Author: tilman
Date: Thu Jul 16 03:54:46 2020
New Revision: 1879918
URL: http://svn.apache.org/viewvc?rev=1879918&view=rev
Log:
PDFBOX-3017: verify signature hash in timestamp (inspired by stackoverflow
question 62872844 comment by mkl)
Modified:
pdfbox/branches/2.0/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
Modified:
pdfbox/branches/2.0/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
URL:
http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java?rev=1879918&r1=1879917&r2=1879918&view=diff
==============================================================================
---
pdfbox/branches/2.0/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
(original)
+++
pdfbox/branches/2.0/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
Thu Jul 16 03:54:46 2020
@@ -398,6 +398,12 @@ public class TestCreateSignature
{
Assert.assertNotNull(timeStampToken);
validateTimestampToken(timeStampToken);
+
+ // compare the hash of the signed content with the hash in the
timestamp
+ byte[] tsMessageImprintDigest =
timeStampToken.getTimeStampInfo().getMessageImprintDigest();
+ String hashAlgorithm =
timeStampToken.getTimeStampInfo().getMessageImprintAlgOID().getId();
+ byte[] sigMessageImprintDigest =
MessageDigest.getInstance(hashAlgorithm).digest(signerInformation.getSignature());
+ Assert.assertArrayEquals("timestamp signature verification
failed", sigMessageImprintDigest, tsMessageImprintDigest);
}
else
{
