Package se.swedenconnect.sigval.pdf.pdfstruct.impl

Class DefaultPDFSignatureContext

java.lang.Object
se.swedenconnect.sigval.pdf.pdfstruct.impl.DefaultPDFSignatureContext
All Implemented Interfaces:
PDFSignatureContext
public class DefaultPDFSignatureContext extends Object implements PDFSignatureContext
Examines a PDF document and gathers context data used to determine document revisions and if any of those revisions may alter the document appearance with respect to document signatures.
Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

  • Constructor Summary

    Constructors
    Constructor
    Description
    DefaultPDFSignatureContext(byte[] pdfBytes, GeneralSafeObjects safeObjectProvider)
    Constructor

  • Method Summary

    Modifier and Type
    Method
    Description
    List<PDFDocRevision>
    getPdfDocRevisions()
    Getter for PDF document revision data
    List<org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature>
    getSignatures()
    Getter for PDF signature objects in the examined document.
    byte[]
    getSignedDocument(org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature signature)
    Extracts the bytes of the PDF document that was signed by the provided signature
    boolean
    isCoversWholeDocument(org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature signature)
    Test if this signature covers the whole document.
    boolean
    isSignatureExtendedByNonSafeUpdates(org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature signature)
    Check if the pdf document was updated by unsafe updates after this signature was added to the document, where the new update may alter the visual content of the document.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • DefaultPDFSignatureContext

      public DefaultPDFSignatureContext(byte[] pdfBytes, GeneralSafeObjects safeObjectProvider) throws IOException
      Constructor
      Parameters:
      pdfBytes - the bytes of a PDF document
      safeObjectProvider - provider of the logic to identify safe objects in the PDF documents that may be altered without changing the visual content of the document
      Throws:
      IOException - if theis docuemnt is not a well formed PDF document

  • Method Details

    • getSignedDocument

      public byte[] getSignedDocument(org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature signature) throws IllegalArgumentException
      Extracts the bytes of the PDF document that was signed by the provided signature
      Specified by:
      getSignedDocument in interface PDFSignatureContext
      Parameters:
      signature - pdf signature
      Returns:
      the byes signed by the provided signature
      Throws:
      IllegalArgumentException - if the signature is not found or no signed data can be located

    • isSignatureExtendedByNonSafeUpdates

      public boolean isSignatureExtendedByNonSafeUpdates(org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature signature) throws IllegalArgumentException
      Check if the pdf document was updated by unsafe updates after this signature was added to the document, where the new update may alter the visual content of the document. Allowed updates are new signatures, document timestamps, DSS extensions and safe context updates such as document info updates in the document trailer caused by re-save by Acrobat reader.

      An update to a PDF document applied after the PDF document was signed invalidates any existing signature unless the update is not a new signature, document timestamp, a DSS store, or safe metadata update

      Some validation policies may require that any new signatures or document timestamps must be trusted and verified for it to be an acceptable update to a signed document

      Specified by:
      isSignatureExtendedByNonSafeUpdates in interface PDFSignatureContext
      Parameters:
      signature - the PDF signature
      Returns:
      true if the provided signature was updated by a non signature update
      Throws:
      IllegalArgumentException - on failure to test if the signature was updated by a non signature update

    • isCoversWholeDocument

      public boolean isCoversWholeDocument(org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature signature) throws IllegalArgumentException
      Test if this signature covers the whole document.

      Signature is considered to cover the whole document if it is the last update to the PDF document (byte range covers the whole document) or:

      • All new updates are signature, doc timestamp or DSS updates, and
      • Updates to existing objects is limited to the root object, and
      • Root objects contains no changes but allows added items, and
      • Where added items to the root object is limited to "DSS" and "AcroForm
      Specified by:
      isCoversWholeDocument in interface PDFSignatureContext
      Parameters:
      signature - The signature tested if it covers the whole document
      Returns:
      true if the signature covers the whole document
      Throws:
      IllegalArgumentException

    • getPdfDocRevisions

      public List<PDFDocRevision> getPdfDocRevisions()
      Getter for PDF document revision data
      Specified by:
      getPdfDocRevisions in interface PDFSignatureContext
      Returns:
      PDF document revision data for all document revisions

    • getSignatures

      public List<org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature> getSignatures()
      Getter for PDF signature objects in the examined document. The purpose of this function is that it avoids creating a new load of the document to obtain the signatures in cases where this signature context processor is used.
      Specified by:
      getSignatures in interface PDFSignatureContext
      Returns:
      signatures