Example #1
0
  /**
   * Prueba la firma de un PDF protegido con contraseña contra modificación.
   *
   * @throws Exception en cualquier error
   */
  @SuppressWarnings("static-method")
  @Test
  public void testModificationPasswordSignature() throws Exception {
    Logger.getLogger("es.gob.afirma").setLevel(Level.WARNING); // $NON-NLS-1$
    final PrivateKeyEntry pke;

    final KeyStore ks = KeyStore.getInstance("PKCS12"); // $NON-NLS-1$
    ks.load(ClassLoader.getSystemResourceAsStream(CERT_PATH), CERT_PASS.toCharArray());
    pke =
        (PrivateKeyEntry)
            ks.getEntry(CERT_ALIAS, new KeyStore.PasswordProtection(CERT_PASS.toCharArray()));

    final AOSigner signer = new AOPDFSigner();

    final byte[] testPdf =
        AOUtil.getDataFromInputStream(ClassLoader.getSystemResourceAsStream(TEST_FILE_PWD_MOD));

    Assert.assertTrue(
        "No se ha reconocido como un PDF", signer.isValidDataFile(testPdf)); // $NON-NLS-1$

    final String prueba = "Firma PAdES de PDF con contrasena en SHA512withRSA"; // $NON-NLS-1$

    System.out.println(prueba);

    final Properties extraParams = new Properties();
    extraParams.put("headLess", "true"); // $NON-NLS-1$ //$NON-NLS-2$
    extraParams.put("userPassword", "1111"); // $NON-NLS-1$ //$NON-NLS-2$

    final byte[] result =
        signer.sign(
            testPdf,
            "SHA512withRSA", //$NON-NLS-1$
            pke.getPrivateKey(),
            pke.getCertificateChain(),
            extraParams);

    Assert.assertNotNull(prueba, result);

    final File out = File.createTempFile("TEST-PWD", ".pdf"); // $NON-NLS-1$ //$NON-NLS-2$
    final FileOutputStream fos = new FileOutputStream(out);
    fos.write(result);
    fos.flush();
    fos.close();
    System.out.println(
        "Temporal para comprobacion manual: " + out.getAbsolutePath()); // $NON-NLS-1$
  }
Example #2
0
  /**
   * Prueba la firma de un PDF certificado.
   *
   * @throws Exception en cualquier error
   */
  @SuppressWarnings("static-method")
  @Test
  public void testCertificatedSignature() throws Exception {
    Logger.getLogger("es.gob.afirma").setLevel(Level.WARNING); // $NON-NLS-1$
    final PrivateKeyEntry pke;

    final KeyStore ks = KeyStore.getInstance("PKCS12"); // $NON-NLS-1$
    ks.load(ClassLoader.getSystemResourceAsStream(CERT_PATH), CERT_PASS.toCharArray());
    pke =
        (PrivateKeyEntry)
            ks.getEntry(CERT_ALIAS, new KeyStore.PasswordProtection(CERT_PASS.toCharArray()));

    final AOSigner signer = new AOPDFSigner();

    final byte[] testPdf =
        AOUtil.getDataFromInputStream(ClassLoader.getSystemResourceAsStream(TEST_FILES[0]));

    Assert.assertTrue(
        "No se ha reconocido como un PDF", signer.isValidDataFile(testPdf)); // $NON-NLS-1$

    String prueba =
        "Firma certificada PAdES de documento PDF indicando la propiedad certificationLevel"; //$NON-NLS-1$

    String[] certificationLevels =
        new String[] {
          "Firma de autor. No se permite ningun cambio posterior en el documento", //$NON-NLS-1$
          "Firma de autor certificada para formularios. Se permite unicamente el relleno posterior de los campos del formulario", //$NON-NLS-1$
          "Firma certificada. Se permite unicamente el relleno posterior de los campos del formulario o el anadido de firmas de aprobacion" //$NON-NLS-1$
        };

    System.out.println(prueba);

    Properties extraParams = new Properties();

    for (int i = 1; i <= certificationLevels.length; i++) {

      extraParams.put("certificationLevel", Integer.toString(i)); // $NON-NLS-1$

      System.out.println(certificationLevels[i - 1]);

      byte[] result =
          signer.sign(
              testPdf,
              "SHA512withRSA", //$NON-NLS-1$
              pke.getPrivateKey(),
              pke.getCertificateChain(),
              extraParams);

      final File tempFile = File.createTempFile("afirmaPDF", ".pdf"); // $NON-NLS-1$ //$NON-NLS-2$

      final FileOutputStream fos = new FileOutputStream(tempFile);
      fos.write(result);
      fos.close();

      //        	Logger.getLogger("es.gob.afirma").info( //$NON-NLS-1$
      //        			"Fichero temporal para la comprobacion manual del resultado: " + //$NON-NLS-1$
      //        			tempFile.getAbsolutePath());
      System.out.println(
          "Fichero temporal para la comprobacion manual del resultado: "
              + //$NON-NLS-1$
              tempFile.getAbsolutePath());
    }
  }
Example #3
0
  /**
   * Prueba la firma de un PDF certificado.
   *
   * @throws Exception en cualquier error
   */
  @SuppressWarnings("static-method")
  @Test
  public void testCertifiedSignature() throws Exception {
    Logger.getLogger("es.gob.afirma").setLevel(Level.WARNING); // $NON-NLS-1$
    final PrivateKeyEntry pke;

    final KeyStore ks = KeyStore.getInstance("PKCS12"); // $NON-NLS-1$
    ks.load(ClassLoader.getSystemResourceAsStream(CERT_PATH), CERT_PASS.toCharArray());
    pke =
        (PrivateKeyEntry)
            ks.getEntry(CERT_ALIAS, new KeyStore.PasswordProtection(CERT_PASS.toCharArray()));

    final AOSigner signer = new AOPDFSigner();

    final byte[] testPdf =
        AOUtil.getDataFromInputStream(ClassLoader.getSystemResourceAsStream(TEST_FILE_CTF));

    Assert.assertTrue(
        "No se ha reconocido como un PDF", signer.isValidDataFile(testPdf)); // $NON-NLS-1$

    String prueba =
        "Firma PAdES de PDF certificado en SHA512withRSA indicando allowSigningCertifiedPdfs=true"; //$NON-NLS-1$

    System.out.println(prueba);

    Properties extraParams = new Properties();
    extraParams.put("allowSigningCertifiedPdfs", "true"); // $NON-NLS-1$ //$NON-NLS-2$
    byte[] result =
        signer.sign(
            testPdf,
            "SHA512withRSA", //$NON-NLS-1$
            pke.getPrivateKey(),
            pke.getCertificateChain(),
            extraParams);

    Assert.assertNotNull(prueba, result);
    Assert.assertTrue(signer.isSign(result));

    prueba =
        "Firma PAdES de PDF certificado en SHA512withRSA indicando unicamente headLess=true"; //$NON-NLS-1$
    System.out.println(prueba);

    extraParams = new Properties();
    extraParams.put("headLess", "true"); // $NON-NLS-1$ //$NON-NLS-2$

    boolean failed = false;
    try {
      result =
          signer.sign(
              testPdf,
              "SHA512withRSA", //$NON-NLS-1$
              pke.getPrivateKey(),
              pke.getCertificateChain(),
              extraParams);
    } catch (final Exception e) {
      failed = true;
    }
    Assert.assertTrue("Deberia haber fallado", failed); // $NON-NLS-1$

    prueba =
        "Firma PAdES de PDF certificado en SHA512withRSA indicando unicamente allowSigningCertifiedPdfs=false"; //$NON-NLS-1$
    System.out.println(prueba);

    extraParams = new Properties();
    extraParams.put("allowSigningCertifiedPdfs", "false"); // $NON-NLS-1$ //$NON-NLS-2$

    failed = false;
    try {
      result =
          signer.sign(
              testPdf,
              "SHA512withRSA", //$NON-NLS-1$
              pke.getPrivateKey(),
              pke.getCertificateChain(),
              extraParams);
    } catch (final Exception e) {
      failed = true;
    }
    Assert.assertTrue("Deberia haber fallado", failed); // $NON-NLS-1$
  }
Example #4
0
  /**
   * Prueba de firma convencional.
   *
   * @throws Exception en cualquier error
   */
  @SuppressWarnings("static-method")
  @Test
  public void testSignature() throws Exception {

    Assert.assertEquals(
        "file.signed.pdf", AOPDFSigner.getSignedName("file.pdf")); // $NON-NLS-1$ //$NON-NLS-2$

    Logger.getLogger("es.gob.afirma").setLevel(Level.WARNING); // $NON-NLS-1$
    final PrivateKeyEntry pke;
    final X509Certificate cert;

    final KeyStore ks = KeyStore.getInstance("PKCS12"); // $NON-NLS-1$
    ks.load(ClassLoader.getSystemResourceAsStream(CERT_PATH), CERT_PASS.toCharArray());
    pke =
        (PrivateKeyEntry)
            ks.getEntry(CERT_ALIAS, new KeyStore.PasswordProtection(CERT_PASS.toCharArray()));
    cert = (X509Certificate) ks.getCertificate(CERT_ALIAS);

    final AOSigner signer = new AOPDFSigner();

    String prueba;

    for (final Properties extraParams : PADES_MODES) {
      for (final String algo : ALGOS) {
        for (final String file : TEST_FILES) {

          final byte[] testPdf =
              AOUtil.getDataFromInputStream(ClassLoader.getSystemResourceAsStream(file));

          Assert.assertTrue(
              "No se ha reconocido como un PDF", signer.isValidDataFile(testPdf)); // $NON-NLS-1$

          prueba =
              "Firma PAdES en modo '"
                  + //$NON-NLS-1$
                  extraParams.getProperty("mode")
                  + //$NON-NLS-1$
                  "' con el algoritmo ': "
                  + //$NON-NLS-1$
                  algo
                  + "' y el fichero '"
                  + //$NON-NLS-1$
                  file
                  + "'"; //$NON-NLS-1$

          System.out.println(prueba);

          final byte[] result =
              signer.sign(
                  testPdf, algo, pke.getPrivateKey(), pke.getCertificateChain(), extraParams);

          Assert.assertNotNull(prueba, result);
          Assert.assertTrue(signer.isSign(result));

          AOTreeModel tree = signer.getSignersStructure(result, false);
          Assert.assertEquals(
              "Datos", ((AOTreeNode) tree.getRoot()).getUserObject()); // $NON-NLS-1$
          Assert.assertEquals(
              "ANF Usuario Activo",
              ((AOTreeNode) tree.getRoot()).getChildAt(0).getUserObject()); // $NON-NLS-1$

          tree = signer.getSignersStructure(result, true);
          Assert.assertEquals(
              "Datos", ((AOTreeNode) tree.getRoot()).getUserObject()); // $NON-NLS-1$
          final AOSimpleSignInfo simpleSignInfo =
              (AOSimpleSignInfo) ((AOTreeNode) tree.getRoot()).getChildAt(0).getUserObject();

          // Assert.assertNotNull(simpleSignInfo.getSigningTime());
          Assert.assertEquals(cert, simpleSignInfo.getCerts()[0]);

          Assert.assertEquals(result, signer.getData(result));

          Assert.assertEquals(
              AOSignConstants.SIGN_FORMAT_PDF, signer.getSignInfo(result).getFormat());

          final File saveFile = File.createTempFile(algo, ".pdf"); // $NON-NLS-1$
          final OutputStream os = new FileOutputStream(saveFile);
          os.write(result);
          os.flush();
          os.close();
          System.out.println(
              "Temporal para comprobacion manual: " + saveFile.getAbsolutePath()); // $NON-NLS-1$
        }
      }
    }
  }
Example #5
0
  /**
   * Prueba de PDF con sello de tiempo contra la TSA de CATCert.
   *
   * @throws Exception
   */
  @SuppressWarnings("static-method")
  @Test
  @Ignore
  public void testTimestampedSignature() throws Exception {

    Logger.getLogger("es.gob.afirma").setLevel(Level.WARNING); // $NON-NLS-1$
    final PrivateKeyEntry pke;

    final KeyStore ks = KeyStore.getInstance("PKCS12"); // $NON-NLS-1$
    ks.load(ClassLoader.getSystemResourceAsStream(CERT_PATH), CERT_PASS.toCharArray());
    pke =
        (PrivateKeyEntry)
            ks.getEntry(CERT_ALIAS, new KeyStore.PasswordProtection(CERT_PASS.toCharArray()));

    final AOSigner signer = new AOPDFSigner();

    final byte[] testPdf =
        AOUtil.getDataFromInputStream(ClassLoader.getSystemResourceAsStream(TEST_FILES[0]));

    final String prueba = "Firma PAdES de PDF con sello de tiempo en SHA512withRSA"; // $NON-NLS-1$

    System.out.println(prueba);

    final Properties extraParams = new Properties();
    // ********* TSA CATCERT ********************************************************************
    // ******************************************************************************************
    extraParams.put("tsaURL", CMSTimestamper.CATCERT_TSP); // $NON-NLS-1$
    extraParams.put("tsaPolicy", CMSTimestamper.CATCERT_POLICY); // $NON-NLS-1$
    extraParams.put("tsaRequireCert", CMSTimestamper.CATCERT_REQUIRECERT); // $NON-NLS-1$
    extraParams.put("tsaHashAlgorithm", "SHA1"); // $NON-NLS-1$ //$NON-NLS-2$
    // ******************************************************************************************
    // ********* FIN TSA CATCERT ****************************************************************

    //        //********** TSA AFIRMA
    // ********************************************************************
    //
    // //******************************************************************************************
    //        extraParams.put("tsaURL", "https://10.253.252.184:10318/tsamap/TspHttpServer");
    // //$NON-NLS-1$ //$NON-NLS-2$
    //        //extraParams.put("tsaURL",
    // "socket://10.253.252.184:318/tsamap/TspHttpServer"/*"http://des-tsafirma.redsara.es:318/tsamap/TspHttpServer"*/); //$NON-NLS-1$ //$NON-NLS-2$
    //        extraParams.put("tsaPolicy", "1.3.4.6.1.3.4.6"); //$NON-NLS-1$ //$NON-NLS-2$
    //        extraParams.put("tsaRequireCert", "true"); //$NON-NLS-1$ //$NON-NLS-2$
    //        extraParams.put("tsaHashAlgorithm", "SHA1"); //$NON-NLS-1$ //$NON-NLS-2$
    //        extraParams.put("tsaHashAlgorithm", "SHA1"); //$NON-NLS-1$ //$NON-NLS-2$
    //        extraParams.put("tsaExtensionOid", "1.3.4.6.1.3.4.6");  //$NON-NLS-1$//$NON-NLS-2$
    //        extraParams.put("tsaExtensionValueBase64", "NOMBRE_APP_AFIRMA_EN_BASE64");
    // //$NON-NLS-1$ //$NON-NLS-2$
    //        extraParams.put("tsaUsr", "USUARIO"); //$NON-NLS-1$ //$NON-NLS-2$
    //        extraParams.put("tsaPwd", "CONTRASENA"); //$NON-NLS-1$ //$NON-NLS-2$
    //
    // //******************************************************************************************
    //        //********** FIN TSA AFIRMA
    // ****************************************************************

    final byte[] result =
        signer.sign(
            testPdf,
            "SHA512withRSA", //$NON-NLS-1$
            pke.getPrivateKey(),
            pke.getCertificateChain(),
            extraParams);

    final File saveFile = File.createTempFile("TSA-", ".pdf"); // $NON-NLS-1$ //$NON-NLS-2$
    final OutputStream os = new FileOutputStream(saveFile);
    os.write(result);
    os.flush();
    os.close();
    System.out.println(
        "Temporal para comprobacion manual: " + saveFile.getAbsolutePath()); // $NON-NLS-1$

    Assert.assertNotNull(prueba, result);
    Assert.assertTrue(signer.isSign(result));
  }