You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2018/03/10 16:22:52 UTC
svn commit: r1826416 -
/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/
Author: tilman
Date: Sat Mar 10 16:22:51 2018
New Revision: 1826416
URL: http://svn.apache.org/viewvc?rev=1826416&view=rev
Log:
PDFBOX-3984: Add validation data of signer to document + check the signature of the OCSP-response, by Alexis Suter
Added:
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java
- copied, changed from r1826404, pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java
- copied, changed from r1826404, pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationHelper.java
- copied, changed from r1826404, pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationHelper.java
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertificateProccessingException.java
- copied unchanged from r1826404, pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertificateProccessingException.java
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CrlHelper.java
- copied unchanged from r1826404, pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CrlHelper.java
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/OcspHelper.java
- copied, changed from r1826404, pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/OcspHelper.java
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/RevokedCertificateException.java
- copied unchanged from r1826404, pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/RevokedCertificateException.java
Copied: pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java (from r1826404, pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java)
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java?p2=pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java&p1=pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java&r1=1826404&r2=1826416&rev=1826416&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java (original)
+++ pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java Sat Mar 10 16:22:51 2018
@@ -66,7 +66,7 @@ public class AddValidationInformation
private COSArray crls;
private COSArray certs;
private PDDocument document;
- private final Set<BigInteger> foundRevocationInformation = new HashSet<>();
+ private final Set<BigInteger> foundRevocationInformation = new HashSet<BigInteger>();
/**
* Signs the given PDF file.
@@ -82,12 +82,12 @@ public class AddValidationInformation
throw new FileNotFoundException("Document for signing does not exist");
}
- try (PDDocument doc = PDDocument.load(inFile);
- FileOutputStream fos = new FileOutputStream(outFile))
- {
- document = doc;
- doValidation(inFile.getAbsolutePath(), fos);
- }
+ PDDocument doc = PDDocument.load(inFile);
+ FileOutputStream fos = new FileOutputStream(outFile);
+ document = doc;
+ doValidation(inFile.getAbsolutePath(), fos);
+ fos.close();
+ doc.close();
}
/**
@@ -172,7 +172,12 @@ public class AddValidationInformation
{
result = clazz.newInstance();
}
- catch (InstantiationException | IllegalAccessException e)
+ catch (InstantiationException e)
+ {
+ LOG.error("Failed to create new instance of " + clazz.getCanonicalName(), e);
+ return null;
+ }
+ catch (IllegalAccessException e)
{
LOG.error("Failed to create new instance of " + clazz.getCanonicalName(), e);
return null;
@@ -276,7 +281,17 @@ public class AddValidationInformation
addOcspData(certInfo);
return true;
}
- catch (OCSPException | CertificateProccessingException | IOException e)
+ catch (OCSPException e)
+ {
+ LOG.warn("Failed fetching Ocsp", e);
+ return false;
+ }
+ catch (CertificateProccessingException e)
+ {
+ LOG.warn("Failed fetching Ocsp", e);
+ return false;
+ }
+ catch (IOException e)
{
LOG.warn("Failed fetching Ocsp", e);
return false;
@@ -299,7 +314,17 @@ public class AddValidationInformation
{
addCrlRevocationInfo(certInfo);
}
- catch (CRLException | IOException | RevokedCertificateException e)
+ catch (CRLException e)
+ {
+ LOG.warn("Failed fetching CRL", e);
+ throw new IOException(e);
+ }
+ catch (RevokedCertificateException e)
+ {
+ LOG.warn("Failed fetching CRL", e);
+ throw new IOException(e);
+ }
+ catch (IOException e)
{
LOG.warn("Failed fetching CRL", e);
throw new IOException(e);
@@ -393,10 +418,10 @@ public class AddValidationInformation
COSArray filters = new COSArray();
filters.add(COSName.FLATE_DECODE);
- try (OutputStream os = stream.createOutputStream(filters))
- {
- os.write(data);
- }
+ OutputStream os = stream.createOutputStream(filters);
+ os.write(data);
+ os.close();
+
return stream;
}
Copied: pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java (from r1826404, pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java)
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java?p2=pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java&p1=pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java&r1=1826404&r2=1826416&rev=1826416&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java (original)
+++ pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java Sat Mar 10 16:22:51 2018
@@ -74,7 +74,7 @@ public class CertInformationCollector
private static final int MAX_CERTIFICATE_CHAIN_DEPTH = 5;
- private final Map<BigInteger, X509Certificate> certificateStore = new HashMap<>();
+ private final Map<BigInteger, X509Certificate> certificateStore = new HashMap<BigInteger, X509Certificate>();
private final JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter();
@@ -95,12 +95,18 @@ public class CertInformationCollector
PDSignature signature = getLastRelevantSignature(document);
if (signature != null)
{
- try (FileInputStream documentInput = new FileInputStream(fileName))
+ FileInputStream documentInput = null;
+ try
{
+ documentInput = new FileInputStream(fileName);
byte[] docBytes = IOUtils.toByteArray(documentInput);
byte[] signatureContent = signature.getContents(docBytes);
return getCertInfo(signatureContent);
}
+ finally
+ {
+ IOUtils.closeQuietly(document);
+ }
}
return null;
}
@@ -114,7 +120,7 @@ public class CertInformationCollector
*/
private PDSignature getLastRelevantSignature(PDDocument document) throws IOException
{
- SortedMap<Integer, PDSignature> sortedMap = new TreeMap<>();
+ SortedMap<Integer, PDSignature> sortedMap = new TreeMap<Integer, PDSignature>();
for (PDSignature signature : document.getSignatureDictionaries())
{
int sigOffset = signature.getByteRange()[1];
@@ -202,7 +208,11 @@ public class CertInformationCollector
processSignerStore(certificatesStore, tsToken.toCMSSignedData(),
rootCertInfo.tsaCerts);
}
- catch (TSPException | CMSException e)
+ catch (TSPException e)
+ {
+ throw new IOException("Error parsing timestamp token", e);
+ }
+ catch (CMSException e)
{
throw new IOException("Error parsing timestamp token", e);
}
@@ -319,17 +329,20 @@ public class CertInformationCollector
{
URL certUrl = new URL(certInfo.issuerUrl);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
- try (InputStream in = certUrl.openStream())
- {
- X509Certificate altIssuerCert = (X509Certificate) certFactory
- .generateCertificate(in);
- addCertToCertStore(altIssuerCert);
+ InputStream in = certUrl.openStream();
- certInfo.alternativeCertChain = new CertSignatureInformation();
- traverseChain(altIssuerCert, certInfo.alternativeCertChain, maxDepth - 1);
- }
+ X509Certificate altIssuerCert = (X509Certificate) certFactory.generateCertificate(in);
+ addCertToCertStore(altIssuerCert);
+
+ certInfo.alternativeCertChain = new CertSignatureInformation();
+ traverseChain(altIssuerCert, certInfo.alternativeCertChain, maxDepth - 1);
+ in.close();
+ }
+ catch (IOException e)
+ {
+ LOG.error("Error getting additional Certificate from " + certInfo.issuerUrl, e);
}
- catch (IOException | CertificateException e)
+ catch (CertificateException e)
{
LOG.error("Error getting additional Certificate from " + certInfo.issuerUrl, e);
}
Copied: pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationHelper.java (from r1826404, pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationHelper.java)
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationHelper.java?p2=pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationHelper.java&p1=pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationHelper.java&r1=1826404&r2=1826416&rev=1826416&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationHelper.java (original)
+++ pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationHelper.java Sat Mar 10 16:22:51 2018
@@ -117,8 +117,19 @@ public class CertInformationHelper
return false;
}
}
- catch (InvalidKeyException | CertificateException | NoSuchAlgorithmException
- | NoSuchProviderException e)
+ catch (InvalidKeyException e)
+ {
+ throw new CertificateProccessingException(e);
+ }
+ catch (CertificateException e)
+ {
+ throw new CertificateProccessingException(e);
+ }
+ catch (NoSuchAlgorithmException e)
+ {
+ throw new CertificateProccessingException(e);
+ }
+ catch (NoSuchProviderException e)
{
throw new CertificateProccessingException(e);
}
Copied: pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/OcspHelper.java (from r1826404, pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/OcspHelper.java)
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/OcspHelper.java?p2=pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/OcspHelper.java&p1=pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/OcspHelper.java&r1=1826404&r2=1826416&rev=1826416&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/OcspHelper.java (original)
+++ pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/OcspHelper.java Sat Mar 10 16:22:51 2018
@@ -206,10 +206,9 @@ public class OcspHelper
httpConnection.setRequestProperty("Content-Type", "application/ocsp-request");
httpConnection.setRequestProperty("Accept", "application/ocsp-response");
httpConnection.setDoOutput(true);
- try (OutputStream out = httpConnection.getOutputStream())
- {
- out.write(request.getEncoded());
- }
+ OutputStream out = httpConnection.getOutputStream();
+ out.write(request.getEncoded());
+ out.close();
if (httpConnection.getResponseCode() != 200)
{