You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2016/06/09 17:45:03 UTC
svn commit: r1747568 -
/pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
Author: tilman
Date: Thu Jun 9 17:45:03 2016
New Revision: 1747568
URL: http://svn.apache.org/viewvc?rev=1747568&view=rev
Log:
PDFBOX-3017: simplify code by using getSignedContent()
Modified:
pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
Modified: pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java?rev=1747568&r1=1747567&r2=1747568&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java (original)
+++ pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java Thu Jun 9 17:45:03 2016
@@ -22,7 +22,6 @@ import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.io.RandomAccessFile;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
@@ -30,8 +29,7 @@ import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collection;
-import org.apache.pdfbox.cos.COSArray;
-import org.apache.pdfbox.cos.COSDictionary;
+import java.util.List;
import org.apache.pdfbox.cos.COSName;
import org.apache.pdfbox.cos.COSString;
@@ -40,6 +38,7 @@ import org.apache.pdfbox.examples.signat
import org.apache.pdfbox.examples.signature.TSAClient;
import org.apache.pdfbox.io.IOUtils;
import org.apache.pdfbox.pdmodel.PDDocument;
+import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
import org.apache.wink.client.MockHttpServer;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
@@ -175,65 +174,43 @@ public class TestCreateSignature extends
checkSignature(destFile);
}
- //TODO expand this into a full verify (if possible)
// This check fails with a file created with the code before PDFBOX-3011 was solved.
private void checkSignature(File file)
throws IOException, CMSException, OperatorCreationException, GeneralSecurityException
{
PDDocument document = PDDocument.load(file);
- COSDictionary trailer = document.getDocument().getTrailer();
- COSDictionary root = (COSDictionary) trailer.getDictionaryObject(COSName.ROOT);
- COSDictionary acroForm = (COSDictionary) root.getDictionaryObject(COSName.ACRO_FORM);
- COSArray fields = (COSArray) acroForm.getDictionaryObject(COSName.FIELDS);
- COSDictionary sig = null;
- for (int i = 0; i < fields.size(); i++)
+ List<PDSignature> signatureDictionaries = document.getSignatureDictionaries();
+ if (signatureDictionaries.isEmpty())
{
- COSDictionary field = (COSDictionary) fields.getObject(i);
- if (COSName.SIG.equals(field.getCOSName(COSName.FT)))
- {
- sig = (COSDictionary) field.getDictionaryObject(COSName.V);
-
- COSString contents = (COSString) sig.getDictionaryObject(COSName.CONTENTS);
- COSArray byteRange = (COSArray) sig.getDictionaryObject(COSName.BYTERANGE);
-
- RandomAccessFile raf = new RandomAccessFile(file, "r");
-
- byte[] buf = new byte[byteRange.getInt(1) + byteRange.getInt(3)];
- raf.seek(byteRange.getInt(0));
- raf.readFully(buf, 0, byteRange.getInt(1));
- raf.seek(byteRange.getInt(2));
- raf.readFully(buf, byteRange.getInt(1), byteRange.getInt(3));
- raf.close();
-
- // inspiration:
- // http://stackoverflow.com/a/26702631/535646
- // http://stackoverflow.com/a/9261365/535646
- CMSSignedData signedData = new CMSSignedData(new CMSProcessableByteArray(buf), contents.getBytes());
- Store certificatesStore = signedData.getCertificates();
- Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners();
- SignerInformation signerInformation = signers.iterator().next();
-
- Collection matches = certificatesStore.getMatches(signerInformation.getSID());
- X509CertificateHolder certificateHolder = (X509CertificateHolder) matches.iterator().next();
- X509Certificate certFromSignedData = new JcaX509CertificateConverter().getCertificate(certificateHolder);
-
- assertEquals(certificate, certFromSignedData);
-
- // CMSVerifierCertificateNotValidException means that the keystore wasn't valid at signing time
- if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certFromSignedData)))
- {
- System.out.println("Signature verified");
- }
- else
- {
- System.out.println("Signature verification failed");
- }
- break;
- }
+ fail("no signature found");
}
- if (sig == null)
+ for (PDSignature sig : document.getSignatureDictionaries())
{
- fail("no signature found");
+ COSString contents = (COSString) sig.getCOSObject().getDictionaryObject(COSName.CONTENTS);
+
+ FileInputStream fis = new FileInputStream(file);
+ byte[] buf = sig.getSignedContent(fis);
+ fis.close();
+
+ // inspiration:
+ // http://stackoverflow.com/a/26702631/535646
+ // http://stackoverflow.com/a/9261365/535646
+ CMSSignedData signedData = new CMSSignedData(new CMSProcessableByteArray(buf), contents.getBytes());
+ Store certificatesStore = signedData.getCertificates();
+ Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners();
+ SignerInformation signerInformation = signers.iterator().next();
+ Collection matches = certificatesStore.getMatches(signerInformation.getSID());
+ X509CertificateHolder certificateHolder = (X509CertificateHolder) matches.iterator().next();
+ X509Certificate certFromSignedData = new JcaX509CertificateConverter().getCertificate(certificateHolder);
+
+ assertEquals(certificate, certFromSignedData);
+
+ // CMSVerifierCertificateNotValidException means that the keystore wasn't valid at signing time
+ if (!signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certFromSignedData)))
+ {
+ fail("Signature verification failed");
+ }
+ break;
}
document.close();
}