You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2021/01/24 09:12:39 UTC

svn commit: r1885873 - in /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature: SigUtils.java TSAClient.java ValidationTimeStamp.java

Author: tilman
Date: Sun Jan 24 09:12:38 2021
New Revision: 1885873

URL: http://svn.apache.org/viewvc?rev=1885873&view=rev
Log:
PDFBOX-5070: sign as a stream so that huge files can be processed

Modified:
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/TSAClient.java
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ValidationTimeStamp.java

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java?rev=1885873&r1=1885872&r2=1885873&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java (original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java Sun Jan 24 09:12:38 2021
@@ -16,7 +16,9 @@
 
 package org.apache.pdfbox.examples.signature;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
+import java.io.InputStream;
 import java.net.URL;
 import java.security.GeneralSecurityException;
 import java.security.MessageDigest;
@@ -365,7 +367,8 @@ public class SigUtils
     {
         MessageDigest digest = MessageDigest.getInstance("SHA-256");
         TSAClient tsaClient = new TSAClient(new URL(tsaUrl), null, null, digest);
-        TimeStampToken timeStampToken = tsaClient.getTimeStampToken(new byte[0]);
+        InputStream emptyStream = new ByteArrayInputStream(new byte[0]);
+        TimeStampToken timeStampToken = tsaClient.getTimeStampToken(emptyStream);
         return getCertificateFromTimeStampToken(timeStampToken);
     }
 

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/TSAClient.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/TSAClient.java?rev=1885873&r1=1885872&r2=1885873&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/TSAClient.java (original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/TSAClient.java Sun Jan 24 09:12:38 2021
@@ -22,6 +22,7 @@ import java.io.OutputStream;
 import java.math.BigInteger;
 import java.net.URL;
 import java.net.URLConnection;
+import java.security.DigestInputStream;
 import java.security.MessageDigest;
 import java.security.SecureRandom;
 import java.util.Random;
@@ -80,10 +81,15 @@ public class TSAClient
      * @throws IOException if there was an error with the connection or data from the TSA server,
      *                     or if the time stamp response could not be validated
      */
-    public TimeStampToken getTimeStampToken(byte[] content) throws IOException
+    public TimeStampToken getTimeStampToken(InputStream content) throws IOException
     {
         digest.reset();
-        byte[] hash = digest.digest(content);
+        DigestInputStream dis = new DigestInputStream(content, digest);
+        while (dis.read() != -1)
+        {
+            // do nothing
+        }
+        byte[] hash = digest.digest();
 
         // 32-bit cryptographic nonce
         int nonce = RANDOM.nextInt();

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ValidationTimeStamp.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ValidationTimeStamp.java?rev=1885873&r1=1885872&r2=1885873&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ValidationTimeStamp.java (original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ValidationTimeStamp.java Sun Jan 24 09:12:38 2021
@@ -17,6 +17,7 @@
 
 package org.apache.pdfbox.examples.signature;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.MalformedURLException;
@@ -26,7 +27,6 @@ import java.security.NoSuchAlgorithmExce
 import java.util.ArrayList;
 import java.util.List;
 
-import org.apache.pdfbox.io.IOUtils;
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
@@ -75,7 +75,7 @@ public class ValidationTimeStamp
      */
     public byte[] getTimeStampToken(InputStream content) throws IOException
     {
-        TimeStampToken timeStampToken = tsaClient.getTimeStampToken(IOUtils.toByteArray(content));
+        TimeStampToken timeStampToken = tsaClient.getTimeStampToken(content);
         return timeStampToken.getEncoded();
     }
 
@@ -121,7 +121,8 @@ public class ValidationTimeStamp
             vector = unsignedAttributes.toASN1EncodableVector();
         }
 
-        TimeStampToken timeStampToken = tsaClient.getTimeStampToken(signer.getSignature());
+        TimeStampToken timeStampToken = tsaClient.getTimeStampToken(
+                new ByteArrayInputStream(signer.getSignature()));
         byte[] token = timeStampToken.getEncoded();
         ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken;
         ASN1Encodable signatureTimeStamp = new Attribute(oid,