aboutsummaryrefslogtreecommitdiff
path: root/pdf-as-lib/src/main/java/at/gv/egiz/sl/util
diff options
context:
space:
mode:
Diffstat (limited to 'pdf-as-lib/src/main/java/at/gv/egiz/sl/util')
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java2
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java7
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java59
3 files changed, 60 insertions, 8 deletions
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java
index deecae21..414f2854 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java
@@ -130,7 +130,7 @@ public class BKUSLConnector extends BaseSLConnector {
try {
slRequest = SLMarschaller.marshalToString(of
.createCreateCMSSignatureRequest(request));
- logger.debug(slRequest);
+ //logger.debug(slRequest);
String slResponse = performHttpRequestToBKU(slRequest);
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java
index e5abc6bd..5a03bbef 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java
@@ -59,7 +59,7 @@ public abstract class BaseSLConnector implements ISLConnector {
int currentdataOff = 0;
Arrays.fill(data, (byte)0);
-
+ int[] exclude_range = new int[byteRange.length-2];
for(int i = 0; i < byteRange.length; i = i + 2) {
int offset = byteRange[i];
int size = byteRange[i+1];
@@ -68,7 +68,10 @@ public abstract class BaseSLConnector implements ISLConnector {
data[offset + j] = signatureData[currentdataOff];
currentdataOff++;
}
-
+ if(i + 2 < byteRange.length) {
+ exclude_range[i] = offset + size; // exclude offset
+ exclude_range[i+1] = byteRange[i+2]; // exclude size
+ }
}
// == MetaInfoType
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java
index 8a7950a4..3a998816 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java
@@ -1,11 +1,19 @@
package at.gv.egiz.sl.util;
+import java.io.ByteArrayInputStream;
+import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.util.Iterator;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import iaik.cms.SignedData;
+import iaik.cms.SignerInfo;
import iaik.x509.X509Certificate;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner;
+import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
import at.gv.egiz.sl.CreateCMSSignatureRequestType;
import at.gv.egiz.sl.CreateCMSSignatureResponseType;
import at.gv.egiz.sl.InfoboxAssocArrayPairType;
@@ -14,12 +22,15 @@ import at.gv.egiz.sl.InfoboxReadResponseType;
public class ISignatureConnectorSLWrapper implements ISignatureConnector {
+ private static final Logger logger = LoggerFactory
+ .getLogger(ISignatureConnectorSLWrapper.class);
+
private ISLConnector connector;
-
+
public ISignatureConnectorSLWrapper(ISLConnector connector) {
this.connector = connector;
}
-
+
public X509Certificate getCertificate() throws PdfAsException {
X509Certificate certificate = null;
try {
@@ -47,9 +58,47 @@ public class ISignatureConnectorSLWrapper implements ISignatureConnector {
}
public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException {
- CreateCMSSignatureRequestType request = connector.createCMSRequest(input, byteRange);
- CreateCMSSignatureResponseType response = connector.sendCMSRequest(request);
-
+ CreateCMSSignatureRequestType request = connector.createCMSRequest(
+ input, byteRange);
+ CreateCMSSignatureResponseType response = connector
+ .sendCMSRequest(request);
+ try {
+ SignedData signedData = new SignedData(new ByteArrayInputStream(
+ response.getCMSSignature()));
+
+ signedData.setContent(input);
+
+ // get the signer infos
+ SignerInfo[] signerInfos = signedData.getSignerInfos();
+ // verify the signatures
+ for (int i = 0; i < signerInfos.length; i++) {
+ VerifyResultImpl verifyResult = new VerifyResultImpl();
+ try {
+
+ // verify the signature for SignerInfo at index i
+ X509Certificate signer_cert = signedData.verify(i);
+ // if the signature is OK the certificate of the
+ // signer is returned
+ logger.info("Signature OK from signer: "
+ + signer_cert.getSubjectDN());
+ verifyResult.setSignerCertificate(signer_cert);
+ } catch (SignatureException ex) {
+ // if the signature is not OK a SignatureException
+ // is thrown
+ logger.info("Signature ERROR from signer: "
+ + signedData.getCertificate(
+ signerInfos[i].getSignerIdentifier())
+ .getSubjectDN());
+
+ verifyResult.setSignerCertificate(signedData
+ .getCertificate(signerInfos[i]
+ .getSignerIdentifier()));
+ }
+ }
+ } catch (Exception e) {
+ logger.error("ERROR", e);
+ }
+
return response.getCMSSignature();
}