Current working stuff not working

author: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> 2013-11-27 17:52:36 +0100
committer: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> 2013-11-27 17:52:36 +0100
commit: 48216bdf6d0e6b8e34d53fe196c4a6a7ec868b93 (patch)
tree: 43d52bffa412cd8f11d0b661781f61312507d2fd /signature-standards
parent: 29ec10fb663523c4a18904c332199ce6e974dd2f (diff)
download: pdf-as-4-48216bdf6d0e6b8e34d53fe196c4a6a7ec868b93.tar.gz
pdf-as-4-48216bdf6d0e6b8e34d53fe196c4a6a7ec868b93.tar.bz2
pdf-as-4-48216bdf6d0e6b8e34d53fe196c4a6a7ec868b93.zip
4 files changed, 145 insertions, 32 deletions
diff --git a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSigner.java b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSigner.java
index 7fc0081b..6945d9b3 100644
--- a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSigner.java
+++ b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSigner.java
@@ -32,6 +32,7 @@ public class PAdESSigner implements IPlainSigner {
 
 	public String getPDFSubFilter() {
 		return PDSignature.SUBFILTER_ETSI_CADES_DETACHED.getName();
+		//return PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED.getName();
 	}
 
 	public String getPDFFilter() {
diff --git a/signature-standards/sigs-pcks7detached/build.gradle b/signature-standards/sigs-pcks7detached/build.gradle
index 6864bc00..d1ea063f 100644
--- a/signature-standards/sigs-pcks7detached/build.gradle
+++ b/signature-standards/sigs-pcks7detached/build.gradle
@@ -19,6 +19,8 @@ dependencies {
 	compile group: 'eu.europa.ec.joinup.egovlabs.pdf-as.iaik', name: 'iaik_jce_eval_signed', version: '4.0'
 	compile group: 'eu.europa.ec.joinup.egovlabs.pdf-as.iaik', name: 'iaik_ecc_eval_signed', version: '2.19'
     compile group: 'commons-collections', name: 'commons-collections', version: '3.2'
+	compile group: 'org.bouncycastle', name: 'bcprov-jdk16', version: '1.46'
+	compile group: 'org.bouncycastle', name: 'bcmail-jdk16', version: '1.46'
     testCompile group: 'junit', name: 'junit', version: '4.+'
 }
 
diff --git a/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java
index 25b42f5f..4c4b3621 100644
--- a/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java
+++ b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java
@@ -1,40 +1,54 @@
 package at.gv.egiz.pdfas.sigs.pkcs7detached;
 
+import iaik.asn1.ASN1Object;
+import iaik.asn1.ObjectID;
 import iaik.asn1.structures.AlgorithmID;
-import iaik.cms.SignedDataStream;
+import iaik.asn1.structures.Attribute;
+import iaik.asn1.structures.ChoiceOfTime;
+import iaik.cms.ContentInfo;
+import iaik.cms.IssuerAndSerialNumber;
+import iaik.cms.SignedData;
 import iaik.cms.SignerInfo;
-import iaik.cms.SubjectKeyID;
+import iaik.cms.Utils;
 import iaik.security.ecc.provider.ECCProvider;
 import iaik.security.provider.IAIK;
 import iaik.x509.X509Certificate;
-import iaik.x509.X509ExtensionException;
 
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.OutputStream;
 import java.security.KeyStore;
+import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.cert.Certificate;
+import java.util.Date;
 
 import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
+import org.bouncycastle.cms.CMSException;
+import org.bouncycastle.cms.CMSProcessable;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
-import at.gv.egiz.pdfas.common.exceptions.PDFIOException;
 import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
 import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException;
+import at.gv.egiz.pdfas.common.utils.StringUtils;
 import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner;
 
 public class PKCS7DetachedSigner implements IPlainSigner {
 
+	private static final Logger logger = LoggerFactory
+			.getLogger(PKCS7DetachedSigner.class);
+	
 	PrivateKey privKey;
 	X509Certificate cert;
 
 	public PKCS7DetachedSigner(String file, String alias, String kspassword,
 			String keypassword, String type) throws PdfAsException {
 		try {
-			IAIK.getInstance();
+			IAIK.addAsProvider();
 			ECCProvider.addAsProvider();
 			KeyStore ks = KeyStore.getInstance(type);
 			ks.load(new FileInputStream(file), kspassword.toCharArray());
@@ -49,40 +63,114 @@ public class PKCS7DetachedSigner implements IPlainSigner {
 		return cert;
 	}
 
+	class CMSProcessableInputStream implements CMSProcessable {
+
+		InputStream in;
+
+		public CMSProcessableInputStream(InputStream is) {
+			in = is;
+		}
+
+		public Object getContent() {
+			return null;
+		}
+
+		public void write(OutputStream out) throws IOException, CMSException {
+			// read the content only one time
+			byte[] buffer = new byte[8 * 1024];
+			int read;
+			while ((read = in.read(buffer)) != -1) {
+				out.write(buffer, 0, read);
+			}
+			in.close();
+		}
+	}
+
+	private static BouncyCastleProvider provider = new BouncyCastleProvider();
+
+	/*
+	 * public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException {
+	 * CMSProcessableInputStream content = new CMSProcessableInputStream(new
+	 * ByteArrayInputStream(input)); CMSSignedDataGenerator gen = new
+	 * CMSSignedDataGenerator(); // CertificateChain List<X509Certificate>
+	 * certList = Arrays.asList(cert);
+	 * 
+	 * CertStore certStore = null; try { certStore =
+	 * CertStore.getInstance("Collection", new
+	 * CollectionCertStoreParameters(certList), provider);
+	 * gen.addSigner(privKey, (X509Certificate)certList.get(0),
+	 * CMSSignedGenerator.DIGEST_SHA256); gen.addCertificatesAndCRLs(certStore);
+	 * CMSSignedData signedData = gen.generate(content, false, provider); return
+	 * signedData.getEncoded(); } catch (Exception e) { // should be handled
+	 * e.printStackTrace(); } throw new
+	 * RuntimeException("Problem while preparing signature"); }
+	 */
+
 	public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException {
 		try {
-			SignedDataStream signed_data_stream = new SignedDataStream(
-					new ByteArrayInputStream(input), SignedDataStream.EXPLICIT);
-			ByteArrayOutputStream baos = new ByteArrayOutputStream();
-			signed_data_stream.addCertificates(new Certificate[] { cert });
-
-			SubjectKeyID subjectKeyId = new SubjectKeyID(cert);
-			SignerInfo signer1 = new SignerInfo(subjectKeyId,
-					AlgorithmID.sha256, privKey);
-			signed_data_stream.addSignerInfo(signer1);
-			InputStream data_is = signed_data_stream.getInputStream();
-			if (signed_data_stream.getMode() == SignedDataStream.EXPLICIT) {
-				byte[] buf = new byte[1024];
-				int r;
-				while ((r = data_is.read(buf)) > 0) {
-					// do something useful
-				}
+			// SignedDataStream signed_data_stream = new SignedDataStream(
+			// new ByteArrayInputStream(input), SignedDataStream.EXPLICIT);
+			// ByteArrayOutputStream baos = new ByteArrayOutputStream();
+			// signed_data_stream.addCertificates(new Certificate[] { cert });
+			//
+			// SubjectKeyID subjectKeyId = new SubjectKeyID(cert);
+			// SignerInfo signer1 = new SignerInfo(subjectKeyId,
+			// AlgorithmID.sha256, privKey);
+			// signed_data_stream.addSignerInfo(signer1);
+			// InputStream data_is = signed_data_stream.getInputStream();
+			// if (signed_data_stream.getMode() == SignedDataStream.EXPLICIT) {
+			// byte[] buf = new byte[1024];
+			// int r;
+			// while ((r = data_is.read(buf)) > 0) {
+			// // do something useful
+			// }
+			// }
+			// SubjectKeyID subjectKeyId = new SubjectKeyID(cert);
+			try {
+				MessageDigest md = MessageDigest.getInstance("SHA256", "IAIK");
+				md.update(input);
+				byte[] sha256 = md.digest();
+				logger.info("Message digest: " + StringUtils.bytesToHexString(sha256));
+			} catch (Exception e) {
+				e.printStackTrace();
 			}
-			signed_data_stream.writeTo(baos);
-			return baos.toByteArray();
+			IssuerAndSerialNumber issuer = new IssuerAndSerialNumber(cert);
+			SignerInfo signer1 = new SignerInfo(issuer, AlgorithmID.sha256,
+					privKey);
+
+			SignedData si = new SignedData(input, SignedData.EXPLICIT);
+			si.addCertificates(new Certificate[] { cert });
+			Attribute signingTime = new Attribute(ObjectID.signingTime,
+					new ASN1Object[] { new ChoiceOfTime(new Date())
+							.toASN1Object() });
+			// Attribute signingCert = new
+			// Attribute(ObjectID.signingCertificateV2,
+			// new ASN1Object[] { cert.toASN1Object() });
+
+			Attribute[] attributes = new Attribute[] { signingTime };
+			signer1.setSignedAttributes(attributes);
+			si.addSignerInfo(signer1);
+			InputStream dataIs = si.getInputStream();
+			byte[] buf = new byte[1024];
+			int r;
+			while ((r = dataIs.read(buf)) > 0)
+				; // skip data
+			ContentInfo ci = new ContentInfo(si);
+
+			return ci.getEncoded();
 		} catch (NoSuchAlgorithmException e) {
 			throw new PdfAsSignatureException("", e);
-		} catch (X509ExtensionException e) {
+		} catch (iaik.cms.CMSException e) {
+			throw new PdfAsSignatureException("", e);
+		} catch (IOException e) {
 			throw new PdfAsSignatureException("", e);
-		}  catch (IOException e) {
-			throw new PDFIOException("", e);
 		}
 	}
 
 	public String getPDFSubFilter() {
 		return PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED.getName();
 	}
-	
+
 	public String getPDFFilter() {
 		return PDSignature.FILTER_ADOBE_PPKLITE.getName();
 	}
diff --git a/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
index 7e974f3f..e8f0661b 100644
--- a/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
+++ b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
@@ -1,10 +1,14 @@
 package at.gv.egiz.pdfas.sigs.pkcs7detached;
 
+import iaik.asn1.ObjectID;
+import iaik.asn1.structures.AlgorithmID;
+import iaik.cms.ContentInfo;
 import iaik.cms.SignedData;
 import iaik.cms.SignerInfo;
 import iaik.x509.X509Certificate;
 
 import java.io.ByteArrayInputStream;
+import java.io.FileOutputStream;
 import java.security.SignatureException;
 import java.util.ArrayList;
 import java.util.List;
@@ -24,21 +28,38 @@ public class PKCS7DetachedVerifier implements IVerifyFilter {
 
 	private static final Logger logger = LoggerFactory.getLogger(PKCS7DetachedVerifier.class);
 	
+	public PKCS7DetachedVerifier() {
+	}
+	
 	public List<VerifyResult> verify(byte[] contentData, byte[] signatureContent)
 			throws PdfAsException {
 		try {
 			List<VerifyResult> result = new ArrayList<VerifyResult>();
-			SignedData signedData = new SignedData(new ByteArrayInputStream(
+			
+			SignedData signedData = new SignedData(contentData, new AlgorithmID[] { 
+					AlgorithmID.sha256
+			});
+			
+			FileOutputStream fos = new FileOutputStream("/tmp/verify.bin");
+			fos.write(signatureContent);
+			fos.close();
+			
+			ContentInfo ci = new ContentInfo(new ByteArrayInputStream(
 					signatureContent));
-			signedData.setContent(contentData);
+			if (!ci.getContentType().equals(ObjectID.cms_signedData)) {
+				throw new PdfAsException("No Signed DATA");
+			}
+			//SignedData signedData = (SignedData)ci.getContent();
+			//signedData.setContent(contentData);
 
+			signedData.decode(ci.getContentInputStream());
+			
 			// get the signer infos
 			SignerInfo[] signerInfos = signedData.getSignerInfos();
 			// verify the signatures
 			for (int i = 0; i < signerInfos.length; i++) {
 				VerifyResultImpl verifyResult = new VerifyResultImpl();
 				try {
-					
 					// verify the signature for SignerInfo at index i
 					X509Certificate signer_cert = signedData.verify(i);
 					// if the signature is OK the certificate of the
@@ -69,6 +90,7 @@ public class PKCS7DetachedVerifier implements IVerifyFilter {
 	public List<FilterEntry> getFiters() {
 		List<FilterEntry> result = new ArrayList<FilterEntry>();
 		result.add(new FilterEntry(PDSignature.FILTER_ADOBE_PPKLITE, PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED));
+		result.add(new FilterEntry(PDSignature.FILTER_ADOBE_PPKLITE, PDSignature.SUBFILTER_ETSI_CADES_DETACHED));
 		return result;
 	}
author	Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>	2013-11-27 17:52:36 +0100
committer	Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>	2013-11-27 17:52:36 +0100
commit	48216bdf6d0e6b8e34d53fe196c4a6a7ec868b93 (patch)
tree	43d52bffa412cd8f11d0b661781f61312507d2fd /signature-standards
parent	29ec10fb663523c4a18904c332199ce6e974dd2f (diff)
download	pdf-as-4-48216bdf6d0e6b8e34d53fe196c4a6a7ec868b93.tar.gz pdf-as-4-48216bdf6d0e6b8e34d53fe196c4a6a7ec868b93.tar.bz2 pdf-as-4-48216bdf6d0e6b8e34d53fe196c4a6a7ec868b93.zip