/**
* Switches to the previous revision.
*
* @throws IOException
* @throws GeneralSecurityException
*/
public void switchToPreviousRevision() throws IOException, GeneralSecurityException {
LOGGER.info("Switching to previous revision.");
latestRevision = false;
dss = reader.getCatalog().getAsDict(PdfName.DSS);
Calendar cal = pkcs7.getTimeStampDate();
if (cal == null) cal = pkcs7.getSignDate();
// TODO: get date from signature
signDate = cal.getTime();
List<String> names = fields.getSignatureNames();
if (names.size() > 1) {
signatureName = names.get(names.size() - 2);
reader = new PdfReader(fields.extractRevision(signatureName));
this.fields = reader.getAcroFields();
names = fields.getSignatureNames();
signatureName = names.get(names.size() - 1);
pkcs7 = coversWholeDocument();
LOGGER.info(
String.format(
"Checking %ssignature %s",
pkcs7.isTsp() ? "document-level timestamp " : "", signatureName));
} else {
LOGGER.info("No signatures in revision");
pkcs7 = null;
}
}
/**
* Creates a VerificationData object for a PdfReader
*
* @param reader a reader for the document we want to verify.
* @throws GeneralSecurityException
*/
public LtvVerifier(PdfReader reader) throws GeneralSecurityException {
super(null);
this.reader = reader;
this.fields = reader.getAcroFields();
List<String> names = fields.getSignatureNames();
signatureName = names.get(names.size() - 1);
this.signDate = new Date();
pkcs7 = coversWholeDocument();
LOGGER.info(
String.format(
"Checking %ssignature %s",
pkcs7.isTsp() ? "document-level timestamp " : "", signatureName));
}
public List<VerifyResultDTO> verifySign(final VerifyingDTO verifyingDTO) {
final List<VerifyResultDTO> result = new ArrayList<VerifyResultDTO>();
try {
if (verifyingDTO != null) {
final String keyType =
(String) nodeService.getProperty(verifyingDTO.getKeyFile(), SigningModel.PROP_KEYTYPE);
final KeyStore ks = KeyStore.getInstance(keyType);
final ContentReader keyContentReader = getReader(verifyingDTO.getKeyFile());
if (keyContentReader != null && ks != null && verifyingDTO.getKeyPassword() != null) {
// Get crypted secret key and decrypt it
final Serializable encryptedPropertyValue =
nodeService.getProperty(verifyingDTO.getKeyFile(), SigningModel.PROP_KEYCRYPTSECRET);
final Serializable decryptedPropertyValue =
metadataEncryptor.decrypt(SigningModel.PROP_KEYCRYPTSECRET, encryptedPropertyValue);
// Decrypt key content
final InputStream decryptedKeyContent =
CryptUtils.decrypt(
decryptedPropertyValue.toString(), keyContentReader.getContentInputStream());
ks.load(
new ByteArrayInputStream(IOUtils.toByteArray(decryptedKeyContent)),
verifyingDTO.getKeyPassword().toCharArray());
final ContentReader fileToVerifyContentReader = getReader(verifyingDTO.getFileToVerify());
if (fileToVerifyContentReader != null) {
final PdfReader reader =
new PdfReader(fileToVerifyContentReader.getContentInputStream());
if (reader != null) {
final AcroFields af = reader.getAcroFields();
if (af != null) {
final ArrayList<String> names = af.getSignatureNames();
if (names != null) {
for (int k = 0; k < names.size(); ++k) {
final VerifyResultDTO verifyResultDTO = new VerifyResultDTO();
final String name = (String) names.get(k);
verifyResultDTO.setName(name);
verifyResultDTO.setSignatureCoversWholeDocument(
af.signatureCoversWholeDocument(name));
verifyResultDTO.setRevision(af.getRevision(name));
verifyResultDTO.setTotalRevision(af.getTotalRevisions());
final PdfPKCS7 pk = af.verifySignature(name);
if (pk != null) {
final Calendar cal = pk.getSignDate();
final Certificate[] pkc = pk.getCertificates();
Object fails[] = PdfPKCS7.verifyCertificates(pkc, ks, null, cal);
if (fails == null) {
verifyResultDTO.setIsSignValid(true);
} else {
verifyResultDTO.setIsSignValid(false);
verifyResultDTO.setFailReason(fails[1]);
}
verifyResultDTO.setSignSubject(
PdfPKCS7.getSubjectFields(pk.getSigningCertificate()).toString());
verifyResultDTO.setIsDocumentModified(!pk.verify());
verifyResultDTO.setSignDate(pk.getSignDate());
verifyResultDTO.setSignLocation(pk.getLocation());
verifyResultDTO.setSignInformationVersion(pk.getSigningInfoVersion());
verifyResultDTO.setSignReason(pk.getReason());
verifyResultDTO.setSignVersion(pk.getVersion());
verifyResultDTO.setSignName(pk.getSignName());
result.add(verifyResultDTO);
} else {
log.error("Unable to verify signature.");
throw new AlfrescoRuntimeException("Unable to verify signature.");
}
}
} else {
log.error("Unable to get signature names.");
throw new AlfrescoRuntimeException("Unable to get signature names.");
}
} else {
log.error("Unable to get PDF fields.");
throw new AlfrescoRuntimeException("Unable to get PDF fields.");
}
}
} else {
log.error("Unable to get document to verify content.");
throw new AlfrescoRuntimeException("Unable to get document to verify content.");
}
} else {
log.error("Unable to get key content, key type or key password.");
throw new AlfrescoRuntimeException(
"Unable to get key content, key type or key password.");
}
} else {
log.error("No object with verification informations.");
throw new AlfrescoRuntimeException("No object with verification informations.");
}
} catch (KeyStoreException e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
} catch (ContentIOException e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
} catch (CertificateException e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
} catch (IOException e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
} catch (GeneralSecurityException e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
} catch (Throwable e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
}
return result;
}
