From 15c1a4715be0d358d4449c77bd71aa7eb926fe54 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Thu, 12 Jan 2023 16:55:34 +0100
Subject: feat(sigblock): validate signature-profile information provided by
QR-code placeholder
Issue: #64
---
.../common/settings/SignatureProfileSettings.java | 18 +++++--
.../egiz/pdfas/lib/impl/stamping/TableFactory.java | 3 +-
...CertificateAndRequestParameterResolverTest.java | 3 +-
.../pdfbox2/configuration/ProfileValidator.java | 59 +++++++++++-----------
.../impl/signing/pdfbox2/PADESPDFBOXSigner.java | 38 +++++++-------
5 files changed, 68 insertions(+), 53 deletions(-)
diff --git a/pdf-as-common/src/main/java/at/gv/egiz/pdfas/common/settings/SignatureProfileSettings.java b/pdf-as-common/src/main/java/at/gv/egiz/pdfas/common/settings/SignatureProfileSettings.java
index a151f12e..7f047278 100644
--- a/pdf-as-common/src/main/java/at/gv/egiz/pdfas/common/settings/SignatureProfileSettings.java
+++ b/pdf-as-common/src/main/java/at/gv/egiz/pdfas/common/settings/SignatureProfileSettings.java
@@ -23,10 +23,15 @@
******************************************************************************/
package at.gv.egiz.pdfas.common.settings;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.util.*;
+import at.gv.egiz.pdfas.common.exceptions.ErrorConstants;
+import at.gv.egiz.pdfas.common.exceptions.PDFASError;
public class SignatureProfileSettings implements IProfileConstants {
@@ -43,8 +48,15 @@ public class SignatureProfileSettings implements IProfileConstants {
private ISettings configuration;
- public SignatureProfileSettings(String profileID, ISettings configuration) {
- this.profileID = profileID;
+ public SignatureProfileSettings(String profileID, ISettings configuration) throws PDFASError {
+
+ if (!configuration.hasPrefix(SIG_OBJ + profileID)) {
+ throw new PDFASError(ErrorConstants.ERROR_SIG_INVALID_PROFILE,
+ PDFASError.buildInfoString(ErrorConstants.ERROR_SIG_INVALID_PROFILE,
+ profileID));
+ }
+
+ this.profileID = profileID;
String profilePrefix = SIG_OBJ + profileID + KEY_SEPARATOR;
String keysPrefix = profilePrefix + PROFILE_KEY;
String valuesPrefix = profilePrefix + PROFILE_VALUE;
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/stamping/TableFactory.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/stamping/TableFactory.java
index 2908cfcd..756f60c8 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/stamping/TableFactory.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/stamping/TableFactory.java
@@ -34,6 +34,7 @@ import java.util.Vector;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.pdfas.common.exceptions.PDFASError;
import at.gv.egiz.pdfas.common.exceptions.PdfAsSettingsException;
import at.gv.egiz.pdfas.common.settings.IProfileConstants;
import at.gv.egiz.pdfas.common.settings.ISettings;
@@ -270,7 +271,7 @@ public class TableFactory implements IProfileConstants {
return sig_table;
}
- public static SignatureProfileSettings createProfile(String profileID, ISettings configuration) {
+ public static SignatureProfileSettings createProfile(String profileID, ISettings configuration) throws PDFASError {
return new SignatureProfileSettings(profileID, configuration);
}
diff --git a/pdf-as-lib/src/test/java/at/gv/egiz/pdfas/lib/test/stamping/CertificateAndRequestParameterResolverTest.java b/pdf-as-lib/src/test/java/at/gv/egiz/pdfas/lib/test/stamping/CertificateAndRequestParameterResolverTest.java
index 805f87b9..fdc8fa7e 100644
--- a/pdf-as-lib/src/test/java/at/gv/egiz/pdfas/lib/test/stamping/CertificateAndRequestParameterResolverTest.java
+++ b/pdf-as-lib/src/test/java/at/gv/egiz/pdfas/lib/test/stamping/CertificateAndRequestParameterResolverTest.java
@@ -12,6 +12,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;
+import at.gv.egiz.pdfas.common.exceptions.PDFASError;
import at.gv.egiz.pdfas.common.settings.ISettings;
import at.gv.egiz.pdfas.common.settings.SignatureProfileSettings;
import at.gv.egiz.pdfas.lib.api.sign.SignParameter;
@@ -28,7 +29,7 @@ public class CertificateAndRequestParameterResolverTest {
private SignatureProfileSettings sigProfileSetting;
@Before
- public void initialize() {
+ public void initialize() throws PDFASError {
SignParameter signParams = new SignParameterImpl(null, null, null);
opStatus = new OperationStatus(buildDummySettings(), signParams , null);
diff --git a/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox2/configuration/ProfileValidator.java b/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox2/configuration/ProfileValidator.java
index 1c57605b..ee828705 100644
--- a/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox2/configuration/ProfileValidator.java
+++ b/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox2/configuration/ProfileValidator.java
@@ -1,5 +1,20 @@
package at.gv.egiz.pdfas.lib.impl.pdfbox2.configuration;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import org.apache.pdfbox.pdmodel.PDDocument;
+import org.apache.pdfbox.pdmodel.PDPage;
+import org.apache.pdfbox.pdmodel.common.PDRectangle;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.pdfas.common.exceptions.PDFASError;
import at.gv.egiz.pdfas.common.exceptions.PdfAsSettingsValidationException;
import at.gv.egiz.pdfas.common.settings.ISettings;
import at.gv.egiz.pdfas.common.settings.SignatureProfileSettings;
@@ -11,19 +26,6 @@ import at.gv.egiz.pdfas.lib.impl.status.OperationStatus;
import iaik.asn1.ObjectID;
import iaik.asn1.structures.Name;
import iaik.x509.X509Certificate;
-import org.apache.pdfbox.pdmodel.PDDocument;
-import org.apache.pdfbox.pdmodel.PDPage;
-import org.apache.pdfbox.pdmodel.common.PDRectangle;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
public class ProfileValidator implements ConfigurationValidator{
@@ -82,23 +84,20 @@ public class ProfileValidator implements ConfigurationValidator{
}
- for(String id:profileIds){
- SignatureProfileSettings profileSetting = new SignatureProfileSettings(id, settings);
- profileSettings.add(profileSetting);
- if(profileSetting.getValue("isvisible")!=null){
- if(profileSetting.getValue("isvisible").equals("false")){
- continue;
- }
- }
- /*Table t;
- try {
- t = TableFactory.createSigTable(profileSetting, "main", opState, certProvider);
- new PDFBoxTable(t, null, settings, pdfBoxObject);
- } catch (Exception e) {
- logger.info("Configuration Validation for profile "+id+" failed!");
- throw new PdfAsSettingsValidationException("Configuration Validation for profile "+id+" failed!", e);
- }*/
- }
+ for(String id:profileIds){
+ try {
+ SignatureProfileSettings profileSetting = new SignatureProfileSettings(id, settings);
+ profileSettings.add(profileSetting);
+ if(profileSetting.getValue("isvisible")!=null){
+ if(profileSetting.getValue("isvisible").equals("false")){
+ continue;
+ }
+ }
+ } catch (PDFASError e) {
+ logger.error("Find suspect signature-profile configuration. Ignore it", e);
+
+ }
+ }
}
@Override
diff --git a/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java b/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java
index c6499bc9..ef1f14b2 100644
--- a/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java
+++ b/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java
@@ -40,9 +40,7 @@ import javax.activation.DataSource;
import org.apache.commons.io.IOUtils;
import org.apache.pdfbox.cos.COSArray;
-import org.apache.pdfbox.cos.COSBase;
import org.apache.pdfbox.cos.COSDictionary;
-import org.apache.pdfbox.cos.COSDocument;
import org.apache.pdfbox.cos.COSInteger;
import org.apache.pdfbox.cos.COSName;
import org.apache.pdfbox.cos.COSString;
@@ -148,8 +146,7 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
String pdfaVersion = null;
PDDocument doc = null;
- final SignatureOptions options = new SignatureOptions();
- COSDocument visualSignatureDocumentGuard = null;
+ SignatureOptions options = new SignatureOptions();
try {
doc = pdfObject.getDocument();
@@ -221,8 +218,8 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
logger.debug("Placeholder Position set to: " + tablePos.toString());
}
}
- final SignatureProfileSettings signatureProfileSettings = TableFactory
- .createProfile(requestedSignature.getSignatureProfileID(), pdfObject.getStatus().getSettings());
+ final SignatureProfileSettings signatureProfileSettings = TableFactory.createProfile(
+ requestedSignature.getSignatureProfileID(), pdfObject.getStatus().getSettings());
// Check if input document is PDF-A conform
if (signatureProfileSettings.isPDFA()) {
@@ -404,7 +401,6 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
if (signatureProfileSettings.isPDFA() || signatureProfileSettings.isPDFA3()) {
final PDDocumentCatalog root = doc.getDocumentCatalog();
- final COSBase base = root.getCOSObject().getItem(COSName.OUTPUT_INTENTS);
InputStream colorProfile = null;
// colorProfile = this.getClass().getResourceAsStream("/icm/sRGB.icm");
@@ -434,8 +430,6 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
options.setVisualSignature(properties.getVisibleSignature());
}
- visualSignatureDocumentGuard = options.getVisualSignature();
-
doc.addSignature(signature, signer, options);
if (sigFieldName == null) {
@@ -648,17 +642,10 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
}
} catch (final IOException e1) {
- e1.printStackTrace();
- }
+ logger.error("Can not save incremental update", e1);
- finally {
- if (options != null) {
- if (options.getVisualSignature() != null) {
- options.getVisualSignature().close();
- }
- }
}
-
+
System.gc();
logger.debug("Signature done!");
@@ -666,7 +653,22 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants {
logger.warn(MessageResolver.resolveMessage("error.pdf.sig.01"), e);
throw new PdfAsException("error.pdf.sig.01", e);
+ } catch (PDFASError e2) {
+ logger.warn(e2.getInfo());
+ throw new PdfAsException("error.pdf.sig.01", e2);
+
} finally {
+ if (options != null) {
+ if (options.getVisualSignature() != null) {
+ try {
+ options.getVisualSignature().close();
+ options.close();
+ } catch (IOException e) {
+ logger.debug("Failed to close VisualSignature!", e);
+ }
+ }
+ }
+
if (doc != null) {
try {
doc.close();
--
cgit v1.2.3