diff options
Diffstat (limited to 'pdf-as-lib/src/main/java/at/gv/egiz/sl')
3 files changed, 60 insertions, 8 deletions
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java index deecae21..414f2854 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java @@ -130,7 +130,7 @@ public class BKUSLConnector extends BaseSLConnector { try { slRequest = SLMarschaller.marshalToString(of .createCreateCMSSignatureRequest(request)); - logger.debug(slRequest); + //logger.debug(slRequest); String slResponse = performHttpRequestToBKU(slRequest); diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java index e5abc6bd..5a03bbef 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java @@ -59,7 +59,7 @@ public abstract class BaseSLConnector implements ISLConnector { int currentdataOff = 0; Arrays.fill(data, (byte)0); - + int[] exclude_range = new int[byteRange.length-2]; for(int i = 0; i < byteRange.length; i = i + 2) { int offset = byteRange[i]; int size = byteRange[i+1]; @@ -68,7 +68,10 @@ public abstract class BaseSLConnector implements ISLConnector { data[offset + j] = signatureData[currentdataOff]; currentdataOff++; } - + if(i + 2 < byteRange.length) { + exclude_range[i] = offset + size; // exclude offset + exclude_range[i+1] = byteRange[i+2]; // exclude size + } } // == MetaInfoType diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java index 8a7950a4..3a998816 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java @@ -1,11 +1,19 @@ package at.gv.egiz.sl.util; +import java.io.ByteArrayInputStream; +import java.security.SignatureException; import java.security.cert.CertificateException; import java.util.Iterator; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import iaik.cms.SignedData; +import iaik.cms.SignerInfo; import iaik.x509.X509Certificate; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner; +import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl; import at.gv.egiz.sl.CreateCMSSignatureRequestType; import at.gv.egiz.sl.CreateCMSSignatureResponseType; import at.gv.egiz.sl.InfoboxAssocArrayPairType; @@ -14,12 +22,15 @@ import at.gv.egiz.sl.InfoboxReadResponseType; public class ISignatureConnectorSLWrapper implements ISignatureConnector { + private static final Logger logger = LoggerFactory + .getLogger(ISignatureConnectorSLWrapper.class); + private ISLConnector connector; - + public ISignatureConnectorSLWrapper(ISLConnector connector) { this.connector = connector; } - + public X509Certificate getCertificate() throws PdfAsException { X509Certificate certificate = null; try { @@ -47,9 +58,47 @@ public class ISignatureConnectorSLWrapper implements ISignatureConnector { } public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException { - CreateCMSSignatureRequestType request = connector.createCMSRequest(input, byteRange); - CreateCMSSignatureResponseType response = connector.sendCMSRequest(request); - + CreateCMSSignatureRequestType request = connector.createCMSRequest( + input, byteRange); + CreateCMSSignatureResponseType response = connector + .sendCMSRequest(request); + try { + SignedData signedData = new SignedData(new ByteArrayInputStream( + response.getCMSSignature())); + + signedData.setContent(input); + + // get the signer infos + SignerInfo[] signerInfos = signedData.getSignerInfos(); + // verify the signatures + for (int i = 0; i < signerInfos.length; i++) { + VerifyResultImpl verifyResult = new VerifyResultImpl(); + try { + + // verify the signature for SignerInfo at index i + X509Certificate signer_cert = signedData.verify(i); + // if the signature is OK the certificate of the + // signer is returned + logger.info("Signature OK from signer: " + + signer_cert.getSubjectDN()); + verifyResult.setSignerCertificate(signer_cert); + } catch (SignatureException ex) { + // if the signature is not OK a SignatureException + // is thrown + logger.info("Signature ERROR from signer: " + + signedData.getCertificate( + signerInfos[i].getSignerIdentifier()) + .getSubjectDN()); + + verifyResult.setSignerCertificate(signedData + .getCertificate(signerInfos[i] + .getSignerIdentifier())); + } + } + } catch (Exception e) { + logger.error("ERROR", e); + } + return response.getCMSSignature(); } |