From 15c1a4715be0d358d4449c77bd71aa7eb926fe54 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 12 Jan 2023 16:55:34 +0100 Subject: feat(sigblock): validate signature-profile information provided by QR-code placeholder Issue: #64 --- .../common/settings/SignatureProfileSettings.java | 18 +++++-- .../egiz/pdfas/lib/impl/stamping/TableFactory.java | 3 +- ...CertificateAndRequestParameterResolverTest.java | 3 +- .../pdfbox2/configuration/ProfileValidator.java | 59 +++++++++++----------- .../impl/signing/pdfbox2/PADESPDFBOXSigner.java | 38 +++++++------- 5 files changed, 68 insertions(+), 53 deletions(-) diff --git a/pdf-as-common/src/main/java/at/gv/egiz/pdfas/common/settings/SignatureProfileSettings.java b/pdf-as-common/src/main/java/at/gv/egiz/pdfas/common/settings/SignatureProfileSettings.java index a151f12e..7f047278 100644 --- a/pdf-as-common/src/main/java/at/gv/egiz/pdfas/common/settings/SignatureProfileSettings.java +++ b/pdf-as-common/src/main/java/at/gv/egiz/pdfas/common/settings/SignatureProfileSettings.java @@ -23,10 +23,15 @@ ******************************************************************************/ package at.gv.egiz.pdfas.common.settings; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.util.*; +import at.gv.egiz.pdfas.common.exceptions.ErrorConstants; +import at.gv.egiz.pdfas.common.exceptions.PDFASError; public class SignatureProfileSettings implements IProfileConstants { @@ -43,8 +48,15 @@ public class SignatureProfileSettings implements IProfileConstants { private ISettings configuration; - public SignatureProfileSettings(String profileID, ISettings configuration) { - this.profileID = profileID; + public SignatureProfileSettings(String profileID, ISettings configuration) throws PDFASError { + + if (!configuration.hasPrefix(SIG_OBJ + profileID)) { + throw new PDFASError(ErrorConstants.ERROR_SIG_INVALID_PROFILE, + PDFASError.buildInfoString(ErrorConstants.ERROR_SIG_INVALID_PROFILE, + profileID)); + } + + this.profileID = profileID; String profilePrefix = SIG_OBJ + profileID + KEY_SEPARATOR; String keysPrefix = profilePrefix + PROFILE_KEY; String valuesPrefix = profilePrefix + PROFILE_VALUE; diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/stamping/TableFactory.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/stamping/TableFactory.java index 2908cfcd..756f60c8 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/stamping/TableFactory.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/stamping/TableFactory.java @@ -34,6 +34,7 @@ import java.util.Vector; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.pdfas.common.exceptions.PDFASError; import at.gv.egiz.pdfas.common.exceptions.PdfAsSettingsException; import at.gv.egiz.pdfas.common.settings.IProfileConstants; import at.gv.egiz.pdfas.common.settings.ISettings; @@ -270,7 +271,7 @@ public class TableFactory implements IProfileConstants { return sig_table; } - public static SignatureProfileSettings createProfile(String profileID, ISettings configuration) { + public static SignatureProfileSettings createProfile(String profileID, ISettings configuration) throws PDFASError { return new SignatureProfileSettings(profileID, configuration); } diff --git a/pdf-as-lib/src/test/java/at/gv/egiz/pdfas/lib/test/stamping/CertificateAndRequestParameterResolverTest.java b/pdf-as-lib/src/test/java/at/gv/egiz/pdfas/lib/test/stamping/CertificateAndRequestParameterResolverTest.java index 805f87b9..fdc8fa7e 100644 --- a/pdf-as-lib/src/test/java/at/gv/egiz/pdfas/lib/test/stamping/CertificateAndRequestParameterResolverTest.java +++ b/pdf-as-lib/src/test/java/at/gv/egiz/pdfas/lib/test/stamping/CertificateAndRequestParameterResolverTest.java @@ -12,6 +12,7 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; +import at.gv.egiz.pdfas.common.exceptions.PDFASError; import at.gv.egiz.pdfas.common.settings.ISettings; import at.gv.egiz.pdfas.common.settings.SignatureProfileSettings; import at.gv.egiz.pdfas.lib.api.sign.SignParameter; @@ -28,7 +29,7 @@ public class CertificateAndRequestParameterResolverTest { private SignatureProfileSettings sigProfileSetting; @Before - public void initialize() { + public void initialize() throws PDFASError { SignParameter signParams = new SignParameterImpl(null, null, null); opStatus = new OperationStatus(buildDummySettings(), signParams , null); diff --git a/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox2/configuration/ProfileValidator.java b/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox2/configuration/ProfileValidator.java index 1c57605b..ee828705 100644 --- a/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox2/configuration/ProfileValidator.java +++ b/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox2/configuration/ProfileValidator.java @@ -1,5 +1,20 @@ package at.gv.egiz.pdfas.lib.impl.pdfbox2.configuration; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Set; + +import org.apache.pdfbox.pdmodel.PDDocument; +import org.apache.pdfbox.pdmodel.PDPage; +import org.apache.pdfbox.pdmodel.common.PDRectangle; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.pdfas.common.exceptions.PDFASError; import at.gv.egiz.pdfas.common.exceptions.PdfAsSettingsValidationException; import at.gv.egiz.pdfas.common.settings.ISettings; import at.gv.egiz.pdfas.common.settings.SignatureProfileSettings; @@ -11,19 +26,6 @@ import at.gv.egiz.pdfas.lib.impl.status.OperationStatus; import iaik.asn1.ObjectID; import iaik.asn1.structures.Name; import iaik.x509.X509Certificate; -import org.apache.pdfbox.pdmodel.PDDocument; -import org.apache.pdfbox.pdmodel.PDPage; -import org.apache.pdfbox.pdmodel.common.PDRectangle; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Set; public class ProfileValidator implements ConfigurationValidator{ @@ -82,23 +84,20 @@ public class ProfileValidator implements ConfigurationValidator{ } - for(String id:profileIds){ - SignatureProfileSettings profileSetting = new SignatureProfileSettings(id, settings); - profileSettings.add(profileSetting); - if(profileSetting.getValue("isvisible")!=null){ - if(profileSetting.getValue("isvisible").equals("false")){ - continue; - } - } - /*Table t; - try { - t = TableFactory.createSigTable(profileSetting, "main", opState, certProvider); - new PDFBoxTable(t, null, settings, pdfBoxObject); - } catch (Exception e) { - logger.info("Configuration Validation for profile "+id+" failed!"); - throw new PdfAsSettingsValidationException("Configuration Validation for profile "+id+" failed!", e); - }*/ - } + for(String id:profileIds){ + try { + SignatureProfileSettings profileSetting = new SignatureProfileSettings(id, settings); + profileSettings.add(profileSetting); + if(profileSetting.getValue("isvisible")!=null){ + if(profileSetting.getValue("isvisible").equals("false")){ + continue; + } + } + } catch (PDFASError e) { + logger.error("Find suspect signature-profile configuration. Ignore it", e); + + } + } } @Override diff --git a/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java b/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java index c6499bc9..ef1f14b2 100644 --- a/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java +++ b/pdf-as-pdfbox-2/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox2/PADESPDFBOXSigner.java @@ -40,9 +40,7 @@ import javax.activation.DataSource; import org.apache.commons.io.IOUtils; import org.apache.pdfbox.cos.COSArray; -import org.apache.pdfbox.cos.COSBase; import org.apache.pdfbox.cos.COSDictionary; -import org.apache.pdfbox.cos.COSDocument; import org.apache.pdfbox.cos.COSInteger; import org.apache.pdfbox.cos.COSName; import org.apache.pdfbox.cos.COSString; @@ -148,8 +146,7 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants { String pdfaVersion = null; PDDocument doc = null; - final SignatureOptions options = new SignatureOptions(); - COSDocument visualSignatureDocumentGuard = null; + SignatureOptions options = new SignatureOptions(); try { doc = pdfObject.getDocument(); @@ -221,8 +218,8 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants { logger.debug("Placeholder Position set to: " + tablePos.toString()); } } - final SignatureProfileSettings signatureProfileSettings = TableFactory - .createProfile(requestedSignature.getSignatureProfileID(), pdfObject.getStatus().getSettings()); + final SignatureProfileSettings signatureProfileSettings = TableFactory.createProfile( + requestedSignature.getSignatureProfileID(), pdfObject.getStatus().getSettings()); // Check if input document is PDF-A conform if (signatureProfileSettings.isPDFA()) { @@ -404,7 +401,6 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants { if (signatureProfileSettings.isPDFA() || signatureProfileSettings.isPDFA3()) { final PDDocumentCatalog root = doc.getDocumentCatalog(); - final COSBase base = root.getCOSObject().getItem(COSName.OUTPUT_INTENTS); InputStream colorProfile = null; // colorProfile = this.getClass().getResourceAsStream("/icm/sRGB.icm"); @@ -434,8 +430,6 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants { options.setVisualSignature(properties.getVisibleSignature()); } - visualSignatureDocumentGuard = options.getVisualSignature(); - doc.addSignature(signature, signer, options); if (sigFieldName == null) { @@ -648,17 +642,10 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants { } } catch (final IOException e1) { - e1.printStackTrace(); - } + logger.error("Can not save incremental update", e1); - finally { - if (options != null) { - if (options.getVisualSignature() != null) { - options.getVisualSignature().close(); - } - } } - + System.gc(); logger.debug("Signature done!"); @@ -666,7 +653,22 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants { logger.warn(MessageResolver.resolveMessage("error.pdf.sig.01"), e); throw new PdfAsException("error.pdf.sig.01", e); + } catch (PDFASError e2) { + logger.warn(e2.getInfo()); + throw new PdfAsException("error.pdf.sig.01", e2); + } finally { + if (options != null) { + if (options.getVisualSignature() != null) { + try { + options.getVisualSignature().close(); + options.close(); + } catch (IOException e) { + logger.debug("Failed to close VisualSignature!", e); + } + } + } + if (doc != null) { try { doc.close(); -- cgit v1.2.3