aboutsummaryrefslogtreecommitdiff
path: root/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2014-07-10 12:58:25 +0200
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2014-07-10 12:58:25 +0200
commit0bfafff409078ef49b2d4a0d71405e8f5b0eb078 (patch)
tree6b0eb440acbca7407ec77a23fca1ad653c2d9a81 /signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas
parentaf90012c848711a4c9010dbcf71694dbfbca0e86 (diff)
downloadpdf-as-4-0bfafff409078ef49b2d4a0d71405e8f5b0eb078.tar.gz
pdf-as-4-0bfafff409078ef49b2d4a0d71405e8f5b0eb078.tar.bz2
pdf-as-4-0bfafff409078ef49b2d4a0d71405e8f5b0eb078.zip
Implemented Verification level (Full incl. Certificate Path, and Integrity Only)
Diffstat (limited to 'signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas')
-rw-r--r--signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java75
1 files changed, 15 insertions, 60 deletions
diff --git a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
index bef034b1..fb7fa5ab 100644
--- a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
+++ b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
@@ -46,6 +46,7 @@ import at.gv.egiz.pdfas.common.utils.PDFUtils;
import at.gv.egiz.pdfas.lib.api.Configuration;
import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
import at.gv.egiz.pdfas.lib.impl.verify.FilterEntry;
+import at.gv.egiz.pdfas.lib.impl.verify.IVerifier;
import at.gv.egiz.pdfas.lib.impl.verify.IVerifyFilter;
import at.gv.egiz.pdfas.lib.impl.verify.SignatureCheckImpl;
import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
@@ -57,68 +58,22 @@ public class PKCS7DetachedVerifier implements IVerifyFilter {
public PKCS7DetachedVerifier() {
}
- public List<VerifyResult> verify(byte[] contentData, byte[] signatureContent, Date verificationTime, int[] byteRange)
+ public List<VerifyResult> verify(byte[] contentData, byte[] signatureContent,
+ Date verificationTime, int[] byteRange, IVerifier verifier)
throws PdfAsException {
- try {
- List<VerifyResult> result = new ArrayList<VerifyResult>();
-
- SignedData signedData = new SignedData(contentData, new AlgorithmID[] {
- AlgorithmID.sha256, AlgorithmID.sha1, AlgorithmID.ripeMd160, AlgorithmID.ripeMd160_ISO
- });
- ContentInfo ci = new ContentInfo(new ByteArrayInputStream(
- signatureContent));
- if (!ci.getContentType().equals(ObjectID.cms_signedData)) {
- throw new PdfAsException("error.pdf.verify.01");
- }
- //SignedData signedData = (SignedData)ci.getContent();
- //signedData.setContent(contentData);
-
- signedData.decode(ci.getContentInputStream());
-
- // get the signer infos
- SignerInfo[] signerInfos = signedData.getSignerInfos();
- // verify the signatures
- for (int i = 0; i < signerInfos.length; i++) {
- VerifyResultImpl verifyResult = new VerifyResultImpl();
- verifyResult.setSignatureData(PDFUtils.blackOutSignature(contentData, byteRange));
- try {
- // verify the signature for SignerInfo at index i
- X509Certificate signer_cert = signedData.verify(i);
- logger.info("Signature Algo: {}, Digest {}",
- signedData.getSignerInfos()[i].getSignatureAlgorithm(),
- signedData.getSignerInfos()[i].getDigestAlgorithm());
- // if the signature is OK the certificate of the
- // signer is returned
- logger.info("Signature OK from signer: "
- + signer_cert.getSubjectDN());
- verifyResult.setSignerCertificate(signer_cert);
- verifyResult.setValueCheckCode(new SignatureCheckImpl(0, "OK"));
- verifyResult.setManifestCheckCode(new SignatureCheckImpl(99, "not checked"));
- verifyResult.setCertificateCheck(new SignatureCheckImpl(99, "not checked"));
- verifyResult.setVerificationDone(true);
- } catch (SignatureException ex) {
- // if the signature is not OK a SignatureException
- // is thrown
- logger.info("Signature ERROR from signer: "
- + signedData.getCertificate(
- signerInfos[i].getSignerIdentifier())
- .getSubjectDN(), ex);
-
- verifyResult.setSignerCertificate(
- signedData.getCertificate(signerInfos[i].getSignerIdentifier()));
- verifyResult.setValueCheckCode(new SignatureCheckImpl(1, "failed to check signature"));
- verifyResult.setManifestCheckCode(new SignatureCheckImpl(99, "not checked"));
- verifyResult.setCertificateCheck(new SignatureCheckImpl(99, "not checked"));
- verifyResult.setVerificationDone(false);
- verifyResult.setVerificationException(new PdfAsSignatureException("failed to check signature", ex));
- }
- result.add(verifyResult);
- }
-
- return result;
- } catch (Throwable e) {
- throw new PdfAsException("error.pdf.verify.02", e);
+
+ byte[] data = contentData;
+ byte[] signature = signatureContent;
+
+ List<VerifyResult> verifieResults = verifier.verify(signature, data, verificationTime);
+ for(int i =0; i < verifieResults.size();i++) {
+ VerifyResultImpl result = (VerifyResultImpl)verifieResults.get(i);
+ result.setSignatureData(PDFUtils.blackOutSignature(data, byteRange));
}
+
+ return verifieResults;
+
+
}
public List<FilterEntry> getFiters() {