aboutsummaryrefslogtreecommitdiff
path: root/signature-standards
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2014-02-18 11:06:49 +0100
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2014-02-18 11:07:40 +0100
commit0decd9fd4799557f9ec77c6309381fe9f22c15dd (patch)
treee66542c53f319395aec3a5895ab3e72762ff4d9d /signature-standards
parent9496bb87c0789d819689a8750385079e44f515ee (diff)
downloadpdf-as-4-0decd9fd4799557f9ec77c6309381fe9f22c15dd.tar.gz
pdf-as-4-0decd9fd4799557f9ec77c6309381fe9f22c15dd.tar.bz2
pdf-as-4-0decd9fd4799557f9ec77c6309381fe9f22c15dd.zip
blacking out signature content in verification to produce valid verified
PDF Documents Signed-off-by: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>
Diffstat (limited to 'signature-standards')
-rw-r--r--signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java5
-rw-r--r--signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java5
2 files changed, 6 insertions, 4 deletions
diff --git a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java
index 3298f92b..dcd7f45b 100644
--- a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java
+++ b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java
@@ -27,6 +27,7 @@ import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureRespons
import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureResponseTypeSequence;
import at.gv.egiz.moa.SignatureVerificationServiceStub.X509DataTypeSequence;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
+import at.gv.egiz.pdfas.common.utils.PDFUtils;
import at.gv.egiz.pdfas.common.utils.StreamUtils;
import at.gv.egiz.pdfas.lib.api.Configuration;
import at.gv.egiz.pdfas.lib.api.verify.SignatureCheck;
@@ -52,7 +53,7 @@ public class PAdESVerifier implements IVerifyFilter {
@SuppressWarnings("rawtypes")
public List<VerifyResult> verify(byte[] contentData,
- byte[] signatureContent, Date verificationTime)
+ byte[] signatureContent, Date verificationTime, int[] byteRange)
throws PdfAsException {
List<VerifyResult> resultList = new ArrayList<VerifyResult>();
@@ -125,7 +126,7 @@ public class PAdESVerifier implements IVerifyFilter {
KeyInfoTypeChoice[] keyInfo = verifySequence[i].getSignerInfo()
.getKeyInfoTypeChoice();
KeyInfoTypeChoice choice = keyInfo[0];
- result.setSignatureData(data);
+ result.setSignatureData(PDFUtils.blackOutSignature(data, byteRange));
// extract certificate
if (choice.isX509DataSpecified()) {
diff --git a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
index 41d8f902..7de51d7e 100644
--- a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
+++ b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
@@ -19,6 +19,7 @@ import org.slf4j.LoggerFactory;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException;
+import at.gv.egiz.pdfas.common.utils.PDFUtils;
import at.gv.egiz.pdfas.lib.api.Configuration;
import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
import at.gv.egiz.pdfas.lib.impl.verify.FilterEntry;
@@ -33,7 +34,7 @@ public class PKCS7DetachedVerifier implements IVerifyFilter {
public PKCS7DetachedVerifier() {
}
- public List<VerifyResult> verify(byte[] contentData, byte[] signatureContent, Date verificationTime)
+ public List<VerifyResult> verify(byte[] contentData, byte[] signatureContent, Date verificationTime, int[] byteRange)
throws PdfAsException {
try {
List<VerifyResult> result = new ArrayList<VerifyResult>();
@@ -56,7 +57,7 @@ public class PKCS7DetachedVerifier implements IVerifyFilter {
// verify the signatures
for (int i = 0; i < signerInfos.length; i++) {
VerifyResultImpl verifyResult = new VerifyResultImpl();
- verifyResult.setSignatureData(contentData);
+ verifyResult.setSignatureData(PDFUtils.blackOutSignature(contentData, byteRange));
try {
// verify the signature for SignerInfo at index i
X509Certificate signer_cert = signedData.verify(i);