diff options
author | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2014-07-10 12:58:25 +0200 |
---|---|---|
committer | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2014-07-10 12:58:25 +0200 |
commit | 0bfafff409078ef49b2d4a0d71405e8f5b0eb078 (patch) | |
tree | 6b0eb440acbca7407ec77a23fca1ad653c2d9a81 /signature-standards/sigs-pkcs7detached/src/main/java/at | |
parent | af90012c848711a4c9010dbcf71694dbfbca0e86 (diff) | |
download | pdf-as-4-0bfafff409078ef49b2d4a0d71405e8f5b0eb078.tar.gz pdf-as-4-0bfafff409078ef49b2d4a0d71405e8f5b0eb078.tar.bz2 pdf-as-4-0bfafff409078ef49b2d4a0d71405e8f5b0eb078.zip |
Implemented Verification level (Full incl. Certificate Path, and Integrity Only)
Diffstat (limited to 'signature-standards/sigs-pkcs7detached/src/main/java/at')
-rw-r--r-- | signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java | 75 |
1 files changed, 15 insertions, 60 deletions
diff --git a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java index bef034b1..fb7fa5ab 100644 --- a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java +++ b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java @@ -46,6 +46,7 @@ import at.gv.egiz.pdfas.common.utils.PDFUtils; import at.gv.egiz.pdfas.lib.api.Configuration; import at.gv.egiz.pdfas.lib.api.verify.VerifyResult; import at.gv.egiz.pdfas.lib.impl.verify.FilterEntry; +import at.gv.egiz.pdfas.lib.impl.verify.IVerifier; import at.gv.egiz.pdfas.lib.impl.verify.IVerifyFilter; import at.gv.egiz.pdfas.lib.impl.verify.SignatureCheckImpl; import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl; @@ -57,68 +58,22 @@ public class PKCS7DetachedVerifier implements IVerifyFilter { public PKCS7DetachedVerifier() { } - public List<VerifyResult> verify(byte[] contentData, byte[] signatureContent, Date verificationTime, int[] byteRange) + public List<VerifyResult> verify(byte[] contentData, byte[] signatureContent, + Date verificationTime, int[] byteRange, IVerifier verifier) throws PdfAsException { - try { - List<VerifyResult> result = new ArrayList<VerifyResult>(); - - SignedData signedData = new SignedData(contentData, new AlgorithmID[] { - AlgorithmID.sha256, AlgorithmID.sha1, AlgorithmID.ripeMd160, AlgorithmID.ripeMd160_ISO - }); - ContentInfo ci = new ContentInfo(new ByteArrayInputStream( - signatureContent)); - if (!ci.getContentType().equals(ObjectID.cms_signedData)) { - throw new PdfAsException("error.pdf.verify.01"); - } - //SignedData signedData = (SignedData)ci.getContent(); - //signedData.setContent(contentData); - - signedData.decode(ci.getContentInputStream()); - - // get the signer infos - SignerInfo[] signerInfos = signedData.getSignerInfos(); - // verify the signatures - for (int i = 0; i < signerInfos.length; i++) { - VerifyResultImpl verifyResult = new VerifyResultImpl(); - verifyResult.setSignatureData(PDFUtils.blackOutSignature(contentData, byteRange)); - try { - // verify the signature for SignerInfo at index i - X509Certificate signer_cert = signedData.verify(i); - logger.info("Signature Algo: {}, Digest {}", - signedData.getSignerInfos()[i].getSignatureAlgorithm(), - signedData.getSignerInfos()[i].getDigestAlgorithm()); - // if the signature is OK the certificate of the - // signer is returned - logger.info("Signature OK from signer: " - + signer_cert.getSubjectDN()); - verifyResult.setSignerCertificate(signer_cert); - verifyResult.setValueCheckCode(new SignatureCheckImpl(0, "OK")); - verifyResult.setManifestCheckCode(new SignatureCheckImpl(99, "not checked")); - verifyResult.setCertificateCheck(new SignatureCheckImpl(99, "not checked")); - verifyResult.setVerificationDone(true); - } catch (SignatureException ex) { - // if the signature is not OK a SignatureException - // is thrown - logger.info("Signature ERROR from signer: " - + signedData.getCertificate( - signerInfos[i].getSignerIdentifier()) - .getSubjectDN(), ex); - - verifyResult.setSignerCertificate( - signedData.getCertificate(signerInfos[i].getSignerIdentifier())); - verifyResult.setValueCheckCode(new SignatureCheckImpl(1, "failed to check signature")); - verifyResult.setManifestCheckCode(new SignatureCheckImpl(99, "not checked")); - verifyResult.setCertificateCheck(new SignatureCheckImpl(99, "not checked")); - verifyResult.setVerificationDone(false); - verifyResult.setVerificationException(new PdfAsSignatureException("failed to check signature", ex)); - } - result.add(verifyResult); - } - - return result; - } catch (Throwable e) { - throw new PdfAsException("error.pdf.verify.02", e); + + byte[] data = contentData; + byte[] signature = signatureContent; + + List<VerifyResult> verifieResults = verifier.verify(signature, data, verificationTime); + for(int i =0; i < verifieResults.size();i++) { + VerifyResultImpl result = (VerifyResultImpl)verifieResults.get(i); + result.setSignatureData(PDFUtils.blackOutSignature(data, byteRange)); } + + return verifieResults; + + } public List<FilterEntry> getFiters() { |