/**
* Get RFC 3161 timeStampToken.
* Method may return null indicating that timestamp should be skipped.
* @param caller PdfPKCS7 - calling PdfPKCS7 instance (in case caller needs it)
* @param imprint byte[] - data imprint to be time-stamped
* @return byte[] - encoded, TSA signed data of the timeStampToken
* @throws Exception - TSA request failed
* @see com.lowagie.text.pdf.TSAClient#getTimeStampToken(com.lowagie.text.pdf.PdfPKCS7, byte[])
*/
public byte[] GetTimeStampToken(PdfPKCS7 caller, byte[] imprint)
{
return GetTimeStampToken(imprint);
}
/**
* Verifies a signature. An example usage is:
* <p>
* <pre>
* KeyStore kall = PdfPKCS7.LoadCacertsKeyStore();
* PdfReader reader = new PdfReader("my_signed_doc.pdf");
* AcroFields af = reader.GetAcroFields();
* ArrayList names = af.GetSignatureNames();
* for (int k = 0; k < names.Size(); ++k) {
* String name = (String)names.Get(k);
* System.out.Println("Signature name: " + name);
* System.out.Println("Signature covers whole document: " + af.SignatureCoversWholeDocument(name));
* PdfPKCS7 pk = af.VerifySignature(name);
* Calendar cal = pk.GetSignDate();
* Certificate pkc[] = pk.GetCertificates();
* System.out.Println("Subject: " + PdfPKCS7.GetSubjectFields(pk.GetSigningCertificate()));
* System.out.Println("Document modified: " + !pk.Verify());
* Object fails[] = PdfPKCS7.VerifyCertificates(pkc, kall, null, cal);
* if (fails == null)
* System.out.Println("Certificates verified against the KeyStore");
* else
* System.out.Println("Certificate failed: " + fails[1]);
* }
* </pre>
* @param name the signature field name
* @return a <CODE>PdfPKCS7</CODE> class to continue the verification
*/
public PdfPKCS7 VerifySignature(String name)
{
PdfDictionary v = GetSignatureDictionary(name);
if (v == null)
return null;
PdfName sub = v.GetAsName(PdfName.SUBFILTER);
PdfString contents = v.GetAsString(PdfName.CONTENTS);
PdfPKCS7 pk = null;
if (sub.Equals(PdfName.ADBE_X509_RSA_SHA1)) {
PdfString cert = v.GetAsString(PdfName.CERT);
pk = new PdfPKCS7(contents.GetOriginalBytes(), cert.GetBytes());
}
else
pk = new PdfPKCS7(contents.GetOriginalBytes());
UpdateByteRange(pk, v);
PdfString str = v.GetAsString(PdfName.M);
if (str != null)
pk.SignDate = PdfDate.Decode(str.ToString());
PdfObject obj = PdfReader.GetPdfObject(v.Get(PdfName.NAME));
if (obj != null) {
if (obj.IsString())
pk.SignName = ((PdfString)obj).ToUnicodeString();
else if(obj.IsName())
pk.SignName = PdfName.DecodeName(obj.ToString());
}
str = v.GetAsString(PdfName.REASON);
if (str != null)
pk.Reason = str.ToUnicodeString();
str = v.GetAsString(PdfName.LOCATION);
if (str != null)
pk.Location = str.ToUnicodeString();
return pk;
}
private void UpdateByteRange(PdfPKCS7 pkcs7, PdfDictionary v)
{
PdfArray b = v.GetAsArray(PdfName.BYTERANGE);
RandomAccessFileOrArray rf = reader.SafeFile;
try {
rf.ReOpen();
byte[] buf = new byte[8192];
for (int k = 0; k < b.Size; ++k) {
int start = b.GetAsNumber(k).IntValue;
int length = b.GetAsNumber(++k).IntValue;
rf.Seek(start);
while (length > 0) {
int rd = rf.Read(buf, 0, Math.Min(length, buf.Length));
if (rd <= 0)
break;
length -= rd;
pkcs7.Update(buf, 0, rd);
}
}
}
finally {
try{rf.Close();}catch{}
}
}
/**
* Sets the crypto information to sign.
* @param privKey the private key
* @param certChain the certificate chain
* @param crlList the certificate revocation list. It can be <CODE>null</CODE>
*/
public void SetSignInfo(ICipherParameters privKey, X509Certificate[] certChain, object[] crlList)
{
pkcs = new PdfPKCS7(privKey, certChain, crlList, hashAlgorithm, PdfName.ADBE_PKCS7_SHA1.Equals(Get(PdfName.SUBFILTER)));
pkcs.SetExternalDigest(externalDigest, externalRSAdata, digestEncryptionAlgorithm);
if (PdfName.ADBE_X509_RSA_SHA1.Equals(Get(PdfName.SUBFILTER))) {
MemoryStream bout = new MemoryStream();
for (int k = 0; k < certChain.Length; ++k) {
byte[] tmp = certChain[k].GetEncoded();
bout.Write(tmp, 0, tmp.Length);
}
bout.Close();
Cert = bout.ToArray();
Contents = pkcs.GetEncodedPKCS1();
}
else
Contents = pkcs.GetEncodedPKCS7();
name = PdfPKCS7.GetSubjectFields(pkcs.SigningCertificate).GetField("CN");
if (name != null)
Put(PdfName.NAME, new PdfString(name, PdfObject.TEXT_UNICODE));
pkcs = new PdfPKCS7(privKey, certChain, crlList, hashAlgorithm, PdfName.ADBE_PKCS7_SHA1.Equals(Get(PdfName.SUBFILTER)));
pkcs.SetExternalDigest(externalDigest, externalRSAdata, digestEncryptionAlgorithm);
}
