Author: tilman Date: Wed Oct 31 20:15:47 2018 New Revision: 1845384 URL: http://svn.apache.org/viewvc?rev=1845384&view=rev Log: PDFBOX-3017: refactor ETSI.RFC3161 verification
Modified: pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java Modified: pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java?rev=1845384&r1=1845383&r2=1845384&view=diff ============================================================================== --- pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java (original) +++ pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java Wed Oct 31 20:15:47 2018 @@ -246,29 +246,7 @@ public final class ShowSignature else if (subFilter.equals("ETSI.RFC3161")) { // e.g. PDFBOX-1848, file_timestamped.pdf - TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(contents.getBytes())); - System.out.println("Time stamp gen time: " + timeStampToken.getTimeStampInfo().getGenTime()); - System.out.println("Time stamp tsa name: " + timeStampToken.getTimeStampInfo().getTsa().getName()); - - CertificateFactory factory = CertificateFactory.getInstance("X.509"); - ByteArrayInputStream certStream = new ByteArrayInputStream(contents.getBytes()); - Collection<? extends Certificate> certs = factory.generateCertificates(certStream); - System.out.println("certs=" + certs); - - String hashAlgorithm = timeStampToken.getTimeStampInfo().getMessageImprintAlgOID().getId(); - // compare the hash of the signed content with the hash in - // the timestamp - if (Arrays.equals(MessageDigest.getInstance(hashAlgorithm).digest(buf), - timeStampToken.getTimeStampInfo().getMessageImprintDigest())) - { - System.out.println("ETSI.RFC3161 timestamp signature verified"); - } - else - { - System.err.println("ETSI.RFC3161 timestamp signature verification failed"); - } - - validateTimestampToken(timeStampToken); + verifyETSIdotRFC3161(buf, contents); } else { @@ -301,6 +279,35 @@ public final class ShowSignature } } + private void verifyETSIdotRFC3161(byte[] buf, COSString contents) + throws CertificateException, CMSException, IOException, OperatorCreationException, + TSPException, NoSuchAlgorithmException + { + TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(contents.getBytes())); + System.out.println("Time stamp gen time: " + timeStampToken.getTimeStampInfo().getGenTime()); + System.out.println("Time stamp tsa name: " + timeStampToken.getTimeStampInfo().getTsa().getName()); + + CertificateFactory factory = CertificateFactory.getInstance("X.509"); + ByteArrayInputStream certStream = new ByteArrayInputStream(contents.getBytes()); + Collection<? extends Certificate> certs = factory.generateCertificates(certStream); + System.out.println("certs=" + certs); + + String hashAlgorithm = timeStampToken.getTimeStampInfo().getMessageImprintAlgOID().getId(); + // compare the hash of the signed content with the hash in + // the timestamp + if (Arrays.equals(MessageDigest.getInstance(hashAlgorithm).digest(buf), + timeStampToken.getTimeStampInfo().getMessageImprintDigest())) + { + System.out.println("ETSI.RFC3161 timestamp signature verified"); + } + else + { + System.err.println("ETSI.RFC3161 timestamp signature verification failed"); + } + + validateTimestampToken(timeStampToken); + } + /** * Verify a PKCS7 signature. *