You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2017/10/25 18:44:36 UTC
svn commit: r1813340 - in
/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature:
CreateSignedTimestamp.java CreateSignedTimestampBase.java
Author: tilman
Date: Wed Oct 25 18:44:36 2017
New Revision: 1813340
URL: http://svn.apache.org/viewvc?rev=1813340&view=rev
Log:
PDFBOX-1848: add timestamping, by Alexis Suter
Added:
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignedTimestamp.java (with props)
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignedTimestampBase.java (with props)
Added: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignedTimestamp.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignedTimestamp.java?rev=1813340&view=auto
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignedTimestamp.java (added)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignedTimestamp.java Wed Oct 25 18:44:36 2017
@@ -0,0 +1,171 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.pdfbox.examples.signature;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.MessageDigest;
+
+import org.apache.pdfbox.cos.COSName;
+import org.apache.pdfbox.pdmodel.PDDocument;
+import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
+
+/**
+ * An example for timestamp-singing a PDF for PADeS-Specification. The document will only be
+ * extended by a signed Timestamp (Signed Timestamp and Hash-Value of the document are signed by a
+ * Time Stamp Authority (TSA)).
+ *
+ * @author Alexis Suter
+ */
+public class CreateSignedTimestamp extends CreateSignedTimestampBase
+{
+
+ /**
+ * Initialize the signed timestamp creator
+ */
+ public CreateSignedTimestamp()
+ {
+ }
+
+ /**
+ * Signs the given PDF file. Alters the original file on disk.
+ *
+ * @param file the PDF file to sign
+ * @throws IOException if the file could not be read or written
+ */
+ public void signDetached(File file) throws IOException
+ {
+ signDetached(file, file, null);
+ }
+
+ /**
+ * Signs the given PDF file.
+ *
+ * @param inFile input PDF file
+ * @param outFile output PDF file
+ * @throws IOException if the input file could not be read
+ */
+ public void signDetached(File inFile, File outFile) throws IOException
+ {
+ signDetached(inFile, outFile, null);
+ }
+
+ /**
+ * Signs the given PDF file.
+ *
+ * @param inFile input PDF file
+ * @param outFile output PDF file
+ * @param tsaClient optional TSA client
+ * @throws IOException if the input file could not be read
+ */
+ public void signDetached(File inFile, File outFile, TSAClient tsaClient) throws IOException
+ {
+ if (inFile == null || !inFile.exists())
+ {
+ throw new FileNotFoundException("Document for signing does not exist");
+ }
+
+ FileOutputStream fos = new FileOutputStream(outFile);
+
+ // sign
+ try (PDDocument doc = PDDocument.load(inFile))
+ {
+ signDetached(doc, fos, tsaClient);
+ }
+ }
+
+ public void signDetached(PDDocument document, OutputStream output, TSAClient tsaClient)
+ throws IOException
+ {
+ setTsaClient(tsaClient);
+
+ int accessPermissions = SigUtils.getMDPPermission(document);
+ if (accessPermissions == 1)
+ {
+ throw new IllegalStateException(
+ "No changes to the document are permitted due to DocMDP transform parameters dictionary");
+ }
+
+ // create signature dictionary
+ PDSignature signature = new PDSignature();
+ signature.setType(COSName.DOC_TIME_STAMP);
+ signature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
+ signature.setSubFilter(COSName.getPDFName("ETSI.RFC3161"));
+
+ // Optional: certify
+ if (accessPermissions == 0)
+ {
+ SigUtils.setMDPPermission(document, signature, 2);
+ }
+
+ // register signature dictionary and sign interface
+ document.addSignature(signature, this);
+
+ // write incremental (only for signing purpose)
+ document.saveIncremental(output);
+ }
+
+ public static void main(String[] args) throws IOException, GeneralSecurityException
+ {
+ if (args.length != 3)
+ {
+ usage();
+ System.exit(1);
+ }
+
+ String tsaUrl = null;
+ if (args[1].equals("-tsa"))
+ {
+ tsaUrl = args[2];
+ }
+ else
+ {
+ usage();
+ System.exit(1);
+ }
+
+ // TSA client
+ TSAClient tsaClient = null;
+ if (tsaUrl != null)
+ {
+ MessageDigest digest = MessageDigest.getInstance("SHA-256");
+ tsaClient = new TSAClient(new URL(tsaUrl), null, null, digest);
+ }
+
+ // sign PDF
+ CreateSignedTimestamp signing = new CreateSignedTimestamp();
+
+ File inFile = new File(args[0]);
+ String name = inFile.getName();
+ String substring = name.substring(0, name.lastIndexOf('.'));
+
+ File outFile = new File(inFile.getParent(), substring + "_timestamped.pdf");
+ signing.signDetached(inFile, outFile, tsaClient);
+ }
+
+ private static void usage()
+ {
+ System.err.println("usage: java " + CreateSignedTimestamp.class.getName() + " "
+ + "<pdf_to_sign>\n" + "options:\n"
+ + " -tsa <url> sign timestamp using the given TSA server\n");
+ }
+}
Propchange: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignedTimestamp.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignedTimestampBase.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignedTimestampBase.java?rev=1813340&view=auto
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignedTimestampBase.java (added)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignedTimestampBase.java Wed Oct 25 18:44:36 2017
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2015 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.pdfbox.examples.signature;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.pdfbox.io.IOUtils;
+import org.apache.pdfbox.pdmodel.interactive.digitalsignature.SignatureInterface;
+
+public abstract class CreateSignedTimestampBase implements SignatureInterface
+{
+ private TSAClient tsaClient;
+
+ public void setTsaClient(TSAClient tsaClient)
+ {
+ this.tsaClient = tsaClient;
+ }
+
+ public TSAClient getTsaClient()
+ {
+ return tsaClient;
+ }
+
+ /**
+ * SignatureInterface implementation.
+ *
+ * This method will be called from inside of the pdfbox and create the PKCS #7 signature. The given InputStream
+ * contains the bytes that are given by the byte range.
+ *
+ * This method is for internal use only.
+ *
+ * Use your favorite cryptographic library to implement PKCS #7 signature creation.
+ *
+ * @throws IOException
+ */
+ @Override
+ public byte[] sign(InputStream content) throws IOException
+ {
+ return getTsaClient().getTimeStampToken(IOUtils.toByteArray(content));
+ }
+}
Propchange: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignedTimestampBase.java
------------------------------------------------------------------------------
svn:eol-style = native