You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2018/10/31 20:15:29 UTC
svn commit: r1845383 -
/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Author: tilman
Date: Wed Oct 31 20:15:28 2018
New Revision: 1845383
URL: http://svn.apache.org/viewvc?rev=1845383&view=rev
Log:
PDFBOX-3017: refactor ETSI.RFC3161 verification
Modified:
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java?rev=1845383&r1=1845382&r2=1845383&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java (original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java Wed Oct 31 20:15:28 2018
@@ -25,6 +25,7 @@ import java.security.InvalidAlgorithmPar
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
@@ -250,32 +251,7 @@ public final class ShowSignature
}
case "ETSI.RFC3161":
// e.g. PDFBOX-1848, file_timestamped.pdf
- TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(contents.getBytes()));
- System.out.println("Time stamp gen time: " + timeStampToken.getTimeStampInfo().getGenTime());
- System.out.println("Time stamp tsa name: " + timeStampToken.getTimeStampInfo().getTsa().getName());
-
- CertificateFactory factory = CertificateFactory.getInstance("X.509");
- ByteArrayInputStream certStream = new ByteArrayInputStream(contents.getBytes());
- Collection<? extends Certificate> certs = factory.generateCertificates(certStream);
- System.out.println("certs=" + certs);
-
- String hashAlgorithm = timeStampToken.getTimeStampInfo().getMessageImprintAlgOID().getId();
- // compare the hash of the signed content with the hash in
- // the timestamp
- if (Arrays.equals(MessageDigest.getInstance(hashAlgorithm).digest(buf),
- timeStampToken.getTimeStampInfo().getMessageImprintDigest()))
- {
- System.out.println("ETSI.RFC3161 timestamp signature verified");
- }
- else
- {
- System.err.println("ETSI.RFC3161 timestamp signature verification failed");
- }
-
- validateTimestampToken(timeStampToken);
- verifyCertificateChain(timeStampToken.getCertificates(),
- (X509Certificate) certs.iterator().next(),
- timeStampToken.getTimeStampInfo().getGenTime());
+ verifyETSIdotRFC3161(buf, contents);
// verifyPKCS7(hash, contents, sig) does not work
break;
@@ -301,6 +277,51 @@ public final class ShowSignature
}
/**
+ * Verify ETSI.RFC3161 TImeStampToken
+ *
+ * @param byteArray the byte sequence that has been signed
+ * @param contents the /Contents field as a COSString
+ * @throws CMSException
+ * @throws NoSuchAlgorithmException
+ * @throws IOException
+ * @throws TSPException
+ * @throws OperatorCreationException
+ * @throws CertificateVerificationException
+ * @throws CertificateException
+ */
+ private void verifyETSIdotRFC3161(byte[] buf, COSString contents)
+ throws CMSException, NoSuchAlgorithmException, IOException, TSPException,
+ OperatorCreationException, CertificateVerificationException, CertificateException
+ {
+ TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(contents.getBytes()));
+ System.out.println("Time stamp gen time: " + timeStampToken.getTimeStampInfo().getGenTime());
+ System.out.println("Time stamp tsa name: " + timeStampToken.getTimeStampInfo().getTsa().getName());
+
+ CertificateFactory factory = CertificateFactory.getInstance("X.509");
+ ByteArrayInputStream certStream = new ByteArrayInputStream(contents.getBytes());
+ Collection<? extends Certificate> certs = factory.generateCertificates(certStream);
+ System.out.println("certs=" + certs);
+
+ String hashAlgorithm = timeStampToken.getTimeStampInfo().getMessageImprintAlgOID().getId();
+ // compare the hash of the signed content with the hash in
+ // the timestamp
+ if (Arrays.equals(MessageDigest.getInstance(hashAlgorithm).digest(buf),
+ timeStampToken.getTimeStampInfo().getMessageImprintDigest()))
+ {
+ System.out.println("ETSI.RFC3161 timestamp signature verified");
+ }
+ else
+ {
+ System.err.println("ETSI.RFC3161 timestamp signature verification failed");
+ }
+
+ validateTimestampToken(timeStampToken);
+ verifyCertificateChain(timeStampToken.getCertificates(),
+ (X509Certificate) certs.iterator().next(),
+ timeStampToken.getTimeStampInfo().getGenTime());
+ }
+
+ /**
* Verify a PKCS7 signature.
*
* @param byteArray the byte sequence that has been signed