Skip to content

Commit

Permalink
Merge pull request #44 from swedenconnect/skip-error-signature
Browse files Browse the repository at this point in the history 
release 1.2.4
  • Loading branch information
@Razumain
Razumain authored Oct 31, 2023
2 parents 6396933 + 79b5333 commit c94c034
Show file tree
Hide file tree
Showing 10 changed files with 59 additions and 27 deletions.
2 changes: 1 addition & 1 deletion cert-extensions/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
<parent>
<artifactId>sigval-parent</artifactId>
<groupId>se.swedenconnect.sigval</groupId>
<version>1.2.3</version>
<version>1.2.4</version>
</parent>

<name>Sweden Connect :: Signature validation :: X.509 Certificate Extensions</name>
Expand Down
2 changes: 1 addition & 1 deletion cert-validation/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
<parent>
<artifactId>sigval-parent</artifactId>
<groupId>se.swedenconnect.sigval</groupId>
<version>1.2.3</version>
<version>1.2.4</version>
</parent>

<name>Sweden Connect :: Signature validation :: X.509 Certificate Validation</name>
Expand Down
12 changes: 9 additions & 3 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<groupId>se.swedenconnect.sigval</groupId>
<artifactId>sigval-parent</artifactId>
<packaging>pom</packaging>
<version>1.2.3</version>
<version>1.2.4</version>

<name>Sweden Connect :: Parent POM for Signature Validation</name>
<description>Parent POM for SignService Validation libraries</description>
Expand Down Expand Up @@ -49,7 +49,7 @@

<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<bouncy-castle.version>1.73</bouncy-castle.version>
<bouncy-castle.version>1.76</bouncy-castle.version>
<java.version>11</java.version>
</properties>

Expand Down Expand Up @@ -165,7 +165,13 @@
<type>jar</type>
<scope>compile</scope>
</dependency>


<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.30</version>
</dependency>

</dependencies>

</dependencyManagement>
Expand Down
2 changes: 1 addition & 1 deletion sigval-commons/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<parent>
<artifactId>sigval-parent</artifactId>
<groupId>se.swedenconnect.sigval</groupId>
<version>1.2.3</version>
<version>1.2.4</version>
</parent>

<name>Sweden Connect :: Signature validation :: Commons</name>
Expand Down
2 changes: 1 addition & 1 deletion sigval-jose/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<parent>
<artifactId>sigval-parent</artifactId>
<groupId>se.swedenconnect.sigval</groupId>
<version>1.2.3</version>
<version>1.2.4</version>
</parent>

<name>Sweden Connect :: Signature validation :: JOSE</name>
Expand Down
2 changes: 1 addition & 1 deletion sigval-pdf/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
<parent>
<artifactId>sigval-parent</artifactId>
<groupId>se.swedenconnect.sigval</groupId>
<version>1.2.3</version>
<version>1.2.4</version>
</parent>

<name>Sweden Connect :: Signature validation :: PDF</name>
Expand Down
1 change: 1 addition & 0 deletions sigval-pdf/src/main/java/se/swedenconnect/sigval/pdf/utils/PDFSVAUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ public class PDFSVAUtils {

public static final String SIGNATURE_TYPE = "sig";
public static final String DOC_TIMESTAMP_TYPE = "docts";
public static final String ILLEGAL_SIGNATURE_TYPE = "illegal";
public static final String SVT_TYPE = "svt";
public static final String UNKNOWN_TYPE = "unknown";
public static final String PDF_SIG_SUBFILETER_LC = "adbe.pkcs7.detached";
Expand Down
59 changes: 42 additions & 17 deletions ...c/main/java/se/swedenconnect/sigval/pdf/verify/impl/SVTenabledPDFDocumentSigVerifier.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,8 @@ public class SVTenabledPDFDocumentSigVerifier implements ExtendedPDFSignatureVal
* @param pdfSingleSignatureValidator The verifier used to verify signatures not supported by SVA
* @param pdfSignatureContextFactory factory for creating an instance of signature context for the validated document
*/
public SVTenabledPDFDocumentSigVerifier(PDFSingleSignatureValidator pdfSingleSignatureValidator, PDFSignatureContextFactory pdfSignatureContextFactory) {
public SVTenabledPDFDocumentSigVerifier(PDFSingleSignatureValidator pdfSingleSignatureValidator,
PDFSignatureContextFactory pdfSignatureContextFactory) {
this.pdfSingleSignatureValidator = pdfSingleSignatureValidator;
this.pdfSignatureContextFactory = pdfSignatureContextFactory;
this.pdfsvtValidator = null;
Expand All @@ -90,10 +91,11 @@ public SVTenabledPDFDocumentSigVerifier(PDFSingleSignatureValidator pdfSingleSig
* Constructor
*
* @param pdfSingleSignatureValidator The verifier used to verify signatures not supported by SVA
* @param pdfsvtValidator Certificate verifier for the certificate used to sign SVA tokens
* @param pdfsvtValidator Certificate verifier for the certificate used to sign SVA tokens
* @param pdfSignatureContextFactory factory for creating an instance of signature context for the validated document
*/
public SVTenabledPDFDocumentSigVerifier(PDFSingleSignatureValidator pdfSingleSignatureValidator, PDFSVTValidator pdfsvtValidator, PDFSignatureContextFactory pdfSignatureContextFactory) {
public SVTenabledPDFDocumentSigVerifier(PDFSingleSignatureValidator pdfSingleSignatureValidator,
PDFSVTValidator pdfsvtValidator, PDFSignatureContextFactory pdfSignatureContextFactory) {
this.pdfSingleSignatureValidator = pdfSingleSignatureValidator;
this.pdfsvtValidator = pdfsvtValidator;
this.pdfSignatureContextFactory = pdfSignatureContextFactory;
Expand Down Expand Up @@ -132,13 +134,22 @@ public List<SignatureValidationResult> validate(File pdfDoc) throws SignatureExc
List<PDSignature> signatureList = new ArrayList<>();

for (PDSignature signature : allSignatureList) {
String type = PDFSVAUtils.getSignatureType(signature, signature.getContents(pdfDocBytes));
String type;
try {
byte[] contents = signature.getContents(pdfDocBytes);
type = PDFSVAUtils.getSignatureType(signature, contents);
}
catch (Exception e) {
type = PDFSVAUtils.ILLEGAL_SIGNATURE_TYPE;
log.debug("Error parsing signature data: {}", e.getMessage());
}
switch (type) {
case PDFSVAUtils.SVT_TYPE:
case PDFSVAUtils.DOC_TIMESTAMP_TYPE:
docTsSigList.add(signature);
break;
case PDFSVAUtils.SIGNATURE_TYPE:
case PDFSVAUtils.ILLEGAL_SIGNATURE_TYPE:
signatureList.add(signature);
}
}
Expand All @@ -149,11 +160,17 @@ public List<SignatureValidationResult> validate(File pdfDoc) throws SignatureExc
List<PDFDocTimeStamp> docTimeStampList = new ArrayList<>();
boolean docTsVerified = false;
// Obtain any SVT validation results from a present SVT validator
List<SignatureSVTValidationResult> svtValidationResults = pdfsvtValidator == null ? null : pdfsvtValidator.validate(pdfDocBytes);
List<SignatureSVTValidationResult> svtValidationResults =
pdfsvtValidator == null ? null : pdfsvtValidator.validate(pdfDocBytes);

for (PDSignature signature : signatureList) {
SignatureSVTValidationResult svtValResult = null;
try {
svtValResult = getMatchingSvtValidation(PDFSVAUtils.getSignatureValueBytes(signature, pdfDocBytes), svtValidationResults);
} catch (Exception e) {
log.debug("Error looking for signature validation result: {}", e.getMessage());
}

if (svtValResult == null) {
// This signature is not covered by a valid SVT. Perform normal signature verification
try {
Expand All @@ -163,7 +180,8 @@ public List<SignatureValidationResult> validate(File pdfDoc) throws SignatureExc
docTsVerified = true;
}

SignatureValidationResult directVerifyResult = pdfSingleSignatureValidator.verifySignature(signature, pdfDocBytes, docTimeStampList,
SignatureValidationResult directVerifyResult = pdfSingleSignatureValidator.verifySignature(signature,
pdfDocBytes, docTimeStampList,
signatureContext);
sigVerifyResultList.add(directVerifyResult);
}
Expand All @@ -174,7 +192,8 @@ public List<SignatureValidationResult> validate(File pdfDoc) throws SignatureExc
}
else {
// There is SVT validation results. Use them.
sigVerifyResultList.add(compliePDFSigValResultsFromSvtValidation(svtValResult, signature, pdfDocBytes, signatureContext));
sigVerifyResultList.add(
compliePDFSigValResultsFromSvtValidation(svtValResult, signature, pdfDocBytes, signatureContext));
}
}
return sigVerifyResultList;
Expand Down Expand Up @@ -223,9 +242,9 @@ public List<SignatureValidationResult> validate(File pdfDoc) throws SignatureExc
* Use the results obtained from SVT validation to produce general signature validation result as if the signature was validated using
* complete validation.
*
* @param svtValResult results from SVT validation
* @param signature the signature being validated
* @param pdfDocBytes the bytes of the PDF document
* @param svtValResult results from SVT validation
* @param signature the signature being validated
* @param pdfDocBytes the bytes of the PDF document
* @param signatureContext the context of the signature in the PDF document
* @return {@link ExtendedPdfSigValResult} signature results
*/
Expand All @@ -247,8 +266,8 @@ private ExtendedPdfSigValResult compliePDFSigValResultsFromSvtValidation(Signatu
byte[] signedDocumentBytes = null;
try {
signedDocumentBytes = signatureContext.getSignedDocument(signature);
}
catch (Exception ex){
}
catch (Exception ex) {
log.warn("Error extracting the document version signed by this signature: {}", ex.getMessage());
}
cmsSVResult.setSignedDocument(signedDocumentBytes);
Expand Down Expand Up @@ -280,7 +299,8 @@ private ExtendedPdfSigValResult compliePDFSigValResultsFromSvtValidation(Signatu
cmsSVResult.setSignerCertificate(CMSSigCerts.getSigCert());
cmsSVResult.setSignatureCertificateChain(CMSSigCerts.getChain());
// Store the svt validated certificates as path of certificate validation results
CertificateValidationResult cvr = new DefaultCertificateValidationResult(SVAUtils.getOrderedCertList(svtValResult.getSignerCertificate(), svtValResult.getCertificateChain()));
CertificateValidationResult cvr = new DefaultCertificateValidationResult(
SVAUtils.getOrderedCertList(svtValResult.getSignerCertificate(), svtValResult.getCertificateChain()));
cmsSVResult.setCertificateValidationResult(cvr);

// Finalize
Expand Down Expand Up @@ -329,18 +349,22 @@ private ExtendedPdfSigValResult compliePDFSigValResultsFromSvtValidation(Signatu

/**
* Compare if the signature value match any of the listed SVT validation results
*
* @param sigValueBytes signature value bytes
* @param svtValidationResults validation result from SVT validation
* @return The SVT validation results, or null on no match
*/
private SignatureSVTValidationResult getMatchingSvtValidation(byte[] sigValueBytes,
List<SignatureSVTValidationResult> svtValidationResults) {
if (svtValidationResults == null) return null;
if (svtValidationResults == null)
return null;
for (SignatureSVTValidationResult svtValResult : svtValidationResults) {
try {
MessageDigest md = SVTAlgoRegistry.getMessageDigestInstance(svtValResult.getSignedJWT().getHeader().getAlgorithm());
MessageDigest md = SVTAlgoRegistry.getMessageDigestInstance(
svtValResult.getSignedJWT().getHeader().getAlgorithm());
String sigValueHashStr = Base64.encodeBase64String(md.digest(sigValueBytes));
if (sigValueHashStr.equals(svtValResult.getSignatureClaims().getSig_ref().getSig_hash()) && svtValResult.isSvtValidationSuccess()) {
if (sigValueHashStr.equals(svtValResult.getSignatureClaims().getSig_ref().getSig_hash())
&& svtValResult.isSvtValidationSuccess()) {
return svtValResult;
}
}
Expand Down Expand Up @@ -380,7 +404,8 @@ private List<X509Certificate> getCertList(List<byte[]> certificateChain) throws
* @return PDF signature validation result objects
*/
@Override
public SignedDocumentValidationResult<ExtendedPdfSigValResult> extendedResultValidation(byte[] pdfDocBytes) throws SignatureException{
public SignedDocumentValidationResult<ExtendedPdfSigValResult> extendedResultValidation(byte[] pdfDocBytes)
throws SignatureException {
List<SignatureValidationResult> validationResults = validate(pdfDocBytes);
return getConcludingSigVerifyResult(validationResults);
}
Expand Down
2 changes: 1 addition & 1 deletion sigval-report/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<artifactId>sigval-parent</artifactId>
<groupId>se.swedenconnect.sigval</groupId>
<version>1.2.3</version>
<version>1.2.4</version>
</parent>
<modelVersion>4.0.0</modelVersion>

Expand Down
2 changes: 1 addition & 1 deletion sigval-xml/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<parent>
<artifactId>sigval-parent</artifactId>
<groupId>se.swedenconnect.sigval</groupId>
<version>1.2.3</version>
<version>1.2.4</version>
</parent>

<name>Sweden Connect :: Signature validation :: XML</name>
Expand Down

0 comments on commit c94c034

Please sign in to comment.