/*******************************************************************************
* Copyright 2014 by E-Government Innovation Center EGIZ, Graz, Austria
* PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
* joint initiative of the Federal Chancellery Austria and Graz University of
* Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
******************************************************************************/
package at.gv.egiz.pdfas.sigs.pkcs7detached;
import iaik.asn1.ObjectID;
import iaik.asn1.structures.AlgorithmID;
import iaik.cms.ContentInfo;
import iaik.cms.SignedData;
import iaik.cms.SignerInfo;
import iaik.x509.X509Certificate;
import java.io.ByteArrayInputStream;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException;
import at.gv.egiz.pdfas.common.utils.PDFUtils;
import at.gv.egiz.pdfas.lib.api.Configuration;
import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
import at.gv.egiz.pdfas.lib.impl.verify.FilterEntry;
import at.gv.egiz.pdfas.lib.impl.verify.IVerifyFilter;
import at.gv.egiz.pdfas.lib.impl.verify.SignatureCheckImpl;
import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
public class PKCS7DetachedVerifier implements IVerifyFilter {
private static final Logger logger = LoggerFactory.getLogger(PKCS7DetachedVerifier.class);
public PKCS7DetachedVerifier() {
}
public List verify(byte[] contentData, byte[] signatureContent, Date verificationTime, int[] byteRange)
throws PdfAsException {
try {
List result = new ArrayList();
SignedData signedData = new SignedData(contentData, new AlgorithmID[] {
AlgorithmID.sha256, AlgorithmID.sha1, AlgorithmID.ripeMd160, AlgorithmID.ripeMd160_ISO
});
ContentInfo ci = new ContentInfo(new ByteArrayInputStream(
signatureContent));
if (!ci.getContentType().equals(ObjectID.cms_signedData)) {
throw new PdfAsException("error.pdf.verify.01");
}
//SignedData signedData = (SignedData)ci.getContent();
//signedData.setContent(contentData);
signedData.decode(ci.getContentInputStream());
// get the signer infos
SignerInfo[] signerInfos = signedData.getSignerInfos();
// verify the signatures
for (int i = 0; i < signerInfos.length; i++) {
VerifyResultImpl verifyResult = new VerifyResultImpl();
verifyResult.setSignatureData(PDFUtils.blackOutSignature(contentData, byteRange));
try {
// verify the signature for SignerInfo at index i
X509Certificate signer_cert = signedData.verify(i);
logger.info("Signature Algo: {}, Digest {}",
signedData.getSignerInfos()[i].getSignatureAlgorithm(),
signedData.getSignerInfos()[i].getDigestAlgorithm());
// if the signature is OK the certificate of the
// signer is returned
logger.info("Signature OK from signer: "
+ signer_cert.getSubjectDN());
verifyResult.setSignerCertificate(signer_cert);
verifyResult.setValueCheckCode(new SignatureCheckImpl(0, "OK"));
verifyResult.setManifestCheckCode(new SignatureCheckImpl(99, "not checked"));
verifyResult.setCertificateCheck(new SignatureCheckImpl(99, "not checked"));
verifyResult.setVerificationDone(true);
} catch (SignatureException ex) {
// if the signature is not OK a SignatureException
// is thrown
logger.info("Signature ERROR from signer: "
+ signedData.getCertificate(
signerInfos[i].getSignerIdentifier())
.getSubjectDN(), ex);
verifyResult.setSignerCertificate(
signedData.getCertificate(signerInfos[i].getSignerIdentifier()));
verifyResult.setValueCheckCode(new SignatureCheckImpl(1, "failed to check signature"));
verifyResult.setManifestCheckCode(new SignatureCheckImpl(99, "not checked"));
verifyResult.setCertificateCheck(new SignatureCheckImpl(99, "not checked"));
verifyResult.setVerificationDone(false);
verifyResult.setVerificationException(new PdfAsSignatureException("failed to check signature", ex));
}
result.add(verifyResult);
}
return result;
} catch (Throwable e) {
throw new PdfAsException("error.pdf.verify.02", e);
}
}
public List getFiters() {
List result = new ArrayList();
result.add(new FilterEntry(PDSignature.FILTER_ADOBE_PPKLITE, PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED));
//result.add(new FilterEntry(PDSignature.FILTER_ADOBE_PPKLITE, PDSignature.SUBFILTER_ETSI_CADES_DETACHED));
return result;
}
public void setConfiguration(Configuration config) {
// TODO Auto-generated method stub
}
}