Integrity verification of Signature after Signature creation to ensure correct signed Document

3 files changed, 21 insertions, 21 deletions

diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java
index 28bd9151..7dcdca2b 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java
@@ -31,15 +31,12 @@ import java.awt.image.BufferedImage;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
-import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.OutputStream;
 import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.List;
 
-import javax.imageio.ImageIO;
-
 import org.apache.pdfbox.cos.COSArray;
 import org.apache.pdfbox.cos.COSBase;
 import org.apache.pdfbox.cos.COSDictionary;
@@ -47,14 +44,13 @@ import org.apache.pdfbox.cos.COSName;
 import org.apache.pdfbox.cos.COSString;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.PDPage;
-import org.apache.pdfbox.pdmodel.PDPageable;
-import org.apache.pdfbox.util.PDFImageWriter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import at.gv.egiz.pdfas.common.exceptions.PDFIOException;
 import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
 import at.gv.egiz.pdfas.common.exceptions.PdfAsSettingsException;
+import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException;
 import at.gv.egiz.pdfas.common.exceptions.PdfAsValidationException;
 import at.gv.egiz.pdfas.common.settings.ISettings;
 import at.gv.egiz.pdfas.common.settings.Settings;
@@ -87,6 +83,7 @@ import at.gv.egiz.pdfas.lib.impl.status.PDFObject;
 import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature;
 import at.gv.egiz.pdfas.lib.impl.verify.IVerifyFilter;
 import at.gv.egiz.pdfas.lib.impl.verify.VerifierDispatcher;
+import at.gv.egiz.pdfas.lib.util.SignatureUtils;
 import at.knowcenter.wag.egov.egiz.pdf.PositioningInstruction;
 import at.knowcenter.wag.egov.egiz.pdf.TablePos;
 import at.knowcenter.wag.egov.egiz.table.Table;
@@ -193,18 +190,11 @@ public class PdfAsImpl implements PdfAs, IConfigurationConstants {
 			IPdfSigner signer = PdfSignerFactory.createPdfSigner();
 			signer.signPDF(status.getPdfObject(), requestedSignature,
 					new PdfboxSignerWrapper(status.getSignParamter()
-							.getPlainSigner(), parameter));
+							.getPlainSigner(), parameter, requestedSignature));
 
 			// ================================================================
 			// Create SignResult
-			SignResultImpl result = new SignResultImpl(status.getSignParamter()
-					.getOutput());
-			OutputStream outputStream = result.getOutputDocument()
-					.createOutputStream();
-
-			outputStream.write(status.getPdfObject().getSignedDocument());
-
-			outputStream.close();
+			SignResult result = createSignResult(status);
 
 			return result;
 		} catch (Throwable e) {
@@ -424,7 +414,16 @@ public class PdfAsImpl implements PdfAs, IConfigurationConstants {
 			String signature = new COSString(request.getSignature())
 					.getHexString();
 			byte[] pdfSignature = signature.getBytes();
-
+			//byte[] input = PDFUtils.blackOutSignature(status.getPdfObject().getSignedDocument(), 
+			//		request.getSignatureDataByteRange());
+			VerifyResult verifyResult = SignatureUtils.verifySignature(request.getSignature(), request.getSignatureData());
+			RequestedSignature requestedSignature = request.getStatus().getRequestedSignature();
+			
+			if(!StreamUtils.dataCompare(requestedSignature.getCertificate().getFingerprintSHA(),
+					verifyResult.getSignerCertificate().getFingerprintSHA())) {
+				throw new PdfAsSignatureException("Certificates missmatch!");
+			}
+			
 			for (int i = 0; i < pdfSignature.length; i++) {
 				status.getPdfObject().getSignedDocument()[offset + i] = pdfSignature[i];
 			}
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PADESPDFBOXSigner.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PADESPDFBOXSigner.java
index 4e82efa5..c8c4eeb4 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PADESPDFBOXSigner.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PADESPDFBOXSigner.java
@@ -35,7 +35,6 @@ import java.util.List;
 import org.apache.pdfbox.cos.COSBase;
 import org.apache.pdfbox.cos.COSDictionary;
 import org.apache.pdfbox.cos.COSName;
-import org.apache.pdfbox.cos.COSObject;
 import org.apache.pdfbox.exceptions.COSVisitorException;
 import org.apache.pdfbox.exceptions.SignatureException;
 import org.apache.pdfbox.pdmodel.PDDocument;
@@ -343,7 +342,7 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
 				sigFieldName = "PDF-AS Signatur";
 			}
 			
-			int count = SignatureUtils.countSignatures(doc);
+			int count = SignatureUtils.countSignatures(doc, sigFieldName);
 			
 			sigFieldName = sigFieldName + count;
 
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PdfboxSignerWrapper.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PdfboxSignerWrapper.java
index faa49148..44915a42 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PdfboxSignerWrapper.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PdfboxSignerWrapper.java
@@ -39,6 +39,7 @@ import at.gv.egiz.pdfas.common.utils.StreamUtils;
 import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner;
 import at.gv.egiz.pdfas.lib.api.sign.SignParameter;
 import at.gv.egiz.pdfas.lib.impl.signing.sig_interface.PDFASSignatureInterface;
+import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature;
 
 public class PdfboxSignerWrapper implements PDFASSignatureInterface {
 
@@ -46,16 +47,17 @@ public class PdfboxSignerWrapper implements PDFASSignatureInterface {
 			.getLogger(PdfboxSignerWrapper.class);
 
 	private IPlainSigner signer;
-	@SuppressWarnings("unused")
-  private PDSignature signature;
+	private PDSignature signature;
 	private int[] byteRange;
 	private Calendar date;
 	private SignParameter parameters;
+	private RequestedSignature requestedSignature;
 
-	public PdfboxSignerWrapper(IPlainSigner signer, SignParameter parameters) {
+	public PdfboxSignerWrapper(IPlainSigner signer, SignParameter parameters, RequestedSignature requestedSignature) {
 		this.signer = signer;
 		this.date = Calendar.getInstance();
 		this.parameters = parameters;
+		this.requestedSignature = requestedSignature;
 	}
 
 	public byte[] sign(InputStream inputStream) throws SignatureException,
@@ -66,7 +68,7 @@ public class PdfboxSignerWrapper implements PDFASSignatureInterface {
 		logger.info("Byte Range 2: " + byteRange2);
 		try {
 			logger.info("Signing with Pdfbox Wrapper");
-			byte[] signature = signer.sign(data, byteRange, this.parameters);
+			byte[] signature = signer.sign(data, byteRange, this.parameters, this.requestedSignature);
 			return signature;
 		} catch (PdfAsException e) {
 			throw new PdfAsWrappedIOException(e);