svn commit: r1747568 - /pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java

[ti...@apache.org]

Author: tilman
Date: Thu Jun  9 17:45:03 2016
New Revision: 1747568

URL: http://svn.apache.org/viewvc?rev=1747568&view=rev
Log:
PDFBOX-3017: simplify code by using getSignedContent()

Modified:
    pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java

Modified: pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java?rev=1747568&r1=1747567&r2=1747568&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java (original)
+++ pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java Thu Jun  9 17:45:03 2016
@@ -22,7 +22,6 @@ import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
-import java.io.RandomAccessFile;
 import java.net.URL;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
@@ -30,8 +29,7 @@ import java.security.MessageDigest;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.Collection;
-import org.apache.pdfbox.cos.COSArray;
-import org.apache.pdfbox.cos.COSDictionary;
+import java.util.List;
 import org.apache.pdfbox.cos.COSName;
 import org.apache.pdfbox.cos.COSString;
 
@@ -40,6 +38,7 @@ import org.apache.pdfbox.examples.signat
 import org.apache.pdfbox.examples.signature.TSAClient;
 import org.apache.pdfbox.io.IOUtils;
 import org.apache.pdfbox.pdmodel.PDDocument;
+import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
 import org.apache.wink.client.MockHttpServer;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
@@ -175,65 +174,43 @@ public class TestCreateSignature extends
         checkSignature(destFile);
     }
 
-    //TODO expand this into a full verify (if possible)
     // This check fails with a file created with the code before PDFBOX-3011 was solved.
     private void checkSignature(File file)
             throws IOException, CMSException, OperatorCreationException, GeneralSecurityException
     {
         PDDocument document = PDDocument.load(file);
-        COSDictionary trailer = document.getDocument().getTrailer();
-        COSDictionary root = (COSDictionary) trailer.getDictionaryObject(COSName.ROOT);
-        COSDictionary acroForm = (COSDictionary) root.getDictionaryObject(COSName.ACRO_FORM);
-        COSArray fields = (COSArray) acroForm.getDictionaryObject(COSName.FIELDS);
-        COSDictionary sig = null;
-        for (int i = 0; i < fields.size(); i++)
+        List<PDSignature> signatureDictionaries = document.getSignatureDictionaries();
+        if (signatureDictionaries.isEmpty())
         {
-            COSDictionary field = (COSDictionary) fields.getObject(i);
-            if (COSName.SIG.equals(field.getCOSName(COSName.FT)))
-            {
-                sig = (COSDictionary) field.getDictionaryObject(COSName.V);
-
-                COSString contents = (COSString) sig.getDictionaryObject(COSName.CONTENTS);
-                COSArray byteRange = (COSArray) sig.getDictionaryObject(COSName.BYTERANGE);
-                
-                RandomAccessFile raf = new RandomAccessFile(file, "r");
-                
-                byte[] buf = new byte[byteRange.getInt(1) + byteRange.getInt(3)];
-                raf.seek(byteRange.getInt(0));
-                raf.readFully(buf, 0, byteRange.getInt(1));
-                raf.seek(byteRange.getInt(2));
-                raf.readFully(buf, byteRange.getInt(1), byteRange.getInt(3));
-                raf.close();
-                
-                // inspiration:
-                // http://stackoverflow.com/a/26702631/535646
-                // http://stackoverflow.com/a/9261365/535646
-                CMSSignedData signedData = new CMSSignedData(new CMSProcessableByteArray(buf), contents.getBytes());
-                Store certificatesStore = signedData.getCertificates();
-                Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners();
-                SignerInformation signerInformation = signers.iterator().next();
-
-                Collection matches = certificatesStore.getMatches(signerInformation.getSID());
-                X509CertificateHolder certificateHolder = (X509CertificateHolder) matches.iterator().next();
-                X509Certificate certFromSignedData = new JcaX509CertificateConverter().getCertificate(certificateHolder);
-                
-                assertEquals(certificate, certFromSignedData);
-
-                // CMSVerifierCertificateNotValidException means that the keystore wasn't valid at signing time
-                if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certFromSignedData)))
-                {
-                    System.out.println("Signature verified");
-                }
-                else
-                {
-                    System.out.println("Signature verification failed");
-                }                
-                break;
-            }
+            fail("no signature found");
         }
-        if (sig == null)
+        for (PDSignature sig : document.getSignatureDictionaries())
         {
-            fail("no signature found");
+            COSString contents = (COSString) sig.getCOSObject().getDictionaryObject(COSName.CONTENTS);
+            
+            FileInputStream fis = new FileInputStream(file);
+            byte[] buf = sig.getSignedContent(fis);
+            fis.close();
+
+            // inspiration:
+            // http://stackoverflow.com/a/26702631/535646
+            // http://stackoverflow.com/a/9261365/535646
+            CMSSignedData signedData = new CMSSignedData(new CMSProcessableByteArray(buf), contents.getBytes());
+            Store certificatesStore = signedData.getCertificates();
+            Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners();
+            SignerInformation signerInformation = signers.iterator().next();
+            Collection matches = certificatesStore.getMatches(signerInformation.getSID());
+            X509CertificateHolder certificateHolder = (X509CertificateHolder) matches.iterator().next();
+            X509Certificate certFromSignedData = new JcaX509CertificateConverter().getCertificate(certificateHolder);
+
+            assertEquals(certificate, certFromSignedData);
+
+            // CMSVerifierCertificateNotValidException means that the keystore wasn't valid at signing time
+            if (!signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certFromSignedData)))
+            {
+                fail("Signature verification failed");
+            }
+            break;
         }
         document.close();
     }