diff options
author | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2014-07-10 12:58:25 +0200 |
---|---|---|
committer | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2014-07-10 12:58:25 +0200 |
commit | 0bfafff409078ef49b2d4a0d71405e8f5b0eb078 (patch) | |
tree | 6b0eb440acbca7407ec77a23fca1ad653c2d9a81 /pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IntegrityVerifier.java | |
parent | af90012c848711a4c9010dbcf71694dbfbca0e86 (diff) | |
download | pdf-as-4-0bfafff409078ef49b2d4a0d71405e8f5b0eb078.tar.gz pdf-as-4-0bfafff409078ef49b2d4a0d71405e8f5b0eb078.tar.bz2 pdf-as-4-0bfafff409078ef49b2d4a0d71405e8f5b0eb078.zip |
Implemented Verification level (Full incl. Certificate Path, and Integrity Only)
Diffstat (limited to 'pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IntegrityVerifier.java')
-rw-r--r-- | pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IntegrityVerifier.java | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IntegrityVerifier.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IntegrityVerifier.java new file mode 100644 index 00000000..01604a6b --- /dev/null +++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IntegrityVerifier.java @@ -0,0 +1,95 @@ +package at.gv.egiz.pdfas.lib.impl.verify; + +import iaik.asn1.ObjectID; +import iaik.asn1.structures.AlgorithmID; +import iaik.cms.ContentInfo; +import iaik.cms.SignedData; +import iaik.cms.SignerInfo; +import iaik.x509.X509Certificate; + +import java.io.ByteArrayInputStream; +import java.security.SignatureException; +import java.util.ArrayList; +import java.util.Date; +import java.util.List; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.pdfas.common.exceptions.PdfAsException; +import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException; +import at.gv.egiz.pdfas.lib.api.Configuration; +import at.gv.egiz.pdfas.lib.api.verify.VerifyResult; + +public class IntegrityVerifier implements IVerifier { + + private static final Logger logger = LoggerFactory + .getLogger(FullVerifier.class); + + public List<VerifyResult> verify(byte[] signature, byte[] signatureContent, + Date verificationTime) throws PdfAsException { + try { + List<VerifyResult> result = new ArrayList<VerifyResult>(); + + SignedData signedData = new SignedData(signatureContent, new AlgorithmID[] { + AlgorithmID.sha256, AlgorithmID.sha1, AlgorithmID.ripeMd160, AlgorithmID.ripeMd160_ISO + }); + ContentInfo ci = new ContentInfo(new ByteArrayInputStream(signature + )); + if (!ci.getContentType().equals(ObjectID.cms_signedData)) { + throw new PdfAsException("error.pdf.verify.01"); + } + //SignedData signedData = (SignedData)ci.getContent(); + //signedData.setContent(contentData); + + signedData.decode(ci.getContentInputStream()); + + // get the signer infos + SignerInfo[] signerInfos = signedData.getSignerInfos(); + // verify the signatures + for (int i = 0; i < signerInfos.length; i++) { + VerifyResultImpl verifyResult = new VerifyResultImpl(); + try { + // verify the signature for SignerInfo at index i + X509Certificate signer_cert = signedData.verify(i); + logger.info("Signature Algo: {}, Digest {}", + signedData.getSignerInfos()[i].getSignatureAlgorithm(), + signedData.getSignerInfos()[i].getDigestAlgorithm()); + // if the signature is OK the certificate of the + // signer is returned + logger.info("Signature OK from signer: " + + signer_cert.getSubjectDN()); + verifyResult.setSignerCertificate(signer_cert); + verifyResult.setValueCheckCode(new SignatureCheckImpl(0, "OK")); + verifyResult.setManifestCheckCode(new SignatureCheckImpl(99, "not checked")); + verifyResult.setCertificateCheck(new SignatureCheckImpl(99, "not checked")); + verifyResult.setVerificationDone(true); + } catch (SignatureException ex) { + // if the signature is not OK a SignatureException + // is thrown + logger.info("Signature ERROR from signer: " + + signedData.getCertificate( + signerInfos[i].getSignerIdentifier()) + .getSubjectDN(), ex); + + verifyResult.setSignerCertificate( + signedData.getCertificate(signerInfos[i].getSignerIdentifier())); + verifyResult.setValueCheckCode(new SignatureCheckImpl(1, "failed to check signature")); + verifyResult.setManifestCheckCode(new SignatureCheckImpl(99, "not checked")); + verifyResult.setCertificateCheck(new SignatureCheckImpl(99, "not checked")); + verifyResult.setVerificationDone(false); + verifyResult.setVerificationException(new PdfAsSignatureException("failed to check signature", ex)); + } + result.add(verifyResult); + } + + return result; + } catch (Throwable e) { + throw new PdfAsException("error.pdf.verify.02", e); + } + } + + public void setConfiguration(Configuration config) { + + } +} |