public List<VerifyResultDTO> verifySign(final VerifyingDTO verifyingDTO) { final List<VerifyResultDTO> result = new ArrayList<VerifyResultDTO>(); try { if (verifyingDTO != null) { final String keyType = (String) nodeService.getProperty(verifyingDTO.getKeyFile(), SigningModel.PROP_KEYTYPE); final KeyStore ks = KeyStore.getInstance(keyType); final ContentReader keyContentReader = getReader(verifyingDTO.getKeyFile()); if (keyContentReader != null && ks != null && verifyingDTO.getKeyPassword() != null) { // Get crypted secret key and decrypt it final Serializable encryptedPropertyValue = nodeService.getProperty(verifyingDTO.getKeyFile(), SigningModel.PROP_KEYCRYPTSECRET); final Serializable decryptedPropertyValue = metadataEncryptor.decrypt(SigningModel.PROP_KEYCRYPTSECRET, encryptedPropertyValue); // Decrypt key content final InputStream decryptedKeyContent = CryptUtils.decrypt( decryptedPropertyValue.toString(), keyContentReader.getContentInputStream()); ks.load( new ByteArrayInputStream(IOUtils.toByteArray(decryptedKeyContent)), verifyingDTO.getKeyPassword().toCharArray()); final ContentReader fileToVerifyContentReader = getReader(verifyingDTO.getFileToVerify()); if (fileToVerifyContentReader != null) { final PdfReader reader = new PdfReader(fileToVerifyContentReader.getContentInputStream()); if (reader != null) { final AcroFields af = reader.getAcroFields(); if (af != null) { final ArrayList<String> names = af.getSignatureNames(); if (names != null) { for (int k = 0; k < names.size(); ++k) { final VerifyResultDTO verifyResultDTO = new VerifyResultDTO(); final String name = (String) names.get(k); verifyResultDTO.setName(name); verifyResultDTO.setSignatureCoversWholeDocument( af.signatureCoversWholeDocument(name)); verifyResultDTO.setRevision(af.getRevision(name)); verifyResultDTO.setTotalRevision(af.getTotalRevisions()); final PdfPKCS7 pk = af.verifySignature(name); if (pk != null) { final Calendar cal = pk.getSignDate(); final Certificate[] pkc = pk.getCertificates(); Object fails[] = PdfPKCS7.verifyCertificates(pkc, ks, null, cal); if (fails == null) { verifyResultDTO.setIsSignValid(true); } else { verifyResultDTO.setIsSignValid(false); verifyResultDTO.setFailReason(fails[1]); } verifyResultDTO.setSignSubject( PdfPKCS7.getSubjectFields(pk.getSigningCertificate()).toString()); verifyResultDTO.setIsDocumentModified(!pk.verify()); verifyResultDTO.setSignDate(pk.getSignDate()); verifyResultDTO.setSignLocation(pk.getLocation()); verifyResultDTO.setSignInformationVersion(pk.getSigningInfoVersion()); verifyResultDTO.setSignReason(pk.getReason()); verifyResultDTO.setSignVersion(pk.getVersion()); verifyResultDTO.setSignName(pk.getSignName()); result.add(verifyResultDTO); } else { log.error("Unable to verify signature."); throw new AlfrescoRuntimeException("Unable to verify signature."); } } } else { log.error("Unable to get signature names."); throw new AlfrescoRuntimeException("Unable to get signature names."); } } else { log.error("Unable to get PDF fields."); throw new AlfrescoRuntimeException("Unable to get PDF fields."); } } } else { log.error("Unable to get document to verify content."); throw new AlfrescoRuntimeException("Unable to get document to verify content."); } } else { log.error("Unable to get key content, key type or key password."); throw new AlfrescoRuntimeException( "Unable to get key content, key type or key password."); } } else { log.error("No object with verification informations."); throw new AlfrescoRuntimeException("No object with verification informations."); } } catch (KeyStoreException e) { log.error(e); throw new AlfrescoRuntimeException(e.getMessage(), e); } catch (ContentIOException e) { log.error(e); throw new AlfrescoRuntimeException(e.getMessage(), e); } catch (NoSuchAlgorithmException e) { log.error(e); throw new AlfrescoRuntimeException(e.getMessage(), e); } catch (CertificateException e) { log.error(e); throw new AlfrescoRuntimeException(e.getMessage(), e); } catch (IOException e) { log.error(e); throw new AlfrescoRuntimeException(e.getMessage(), e); } catch (GeneralSecurityException e) { log.error(e); throw new AlfrescoRuntimeException(e.getMessage(), e); } catch (Throwable e) { log.error(e); throw new AlfrescoRuntimeException(e.getMessage(), e); } return result; }