik.asn1.ObjectID;
-import iaik.asn1.SEQUENCE;
-import iaik.asn1.UTF8String;
-import iaik.asn1.structures.AlgorithmID;
-import iaik.asn1.structures.Attribute;
-import iaik.asn1.structures.ChoiceOfTime;
-import iaik.cms.ContentInfo;
-import iaik.cms.IssuerAndSerialNumber;
-import iaik.cms.SignedData;
-import iaik.cms.SignerInfo;
-import iaik.smime.ess.ESSCertID;
-import iaik.smime.ess.ESSCertIDv2;
-import iaik.x509.X509Certificate;
-
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -63,6 +46,7 @@ import at.gv.egiz.pdfas.common.exceptions.ErrorConstants;
import at.gv.egiz.pdfas.common.exceptions.PDFASError;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException;
+import at.gv.egiz.pdfas.lib.api.IConfigurationConstants;
import at.gv.egiz.pdfas.lib.api.PdfAsFactory;
import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner;
import at.gv.egiz.pdfas.lib.api.sign.SignParameter;
@@ -70,6 +54,21 @@ import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature;
import at.gv.egiz.pdfas.lib.util.CertificateUtils;
import at.gv.egiz.pdfas.lib.util.SignatureUtils;
+import iaik.asn1.ASN1Object;
+import iaik.asn1.CodingException;
+import iaik.asn1.ObjectID;
+import iaik.asn1.SEQUENCE;
+import iaik.asn1.UTF8String;
+import iaik.asn1.structures.AlgorithmID;
+import iaik.asn1.structures.Attribute;
+import iaik.asn1.structures.ChoiceOfTime;
+import iaik.cms.ContentInfo;
+import iaik.cms.IssuerAndSerialNumber;
+import iaik.cms.SignedData;
+import iaik.cms.SignerInfo;
+import iaik.smime.ess.ESSCertID;
+import iaik.smime.ess.ESSCertIDv2;
+import iaik.x509.X509Certificate;
public class PAdESSignerKeystore implements IPlainSigner, PAdESConstants {
@@ -83,85 +82,6 @@ public class PAdESSignerKeystore implements IPlainSigner, PAdESConstants {
PrivateKey privKey;
X509Certificate cert;
- private void readKeyStore(KeyStore ks, String alias, String keypassword) throws Throwable {
- if (keypassword == null) {
- throw new PdfAsException("error.pdf.sig.16");
- }
- PasswordProtection pwdProt = new PasswordProtection(
- keypassword.toCharArray());
-
- logger.info("Opening Alias: [" + alias + "]");
-
- Entry entry = ks.getEntry(alias, pwdProt);
-
- if (!(entry instanceof PrivateKeyEntry)) {
- throw new PdfAsException("error.pdf.sig.18");
- }
-
- PrivateKeyEntry privateEntry = (PrivateKeyEntry) entry;
-
- privKey = privateEntry.getPrivateKey();
-
- if (privKey == null) {
- throw new PdfAsException("error.pdf.sig.13");
- }
-
- Certificate c = privateEntry.getCertificate();
-
- if (c == null) {
- if (privateEntry.getCertificateChain() != null) {
- if (privateEntry.getCertificateChain().length > 0) {
- c = privateEntry.getCertificateChain()[0];
- }
- }
- }
-
- if (c == null) {
- throw new PdfAsException("error.pdf.sig.17");
- }
-
- cert = new X509Certificate(c.getEncoded());
- }
-
- private KeyStore buildKeyStoreFromFile(String file, String kspassword,
- String type, String provider) throws Throwable {
- String viusalProvider = (provider == null ? "IAIK" : provider);
- logger.trace("Opening Keystore: " + file + " with [" + viusalProvider
- + "]");
-
- KeyStore ks = null;
- if (provider == null) {
- ks = KeyStore.getInstance(type);
- } else {
- ks = KeyStore.getInstance(type, provider);
- }
-
- if (ks == null) {
- throw new PdfAsException("error.pdf.sig.14");
- }
- if (kspassword == null) {
- throw new PdfAsException("error.pdf.sig.15");
- }
- FileInputStream is = null;
- try {
- is = new FileInputStream(file);
- ks.load(is, kspassword.toCharArray());
- } finally {
- if (is != null) {
- is.close();
- }
- }
- return ks;
- }
-
- private void loadKeystore(String file, String alias, String kspassword,
- String keypassword, String type, String provider) throws Throwable {
-
- KeyStore ks = buildKeyStoreFromFile(file, kspassword, type, provider);
-
- readKeyStore(ks, alias, keypassword);
- }
-
public PAdESSignerKeystore(KeyStore ks, String alias,
String keypassword) throws PDFASError {
try {
@@ -221,6 +141,160 @@ public class PAdESSignerKeystore implements IPlainSigner, PAdESConstants {
return cert;
}
+ public byte[] sign(byte[] input, int[] byteRange, SignParameter parameter,
+ RequestedSignature requestedSignature) throws PdfAsException {
+ try {
+ logger.info("Creating PAdES signature.");
+
+ requestedSignature.getStatus().getMetaInformations()
+ .put(ErrorConstants.STATUS_INFO_SIGDEVICE, SIGNATURE_DEVICE);
+ requestedSignature.getStatus().getMetaInformations()
+ .put(ErrorConstants.STATUS_INFO_SIGDEVICEVERSION, PdfAsFactory.getVersion());
+
+ IssuerAndSerialNumber issuer = new IssuerAndSerialNumber(cert);
+
+ AlgorithmID[] algorithms = CertificateUtils.getAlgorithmIDs(cert);
+
+ SignerInfo signer1 = new SignerInfo(issuer, algorithms[1],
+ algorithms[0], privKey);
+
+ SignedData si = new SignedData(input, SignedData.EXPLICIT);
+ si.addCertificates(new Certificate[] { cert });
+
+
+ //Check PAdES Flag
+ if (parameter.getConfiguration().hasValue(IConfigurationConstants.SIG_PADES_FORCE_FLAG))
+ {
+ if (IConfigurationConstants.TRUE.equalsIgnoreCase(parameter.getConfiguration().getValue(IConfigurationConstants.SIG_PADES_FORCE_FLAG)))
+ {
+ setAttributes(cert, signer1);
+ }
+ else
+ {
+ setAttributes("application/pdf", cert, new Date(), signer1);
+ }
+ }
+ else
+ {
+ setAttributes("application/pdf", cert, new Date(), signer1);
+ }
+
+ si.addSignerInfo(signer1);
+ InputStream dataIs = si.getInputStream();
+ byte[] buf = new byte[1024];
+ @SuppressWarnings("unused")
+ int r;
+ while ((r = dataIs.read(buf)) > 0)
+ ; // skip data
+ ContentInfo ci = new ContentInfo(si);
+ byte[] signature = ci.getEncoded();
+
+ VerifyResult verifyResult = SignatureUtils.verifySignature(
+ signature, input);
+
+ return signature;
+ } catch (NoSuchAlgorithmException e) {
+ throw new PdfAsSignatureException("error.pdf.sig.01", e);
+ } catch (iaik.cms.CMSException e) {
+ throw new PdfAsSignatureException("error.pdf.sig.01", e);
+ } catch (IOException e) {
+ throw new PdfAsSignatureException("error.pdf.sig.01", e);
+ } catch (CertificateException e) {
+ throw new PdfAsSignatureException("error.pdf.sig.01", e);
+ } catch (CodingException e) {
+ throw new PdfAsSignatureException("error.pdf.sig.01", e);
+ } catch (PDFASError e) {
+ throw new PdfAsSignatureException("error.pdf.sig.01", e);
+ }
+ }
+
+ public String getPDFSubFilter() {
+ return SUBFILTER_ETSI_CADES_DETACHED;
+ }
+
+ public String getPDFFilter() {
+ return FILTER_ADOBE_PPKLITE;
+ }
+
+ private void readKeyStore(KeyStore ks, String alias, String keypassword) throws Throwable {
+ if (keypassword == null) {
+ throw new PdfAsException("error.pdf.sig.16");
+ }
+ PasswordProtection pwdProt = new PasswordProtection(
+ keypassword.toCharArray());
+
+ logger.info("Opening Alias: [" + alias + "]");
+
+ Entry entry = ks.getEntry(alias, pwdProt);
+
+ if (!(entry instanceof PrivateKeyEntry)) {
+ throw new PdfAsException("error.pdf.sig.18");
+ }
+
+ PrivateKeyEntry privateEntry = (PrivateKeyEntry) entry;
+
+ privKey = privateEntry.getPrivateKey();
+
+ if (privKey == null) {
+ throw new PdfAsException("error.pdf.sig.13");
+ }
+
+ Certificate c = privateEntry.getCertificate();
+
+ if (c == null) {
+ if (privateEntry.getCertificateChain() != null) {
+ if (privateEntry.getCertificateChain().length > 0) {
+ c = privateEntry.getCertificateChain()[0];
+ }
+ }
+ }
+
+ if (c == null) {
+ throw new PdfAsException("error.pdf.sig.17");
+ }
+
+ cert = new X509Certificate(c.getEncoded());
+ }
+
+ private KeyStore buildKeyStoreFromFile(String file, String kspassword,
+ String type, String provider) throws Throwable {
+ String viusalProvider = (provider == null ? "IAIK" : provider);
+ logger.trace("Opening Keystore: " + file + " with [" + viusalProvider
+ + "]");
+
+ KeyStore ks = null;
+ if (provider == null) {
+ ks = KeyStore.getInstance(type);
+ } else {
+ ks = KeyStore.getInstance(type, provider);
+ }
+
+ if (ks == null) {
+ throw new PdfAsException("error.pdf.sig.14");
+ }
+ if (kspassword == null) {
+ throw new PdfAsException("error.pdf.sig.15");
+ }
+ FileInputStream is = null;
+ try {
+ is = new FileInputStream(file);
+ ks.load(is, kspassword.toCharArray());
+ } finally {
+ if (is != null) {
+ is.close();
+ }
+ }
+ return ks;
+ }
+
+ private void loadKeystore(String file, String alias, String kspassword,
+ String keypassword, String type, String provider) throws Throwable {
+
+ KeyStore ks = buildKeyStoreFromFile(file, kspassword, type, provider);
+
+ readKeyStore(ks, alias, keypassword);
+ }
+
private void setMimeTypeAttrib(List<Attribute> attributes, String mimeType) {
String oidStr = "0.4.0.1733.2.1";
String name = "mime-type";
@@ -292,79 +366,4 @@ public class PAdESSignerKeystore implements IPlainSigner, PAdESConstants {
signerInfo.setSignedAttributes(attributeArray);
}
- public byte[] sign(byte[] input, int[] byteRange, SignParameter parameter,
- RequestedSignature requestedSignature) throws PdfAsException {
- try {
- logger.info("Creating PAdES signature.");
-
- requestedSignature.getStatus().getMetaInformations()
- .put(ErrorConstants.STATUS_INFO_SIGDEVICE, SIGNATURE_DEVICE);
- requestedSignature.getStatus().getMetaInformations()
- .put(ErrorConstants.STATUS_INFO_SIGDEVICEVERSION, PdfAsFactory.getVersion());
-
- IssuerAndSerialNumber issuer = new IssuerAndSerialNumber(cert);
-
- AlgorithmID[] algorithms = CertificateUtils.getAlgorithmIDs(cert);
-
- SignerInfo signer1 = new SignerInfo(issuer, algorithms[1],
- algorithms[0], privKey);
-
- SignedData si = new SignedData(input, SignedData.EXPLICIT);
- si.addCertificates(new Certificate[] { cert });
-
-
- //Check PAdES Flag
- if (parameter.getConfiguration().hasValue(IConfigurationConstants.SIG_PADES_FORCE_FLAG))
- {
- if (IConfigurationConstants.TRUE.equalsIgnoreCase(parameter.getConfiguration().getValue(IConfigurationConstants.SIG_PADES_FORCE_FLAG)))
- {
- setAttributes(cert, signer1);
- }
- else
- {
- setAttributes("application/pdf", cert, new Date(), signer1);
- }
- }
- else
- {
- setAttributes("application/pdf", cert, new Date(), signer1);
- }
-
- si.addSignerInfo(signer1);
- InputStream dataIs = si.getInputStream();
- byte[] buf = new byte[1024];
- @SuppressWarnings("unused")
- int r;
- while ((r = dataIs.read(buf)) > 0)
- ; // skip data
- ContentInfo ci = new ContentInfo(si);
- byte[] signature = ci.getEncoded();
-
- VerifyResult verifyResult = SignatureUtils.verifySignature(
- signature, input);
-
- return signature;
- } catch (NoSuchAlgorithmException e) {
- throw new PdfAsSignatureException("error.pdf.sig.01", e);
- } catch (iaik.cms.CMSException e) {
- throw new PdfAsSignatureException("error.pdf.sig.01", e);
- } catch (IOException e) {
- throw new PdfAsSignatureException("error.pdf.sig.01", e);
- } catch (CertificateException e) {
- throw new PdfAsSignatureException("error.pdf.sig.01", e);
- } catch (CodingException e) {
- throw new PdfAsSignatureException("error.pdf.sig.01", e);
- } catch (PDFASError e) {
- throw new PdfAsSignatureException("error.pdf.sig.01", e);
- }
- }
-
- public String getPDFSubFilter() {
- return SUBFILTER_ETSI_CADES_DETACHED;
- }
-
- public String getPDFFilter() {
- return FILTER_ADOBE_PPKLITE;
- }
-
}