OrgGo/unipdf
1
0
Fork 0
mirror of https://github.com/unidoc/unipdf.git synced 2025-05-11 19:29:40 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
unipdf/pdf/model/sighandler/sighandler_pkcs7.go

130 lines
3.6 KiB
Go
Raw Blame History

/*
* This file is subject to the terms and conditions defined in
* file 'LICENSE.md', which is part of this source code package.
*/
package sighandler
import (
"bytes"
"crypto/rsa"
"crypto/x509"
"errors"
"github.com/unidoc/unidoc/common/crypto/pkcs7"
"github.com/unidoc/unidoc/pdf/core"
"github.com/unidoc/unidoc/pdf/model"
)
// Adobe PKCS7 detached signature handler.
type adobePKCS7Detached struct {
privateKey *rsa.PrivateKey
certificate *x509.Certificate
}
// NewAdobePKCS7Detached creates a new Adobe.PPKMS/Adobe.PPKLite adbe.pkcs7.detached signature handler.
// The both parameters may be nil for the signature validation.
func NewAdobePKCS7Detached(privateKey *rsa.PrivateKey, certificate *x509.Certificate) (model.SignatureHandler, error) {
return &adobePKCS7Detached{certificate: certificate, privateKey: privateKey}, nil
}
// InitSignature initialises the PdfSignature.
func (a *adobePKCS7Detached) InitSignature(sig *model.PdfSignature) error {
if a.certificate == nil {
return errors.New("certificate must not be nil")
}
if a.privateKey == nil {
return errors.New("privateKey must not be nil")
}
handler := *a
sig.Handler = &handler
sig.Filter = core.MakeName("Adobe.PPKLite")
sig.SubFilter = core.MakeName("adbe.pkcs7.detached")
sig.Reference = nil
digest, err := handler.NewDigest(sig)
if err != nil {
return err
}
digest.Write([]byte("calculate the Contents field size"))
return handler.Sign(sig, digest)
}
func (a *adobePKCS7Detached) getCertificate(sig *model.PdfSignature) (*x509.Certificate, error) {
certificate := a.certificate
if certificate == nil {
certData := sig.Cert.(*core.PdfObjectString).Bytes()
certs, err := x509.ParseCertificates(certData)
if err != nil {
return nil, err
}
certificate = certs[0]
}
return certificate, nil
}
// NewDigest creates a new digest.
func (a *adobePKCS7Detached) NewDigest(sig *model.PdfSignature) (model.Hasher, error) {
return bytes.NewBuffer(nil), nil
}
// Validate validates PdfSignature.
func (a *adobePKCS7Detached) Validate(sig *model.PdfSignature, digest model.Hasher) (model.SignatureValidationResult, error) {
signed := sig.Contents.Bytes()
buffer := digest.(*bytes.Buffer)
p7, err := pkcs7.Parse(signed)
if err != nil {
return model.SignatureValidationResult{}, err
}
p7.Content = buffer.Bytes()
err = p7.Verify()
if err != nil {
return model.SignatureValidationResult{}, err
}
result := model.SignatureValidationResult{
IsSigned: true,
IsVerified: true,
}
return result, nil
}
// Sign sets the Contents fields.
func (a *adobePKCS7Detached) Sign(sig *model.PdfSignature, digest model.Hasher) error {
buffer := digest.(*bytes.Buffer)
signedData, err := pkcs7.NewSignedData(buffer.Bytes())
if err != nil {
return err
}
// Add the signing cert and private key
if err := signedData.AddSigner(a.certificate, a.privateKey, pkcs7.SignerInfoConfig{}); err != nil {
return err
}
// Call Detach() is you want to remove content from the signature
// and generate an S/MIME detached signature
signedData.Detach()
// Finish() to obtain the signature bytes
detachedSignature, err := signedData.Finish()
if err != nil {
return err
}
data := make([]byte, 8192)
copy(data, detachedSignature)
sig.Contents = core.MakeHexString(string(data))
return nil
}
// IsApplicable returns true if the signature handler is applicable for the PdfSignature
func (a *adobePKCS7Detached) IsApplicable(sig *model.PdfSignature) bool {
if sig == nil || sig.Filter == nil || sig.SubFilter == nil {
return false
}
return (*sig.Filter == "Adobe.PPKMS" || *sig.Filter == "Adobe.PPKLite") && *sig.SubFilter == "adbe.pkcs7.detached"
}
Reference in New Issue View Git Blame Copy Permalink