use of org.apache.pdfbox.examples.signature.validation.AddValidationInformation in project pdfbox by apache.
the class TestCreateSignature method testCreateSignedTimeStamp.
/**
* Test timestamp only signature (ETSI.RFC3161).
*
* @throws IOException
* @throws CMSException
* @throws OperatorCreationException
* @throws GeneralSecurityException
* @throws TSPException
* @throws CertificateVerificationException
*/
@Test
void testCreateSignedTimeStamp() throws IOException, CMSException, OperatorCreationException, GeneralSecurityException, TSPException, CertificateVerificationException, OCSPException {
Assumptions.assumeTrue(tsa != null && !tsa.isEmpty(), "No TSA URL defined, test skipped");
final String fileName = "timestamped.pdf";
CreateSignedTimeStamp signing = new CreateSignedTimeStamp(tsa);
signing.signDetached(new File(IN_DIR + "sign_me.pdf"), new File(OUT_DIR + fileName));
try (PDDocument doc = Loader.loadPDF(new File(OUT_DIR + fileName))) {
PDSignature signature = doc.getLastSignatureDictionary();
byte[] totalFileContent = Files.readAllBytes(new File(OUT_DIR, fileName).toPath());
byte[] signedFileContent = signature.getSignedContent(totalFileContent);
byte[] contents = signature.getContents();
TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(contents));
ByteArrayInputStream certStream = new ByteArrayInputStream(contents);
Collection<? extends Certificate> certs = certificateFactory.generateCertificates(certStream);
String hashAlgorithm = timeStampToken.getTimeStampInfo().getMessageImprintAlgOID().getId();
// compare the hash of the signed content with the hash in the timestamp
assertArrayEquals(MessageDigest.getInstance(hashAlgorithm).digest(signedFileContent), timeStampToken.getTimeStampInfo().getMessageImprintDigest());
X509Certificate certFromTimeStamp = (X509Certificate) certs.iterator().next();
SigUtils.checkTimeStampCertificateUsage(certFromTimeStamp);
SigUtils.validateTimestampToken(timeStampToken);
SigUtils.verifyCertificateChain(timeStampToken.getCertificates(), certFromTimeStamp, timeStampToken.getTimeStampInfo().getGenTime());
}
File inFile = new File(OUT_DIR, fileName);
String name = inFile.getName();
String substring = name.substring(0, name.lastIndexOf('.'));
File outFile = new File(OUT_DIR, substring + "_LTV.pdf");
AddValidationInformation addValidationInformation = new AddValidationInformation();
addValidationInformation.validateSignature(inFile, outFile);
checkLTV(outFile);
}
use of org.apache.pdfbox.examples.signature.validation.AddValidationInformation in project pdfbox by apache.
the class TestCreateSignature method testAddValidationInformation.
/**
* Test adding LTV information. This tests the status quo. If we use a new file (or if the file
* gets updated) then the test may have to be adjusted. The test is not really perfect, but it
* tries to check a minimum of things that should match. If the test fails and you didn't change
* anything in signing, then find out whether some external servers involved are unresponsive.
* At the time of writing this, the OCSP server http://ocsp.quovadisglobal.com responds with 502
* "UNAUTHORIZED". That is not a problem as long as the CRL URL works.
*
* @throws java.io.IOException
* @throws java.security.GeneralSecurityException
* @throws org.bouncycastle.cert.ocsp.OCSPException
* @throws org.bouncycastle.operator.OperatorCreationException
* @throws org.bouncycastle.cms.CMSException
*/
@Test
void testAddValidationInformation() throws IOException, GeneralSecurityException, OCSPException, OperatorCreationException, CMSException {
File inFile = new File("target/pdfs", "notCertified_368835_Sig_en_201026090509.pdf");
String name = inFile.getName();
String substring = name.substring(0, name.lastIndexOf('.'));
File outFile = new File(OUT_DIR, substring + "_LTV.pdf");
AddValidationInformation addValidationInformation = new AddValidationInformation();
addValidationInformation.validateSignature(inFile, outFile);
checkLTV(outFile);
}
Aggregations