Package eu.europa.esig.dss.pdf

Class AbstractPDFSignatureService

java.lang.Object
eu.europa.esig.dss.pdf.AbstractPDFSignatureService
All Implemented Interfaces:
PDFSignatureService
Direct Known Subclasses:
ITextPDFSignatureService, PdfBoxSignatureService
public abstract class AbstractPDFSignatureService extends Object implements PDFSignatureService
The abstract implementation of a PDF signature service

  • Field Details

    • resourcesHandlerBuilder

      protected DSSResourcesHandlerBuilder resourcesHandlerBuilder
      The builder to be used to create a new DSSResourcesHandler for each internal call, defining a way working with internal resources (e.g. in memory or by using temporary files). The resources are used on a document creation Default : eu.europa.esig.dss.signature.resources.InMemoryResourcesHandler, working with data in memory

    • pdfDifferencesFinder

      protected PdfDifferencesFinder pdfDifferencesFinder
      Used to find differences occurred between PDF revisions (e.g. visible changes). Default : DefaultPdfDifferencesFinder

    • pdfObjectModificationsFinder

      protected PdfObjectModificationsFinder pdfObjectModificationsFinder
      Used to find differences within internal PDF objects occurred between PDF revisions . Default : DefaultPdfModificationsFinder

  • Constructor Details

    • AbstractPDFSignatureService

      protected AbstractPDFSignatureService(PDFServiceMode serviceMode, SignatureDrawerFactory signatureDrawerFactory)
      Constructor for the PDFSignatureService
      Parameters:
      serviceMode - current instance is used to generate Signature or DocumentTimeStamp revision
      signatureDrawerFactory - the factory of SignatureDrawer

  • Method Details

    • setResourcesHandlerBuilder

      public void setResourcesHandlerBuilder(DSSResourcesHandlerBuilder resourcesHandlerBuilder)
      Description copied from interface: PDFSignatureService
      Sets DSSResourcesFactoryBuilder to be used for a DSSResourcesHandler creation in internal methods. DSSResourcesHandler defines a way to operate with OutputStreams and create DSSDocuments. Default : eu.europa.esig.dss.signature.resources.InMemoryResourcesHandler. Works with data in memory.
      Specified by:
      setResourcesHandlerBuilder in interface PDFSignatureService
      Parameters:
      resourcesHandlerBuilder - DSSResourcesHandlerBuilder

    • setPdfDifferencesFinder

      public void setPdfDifferencesFinder(PdfDifferencesFinder pdfDifferencesFinder)
      Description copied from interface: PDFSignatureService
      Sets the PdfDifferencesFinder used to find the differences on pages between given PDF revisions. Default : eu.europa.esig.dss.pdf.modifications.DefaultPdfDifferencesFinder
      Specified by:
      setPdfDifferencesFinder in interface PDFSignatureService
      Parameters:
      pdfDifferencesFinder - PdfDifferencesFinder

    • setPdfObjectModificationsFinder

      public void setPdfObjectModificationsFinder(PdfObjectModificationsFinder pdfObjectModificationsFinder)
      Description copied from interface: PDFSignatureService
      Sets the PdfObjectModificationsFinder used to find the differences between internal PDF objects occurred between given PDF revisions. Default : eu.europa.esig.dss.pdf.modifications.DefaultPdfObjectModificationsFinder
      Specified by:
      setPdfObjectModificationsFinder in interface PDFSignatureService
      Parameters:
      pdfObjectModificationsFinder - PdfObjectModificationsFinder

    • setAlertOnSignatureFieldOverlap

      public void setAlertOnSignatureFieldOverlap(StatusAlert alertOnSignatureFieldOverlap)
      Sets alert on a signature field overlap with existing fields or/and annotations Default : ExceptionOnStatusAlert - throw the exception
      Parameters:
      alertOnSignatureFieldOverlap - StatusAlert to execute

    • setAlertOnSignatureFieldOutsidePageDimensions

      public void setAlertOnSignatureFieldOutsidePageDimensions(StatusAlert alertOnSignatureFieldOutsidePageDimensions)
      Sets a behavior to follow when a new signature field is created outside the page's dimensions Default : ExceptionOnStatusAlert - throw the exception
      Parameters:
      alertOnSignatureFieldOutsidePageDimensions - StatusAlert to execute

    • setAlertOnForbiddenSignatureCreation

      public void setAlertOnForbiddenSignatureCreation(StatusAlert alertOnForbiddenSignatureCreation)
      Sets a behavior to follow when creating a new signature in a document that forbids creation of new signatures Default : ExceptionOnStatusAlert - throw the exception
      Parameters:
      alertOnForbiddenSignatureCreation - StatusAlert to execute

    • setMaximalPagesAmountForVisualComparison

      @Deprecated public void setMaximalPagesAmountForVisualComparison(int pagesAmount)
      Deprecated.
      since 5.11. Use PDFDocumentValidator validator = new PDFDocumentValidator(signedDocument); ... IPdfObjFactory pdfObjFactory = new ServiceLoaderPdfObjFactory(); DefaultPdfDifferencesFinder pdfDifferencesFinder = new DefaultPdfDifferencesFinder(); pdfDifferencesFinder.setMaximalPagesAmountForVisualComparison(0); pdfObjFactory.setPdfDifferencesFinder(pdfDifferencesFinder); validator.setPdfObjFactory(pdfObjFactory);
      Sets a maximal pages amount in a PDF to process a visual screenshot comparison Example: for value 10, the visual comparison will be executed for a PDF containing 10 and fewer pages NOTE: In order to disable visual comparison check set the pages amount to 0 (zero) Default : 10 pages
      Parameters:
      pagesAmount - the amount of the pages to execute visual comparison for

    • loadSignatureDrawer

      protected SignatureDrawer loadSignatureDrawer(SignatureImageParameters imageParameters)
      Returns a SignatureDrawer initialized from a provided signatureDrawerFactory
      Parameters:
      imageParameters - SignatureImageParameters to use
      Returns:
      SignatureDrawer

    • instantiateResourcesHandler

      protected DSSResourcesHandler instantiateResourcesHandler() throws IOException
      This method instantiates a new DSSResourcesFactory
      Returns:
      DSSResourcesHandler
      Throws:
      IOException - if an error occurs on DSSResourcesHandler instantiation

    • digest

      public byte[] digest(DSSDocument toSignDocument, PAdESCommonParameters parameters)
      Description copied from interface: PDFSignatureService
      Returns the digest value of a PDF document.
      Specified by:
      digest in interface PDFSignatureService
      Parameters:
      toSignDocument - the document to be signed
      parameters - the signature/timestamp parameters
      Returns:
      the digest value

    • computeDigest

      protected abstract byte[] computeDigest(DSSDocument toSignDocument, PAdESCommonParameters parameters)
      Computes digest on to be signed data computed on the toSignDocument respectively to the given parameters
      Parameters:
      toSignDocument - DSSDocument to be signed
      parameters - PAdESCommonParameters
      Returns:
      byte array

    • sign

      public DSSDocument sign(DSSDocument toSignDocument, byte[] cmsSignedData, PAdESCommonParameters parameters)
      Description copied from interface: PDFSignatureService
      Signs a PDF document
      Specified by:
      sign in interface PDFSignatureService
      Parameters:
      toSignDocument - the pdf document to be signed
      cmsSignedData - the encoded CMS Signed data
      parameters - the signature/timestamp parameters
      Returns:
      DSSDocument

    • signDocument

      protected abstract DSSDocument signDocument(DSSDocument toSignDocument, byte[] cmsSignedData, PAdESCommonParameters parameters)
      This method creates a signed document from the original toSignDocument, incorporating a new revision, enveloping the provided cmsSignedData
      Parameters:
      toSignDocument - DSSDocument to be signed
      cmsSignedData - byte array representing the encoded CMS signed data's binaries
      parameters - PAdESCommonParameters
      Returns:
      DSSDocument

    • isDocumentTimestampLayer

      protected boolean isDocumentTimestampLayer()
      Checks if a DocumentTimestamp has to be added in the current mode
      Returns:
      TRUE if it is a DocumentTimestamp layer, FALSE otherwise

    • getType

      protected String getType()
      Gets the type of the signature dictionary
      Returns:
      String

    • checkDocumentPermissions

      protected void checkDocumentPermissions(PdfDocumentReader pdfDocumentReader)
      This method checks if the document is not encrypted or with limited edition rights
      Parameters:
      pdfDocumentReader - PdfDocumentReader to check

    • checkNewSignatureIsPermitted

      protected void checkNewSignatureIsPermitted(PdfDocumentReader reader, SignatureFieldParameters fieldParameters)
      This method verifies whether a new signature is permitted
      Parameters:
      reader - PdfDocumentReader
      fieldParameters - SignatureFieldParameters

    • getRevisions

      public List<PdfRevision> getRevisions(DSSDocument document, String pwd)
      Description copied from interface: PDFSignatureService
      Retrieves revisions from a PDF document
      Specified by:
      getRevisions in interface PDFSignatureService
      Parameters:
      document - the document to extract revisions from
      pwd - the password protection phrase used to encrypt the PDF document use 'null' value for not an encrypted document
      Returns:
      list of extracted PdfRevisions

    • addDssDictionary

      public DSSDocument addDssDictionary(DSSDocument document, PdfValidationDataContainer validationDataForInclusion)
      Description copied from interface: PDFSignatureService
      This method adds the DSS dictionary (Baseline-LT)
      Specified by:
      addDssDictionary in interface PDFSignatureService
      Parameters:
      document - the document to be extended
      validationDataForInclusion - PdfValidationDataContainer
      Returns:
      the pdf document with the added dss dictionary

    • getAvailableSignatureFields

      public List<String> getAvailableSignatureFields(DSSDocument document)
      Description copied from interface: PDFSignatureService
      This method returns not signed signature-fields
      Specified by:
      getAvailableSignatureFields in interface PDFSignatureService
      Parameters:
      document - the pdf document
      Returns:
      the list of empty signature fields

    • addNewSignatureField

      public DSSDocument addNewSignatureField(DSSDocument document, SignatureFieldParameters parameters)
      Description copied from interface: PDFSignatureService
      This method allows to add a new signature field to an existing pdf document
      Specified by:
      addNewSignatureField in interface PDFSignatureService
      Parameters:
      document - the pdf document
      parameters - the parameters with the coordinates,... of the signature field
      Returns:
      the pdf document with the new added signature field

    • loadPdfDocumentReader

      protected abstract PdfDocumentReader loadPdfDocumentReader(DSSDocument dssDocument, String passwordProtection) throws IOException, InvalidPasswordException
      Loads PdfDocumentReader instance
      Parameters:
      dssDocument - DSSDocument to read
      passwordProtection - String the password used to protect the document
      Returns:
      PdfDocumentReader
      Throws:
      IOException - in case of loading error
      InvalidPasswordException - if the password is not provided or invalid for a protected document

    • loadPdfDocumentReader

      protected abstract PdfDocumentReader loadPdfDocumentReader(byte[] binaries, String passwordProtection) throws IOException, InvalidPasswordException
      Loads PdfDocumentReader instance
      Parameters:
      binaries - a byte array
      passwordProtection - String the password used to protect the document
      Returns:
      PdfDocumentReader
      Throws:
      IOException - in case of loading error
      InvalidPasswordException - if the password is not provided or invalid for a protected document

    • isContentValueEqualsByteRangeExtraction

      protected boolean isContentValueEqualsByteRangeExtraction(DSSDocument document, ByteRange byteRange, byte[] cms, List<String> signatureFieldNames)
      Checks if the of the value incorporated into /Contents matches the range defined in the byteRange NOTE: used for SIWA detection
      Parameters:
      document - DSSDocument to be validated
      byteRange - ByteRange
      cms - binaries of the CMSSignedData
      signatureFieldNames - a list of signature field String names
      Returns:
      TRUE if the content value equals the byte range extraction, FALSE otherwise

    • getSignatureValue

      protected byte[] getSignatureValue(DSSDocument dssDocument, ByteRange byteRange) throws IOException
      Gets the SignatureValue from the dssDocument according to the byteRange Example: extracts bytes from 841 to 959. [0, 840, 960, 1200]
      Parameters:
      dssDocument - DSSDocument to process
      byteRange - ByteRange specifying the signatureValue
      Returns:
      signatureValue binaries
      Throws:
      IOException - if an exception occurs

    • extractBeforeSignatureValue

      protected byte[] extractBeforeSignatureValue(ByteRange byteRange, byte[] signedContent)
      Extract the content before the signature value
      Parameters:
      byteRange - ByteRange
      signedContent - byte array representing the signed content
      Returns:
      the first part of the byte range

    • isDocTimestamp

      protected boolean isDocTimestamp(PdfSignatureDictionary pdfSigDict)
      Checks if the given signature dictionary represents a DocTimeStamp
      Parameters:
      pdfSigDict - PdfSignatureDictionary to check
      Returns:
      TRUE if the signature dictionary represents a DocTimeStamp, FALSE otherwise

    • isSignature

      protected boolean isSignature(PdfSignatureDictionary pdfSigDict)
      Checks if the given signature dictionary represents a Signature
      Parameters:
      pdfSigDict - PdfSignatureDictionary to check
      Returns:
      TRUE if the signature dictionary represents a Signature, FALSE otherwise

    • getVisibleSignatureFieldBoxPosition

      protected AnnotationBox getVisibleSignatureFieldBoxPosition(SignatureDrawer signatureDrawer, PdfDocumentReader documentReader, SignatureFieldParameters fieldParameters) throws IOException
      Checks validity of the SignatureField position and returns the calculated signature field box
      Parameters:
      signatureDrawer - SignatureDrawer
      documentReader - PdfDocumentReader
      fieldParameters - SignatureFieldParameters
      Returns:
      AnnotationBox
      Throws:
      IOException - if an exception occurs

    • buildSignatureFieldBox

      protected AnnotationBox buildSignatureFieldBox(SignatureDrawer signatureDrawer) throws IOException
      Returns a SignatureFieldBox. Used for a SignatureField position validation.
      Parameters:
      signatureDrawer - SignatureDrawer
      Returns:
      AnnotationBox
      Throws:
      IOException - if an exception occurs

    • getVisibleSignatureFieldBoxPosition

      protected AnnotationBox getVisibleSignatureFieldBoxPosition(PdfDocumentReader reader, SignatureFieldParameters parameters) throws IOException
      Checks if the signatureFieldBox overlaps with any existing annotations on the given page and returns the respectful signature field box
      Parameters:
      reader - PdfDocumentReader to be validated
      parameters - SignatureFieldParameters
      Returns:
      AnnotationBox computed signature field box
      Throws:
      IOException - if an exception occurs

    • toPdfPageCoordinates

      protected AnnotationBox toPdfPageCoordinates(AnnotationBox fieldAnnotationBox, AnnotationBox pageBox, int pageRotation)
      This method transforms a fieldAnnotationBox's positions and dimensions according to the given page
      Parameters:
      fieldAnnotationBox - AnnotationBox computed field of a signature
      pageBox - AnnotationBox page's box
      pageRotation - defines the page's rotation
      Returns:
      AnnotationBox

    • checkSignatureFieldBoxOverlap

      protected void checkSignatureFieldBoxOverlap(AnnotationBox signatureFieldBox, List<PdfAnnotation> pdfAnnotations)
      This method verifies whether the signatureFieldBox overlaps with one of the extracted pdfAnnotations
      Parameters:
      signatureFieldBox - AnnotationBox to verify
      pdfAnnotations - a list of AnnotationBox to verify against

    • checkSignatureFieldAgainstPageDimensions

      protected void checkSignatureFieldAgainstPageDimensions(AnnotationBox signatureFieldBox, AnnotationBox pageBox, int pageRotation)
      This method verifies whether the signatureFieldBox is within pageBox
      Parameters:
      signatureFieldBox - AnnotationBox to check
      pageBox - AnnotationBox representing the page's box
      pageRotation - defines the page's rotation

    • analyzePdfModifications

      public void analyzePdfModifications(DSSDocument document, List<AdvancedSignature> signatures, String pwd)
      Description copied from interface: PDFSignatureService
      Analyze the PDF revision and try to detect any modification (shadow attacks)
      Specified by:
      analyzePdfModifications in interface PDFSignatureService
      Parameters:
      document - DSSDocument the document
      signatures - the different signatures to analyse
      pwd - String password protection

    • getVisualDifferences

      protected List<PdfModification> getVisualDifferences(PdfDocumentReader signedRevisionReader, PdfDocumentReader finalRevisionReader)
      Returns a list of visual differences between the provided PDF and the signed content
      Parameters:
      signedRevisionReader - PdfDocumentReader for the signed revision content
      finalRevisionReader - PdfDocumentReader for the input PDF document
      Returns:
      a list of PdfModifications