From 7b402478784fe7237ade7c32d07f034fd7083bb7 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Mon, 24 Nov 2014 15:45:18 +0100 Subject: verification changes --- .../pdfas/lib/impl/verify/IntegrityVerifier.java | 122 ++++++++++++++---- .../at/gv/egiz/pdfas/lib/util/SignatureUtils.java | 136 +++++++++++++++------ .../java/at/gv/egiz/sl/util/BKUSLConnector.java | 2 +- .../wag/egov/egiz/pdf/PositioningInstruction.java | 6 + .../lib/impl/pdfbox/positioning/Positioning.java | 83 ++++++++++++- .../lib/impl/signing/pdfbox/PADESPDFBOXSigner.java | 46 ++++--- .../impl/signing/pdfbox/PdfboxSignerWrapper.java | 3 + .../egiz/pdfas/sigs/pades/PAdESSignerKeystore.java | 12 +- 8 files changed, 319 insertions(+), 91 deletions(-) diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IntegrityVerifier.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IntegrityVerifier.java index bb0f3268..9142bc68 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IntegrityVerifier.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/IntegrityVerifier.java @@ -2,9 +2,12 @@ package at.gv.egiz.pdfas.lib.impl.verify; import iaik.asn1.ObjectID; import iaik.asn1.structures.AlgorithmID; +import iaik.asn1.structures.Attribute; import iaik.cms.ContentInfo; import iaik.cms.SignedData; import iaik.cms.SignerInfo; +import iaik.smime.ess.SigningCertificate; +import iaik.smime.ess.SigningCertificateV2; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; @@ -16,6 +19,7 @@ import java.util.List; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.pdfas.common.exceptions.PDFASError; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException; import at.gv.egiz.pdfas.lib.api.Configuration; @@ -26,25 +30,25 @@ public class IntegrityVerifier implements IVerifier { private static final Logger logger = LoggerFactory .getLogger(IntegrityVerifier.class); - + public List verify(byte[] signature, byte[] signatureContent, Date verificationTime) throws PdfAsException { try { List result = new ArrayList(); - - SignedData signedData = new SignedData(signatureContent, new AlgorithmID[] { - AlgorithmID.sha256, AlgorithmID.sha1, AlgorithmID.ripeMd160, AlgorithmID.ripeMd160_ISO - }); - ContentInfo ci = new ContentInfo(new ByteArrayInputStream(signature - )); + + SignedData signedData = new SignedData(signatureContent, + new AlgorithmID[] { AlgorithmID.sha256, AlgorithmID.sha1, + AlgorithmID.ripeMd160, AlgorithmID.ripeMd160_ISO }); + ContentInfo ci = new ContentInfo( + new ByteArrayInputStream(signature)); if (!ci.getContentType().equals(ObjectID.cms_signedData)) { throw new PdfAsException("error.pdf.verify.01"); } - //SignedData signedData = (SignedData)ci.getContent(); - //signedData.setContent(contentData); + // SignedData signedData = (SignedData)ci.getContent(); + // signedData.setContent(contentData); signedData.decode(ci.getContentInputStream()); - + // get the signer infos SignerInfo[] signerInfos = signedData.getSignerInfos(); // verify the signatures @@ -53,33 +57,97 @@ public class IntegrityVerifier implements IVerifier { try { // verify the signature for SignerInfo at index i X509Certificate signer_cert = signedData.verify(i); - logger.info("Signature Algo: {}, Digest {}", - signedData.getSignerInfos()[i].getSignatureAlgorithm(), + + // Verify signing Certificate + Attribute signedCertificate = signerInfos[0] + .getSignedAttribute(ObjectID.signingCertificate); + + if (signedCertificate == null) { + signedCertificate = signerInfos[0] + .getSignedAttribute(ObjectID.signingCertificateV2); + if (signedCertificate == null) { + logger.error("Signature ERROR missing signed Signing Certificate: "); + + throw new SignatureException("Signature ERROR missing signed Signing Certificate"); + } else { + // Validate signingCertificate2 + try { + SigningCertificateV2 signingCert = (SigningCertificateV2) signedCertificate + .getAttributeValue(); + + if (signingCert + .isSignerCertificate(signer_cert)) { + // OK + logger.debug("Found and verified SigningCertificateV2"); + } else { + logger.error("Signature ERROR certificate missmatch: "); + + throw new SignatureException("Signature ERROR certificate missmatch"); + } + } catch (Throwable e) { + logger.error("Signature ERROR wrong encoding for ESSCertIDv2"); + + throw new SignatureException("Signature ERROR wrong encoding for ESSCertIDv2"); + } + } + } else { + // Validate signingCertificate + try { + SigningCertificate signingCert = (SigningCertificate) signedCertificate + .getAttributeValue(); + if (signingCert.isSignerCertificate(signer_cert)) { + // OK + logger.debug("Found and verified SigningCertificate"); + } else { + logger.error("Signature ERROR certificate missmatch"); + + throw new SignatureException("Signature ERROR certificate missmatch"); + } + } catch (Throwable e) { + logger.error("Signature ERROR wrong encoding for ESSCertIDv2"); + + throw new SignatureException("Signature ERROR wrong encoding for ESSCertIDv2", e); + } + } + + logger.info("Signature Algo: {}, Digest {}", signedData + .getSignerInfos()[i].getSignatureAlgorithm(), signedData.getSignerInfos()[i].getDigestAlgorithm()); // if the signature is OK the certificate of the // signer is returned logger.info("Signature OK from signer: " + signer_cert.getSubjectDN()); verifyResult.setSignerCertificate(signer_cert); - verifyResult.setValueCheckCode(new SignatureCheckImpl(0, "OK")); - verifyResult.setManifestCheckCode(new SignatureCheckImpl(99, "not checked")); - verifyResult.setCertificateCheck(new SignatureCheckImpl(99, "not checked")); + verifyResult.setValueCheckCode(new SignatureCheckImpl(0, + "OK")); + verifyResult.setManifestCheckCode(new SignatureCheckImpl( + 99, "not checked")); + verifyResult.setCertificateCheck(new SignatureCheckImpl(99, + "not checked")); verifyResult.setVerificationDone(true); } catch (SignatureException ex) { // if the signature is not OK a SignatureException // is thrown - logger.info("Signature ERROR from signer: " - + signedData.getCertificate( - signerInfos[i].getSignerIdentifier()) - .getSubjectDN(), ex); - - verifyResult.setSignerCertificate( - signedData.getCertificate(signerInfos[i].getSignerIdentifier())); - verifyResult.setValueCheckCode(new SignatureCheckImpl(1, "failed to check signature")); - verifyResult.setManifestCheckCode(new SignatureCheckImpl(99, "not checked")); - verifyResult.setCertificateCheck(new SignatureCheckImpl(99, "not checked")); + logger.info( + "Signature ERROR from signer: " + + signedData.getCertificate( + signerInfos[i] + .getSignerIdentifier()) + .getSubjectDN(), ex); + + verifyResult.setSignerCertificate(signedData + .getCertificate(signerInfos[i] + .getSignerIdentifier())); + verifyResult.setValueCheckCode(new SignatureCheckImpl(1, + "failed to check signature")); + verifyResult.setManifestCheckCode(new SignatureCheckImpl( + 99, "not checked")); + verifyResult.setCertificateCheck(new SignatureCheckImpl(99, + "not checked")); verifyResult.setVerificationDone(false); - verifyResult.setVerificationException(new PdfAsSignatureException("failed to check signature", ex)); + verifyResult + .setVerificationException(new PdfAsSignatureException( + "failed to check signature", ex)); } result.add(verifyResult); } @@ -91,7 +159,7 @@ public class IntegrityVerifier implements IVerifier { } public void setConfiguration(Configuration config) { - + } @Override diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/util/SignatureUtils.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/util/SignatureUtils.java index 14dbdd16..ef5df8b1 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/util/SignatureUtils.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/util/SignatureUtils.java @@ -1,19 +1,30 @@ package at.gv.egiz.pdfas.lib.util; +import iaik.asn1.CodingException; +import iaik.asn1.ObjectID; +import iaik.asn1.structures.Attribute; import iaik.cms.CMSException; import iaik.cms.SignedData; import iaik.cms.SignerInfo; +import iaik.smime.ess.ESSCertID; +import iaik.smime.ess.ESSCertIDv2; +import iaik.smime.ess.SigningCertificate; +import iaik.smime.ess.SigningCertificateV2; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; import java.io.IOException; +import java.security.NoSuchAlgorithmException; import java.security.SignatureException; +import java.security.cert.CertificateException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.pdfas.common.exceptions.ErrorConstants; import at.gv.egiz.pdfas.common.exceptions.PDFASError; +import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException; +import at.gv.egiz.pdfas.common.utils.StreamUtils; import at.gv.egiz.pdfas.lib.api.verify.VerifyResult; import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl; @@ -21,66 +32,113 @@ public class SignatureUtils implements ErrorConstants { private static final Logger logger = LoggerFactory .getLogger(SignatureUtils.class); - - public static VerifyResult verifySignature(byte[] signature, byte[] input) throws PDFASError { - //List results = new ArrayList(); + + public static VerifyResult verifySignature(byte[] signature, byte[] input) + throws PDFASError { + // List results = new ArrayList(); try { SignedData signedData = new SignedData(new ByteArrayInputStream( signature)); signedData.setContent(input); - + // get the signer infos SignerInfo[] signerInfos = signedData.getSignerInfos(); if (signerInfos.length == 0) { logger.error("Invalid signature (no signer information)"); throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG); } - + if (signerInfos.length != 1) { logger.error("Invalid signature (multiple signer information)"); throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG); } // verify the signatures - //for (int i = 0; i < signerInfos.length; i++) { - VerifyResultImpl verifyResult = new VerifyResultImpl(); - //results.add(verifyResult); - try { - logger.debug("Signature Algo: {}, Digest {}", signedData - .getSignerInfos()[0].getSignatureAlgorithm(), - signedData.getSignerInfos()[0].getDigestAlgorithm()); - // verify the signature for SignerInfo at index i - X509Certificate signer_cert = signedData.verify(0); - // if the signature is OK the certificate of the - // signer is returned - logger.debug("Signature OK from signer: " - + signer_cert.getSubjectDN()); - verifyResult.setSignerCertificate(signer_cert); - - } catch (SignatureException ex) { - // if the signature is not OK a SignatureException - // is thrown - logger.error( - "Signature ERROR from signer: " - + signedData.getCertificate( - signerInfos[0] - .getSignerIdentifier()) - .getSubjectDN(), ex); - - verifyResult.setSignerCertificate(signedData - .getCertificate(signerInfos[0] - .getSignerIdentifier())); - throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, ex); + // for (int i = 0; i < signerInfos.length; i++) { + VerifyResultImpl verifyResult = new VerifyResultImpl(); + // results.add(verifyResult); + try { + logger.debug("Signature Algo: {}, Digest {}", + signedData.getSignerInfos()[0].getSignatureAlgorithm(), + signedData.getSignerInfos()[0].getDigestAlgorithm()); + // verify the signature for SignerInfo at index i + X509Certificate signer_cert = signedData.verify(0); + + // Must include Signing Certificate! + Attribute signedCertificate = signerInfos[0] + .getSignedAttribute(ObjectID.signingCertificate); + + if (signedCertificate == null) { + signedCertificate = signerInfos[0] + .getSignedAttribute(ObjectID.signingCertificateV2); + if (signedCertificate == null) { + logger.error("Signature ERROR missing signed Signing Certificate: "); + + throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG); + } else { + // Validate signingCertificate2 + try { + SigningCertificateV2 signingCert = (SigningCertificateV2)signedCertificate.getAttributeValue(); + + if (signingCert.isSignerCertificate(signer_cert)) { + // OK + logger.debug("Found and verified SigningCertificateV2"); + } else { + logger.error("Signature ERROR certificate missmatch: "); + + throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG); + } + } catch (Throwable e) { + logger.error("Signature ERROR wrong encoding for ESSCertIDv2:"); + + throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, e); + } + } + } else { + // Validate signingCertificate + try { + SigningCertificate signingCert = (SigningCertificate)signedCertificate.getAttributeValue(); + if (signingCert.isSignerCertificate(signer_cert)) { + // OK + logger.debug("Found and verified SigningCertificate"); + } else { + logger.error("Signature ERROR certificate missmatch"); + + throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG); + } + } catch (Throwable e) { + logger.error("Signature ERROR wrong encoding for ESSCertIDv2"); + + throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, e); + } } - - return verifyResult; - //} + + // if the signature is OK the certificate of the + // signer is returned + logger.debug("Signature OK"); + verifyResult.setSignerCertificate(signer_cert); + + } catch (SignatureException ex) { + // if the signature is not OK a SignatureException + // is thrown + logger.error( + "Signature ERROR from signer: " + + signedData.getCertificate( + signerInfos[0].getSignerIdentifier()) + .getSubjectDN(), ex); + + verifyResult.setSignerCertificate(signedData + .getCertificate(signerInfos[0].getSignerIdentifier())); + throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, ex); + } + + return verifyResult; + // } } catch (CMSException e) { throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, e); } catch (IOException e) { throw new PDFASError(ERROR_SIG_INVALID_BKU_SIG, e); } - - + } } diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java index f5d4ed82..6383b89b 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java @@ -135,7 +135,7 @@ public class BKUSLConnector extends BaseSLConnector { .create(); entityBuilder.setCharset(Charset.forName("UTF-8")); entityBuilder.addTextBody(XMLREQUEST, xmlRequest, - ContentType.TEXT_XML); + ContentType.TEXT_XML.withCharset(Charset.forName("UTF-8"))); if (parameter != null) { String transactionId = parameter.getTransactionId(); diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PositioningInstruction.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PositioningInstruction.java index 245e864f..0448e0b1 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PositioningInstruction.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PositioningInstruction.java @@ -170,6 +170,12 @@ public class PositioningInstruction return this.rotation; } + + public void setRotation(float rotation) + { + this.rotation += rotation; + } + public int hashCode() { final int prime = 31; int result = 1; diff --git a/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox/positioning/Positioning.java b/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox/positioning/Positioning.java index 4efa2148..677bfc00 100644 --- a/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox/positioning/Positioning.java +++ b/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/pdfbox/positioning/Positioning.java @@ -23,6 +23,9 @@ ******************************************************************************/ package at.gv.egiz.pdfas.lib.impl.pdfbox.positioning; +import java.awt.geom.AffineTransform; +import java.awt.geom.Point2D; + import org.apache.pdfbox.pdmodel.PDDocument; import org.apache.pdfbox.pdmodel.PDPage; import org.apache.pdfbox.pdmodel.common.PDRectangle; @@ -44,7 +47,7 @@ public class Positioning { private static final Logger logger = LoggerFactory .getLogger(Positioning.class); - + /** * The left/right margin. */ @@ -79,6 +82,63 @@ public class Positioning { pdf_table, pos, legacy32); } + private static PDRectangle rotateBox(PDRectangle cropBox, int rotation) { + if (rotation != 0) { + Point2D upSrc = new Point2D.Float(); + + upSrc.setLocation(cropBox.getUpperRightX(), + cropBox.getUpperRightY()); + + Point2D llSrc = new Point2D.Float(); + llSrc.setLocation(cropBox.getLowerLeftX(), cropBox.getLowerLeftY()); + AffineTransform transform = new AffineTransform(); + transform.setToIdentity(); + if (rotation % 360 != 0) { + transform.setToRotation(Math.toRadians(rotation * -1), llSrc.getX(), + llSrc.getY()); + } + Point2D upDst = new Point2D.Float(); + transform.transform(upSrc, upDst); + + Point2D llDst = new Point2D.Float(); + transform.transform(llSrc, llDst); + + float y1 = (float) upDst.getY(); + float y2 = (float) llDst.getY(); + + if(y1 > y2) { + float t = y1; + y1 = y2; + y2 = t; + } + + if(y1 < 0) { + y2 = y2 + -1 * y1; + y1 = 0; + } + + float x1 = (float) upDst.getX(); + float x2 = (float) llDst.getX(); + + if(x1 > x2) { + float t = x1; + x1 = x2; + x2 = t; + } + + if(x1 < 0) { + x2 = x2 + -1 * x1; + x1 = 0; + } + + cropBox.setUpperRightX(x2); + cropBox.setUpperRightY(y2); + cropBox.setLowerLeftY(y1); + cropBox.setLowerLeftX(x1); + } + return cropBox; + } + /** * Sets the width of the table according to the layout of the document and * calculates the y position where the PDFPTable should be placed. @@ -94,7 +154,7 @@ public class Positioning { public static PositioningInstruction adjustSignatureTableandCalculatePosition( final PDDocument pdfDataSource, IPDFVisualObject pdf_table, TablePos pos, boolean legacy32) throws PdfAsException { - + PdfBoxUtils.checkPDFPermissions(pdfDataSource); // get pages of currentdocument @@ -114,13 +174,13 @@ public class Positioning { // ") cannot be parsed."); } } - + PDPage pdPage = (PDPage) pdfDataSource.getDocumentCatalog() .getAllPages().get(page - 1); PDRectangle cropBox = pdPage.getCropBox(); // fallback to MediaBox if Cropbox not available! - + if (cropBox == null) { cropBox = pdPage.findCropBox(); } @@ -136,9 +196,20 @@ public class Positioning { // Integer rotation = pdPage.getRotation(); // int page_rotation = rotation.intValue(); + int rotation = pdPage.findRotation(); + + logger.debug("Original CropBox: " + cropBox.toString()); + + //cropBox = rotateBox(cropBox, rotation); + + logger.debug("Rotated CropBox: " + cropBox.toString()); + float page_width = cropBox.getWidth(); float page_height = cropBox.getHeight(); + logger.debug("CropBox width: " + page_width); + logger.debug("CropBox heigth: " + page_height); + // now we can calculate x-position float pre_pos_x = SIGNATURE_MARGIN_HORIZONTAL; if (!pos.isXauto()) { @@ -191,11 +262,11 @@ public class Positioning { // fit // Now we have to getfreespace in page and reguard footerline float footer_line = pos.getFooterLine(); - + float pre_page_length = PDFUtilities.calculatePageLength(pdfDataSource, page - 1, page_height - footer_line, /* page_rotation, */ legacy32); - + if (pre_page_length == Float.NEGATIVE_INFINITY) { // we do have an empty page or nothing in area above footerline pre_page_length = page_height; diff --git a/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PADESPDFBOXSigner.java b/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PADESPDFBOXSigner.java index 9d50a348..f050a977 100644 --- a/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PADESPDFBOXSigner.java +++ b/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PADESPDFBOXSigner.java @@ -257,6 +257,34 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants { .determineTablePositioning(tablePos, "", doc, visualObject, legacy32Position); + if (positioningInstruction.isMakeNewPage()) { + int last = doc.getNumberOfPages() - 1; + PDDocumentCatalog root = doc.getDocumentCatalog(); + PDPageNode rootPages = root.getPages(); + List kids = new ArrayList(); + rootPages.getAllKids(kids); + PDPage lastPage = kids.get(last); + rootPages.getCOSObject().setNeedToBeUpdate(true); + PDPage p = new PDPage(lastPage.findMediaBox()); + p.setResources(new PDResources()); + + doc.addPage(p); + } + + // handle rotated page + PDDocumentCatalog documentCatalog = doc.getDocumentCatalog(); + PDPageNode documentPages = documentCatalog.getPages(); + List documentPagesKids = new ArrayList(); + documentPages.getAllKids(documentPagesKids); + int targetPageNumber = positioningInstruction.getPage(); + logger.debug("Target Page: " + targetPageNumber); + //rootPages.getAllKids(kids); + PDPage targetPage = documentPagesKids.get(targetPageNumber-1); + int rot = targetPage.findRotation(); + logger.debug("adding Page rotation: " + rot); + positioningInstruction.setRotation(positioningInstruction.getRotation() + rot); + logger.debug("resulting Sign rotation: " + positioningInstruction.getRotation()); + SignaturePositionImpl position = new SignaturePositionImpl(); position.setX(positioningInstruction.getX()); position.setY(positioningInstruction.getY()); @@ -278,7 +306,7 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants { * sigbos.write(StreamUtils.inputStreamToByteArray(properties * .getVisibleSignature())); sigbos.close(); */ - + if (signaturePlaceholderData != null) { // Placeholder found! // replace placeholder @@ -308,20 +336,6 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants { + signaturePlaceholderData.getPlaceholderName()); } - if (positioningInstruction.isMakeNewPage()) { - int last = doc.getNumberOfPages() - 1; - PDDocumentCatalog root = doc.getDocumentCatalog(); - PDPageNode rootPages = root.getPages(); - List kids = new ArrayList(); - rootPages.getAllKids(kids); - PDPage lastPage = kids.get(last); - rootPages.getCOSObject().setNeedToBeUpdate(true); - PDPage p = new PDPage(lastPage.findMediaBox()); - p.setResources(new PDResources()); - - doc.addPage(p); - } - if (signatureProfileSettings.isPDFA()) { PDDocumentCatalog root = doc.getDocumentCatalog(); COSBase base = root.getCOSDictionary().getItem( @@ -363,7 +377,7 @@ public class PADESPDFBOXSigner implements IPdfSigner, IConfigurationConstants { // sigBlock.setTitle("Signature Table"); // } // } - + options.setPage(positioningInstruction.getPage()); options.setVisualSignature(properties.getVisibleSignature()); } diff --git a/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PdfboxSignerWrapper.java b/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PdfboxSignerWrapper.java index cad7536e..12b24b3f 100644 --- a/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PdfboxSignerWrapper.java +++ b/pdf-as-pdfbox/src/main/java/at/gv/egiz/pdfas/lib/impl/signing/pdfbox/PdfboxSignerWrapper.java @@ -23,10 +23,12 @@ ******************************************************************************/ package at.gv.egiz.pdfas.lib.impl.signing.pdfbox; +import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.util.Calendar; +import org.apache.commons.io.IOUtils; import org.apache.pdfbox.exceptions.SignatureException; import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature; import org.slf4j.Logger; @@ -68,6 +70,7 @@ public class PdfboxSignerWrapper implements PDFASPDFBOXSignatureInterface { try { logger.debug("Signing with Pdfbox Wrapper"); byte[] signature = signer.sign(data, byteRange, this.parameters, this.requestedSignature); + return signature; } catch (PdfAsException e) { throw new PdfAsWrappedIOException(e); diff --git a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java index d50a2c95..99138714 100644 --- a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java +++ b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java @@ -65,8 +65,10 @@ import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException; import at.gv.egiz.pdfas.lib.api.PdfAsFactory; import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner; import at.gv.egiz.pdfas.lib.api.sign.SignParameter; +import at.gv.egiz.pdfas.lib.api.verify.VerifyResult; import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature; import at.gv.egiz.pdfas.lib.util.CertificateUtils; +import at.gv.egiz.pdfas.lib.util.SignatureUtils; public class PAdESSignerKeystore implements IPlainSigner, PAdESConstants { @@ -305,8 +307,12 @@ public class PAdESSignerKeystore implements IPlainSigner, PAdESConstants { while ((r = dataIs.read(buf)) > 0) ; // skip data ContentInfo ci = new ContentInfo(si); - - return ci.getEncoded(); + byte[] signature = ci.getEncoded(); + + VerifyResult verifyResult = SignatureUtils.verifySignature( + signature, input); + + return signature; } catch (NoSuchAlgorithmException e) { throw new PdfAsSignatureException("error.pdf.sig.01", e); } catch (iaik.cms.CMSException e) { @@ -317,6 +323,8 @@ public class PAdESSignerKeystore implements IPlainSigner, PAdESConstants { throw new PdfAsSignatureException("error.pdf.sig.01", e); } catch (CodingException e) { throw new PdfAsSignatureException("error.pdf.sig.01", e); + } catch (PDFASError e) { + throw new PdfAsSignatureException("error.pdf.sig.01", e); } } -- cgit v1.2.3