You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2018/10/31 20:15:47 UTC
svn commit: r1845384 -
/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Author: tilman
Date: Wed Oct 31 20:15:47 2018
New Revision: 1845384
URL: http://svn.apache.org/viewvc?rev=1845384&view=rev
Log:
PDFBOX-3017: refactor ETSI.RFC3161 verification
Modified:
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Modified: pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java?rev=1845384&r1=1845383&r2=1845384&view=diff
==============================================================================
--- pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java (original)
+++ pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java Wed Oct 31 20:15:47 2018
@@ -246,29 +246,7 @@ public final class ShowSignature
else if (subFilter.equals("ETSI.RFC3161"))
{
// e.g. PDFBOX-1848, file_timestamped.pdf
- TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(contents.getBytes()));
- System.out.println("Time stamp gen time: " + timeStampToken.getTimeStampInfo().getGenTime());
- System.out.println("Time stamp tsa name: " + timeStampToken.getTimeStampInfo().getTsa().getName());
-
- CertificateFactory factory = CertificateFactory.getInstance("X.509");
- ByteArrayInputStream certStream = new ByteArrayInputStream(contents.getBytes());
- Collection<? extends Certificate> certs = factory.generateCertificates(certStream);
- System.out.println("certs=" + certs);
-
- String hashAlgorithm = timeStampToken.getTimeStampInfo().getMessageImprintAlgOID().getId();
- // compare the hash of the signed content with the hash in
- // the timestamp
- if (Arrays.equals(MessageDigest.getInstance(hashAlgorithm).digest(buf),
- timeStampToken.getTimeStampInfo().getMessageImprintDigest()))
- {
- System.out.println("ETSI.RFC3161 timestamp signature verified");
- }
- else
- {
- System.err.println("ETSI.RFC3161 timestamp signature verification failed");
- }
-
- validateTimestampToken(timeStampToken);
+ verifyETSIdotRFC3161(buf, contents);
}
else
{
@@ -301,6 +279,35 @@ public final class ShowSignature
}
}
+ private void verifyETSIdotRFC3161(byte[] buf, COSString contents)
+ throws CertificateException, CMSException, IOException, OperatorCreationException,
+ TSPException, NoSuchAlgorithmException
+ {
+ TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(contents.getBytes()));
+ System.out.println("Time stamp gen time: " + timeStampToken.getTimeStampInfo().getGenTime());
+ System.out.println("Time stamp tsa name: " + timeStampToken.getTimeStampInfo().getTsa().getName());
+
+ CertificateFactory factory = CertificateFactory.getInstance("X.509");
+ ByteArrayInputStream certStream = new ByteArrayInputStream(contents.getBytes());
+ Collection<? extends Certificate> certs = factory.generateCertificates(certStream);
+ System.out.println("certs=" + certs);
+
+ String hashAlgorithm = timeStampToken.getTimeStampInfo().getMessageImprintAlgOID().getId();
+ // compare the hash of the signed content with the hash in
+ // the timestamp
+ if (Arrays.equals(MessageDigest.getInstance(hashAlgorithm).digest(buf),
+ timeStampToken.getTimeStampInfo().getMessageImprintDigest()))
+ {
+ System.out.println("ETSI.RFC3161 timestamp signature verified");
+ }
+ else
+ {
+ System.err.println("ETSI.RFC3161 timestamp signature verification failed");
+ }
+
+ validateTimestampToken(timeStampToken);
+ }
+
/**
* Verify a PKCS7 signature.
*