From 15c1a4715be0d358d4449c77bd71aa7eb926fe54 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Thu, 12 Jan 2023 16:55:34 +0100
Subject: feat(sigblock): validate signature-profile information provided by
 QR-code placeholder

Issue: #64
---
 .../common/settings/SignatureProfileSettings.java  | 18 +++++--
 .../egiz/pdfas/lib/impl/stamping/TableFactory.java |  3 +-
 ...CertificateAndRequestParameterResolverTest.java |  3 +-
 .../pdfbox2/configuration/ProfileValidator.java    | 59 +++++++++++-----------
 .../impl/signing/pdfbox2/PADESPDFBOXSigner.java    | 38 +++++++-------
 5 files changed, 68 insertions(+), 53 deletions(-)

diff --git a/pdf-as-common/src/main/java/at/gv/egiz/pdfas/common/settings/SignatureProfileSettings.java b/pdf-as-common/src/main/java/at/gv/egiz/pdfas/common/settings/SignatureProfileSettings.java
index a151f12e..7f047278 100644
--- a/pdf-as-common/src/main/java/at/gv/egiz/pdfas/common/settings/SignatureProfileSettings.java
+++ b/pdf-as-common/src/main/java/at/gv/egiz/pdfas/common/settings/SignatureProfileSettings.java
@@ -23,10 +23,15 @@
  ******************************************************************************/
 package at.gv.egiz.pdfas.common.settings;
 
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.util.*;
+import at.gv.egiz.pdfas.common.exceptions.ErrorConstants;
+import at.gv.egiz.pdfas.common.exceptions.PDFASError;
 
 public class SignatureProfileSettings implements IProfileConstants {
 
@@ -43,8 +48,15 @@ public class SignatureProfileSettings implements IProfileConstants {
 
 	private ISettings configuration;
 
-	public SignatureProfileSettings(String profileID, ISettings configuration) {
-		this.profileID = profileID;
+	public SignatureProfileSettings(String profileID, ISettings configuration) throws PDFASError {
+		
+	  if (!configuration.hasPrefix(SIG_OBJ + profileID)) {
+      throw new PDFASError(ErrorConstants.ERROR_SIG_INVALID_PROFILE,
+          PDFASError.buildInfoString(ErrorConstants.ERROR_SIG_INVALID_PROFILE,
+              profileID));
+    }
+	  
+	  this.profileID = profileID;
 		String profilePrefix = SIG_OBJ + profileID + KEY_SEPARATOR;
 		String keysPrefix = profilePrefix + PROFILE_KEY;
 		String valuesPrefix = profilePrefix + PROFILE_VALUE;
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/stamping/TableFactory.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/stamping/TableFactory.java
index 2908cfcd..756f60c8 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/stamping/TableFactory.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/stamping/TableFactory.java
@@ -34,6 +34,7 @@ import java.util.Vector;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import at.gv.egiz.pdfas.common.exceptions.PDFASError;
 import at.gv.egiz.pdfas.common.exceptions.PdfAsSettingsException;
 import at.gv.egiz.pdfas.common.settings.IProfileConstants;
 import at.gv.egiz.pdfas.common.settings.ISettings;
@@ -270,7 +271,7 @@ public class TableFactory implements IProfileConstants {
         return sig_table;
     }
 
-    public static SignatureProfileSettings createProfile(String profileID, ISettings configuration) {
+    public static SignatureProfileSettings createProfile(String profileID, ISettings configuration) throws PDFASError {
         return new SignatureProfileSettings(profileID, configuration);
     }
 
diff --git a/pdf-as-lib/src/test/java/at/gv/egiz/pdfas/lib/test/stamping/CertificateAndRequestParameterResolverTest.java b/pdf-as-lib/src/test/java/at/gv/egiz/pdfas/lib/test/stamping/CertificateAndRequestParameterResolverTest.java
index 805f87b9..fdc8fa7e 100644
--- a/pdf-as-lib/src/test/java/at/gv/egiz/pdfas/lib/test/stamping/CertificateAndRequestParameterResolverTest.java
+++ b/pdf-as-lib/src/test/java/at/gv/egiz/pdfas/lib/test/stamping/CertificateAndRequestParameterResolverTest.java
@@ -12,6 +12,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
+import at.gv.egiz.pdfas.common.exceptions.PDFASError;
 import at.gv.egiz.pdfas.common.settings.ISettings;
 import at.gv.egiz.pdfas.common.settings.SignatureProfileSettings;
 import at.gv.egiz.pdfas.lib.api.sign.SignParameter;
@@ -28,7 +29,7 @@ public class CertificateAndRequestParameterResolverTest {
 	private SignatureProfileSettings sigProfileSetting;
 	
 	@Before
-	public void initialize() {
+	public void initialize() throws PDFASError {
 		SignParameter signParams = new SignParameterImpl(null, null, null);
 		opStatus = new OperationStatus(buildDummySettings(), signParams , null);
 		
diff --git a/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox2/configuration/ProfileValidator.java b/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox2/configuration/ProfileValidator.java
index 1c57605b..ee828705 100644
--- a/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox2/configuration/ProfileValidator.java
+++ b/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox2/configuration/ProfileValidator.java
@@ -1,5 +1,20 @@
 package at.gv.egiz.pdfas.lib.impl.pdfbox2.configuration;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import org.apache.pdfbox.pdmodel.PDDocument;
+import org.apache.pdfbox.pdmodel.PDPage;
+import org.apache.pdfbox.pdmodel.common.PDRectangle;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.pdfas.common.exceptions.PDFASError;
 import at.gv.egiz.pdfas.common.exceptions.PdfAsSettingsValidationException;
 import at.gv.egiz.pdfas.common.settings.ISettings;
 import at.gv.egiz.pdfas.common.settings.SignatureProfileSettings;
@@ -11,19 +26,6 @@ import at.gv.egiz.pdfas.lib.impl.status.OperationStatus;
 import iaik.asn1.ObjectID;
 import iaik.asn1.structures.Name;
 import iaik.x509.X509Certificate;
-import org.apache.pdfbox.pdmodel.PDDocument;
-import org.apache.pdfbox.pdmodel.PDPage;
-import org.apache.pdfbox.pdmodel.common.PDRectangle;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
 
 public class ProfileValidator implements ConfigurationValidator{
 
@@ -82,23 +84,20 @@ public class ProfileValidator implements ConfigurationValidator{
 		}
 
 
-		for(String id:profileIds){
-			SignatureProfileSettings profileSetting = new SignatureProfileSettings(id, settings);
-			profileSettings.add(profileSetting);
-			if(profileSetting.getValue("isvisible")!=null){
-				if(profileSetting.getValue("isvisible").equals("false")){
-					continue;
-				}
-			}
-			/*Table t;
-			try {
-				t = TableFactory.createSigTable(profileSetting, "main", opState, certProvider);
-				new PDFBoxTable(t, null, settings, pdfBoxObject);
-			} catch (Exception e) {
-				logger.info("Configuration Validation for profile "+id+" failed!");
-				throw new PdfAsSettingsValidationException("Configuration Validation for profile "+id+" failed!", e);
-			}*/
-		}
+ 		for(String id:profileIds){
+ 	    try {
+ 	      SignatureProfileSettings profileSetting = new SignatureProfileSettings(id, settings);
+  			profileSettings.add(profileSetting);
+  			if(profileSetting.getValue("isvisible")!=null){
+  				if(profileSetting.getValue("isvisible").equals("false")){
+  					continue;
+  				}
+  			}
+ 	    } catch (PDFASError e) {
+ 	      logger.error("Find suspect signature-profile configuration. Ignore it", e);
+ 	      
+ 	    }
+  	}					
 	}
 
 	@Override
diff --git a/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java b/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java
index c6499bc9..ef1f14b2 100644
--- a/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java
+++ b/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java
@@ -40,9 +40,7 @@ import javax.activation.DataSource;
 
 import org.apache.commons.io.IOUtils;
 import org.apache.pdfbox.cos.COSArray;
-import org.apache.pdfbox.cos.COSBase;
 import org.apache.pdfbox.cos.COSDictionary;
-import org.apache.pdfbox.cos.COSDocument;
 import org.apache.pdfbox.cos.COSInteger;
 import org.apache.pdfbox.cos.COSName;
 import org.apache.pdfbox.cos.COSString;
@@ -148,8 +146,7 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
     String pdfaVersion = null;
 
     PDDocument doc = null;
-    final SignatureOptions options = new SignatureOptions();
-    COSDocument visualSignatureDocumentGuard = null;
+    SignatureOptions options = new SignatureOptions();
     try {
 
       doc = pdfObject.getDocument();
@@ -221,8 +218,8 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
           logger.debug("Placeholder Position set to: " + tablePos.toString());
         }
       }
-      final SignatureProfileSettings signatureProfileSettings = TableFactory
-          .createProfile(requestedSignature.getSignatureProfileID(), pdfObject.getStatus().getSettings());
+      final SignatureProfileSettings signatureProfileSettings = TableFactory.createProfile(
+          requestedSignature.getSignatureProfileID(), pdfObject.getStatus().getSettings());
 
       // Check if input document is PDF-A conform
       if (signatureProfileSettings.isPDFA()) {
@@ -404,7 +401,6 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
 
         if (signatureProfileSettings.isPDFA() || signatureProfileSettings.isPDFA3()) {
           final PDDocumentCatalog root = doc.getDocumentCatalog();
-          final COSBase base = root.getCOSObject().getItem(COSName.OUTPUT_INTENTS);
 
           InputStream colorProfile = null;
           // colorProfile = this.getClass().getResourceAsStream("/icm/sRGB.icm");
@@ -434,8 +430,6 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
         options.setVisualSignature(properties.getVisibleSignature());
       }
 
-      visualSignatureDocumentGuard = options.getVisualSignature();
-
       doc.addSignature(signature, signer, options);
 
       if (sigFieldName == null) {
@@ -648,17 +642,10 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
         }
 
       } catch (final IOException e1) {
-        e1.printStackTrace();
-      }
+        logger.error("Can not save incremental update", e1);
 
-      finally {
-        if (options != null) {
-          if (options.getVisualSignature() != null) {
-            options.getVisualSignature().close();
-          }
-        }
       }
-
+      
       System.gc();
       logger.debug("Signature done!");
       
@@ -666,7 +653,22 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
       logger.warn(MessageResolver.resolveMessage("error.pdf.sig.01"), e);
       throw new PdfAsException("error.pdf.sig.01", e);
     
+    } catch (PDFASError e2) {
+      logger.warn(e2.getInfo());
+      throw new PdfAsException("error.pdf.sig.01", e2);
+      
     } finally {
+      if (options != null) {
+        if (options.getVisualSignature() != null) {
+          try {
+            options.getVisualSignature().close();
+            options.close();
+          } catch (IOException e) {
+            logger.debug("Failed to close VisualSignature!", e);
+          }
+        }
+      }
+      
       if (doc != null) {
         try {
           doc.close();
-- 
cgit v1.2.3