aboutsummaryrefslogtreecommitdiff
path: root/signature-standards/sigs-pcks7detached/src/main/java/at
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2013-10-02 10:28:30 +0200
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2013-10-02 10:28:30 +0200
commit0876981fd70fdab07f7c3e1666cf77071b5fe03d (patch)
tree0661571d1d757383fee936d1c4648d2c31b43ddb /signature-standards/sigs-pcks7detached/src/main/java/at
parentadd4460d9619f3586a02ae0d8c028f01903494bc (diff)
downloadpdf-as-4-0876981fd70fdab07f7c3e1666cf77071b5fe03d.tar.gz
pdf-as-4-0876981fd70fdab07f7c3e1666cf77071b5fe03d.tar.bz2
pdf-as-4-0876981fd70fdab07f7c3e1666cf77071b5fe03d.zip
+ added PKCS7 detached siganture standard via keystore
+ added simple verification implementation
Diffstat (limited to 'signature-standards/sigs-pcks7detached/src/main/java/at')
-rw-r--r--signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java88
-rw-r--r--signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java74
-rw-r--r--signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/package-info.java8
3 files changed, 170 insertions, 0 deletions
diff --git a/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java
new file mode 100644
index 00000000..864a31d1
--- /dev/null
+++ b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java
@@ -0,0 +1,88 @@
+package at.gv.egiz.pdfas.sigs.pkcs7detached;
+
+import iaik.asn1.structures.AlgorithmID;
+import iaik.cms.SignedDataStream;
+import iaik.cms.SignerInfo;
+import iaik.cms.SubjectKeyID;
+import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.provider.IAIK;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionException;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+
+import org.apache.pdfbox.cos.COSName;
+import org.apache.pdfbox.exceptions.SignatureException;
+import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
+
+import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
+import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner;
+
+public class PKCS7DetachedSigner implements IPlainSigner {
+
+ PrivateKey privKey;
+ X509Certificate cert;
+
+ public PKCS7DetachedSigner(String file, String alias, String kspassword,
+ String keypassword, String type) throws PdfAsException {
+ try {
+ IAIK.getInstance();
+ ECCProvider.addAsProvider();
+ KeyStore ks = KeyStore.getInstance(type);
+ ks.load(new FileInputStream(file), kspassword.toCharArray());
+ privKey = (PrivateKey) ks.getKey(alias, keypassword.toCharArray());
+ cert = new X509Certificate(ks.getCertificate(alias).getEncoded());
+ } catch (Throwable e) {
+ throw new PdfAsException("Failed to get KeyStore", e);
+ }
+ }
+
+ public X509Certificate getCertificate() {
+ return cert;
+ }
+
+ public byte[] sign(byte[] input) throws SignatureException, IOException {
+ try {
+ SignedDataStream signed_data_stream = new SignedDataStream(
+ new ByteArrayInputStream(input), SignedDataStream.EXPLICIT);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ signed_data_stream.addCertificates(new Certificate[] { cert });
+
+ SubjectKeyID subjectKeyId = new SubjectKeyID(cert);
+ SignerInfo signer1 = new SignerInfo(subjectKeyId,
+ AlgorithmID.sha256, privKey);
+ signed_data_stream.addSignerInfo(signer1);
+ InputStream data_is = signed_data_stream.getInputStream();
+ if (signed_data_stream.getMode() == SignedDataStream.EXPLICIT) {
+ byte[] buf = new byte[1024];
+ int r;
+ while ((r = data_is.read(buf)) > 0) {
+ // do something useful
+ }
+ }
+ signed_data_stream.writeTo(baos);
+ return baos.toByteArray();
+ } catch (NoSuchAlgorithmException e) {
+ throw new SignatureException(e);
+ } catch (X509ExtensionException e) {
+ throw new SignatureException(e);
+ }
+ }
+
+ public String getPDFSubFilter() {
+ return PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED.getName();
+ }
+
+ public String getPDFFilter() {
+ return PDSignature.FILTER_ADOBE_PPKLITE.getName();
+ }
+
+}
diff --git a/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
new file mode 100644
index 00000000..7807850b
--- /dev/null
+++ b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
@@ -0,0 +1,74 @@
+package at.gv.egiz.pdfas.sigs.pkcs7detached;
+
+import iaik.cms.SignedData;
+import iaik.cms.SignerInfo;
+import iaik.x509.X509Certificate;
+
+import java.io.ByteArrayInputStream;
+import java.security.SignatureException;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
+import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
+import at.gv.egiz.pdfas.lib.impl.verify.FilterEntry;
+import at.gv.egiz.pdfas.lib.impl.verify.IVerifyFilter;
+import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
+
+public class PKCS7DetachedVerifier implements IVerifyFilter {
+
+ private static final Logger logger = LoggerFactory.getLogger(PKCS7DetachedVerifier.class);
+
+ public List<VerifyResult> verify(byte[] contentData, byte[] signatureContent)
+ throws PdfAsException {
+ try {
+ List<VerifyResult> result = new ArrayList<VerifyResult>();
+ SignedData signedData = new SignedData(new ByteArrayInputStream(
+ signatureContent));
+ signedData.setContent(contentData);
+
+ // get the signer infos
+ SignerInfo[] signerInfos = signedData.getSignerInfos();
+ // verify the signatures
+ for (int i = 0; i < signerInfos.length; i++) {
+ VerifyResultImpl verifyResult = new VerifyResultImpl();
+ try {
+
+ // verify the signature for SignerInfo at index i
+ X509Certificate signer_cert = signedData.verify(i);
+ // if the signature is OK the certificate of the
+ // signer is returned
+ logger.info("Signature OK from signer: "
+ + signer_cert.getSubjectDN());
+ verifyResult.setSignerCertificate(signer_cert);
+ } catch (SignatureException ex) {
+ // if the signature is not OK a SignatureException
+ // is thrown
+ logger.info("Signature ERROR from signer: "
+ + signedData.getCertificate(
+ signerInfos[i].getSignerIdentifier())
+ .getSubjectDN());
+
+ verifyResult.setSignerCertificate(
+ signedData.getCertificate(signerInfos[i].getSignerIdentifier()));
+ }
+ result.add(verifyResult);
+ }
+
+ return result;
+ } catch (Throwable e) {
+ throw new PdfAsException("Verify failed", e);
+ }
+ }
+
+ public List<FilterEntry> getFiters() {
+ List<FilterEntry> result = new ArrayList<FilterEntry>();
+ result.add(new FilterEntry(PDSignature.FILTER_ADOBE_PPKLITE, PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED));
+ return result;
+ }
+
+}
diff --git a/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/package-info.java b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/package-info.java
new file mode 100644
index 00000000..69a99830
--- /dev/null
+++ b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/package-info.java
@@ -0,0 +1,8 @@
+/**
+ *
+ */
+/**
+ * @author afitzek
+ *
+ */
+package at.gv.egiz.pdfas.sigs.pkcs7detached; \ No newline at end of file