From 0decd9fd4799557f9ec77c6309381fe9f22c15dd Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Tue, 18 Feb 2014 11:06:49 +0100 Subject: blacking out signature content in verification to produce valid verified PDF Documents Signed-off-by: Andreas Fitzek --- .../src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java | 5 +++-- .../at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'signature-standards') diff --git a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java index 3298f92b..dcd7f45b 100644 --- a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java +++ b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java @@ -27,6 +27,7 @@ import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureRespons import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureResponseTypeSequence; import at.gv.egiz.moa.SignatureVerificationServiceStub.X509DataTypeSequence; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; +import at.gv.egiz.pdfas.common.utils.PDFUtils; import at.gv.egiz.pdfas.common.utils.StreamUtils; import at.gv.egiz.pdfas.lib.api.Configuration; import at.gv.egiz.pdfas.lib.api.verify.SignatureCheck; @@ -52,7 +53,7 @@ public class PAdESVerifier implements IVerifyFilter { @SuppressWarnings("rawtypes") public List verify(byte[] contentData, - byte[] signatureContent, Date verificationTime) + byte[] signatureContent, Date verificationTime, int[] byteRange) throws PdfAsException { List resultList = new ArrayList(); @@ -125,7 +126,7 @@ public class PAdESVerifier implements IVerifyFilter { KeyInfoTypeChoice[] keyInfo = verifySequence[i].getSignerInfo() .getKeyInfoTypeChoice(); KeyInfoTypeChoice choice = keyInfo[0]; - result.setSignatureData(data); + result.setSignatureData(PDFUtils.blackOutSignature(data, byteRange)); // extract certificate if (choice.isX509DataSpecified()) { diff --git a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java index 41d8f902..7de51d7e 100644 --- a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java +++ b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java @@ -19,6 +19,7 @@ import org.slf4j.LoggerFactory; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException; +import at.gv.egiz.pdfas.common.utils.PDFUtils; import at.gv.egiz.pdfas.lib.api.Configuration; import at.gv.egiz.pdfas.lib.api.verify.VerifyResult; import at.gv.egiz.pdfas.lib.impl.verify.FilterEntry; @@ -33,7 +34,7 @@ public class PKCS7DetachedVerifier implements IVerifyFilter { public PKCS7DetachedVerifier() { } - public List verify(byte[] contentData, byte[] signatureContent, Date verificationTime) + public List verify(byte[] contentData, byte[] signatureContent, Date verificationTime, int[] byteRange) throws PdfAsException { try { List result = new ArrayList(); @@ -56,7 +57,7 @@ public class PKCS7DetachedVerifier implements IVerifyFilter { // verify the signatures for (int i = 0; i < signerInfos.length; i++) { VerifyResultImpl verifyResult = new VerifyResultImpl(); - verifyResult.setSignatureData(contentData); + verifyResult.setSignatureData(PDFUtils.blackOutSignature(contentData, byteRange)); try { // verify the signature for SignerInfo at index i X509Certificate signer_cert = signedData.verify(i); -- cgit v1.2.3