/** * Switches to the previous revision. * * @throws IOException * @throws GeneralSecurityException */ public void switchToPreviousRevision() throws IOException, GeneralSecurityException { LOGGER.info("Switching to previous revision."); latestRevision = false; dss = reader.getCatalog().getAsDict(PdfName.DSS); Calendar cal = pkcs7.getTimeStampDate(); if (cal == null) cal = pkcs7.getSignDate(); // TODO: get date from signature signDate = cal.getTime(); List<String> names = fields.getSignatureNames(); if (names.size() > 1) { signatureName = names.get(names.size() - 2); reader = new PdfReader(fields.extractRevision(signatureName)); this.fields = reader.getAcroFields(); names = fields.getSignatureNames(); signatureName = names.get(names.size() - 1); pkcs7 = coversWholeDocument(); LOGGER.info( String.format( "Checking %ssignature %s", pkcs7.isTsp() ? "document-level timestamp " : "", signatureName)); } else { LOGGER.info("No signatures in revision"); pkcs7 = null; } }
/** * Creates a VerificationData object for a PdfReader * * @param reader a reader for the document we want to verify. * @throws GeneralSecurityException */ public LtvVerifier(PdfReader reader) throws GeneralSecurityException { super(null); this.reader = reader; this.fields = reader.getAcroFields(); List<String> names = fields.getSignatureNames(); signatureName = names.get(names.size() - 1); this.signDate = new Date(); pkcs7 = coversWholeDocument(); LOGGER.info( String.format( "Checking %ssignature %s", pkcs7.isTsp() ? "document-level timestamp " : "", signatureName)); }
public List<VerifyResultDTO> verifySign(final VerifyingDTO verifyingDTO) { final List<VerifyResultDTO> result = new ArrayList<VerifyResultDTO>(); try { if (verifyingDTO != null) { final String keyType = (String) nodeService.getProperty(verifyingDTO.getKeyFile(), SigningModel.PROP_KEYTYPE); final KeyStore ks = KeyStore.getInstance(keyType); final ContentReader keyContentReader = getReader(verifyingDTO.getKeyFile()); if (keyContentReader != null && ks != null && verifyingDTO.getKeyPassword() != null) { // Get crypted secret key and decrypt it final Serializable encryptedPropertyValue = nodeService.getProperty(verifyingDTO.getKeyFile(), SigningModel.PROP_KEYCRYPTSECRET); final Serializable decryptedPropertyValue = metadataEncryptor.decrypt(SigningModel.PROP_KEYCRYPTSECRET, encryptedPropertyValue); // Decrypt key content final InputStream decryptedKeyContent = CryptUtils.decrypt( decryptedPropertyValue.toString(), keyContentReader.getContentInputStream()); ks.load( new ByteArrayInputStream(IOUtils.toByteArray(decryptedKeyContent)), verifyingDTO.getKeyPassword().toCharArray()); final ContentReader fileToVerifyContentReader = getReader(verifyingDTO.getFileToVerify()); if (fileToVerifyContentReader != null) { final PdfReader reader = new PdfReader(fileToVerifyContentReader.getContentInputStream()); if (reader != null) { final AcroFields af = reader.getAcroFields(); if (af != null) { final ArrayList<String> names = af.getSignatureNames(); if (names != null) { for (int k = 0; k < names.size(); ++k) { final VerifyResultDTO verifyResultDTO = new VerifyResultDTO(); final String name = (String) names.get(k); verifyResultDTO.setName(name); verifyResultDTO.setSignatureCoversWholeDocument( af.signatureCoversWholeDocument(name)); verifyResultDTO.setRevision(af.getRevision(name)); verifyResultDTO.setTotalRevision(af.getTotalRevisions()); final PdfPKCS7 pk = af.verifySignature(name); if (pk != null) { final Calendar cal = pk.getSignDate(); final Certificate[] pkc = pk.getCertificates(); Object fails[] = PdfPKCS7.verifyCertificates(pkc, ks, null, cal); if (fails == null) { verifyResultDTO.setIsSignValid(true); } else { verifyResultDTO.setIsSignValid(false); verifyResultDTO.setFailReason(fails[1]); } verifyResultDTO.setSignSubject( PdfPKCS7.getSubjectFields(pk.getSigningCertificate()).toString()); verifyResultDTO.setIsDocumentModified(!pk.verify()); verifyResultDTO.setSignDate(pk.getSignDate()); verifyResultDTO.setSignLocation(pk.getLocation()); verifyResultDTO.setSignInformationVersion(pk.getSigningInfoVersion()); verifyResultDTO.setSignReason(pk.getReason()); verifyResultDTO.setSignVersion(pk.getVersion()); verifyResultDTO.setSignName(pk.getSignName()); result.add(verifyResultDTO); } else { log.error("Unable to verify signature."); throw new AlfrescoRuntimeException("Unable to verify signature."); } } } else { log.error("Unable to get signature names."); throw new AlfrescoRuntimeException("Unable to get signature names."); } } else { log.error("Unable to get PDF fields."); throw new AlfrescoRuntimeException("Unable to get PDF fields."); } } } else { log.error("Unable to get document to verify content."); throw new AlfrescoRuntimeException("Unable to get document to verify content."); } } else { log.error("Unable to get key content, key type or key password."); throw new AlfrescoRuntimeException( "Unable to get key content, key type or key password."); } } else { log.error("No object with verification informations."); throw new AlfrescoRuntimeException("No object with verification informations."); } } catch (KeyStoreException e) { log.error(e); throw new AlfrescoRuntimeException(e.getMessage(), e); } catch (ContentIOException e) { log.error(e); throw new AlfrescoRuntimeException(e.getMessage(), e); } catch (NoSuchAlgorithmException e) { log.error(e); throw new AlfrescoRuntimeException(e.getMessage(), e); } catch (CertificateException e) { log.error(e); throw new AlfrescoRuntimeException(e.getMessage(), e); } catch (IOException e) { log.error(e); throw new AlfrescoRuntimeException(e.getMessage(), e); } catch (GeneralSecurityException e) { log.error(e); throw new AlfrescoRuntimeException(e.getMessage(), e); } catch (Throwable e) { log.error(e); throw new AlfrescoRuntimeException(e.getMessage(), e); } return result; }