Author: tilman
Date: Thu Jun 9 17:45:03 2016
New Revision: 1747568
URL: http://svn.apache.org/viewvc?rev=1747568&view=rev
Log:
PDFBOX-3017: simplify code by using getSignedContent()
Modified:
pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
Modified:
pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
URL:
http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java?rev=1747568&r1=1747567&r2=1747568&view=diff
==============================================================================
---
pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
(original)
+++
pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
Thu Jun 9 17:45:03 2016
@@ -22,7 +22,6 @@ import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.io.RandomAccessFile;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
@@ -30,8 +29,7 @@ import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collection;
-import org.apache.pdfbox.cos.COSArray;
-import org.apache.pdfbox.cos.COSDictionary;
+import java.util.List;
import org.apache.pdfbox.cos.COSName;
import org.apache.pdfbox.cos.COSString;
@@ -40,6 +38,7 @@ import org.apache.pdfbox.examples.signat
import org.apache.pdfbox.examples.signature.TSAClient;
import org.apache.pdfbox.io.IOUtils;
import org.apache.pdfbox.pdmodel.PDDocument;
+import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
import org.apache.wink.client.MockHttpServer;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
@@ -175,65 +174,43 @@ public class TestCreateSignature extends
checkSignature(destFile);
}
- //TODO expand this into a full verify (if possible)
// This check fails with a file created with the code before PDFBOX-3011
was solved.
private void checkSignature(File file)
throws IOException, CMSException, OperatorCreationException,
GeneralSecurityException
{
PDDocument document = PDDocument.load(file);
- COSDictionary trailer = document.getDocument().getTrailer();
- COSDictionary root = (COSDictionary)
trailer.getDictionaryObject(COSName.ROOT);
- COSDictionary acroForm = (COSDictionary)
root.getDictionaryObject(COSName.ACRO_FORM);
- COSArray fields = (COSArray)
acroForm.getDictionaryObject(COSName.FIELDS);
- COSDictionary sig = null;
- for (int i = 0; i < fields.size(); i++)
+ List<PDSignature> signatureDictionaries =
document.getSignatureDictionaries();
+ if (signatureDictionaries.isEmpty())
{
- COSDictionary field = (COSDictionary) fields.getObject(i);
- if (COSName.SIG.equals(field.getCOSName(COSName.FT)))
- {
- sig = (COSDictionary) field.getDictionaryObject(COSName.V);
-
- COSString contents = (COSString)
sig.getDictionaryObject(COSName.CONTENTS);
- COSArray byteRange = (COSArray)
sig.getDictionaryObject(COSName.BYTERANGE);
-
- RandomAccessFile raf = new RandomAccessFile(file, "r");
-
- byte[] buf = new byte[byteRange.getInt(1) +
byteRange.getInt(3)];
- raf.seek(byteRange.getInt(0));
- raf.readFully(buf, 0, byteRange.getInt(1));
- raf.seek(byteRange.getInt(2));
- raf.readFully(buf, byteRange.getInt(1), byteRange.getInt(3));
- raf.close();
-
- // inspiration:
- // http://stackoverflow.com/a/26702631/535646
- // http://stackoverflow.com/a/9261365/535646
- CMSSignedData signedData = new CMSSignedData(new
CMSProcessableByteArray(buf), contents.getBytes());
- Store certificatesStore = signedData.getCertificates();
- Collection<SignerInformation> signers =
signedData.getSignerInfos().getSigners();
- SignerInformation signerInformation =
signers.iterator().next();
-
- Collection matches =
certificatesStore.getMatches(signerInformation.getSID());
- X509CertificateHolder certificateHolder =
(X509CertificateHolder) matches.iterator().next();
- X509Certificate certFromSignedData = new
JcaX509CertificateConverter().getCertificate(certificateHolder);
-
- assertEquals(certificate, certFromSignedData);
-
- // CMSVerifierCertificateNotValidException means that the
keystore wasn't valid at signing time
- if (signerInformation.verify(new
JcaSimpleSignerInfoVerifierBuilder().build(certFromSignedData)))
- {
- System.out.println("Signature verified");
- }
- else
- {
- System.out.println("Signature verification failed");
- }
- break;
- }
+ fail("no signature found");
}
- if (sig == null)
+ for (PDSignature sig : document.getSignatureDictionaries())
{
- fail("no signature found");
+ COSString contents = (COSString)
sig.getCOSObject().getDictionaryObject(COSName.CONTENTS);
+
+ FileInputStream fis = new FileInputStream(file);
+ byte[] buf = sig.getSignedContent(fis);
+ fis.close();
+
+ // inspiration:
+ // http://stackoverflow.com/a/26702631/535646
+ // http://stackoverflow.com/a/9261365/535646
+ CMSSignedData signedData = new CMSSignedData(new
CMSProcessableByteArray(buf), contents.getBytes());
+ Store certificatesStore = signedData.getCertificates();
+ Collection<SignerInformation> signers =
signedData.getSignerInfos().getSigners();
+ SignerInformation signerInformation = signers.iterator().next();
+ Collection matches =
certificatesStore.getMatches(signerInformation.getSID());
+ X509CertificateHolder certificateHolder = (X509CertificateHolder)
matches.iterator().next();
+ X509Certificate certFromSignedData = new
JcaX509CertificateConverter().getCertificate(certificateHolder);
+
+ assertEquals(certificate, certFromSignedData);
+
+ // CMSVerifierCertificateNotValidException means that the keystore
wasn't valid at signing time
+ if (!signerInformation.verify(new
JcaSimpleSignerInfoVerifierBuilder().build(certFromSignedData)))
+ {
+ fail("Signature verification failed");
+ }
+ break;
}
document.close();
}
