diff options
Diffstat (limited to 'pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java')
-rw-r--r-- | pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java | 38 |
1 files changed, 25 insertions, 13 deletions
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java index cf7333b4..409b984f 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java @@ -1,7 +1,12 @@ package at.gv.egiz.sl.util; +import iaik.cms.CMSException; +import iaik.cms.SignedData; +import iaik.cms.SignerInfo; +import iaik.x509.X509Certificate; + import java.io.ByteArrayInputStream; -import java.security.MessageDigest; +import java.io.IOException; import java.security.SignatureException; import java.security.cert.CertificateException; import java.util.Iterator; @@ -9,12 +14,8 @@ import java.util.Iterator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import iaik.cms.SignedData; -import iaik.cms.SignerInfo; -import iaik.x509.X509Certificate; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; -import at.gv.egiz.pdfas.common.utils.StringUtils; -import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner; +import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException; import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl; import at.gv.egiz.sl.CreateCMSSignatureRequestType; import at.gv.egiz.sl.CreateCMSSignatureResponseType; @@ -72,11 +73,16 @@ public class ISignatureConnectorSLWrapper implements ISignatureConnector { // get the signer infos SignerInfo[] signerInfos = signedData.getSignerInfos(); + if (signerInfos.length == 0) { + throw new PdfAsSignatureException("Invalid Signature (no signer info created!)", null); + } // verify the signatures for (int i = 0; i < signerInfos.length; i++) { VerifyResultImpl verifyResult = new VerifyResultImpl(); try { - + logger.info("Signature Algo: {}, Digest {}", signedData + .getSignerInfos()[i].getSignatureAlgorithm(), + signedData.getSignerInfos()[i].getDigestAlgorithm()); // verify the signature for SignerInfo at index i X509Certificate signer_cert = signedData.verify(i); // if the signature is OK the certificate of the @@ -84,21 +90,27 @@ public class ISignatureConnectorSLWrapper implements ISignatureConnector { logger.info("Signature OK from signer: " + signer_cert.getSubjectDN()); verifyResult.setSignerCertificate(signer_cert); + } catch (SignatureException ex) { // if the signature is not OK a SignatureException // is thrown - logger.info("Signature ERROR from signer: " - + signedData.getCertificate( - signerInfos[i].getSignerIdentifier()) - .getSubjectDN()); + logger.error( + "Signature ERROR from signer: " + + signedData.getCertificate( + signerInfos[i] + .getSignerIdentifier()) + .getSubjectDN(), ex); verifyResult.setSignerCertificate(signedData .getCertificate(signerInfos[i] .getSignerIdentifier())); + throw new PdfAsSignatureException("Invalid Signature", ex); } } - } catch (Exception e) { - logger.error("ERROR", e); + } catch (CMSException e) { + throw new PdfAsSignatureException("Invalid Signature", e); + } catch (IOException e) { + throw new PdfAsSignatureException("Invalid Signature", e); } return response.getCMSSignature(); |