Integrity verification of Signature after Signature creation to ensure correct signed Document

author: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> 2014-07-10 12:09:05 +0200
committer: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> 2014-07-10 12:09:05 +0200
commit: af90012c848711a4c9010dbcf71694dbfbca0e86 (patch)
tree: cd40f8fab90b6a2fe62359a404497d369d82ece0 /pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java
parent: 83a573238984575b76ab06dca677831f4a650534 (diff)
download: pdf-as-4-af90012c848711a4c9010dbcf71694dbfbca0e86.tar.gz
pdf-as-4-af90012c848711a4c9010dbcf71694dbfbca0e86.tar.bz2
pdf-as-4-af90012c848711a4c9010dbcf71694dbfbca0e86.zip
1 files changed, 17 insertions, 2 deletions
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java
index 73de30cf..1059dba1 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java
@@ -55,10 +55,15 @@ import org.xml.sax.SAXException;
 
 import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
 import at.gv.egiz.pdfas.common.exceptions.PdfAsMOAException;
+import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException;
 import at.gv.egiz.pdfas.common.exceptions.PdfAsWrappedIOException;
 import at.gv.egiz.pdfas.common.settings.ISettings;
+import at.gv.egiz.pdfas.common.utils.StreamUtils;
 import at.gv.egiz.pdfas.lib.api.Configuration;
 import at.gv.egiz.pdfas.lib.api.sign.SignParameter;
+import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
+import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature;
+import at.gv.egiz.pdfas.lib.util.SignatureUtils;
 
 public class MOAConnector implements ISignatureConnector {
 
@@ -135,7 +140,8 @@ public class MOAConnector implements ISignatureConnector {
 		return builder.build();
 	}
 
-	public byte[] sign(byte[] input, int[] byteRange, SignParameter parameter) throws PdfAsException {
+	public byte[] sign(byte[] input, int[] byteRange, SignParameter parameter
+			, RequestedSignature requestedSignature) throws PdfAsException {
 		CloseableHttpClient client = null;
 		try {
 			client = buildHttpClient();
@@ -220,7 +226,16 @@ public class MOAConnector implements ISignatureConnector {
 
 				if (cmsSignature != null) {
 					try {
-						return base64.decode(cmsSignature);
+						byte[] cmsSignatureData = base64.decode(cmsSignature);
+						
+						VerifyResult verifyResult = SignatureUtils.verifySignature(cmsSignatureData, input);
+
+						if(!StreamUtils.dataCompare(requestedSignature.getCertificate().getFingerprintSHA(),
+								verifyResult.getSignerCertificate().getFingerprintSHA())) {
+							throw new PdfAsSignatureException("Certificates missmatch!");
+						}
+						
+						return cmsSignatureData;
 					} catch(Exception e) {
 						throw new PdfAsException("error.pdf.io.07", e);
 					}
author	Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>	2014-07-10 12:09:05 +0200
committer	Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>	2014-07-10 12:09:05 +0200
commit	af90012c848711a4c9010dbcf71694dbfbca0e86 (patch)
tree	cd40f8fab90b6a2fe62359a404497d369d82ece0 /pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java
parent	83a573238984575b76ab06dca677831f4a650534 (diff)
download	pdf-as-4-af90012c848711a4c9010dbcf71694dbfbca0e86.tar.gz pdf-as-4-af90012c848711a4c9010dbcf71694dbfbca0e86.tar.bz2 pdf-as-4-af90012c848711a4c9010dbcf71694dbfbca0e86.zip