Author: tilman
Date: Wed Oct 31 20:15:47 2018
New Revision: 1845384
URL: http://svn.apache.org/viewvc?rev=1845384&view=rev
Log:
PDFBOX-3017: refactor ETSI.RFC3161 verification
Modified:
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Modified:
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
URL:
http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java?rev=1845384&r1=1845383&r2=1845384&view=diff
==============================================================================
---
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
(original)
+++
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Wed Oct 31 20:15:47 2018
@@ -246,29 +246,7 @@ public final class ShowSignature
else if (subFilter.equals("ETSI.RFC3161"))
{
// e.g. PDFBOX-1848, file_timestamped.pdf
- TimeStampToken timeStampToken = new
TimeStampToken(new CMSSignedData(contents.getBytes()));
- System.out.println("Time stamp gen time: " +
timeStampToken.getTimeStampInfo().getGenTime());
- System.out.println("Time stamp tsa name: " +
timeStampToken.getTimeStampInfo().getTsa().getName());
-
- CertificateFactory factory =
CertificateFactory.getInstance("X.509");
- ByteArrayInputStream certStream = new
ByteArrayInputStream(contents.getBytes());
- Collection<? extends Certificate> certs =
factory.generateCertificates(certStream);
- System.out.println("certs=" + certs);
-
- String hashAlgorithm =
timeStampToken.getTimeStampInfo().getMessageImprintAlgOID().getId();
- // compare the hash of the signed content with the
hash in
- // the timestamp
- if
(Arrays.equals(MessageDigest.getInstance(hashAlgorithm).digest(buf),
-
timeStampToken.getTimeStampInfo().getMessageImprintDigest()))
- {
- System.out.println("ETSI.RFC3161 timestamp
signature verified");
- }
- else
- {
- System.err.println("ETSI.RFC3161 timestamp
signature verification failed");
- }
-
- validateTimestampToken(timeStampToken);
+ verifyETSIdotRFC3161(buf, contents);
}
else
{
@@ -301,6 +279,35 @@ public final class ShowSignature
}
}
+ private void verifyETSIdotRFC3161(byte[] buf, COSString contents)
+ throws CertificateException, CMSException, IOException,
OperatorCreationException,
+ TSPException, NoSuchAlgorithmException
+ {
+ TimeStampToken timeStampToken = new TimeStampToken(new
CMSSignedData(contents.getBytes()));
+ System.out.println("Time stamp gen time: " +
timeStampToken.getTimeStampInfo().getGenTime());
+ System.out.println("Time stamp tsa name: " +
timeStampToken.getTimeStampInfo().getTsa().getName());
+
+ CertificateFactory factory = CertificateFactory.getInstance("X.509");
+ ByteArrayInputStream certStream = new
ByteArrayInputStream(contents.getBytes());
+ Collection<? extends Certificate> certs =
factory.generateCertificates(certStream);
+ System.out.println("certs=" + certs);
+
+ String hashAlgorithm =
timeStampToken.getTimeStampInfo().getMessageImprintAlgOID().getId();
+ // compare the hash of the signed content with the hash in
+ // the timestamp
+ if (Arrays.equals(MessageDigest.getInstance(hashAlgorithm).digest(buf),
+ timeStampToken.getTimeStampInfo().getMessageImprintDigest()))
+ {
+ System.out.println("ETSI.RFC3161 timestamp signature verified");
+ }
+ else
+ {
+ System.err.println("ETSI.RFC3161 timestamp signature verification
failed");
+ }
+
+ validateTimestampToken(timeStampToken);
+ }
+
/**
* Verify a PKCS7 signature.
*
