public List<VerifyResultDTO> verifySign(final VerifyingDTO verifyingDTO) {
final List<VerifyResultDTO> result = new ArrayList<VerifyResultDTO>();
try {
if (verifyingDTO != null) {
final String keyType =
(String) nodeService.getProperty(verifyingDTO.getKeyFile(), SigningModel.PROP_KEYTYPE);
final KeyStore ks = KeyStore.getInstance(keyType);
final ContentReader keyContentReader = getReader(verifyingDTO.getKeyFile());
if (keyContentReader != null && ks != null && verifyingDTO.getKeyPassword() != null) {
// Get crypted secret key and decrypt it
final Serializable encryptedPropertyValue =
nodeService.getProperty(verifyingDTO.getKeyFile(), SigningModel.PROP_KEYCRYPTSECRET);
final Serializable decryptedPropertyValue =
metadataEncryptor.decrypt(SigningModel.PROP_KEYCRYPTSECRET, encryptedPropertyValue);
// Decrypt key content
final InputStream decryptedKeyContent =
CryptUtils.decrypt(
decryptedPropertyValue.toString(), keyContentReader.getContentInputStream());
ks.load(
new ByteArrayInputStream(IOUtils.toByteArray(decryptedKeyContent)),
verifyingDTO.getKeyPassword().toCharArray());
final ContentReader fileToVerifyContentReader = getReader(verifyingDTO.getFileToVerify());
if (fileToVerifyContentReader != null) {
final PdfReader reader =
new PdfReader(fileToVerifyContentReader.getContentInputStream());
if (reader != null) {
final AcroFields af = reader.getAcroFields();
if (af != null) {
final ArrayList<String> names = af.getSignatureNames();
if (names != null) {
for (int k = 0; k < names.size(); ++k) {
final VerifyResultDTO verifyResultDTO = new VerifyResultDTO();
final String name = (String) names.get(k);
verifyResultDTO.setName(name);
verifyResultDTO.setSignatureCoversWholeDocument(
af.signatureCoversWholeDocument(name));
verifyResultDTO.setRevision(af.getRevision(name));
verifyResultDTO.setTotalRevision(af.getTotalRevisions());
final PdfPKCS7 pk = af.verifySignature(name);
if (pk != null) {
final Calendar cal = pk.getSignDate();
final Certificate[] pkc = pk.getCertificates();
Object fails[] = PdfPKCS7.verifyCertificates(pkc, ks, null, cal);
if (fails == null) {
verifyResultDTO.setIsSignValid(true);
} else {
verifyResultDTO.setIsSignValid(false);
verifyResultDTO.setFailReason(fails[1]);
}
verifyResultDTO.setSignSubject(
PdfPKCS7.getSubjectFields(pk.getSigningCertificate()).toString());
verifyResultDTO.setIsDocumentModified(!pk.verify());
verifyResultDTO.setSignDate(pk.getSignDate());
verifyResultDTO.setSignLocation(pk.getLocation());
verifyResultDTO.setSignInformationVersion(pk.getSigningInfoVersion());
verifyResultDTO.setSignReason(pk.getReason());
verifyResultDTO.setSignVersion(pk.getVersion());
verifyResultDTO.setSignName(pk.getSignName());
result.add(verifyResultDTO);
} else {
log.error("Unable to verify signature.");
throw new AlfrescoRuntimeException("Unable to verify signature.");
}
}
} else {
log.error("Unable to get signature names.");
throw new AlfrescoRuntimeException("Unable to get signature names.");
}
} else {
log.error("Unable to get PDF fields.");
throw new AlfrescoRuntimeException("Unable to get PDF fields.");
}
}
} else {
log.error("Unable to get document to verify content.");
throw new AlfrescoRuntimeException("Unable to get document to verify content.");
}
} else {
log.error("Unable to get key content, key type or key password.");
throw new AlfrescoRuntimeException(
"Unable to get key content, key type or key password.");
}
} else {
log.error("No object with verification informations.");
throw new AlfrescoRuntimeException("No object with verification informations.");
}
} catch (KeyStoreException e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
} catch (ContentIOException e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
} catch (CertificateException e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
} catch (IOException e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
} catch (GeneralSecurityException e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
} catch (Throwable e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
}
return result;
}
private AlfrescoRuntimeException signFile(
final NodeRef nodeRefToSign,
final DigitalSigningDTO signingDTO,
final File alfTempDir,
final String alias,
final KeyStore ks,
final PrivateKey key,
final Certificate[] chain) {
final String fileNameToSign = fileFolderService.getFileInfo(nodeRefToSign).getName();
File fileConverted = null;
File tempDir = null;
try {
ContentReader fileToSignContentReader = getReader(nodeRefToSign);
if (fileToSignContentReader != null) {
String newName = null;
// Check if document is PDF or transform it
if (!MimetypeMap.MIMETYPE_PDF.equals(fileToSignContentReader.getMimetype())) {
// Transform document in PDF document
final ContentTransformer tranformer =
contentTransformerRegistry.getTransformer(
fileToSignContentReader.getMimetype(),
fileToSignContentReader.getSize(),
MimetypeMap.MIMETYPE_PDF,
new TransformationOptions());
if (tranformer != null) {
tempDir = new File(alfTempDir.getPath() + File.separatorChar + nodeRefToSign.getId());
if (tempDir != null) {
tempDir.mkdir();
fileConverted =
new File(tempDir, fileNameToSign + "_" + System.currentTimeMillis() + ".pdf");
if (fileConverted != null) {
final ContentWriter newDoc = new FileContentWriter(fileConverted);
if (newDoc != null) {
newDoc.setMimetype(MimetypeMap.MIMETYPE_PDF);
tranformer.transform(fileToSignContentReader, newDoc);
fileToSignContentReader = new FileContentReader(fileConverted);
final String originalName =
(String) nodeService.getProperty(nodeRefToSign, ContentModel.PROP_NAME);
newName = originalName.substring(0, originalName.lastIndexOf(".")) + ".pdf";
}
}
}
} else {
log.error(
"["
+ fileNameToSign
+ "] No suitable converter found to convert the document in PDF.");
return new AlfrescoRuntimeException(
"["
+ fileNameToSign
+ "] No suitable converter found to convert the document in PDF.");
}
}
// Convert PDF in PDF/A format
final File pdfAFile = convertPdfToPdfA(fileToSignContentReader.getContentInputStream());
final PdfReader reader = new PdfReader(new FileInputStream(pdfAFile));
if (nodeRefToSign != null) {
tempDir = new File(alfTempDir.getPath() + File.separatorChar + nodeRefToSign.getId());
if (tempDir != null) {
tempDir.mkdir();
final File file = new File(tempDir, fileNameToSign);
if (file != null) {
final FileOutputStream fout = new FileOutputStream(file);
final PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');
if (stp != null) {
final PdfSignatureAppearance sap = stp.getSignatureAppearance();
if (sap != null) {
sap.setCrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED);
sap.setReason(signingDTO.getSignReason());
sap.setLocation(signingDTO.getSignLocation());
sap.setContact(signingDTO.getSignContact());
sap.setCertificationLevel(PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED);
sap.setImageScale(1);
// digital signature
if (signingDTO.getSigningField() != null
&& !signingDTO.getSigningField().trim().equalsIgnoreCase("")) {
Image img = null;
if (signingDTO.getImage() != null) {
final ContentReader imageContentReader = getReader(signingDTO.getImage());
final AcroFields af = reader.getAcroFields();
if (af != null) {
final List<FieldPosition> positions =
af.getFieldPositions(signingDTO.getSigningField());
if (positions != null
&& positions.size() > 0
&& positions.get(0) != null
&& positions.get(0).position != null) {
final BufferedImage newImg =
scaleImage(
ImageIO.read(imageContentReader.getContentInputStream()),
BufferedImage.TYPE_INT_RGB,
Float.valueOf(positions.get(0).position.getWidth()).intValue(),
Float.valueOf(positions.get(0).position.getHeight()).intValue());
img = Image.getInstance(newImg, null);
} else {
log.error(
"["
+ fileNameToSign
+ "] The field '"
+ signingDTO.getSigningField()
+ "' doesn't exist in the document.");
return new AlfrescoRuntimeException(
"["
+ fileNameToSign
+ "] The field '"
+ signingDTO.getSigningField()
+ "' doesn't exist in the document.");
}
}
if (img == null) {
img =
Image.getInstance(
ImageIO.read(imageContentReader.getContentInputStream()), null);
}
sap.setImage(img);
}
sap.setVisibleSignature(signingDTO.getSigningField());
} else {
int pageToSign = 1;
if (DigitalSigningDTO.PAGE_LAST.equalsIgnoreCase(
signingDTO.getPages().trim())) {
pageToSign = reader.getNumberOfPages();
} else if (DigitalSigningDTO.PAGE_SPECIFIC.equalsIgnoreCase(
signingDTO.getPages().trim())) {
if (signingDTO.getPageNumber() > 0
&& signingDTO.getPageNumber() <= reader.getNumberOfPages()) {
pageToSign = signingDTO.getPageNumber();
} else {
throw new AlfrescoRuntimeException("Page number is out of bound.");
}
}
if (signingDTO.getImage() != null) {
final ContentReader imageContentReader = getReader(signingDTO.getImage());
// Resize image
final BufferedImage newImg =
scaleImage(
ImageIO.read(imageContentReader.getContentInputStream()),
BufferedImage.TYPE_INT_RGB,
signingDTO.getSignWidth(),
signingDTO.getSignHeight());
final Image img = Image.getInstance(newImg, null);
sap.setImage(img);
}
if (signingDTO.getPosition() != null
&& !DigitalSigningDTO.POSITION_CUSTOM.equalsIgnoreCase(
signingDTO.getPosition().trim())) {
final Rectangle pageRect = reader.getPageSizeWithRotation(1);
sap.setVisibleSignature(
positionSignature(
signingDTO.getPosition(),
pageRect,
signingDTO.getSignWidth(),
signingDTO.getSignHeight(),
signingDTO.getxMargin(),
signingDTO.getyMargin()),
pageToSign,
null);
} else {
sap.setVisibleSignature(
new Rectangle(
signingDTO.getLocationX(),
signingDTO.getLocationY(),
signingDTO.getLocationX() + signingDTO.getSignWidth(),
signingDTO.getLocationY() - signingDTO.getSignHeight()),
pageToSign,
null);
}
}
stp.close();
NodeRef destinationNode = null;
NodeRef originalDoc = null;
boolean addAsNewVersion = false;
if (signingDTO.getDestinationFolder() == null) {
destinationNode = nodeRefToSign;
nodeService.addAspect(destinationNode, ContentModel.ASPECT_VERSIONABLE, null);
addAsNewVersion = true;
} else {
originalDoc = nodeRefToSign;
destinationNode =
createDestinationNode(
file.getName(), signingDTO.getDestinationFolder(), nodeRefToSign);
}
if (destinationNode != null) {
final ContentWriter writer =
contentService.getWriter(destinationNode, ContentModel.PROP_CONTENT, true);
if (writer != null) {
writer.setEncoding(fileToSignContentReader.getEncoding());
writer.setMimetype("application/pdf");
writer.putContent(file);
file.delete();
if (fileConverted != null) {
fileConverted.delete();
}
nodeService.addAspect(
destinationNode,
SigningModel.ASPECT_SIGNED,
new HashMap<QName, Serializable>());
nodeService.setProperty(
destinationNode, SigningModel.PROP_REASON, signingDTO.getSignReason());
nodeService.setProperty(
destinationNode,
SigningModel.PROP_LOCATION,
signingDTO.getSignLocation());
nodeService.setProperty(
destinationNode, SigningModel.PROP_SIGNATUREDATE, new java.util.Date());
nodeService.setProperty(
destinationNode,
SigningModel.PROP_SIGNEDBY,
AuthenticationUtil.getRunAsUser());
if (newName != null) {
nodeService.setProperty(destinationNode, ContentModel.PROP_NAME, newName);
}
final X509Certificate c = (X509Certificate) ks.getCertificate(alias);
nodeService.setProperty(
destinationNode, SigningModel.PROP_VALIDITY, c.getNotAfter());
nodeService.setProperty(
destinationNode, SigningModel.PROP_ORIGINAL_DOC, originalDoc);
if (!addAsNewVersion) {
if (!nodeService.hasAspect(originalDoc, SigningModel.ASPECT_ORIGINAL_DOC)) {
nodeService.addAspect(
originalDoc,
SigningModel.ASPECT_ORIGINAL_DOC,
new HashMap<QName, Serializable>());
}
nodeService.createAssociation(
originalDoc, destinationNode, SigningModel.PROP_RELATED_DOC);
}
}
} else {
log.error("[" + fileNameToSign + "] Destination node is not a valid NodeRef.");
return new AlfrescoRuntimeException(
"[" + fileNameToSign + "] Destination node is not a valid NodeRef.");
}
} else {
log.error("[" + fileNameToSign + "] Unable to get PDF appearance signature.");
return new AlfrescoRuntimeException(
"[" + fileNameToSign + "] Unable to get PDF appearance signature.");
}
} else {
log.error("[" + fileNameToSign + "] Unable to create PDF signature.");
return new AlfrescoRuntimeException(
"[" + fileNameToSign + "] Unable to create PDF signature.");
}
}
}
} else {
log.error("[" + fileNameToSign + "] Unable to get document to sign content.");
return new AlfrescoRuntimeException(
"[" + fileNameToSign + "] Unable to get document to sign content.");
}
if (pdfAFile != null) {
pdfAFile.delete();
}
return null;
} else {
log.error("[" + fileNameToSign + "] The document has no content.");
return new AlfrescoRuntimeException(
"[" + fileNameToSign + "] The document has no content.");
}
} catch (KeyStoreException e) {
log.error("[" + fileNameToSign + "] " + e);
return new AlfrescoRuntimeException("[" + fileNameToSign + "] " + e.getMessage(), e);
} catch (ContentIOException e) {
log.error("[" + fileNameToSign + "] " + e);
return new AlfrescoRuntimeException("[" + fileNameToSign + "] " + e.getMessage(), e);
} catch (IOException e) {
log.error("[" + fileNameToSign + "] " + e);
return new AlfrescoRuntimeException("[" + fileNameToSign + "] " + e.getMessage(), e);
} catch (DocumentException e) {
log.error("[" + fileNameToSign + "] " + e);
return new AlfrescoRuntimeException("[" + fileNameToSign + "] " + e.getMessage(), e);
} finally {
if (tempDir != null) {
try {
tempDir.delete();
} catch (Exception ex) {
log.error("[" + fileNameToSign + "] " + ex);
return new AlfrescoRuntimeException("[" + fileNameToSign + "] " + ex.getMessage(), ex);
}
}
}
}