mirror of
https://github.com/unidoc/unipdf.git
synced 2025-04-26 13:48:55 +08:00
107 lines
20 KiB
Go
107 lines
20 KiB
Go
//
|
|
// Copyright 2020 FoxyUtils ehf. All rights reserved.
|
|
//
|
|
// This is a commercial product and requires a license to operate.
|
|
// A trial license can be obtained at https://unidoc.io
|
|
//
|
|
// DO NOT EDIT: generated by unitwist Go source code obfuscator.
|
|
//
|
|
// Use of this source code is governed by the UniDoc End User License Agreement
|
|
// terms that can be accessed at https://unidoc.io/eula/
|
|
|
|
// Package sighandler implements digital signature handlers for PDF signature validation and signing.
|
|
package sighandler ;import (_f "bytes";_ff "crypto";_gf "crypto/rand";_ae "crypto/rsa";_gc "crypto/x509";_dc "crypto/x509/pkix";_b "encoding/asn1";_g "errors";_dg "fmt";_cd "github.com/unidoc/pkcs7";_gca "github.com/unidoc/timestamp";_ba "github.com/unidoc/unipdf/v3/core";_da "github.com/unidoc/unipdf/v3/model";_de "hash";_c "io";_a "io/ioutil";_eg "net/http";_d "time";);type adobePKCS7Detached struct{_fg *_ae .PrivateKey ;_fd *_gc .Certificate ;_ca bool ;_dgb int ;};
|
|
|
|
// InitSignature initialises the PdfSignature.
|
|
func (_ffb *adobePKCS7Detached )InitSignature (sig *_da .PdfSignature )error {if !_ffb ._ca {if _ffb ._fd ==nil {return _g .New ("c\u0065\u0072\u0074\u0069\u0066\u0069c\u0061\u0074\u0065\u0020\u006d\u0075\u0073\u0074\u0020n\u006f\u0074\u0020b\u0065 \u006e\u0069\u006c");};if _ffb ._fg ==nil {return _g .New ("\u0070\u0072\u0069\u0076\u0061\u0074\u0065\u004b\u0065\u0079\u0020m\u0075\u0073\u0074\u0020\u006e\u006f\u0074\u0020\u0062\u0065 \u006e\u0069\u006c");};};_cad :=*_ffb ;sig .Handler =&_cad ;sig .Filter =_ba .MakeName ("\u0041\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004c\u0069\u0074\u0065");sig .SubFilter =_ba .MakeName ("\u0061\u0064\u0062\u0065.p\u006b\u0063\u0073\u0037\u002e\u0064\u0065\u0074\u0061\u0063\u0068\u0065\u0064");sig .Reference =nil ;_bd ,_gd :=_cad .NewDigest (sig );if _gd !=nil {return _gd ;};_bd .Write ([]byte ("\u0063\u0061\u006c\u0063\u0075\u006ca\u0074\u0065\u0020\u0074\u0068\u0065\u0020\u0043\u006f\u006e\u0074\u0065\u006et\u0073\u0020\u0066\u0069\u0065\u006c\u0064 \u0073\u0069\u007a\u0065"));return _cad .Sign (sig ,_bd );};
|
|
|
|
// Validate validates PdfSignature.
|
|
func (_egf *adobePKCS7Detached )Validate (sig *_da .PdfSignature ,digest _da .Hasher )(_da .SignatureValidationResult ,error ){_af :=sig .Contents .Bytes ();_dec ,_ef :=_cd .Parse (_af );if _ef !=nil {return _da .SignatureValidationResult {},_ef ;};_bdd :=digest .(*_f .Buffer );_dec .Content =_bdd .Bytes ();if _ef =_dec .Verify ();_ef !=nil {return _da .SignatureValidationResult {},_ef ;};return _da .SignatureValidationResult {IsSigned :true ,IsVerified :true },nil ;};
|
|
|
|
// NewDigest creates a new digest.
|
|
func (_geb *adobeX509RSASHA1 )NewDigest (sig *_da .PdfSignature )(_da .Hasher ,error ){_fbd ,_db :=_geb .getCertificate (sig );if _db !=nil {return nil ,_db ;};_ab ,_ :=_eec (_fbd .SignatureAlgorithm );return _ab .New (),nil ;};
|
|
|
|
// IsApplicable returns true if the signature handler is applicable for the PdfSignature
|
|
func (_ce *adobePKCS7Detached )IsApplicable (sig *_da .PdfSignature )bool {if sig ==nil ||sig .Filter ==nil ||sig .SubFilter ==nil {return false ;};return (*sig .Filter =="A\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004d\u0053"||*sig .Filter =="\u0041\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004c\u0069\u0074\u0065")&&*sig .SubFilter =="\u0061\u0064\u0062\u0065.p\u006b\u0063\u0073\u0037\u002e\u0064\u0065\u0074\u0061\u0063\u0068\u0065\u0064";};func (_aee *adobePKCS7Detached )getCertificate (_daa *_da .PdfSignature )(*_gc .Certificate ,error ){if _aee ._fd !=nil {return _aee ._fd ,nil ;};var _aa []byte ;switch _gcag :=_daa .Cert .(type ){case *_ba .PdfObjectString :_aa =_gcag .Bytes ();case *_ba .PdfObjectArray :if _gcag .Len ()==0{return nil ,_g .New ("\u006e\u006f\u0020s\u0069\u0067\u006e\u0061t\u0075\u0072\u0065\u0020\u0063\u0065\u0072t\u0069\u0066\u0069\u0063\u0061\u0074\u0065\u0073\u0020\u0066\u006f\u0075\u006e\u0064");};for _ ,_be :=range _gcag .Elements (){_fb ,_ea :=_ba .GetString (_be );if !_ea {return nil ,_dg .Errorf ("\u0069\u006ev\u0061\u006c\u0069\u0064\u0020\u0063\u0065\u0072\u0074\u0069\u0066\u0069\u0063\u0061\u0074\u0065\u0020\u006f\u0062j\u0065\u0063\u0074\u0020\u0074\u0079p\u0065\u0020\u0069\u006e\u0020\u0073\u0069\u0067\u006e\u0061\u0074\u0075\u0072\u0065 \u0063\u0065r\u0074\u0069\u0066\u0069c\u0061\u0074\u0065\u0020\u0063h\u0061\u0069\u006e\u003a\u0020\u0025\u0054",_be );};_aa =append (_aa ,_fb .Bytes ()...);};default:return nil ,_dg .Errorf ("\u0069n\u0076\u0061l\u0069\u0064\u0020s\u0069\u0067\u006e\u0061\u0074\u0075\u0072e\u0020\u0063\u0065\u0072\u0074\u0069f\u0069\u0063\u0061\u0074\u0065\u0020\u006f\u0062\u006a\u0065\u0063t\u0020\u0074\u0079\u0070\u0065\u003a\u0020\u0025\u0054",_gcag );};_cf ,_aeg :=_gc .ParseCertificates (_aa );if _aeg !=nil {return nil ,_aeg ;};return _cf [0],nil ;};
|
|
|
|
// NewDocTimeStamp creates a new DocTimeStamp signature handler.
|
|
// Both the timestamp server URL and the hash algorithm can be empty for the
|
|
// signature validation.
|
|
// The following hash algorithms are supported:
|
|
// crypto.SHA1, crypto.SHA256, crypto.SHA384, crypto.SHA512.
|
|
// NOTE: the handler will do a mock Sign when initializing the signature
|
|
// in order to estimate the signature size. Use NewDocTimeStampWithOpts
|
|
// for providing the signature size.
|
|
func NewDocTimeStamp (timestampServerURL string ,hashAlgorithm _ff .Hash )(_da .SignatureHandler ,error ){return &docTimeStamp {_dbe :timestampServerURL ,_dece :hashAlgorithm },nil ;};
|
|
|
|
// NewEmptyAdobePKCS7Detached creates a new Adobe.PPKMS/Adobe.PPKLite adbe.pkcs7.detached
|
|
// signature handler. The generated signature is empty and of size signatureLen.
|
|
// The signatureLen parameter can be 0 for the signature validation.
|
|
func NewEmptyAdobePKCS7Detached (signatureLen int )(_da .SignatureHandler ,error ){return &adobePKCS7Detached {_ca :true ,_dgb :signatureLen },nil ;};func _eec (_gcg _gc .SignatureAlgorithm )(_ff .Hash ,bool ){var _deb _ff .Hash ;switch _gcg {case _gc .SHA1WithRSA :_deb =_ff .SHA1 ;case _gc .SHA256WithRSA :_deb =_ff .SHA256 ;case _gc .SHA384WithRSA :_deb =_ff .SHA384 ;case _gc .SHA512WithRSA :_deb =_ff .SHA512 ;default:return _ff .SHA1 ,false ;};return _deb ,true ;};func _bfa (_bae _b .ObjectIdentifier )(_ff .Hash ,error ){switch {case _bae .Equal (_cd .OIDDigestAlgorithmSHA1 ),_bae .Equal (_cd .OIDDigestAlgorithmECDSASHA1 ),_bae .Equal (_cd .OIDDigestAlgorithmDSA ),_bae .Equal (_cd .OIDDigestAlgorithmDSASHA1 ),_bae .Equal (_cd .OIDEncryptionAlgorithmRSA ):return _ff .SHA1 ,nil ;case _bae .Equal (_cd .OIDDigestAlgorithmSHA256 ),_bae .Equal (_cd .OIDDigestAlgorithmECDSASHA256 ):return _ff .SHA256 ,nil ;case _bae .Equal (_cd .OIDDigestAlgorithmSHA384 ),_bae .Equal (_cd .OIDDigestAlgorithmECDSASHA384 ):return _ff .SHA384 ,nil ;case _bae .Equal (_cd .OIDDigestAlgorithmSHA512 ),_bae .Equal (_cd .OIDDigestAlgorithmECDSASHA512 ):return _ff .SHA512 ,nil ;};return _ff .Hash (0),_cd .ErrUnsupportedAlgorithm ;};
|
|
|
|
// InitSignature initialises the PdfSignature.
|
|
func (_bg *adobeX509RSASHA1 )InitSignature (sig *_da .PdfSignature )error {if _bg ._ag ==nil {return _g .New ("c\u0065\u0072\u0074\u0069\u0066\u0069c\u0061\u0074\u0065\u0020\u006d\u0075\u0073\u0074\u0020n\u006f\u0074\u0020b\u0065 \u006e\u0069\u006c");};if _bg ._aac ==nil &&_bg ._fdf ==nil {return _g .New ("\u006d\u0075\u0073\u0074\u0020\u0070\u0072o\u0076\u0069\u0064e\u0020\u0065\u0069t\u0068\u0065r\u0020\u0061\u0020\u0070\u0072\u0069v\u0061te\u0020\u006b\u0065\u0079\u0020\u006f\u0072\u0020\u0061\u0020\u0073\u0069\u0067\u006e\u0069\u006e\u0067\u0020\u0066\u0075\u006e\u0063\u0074\u0069\u006f\u006e");};_ee :=*_bg ;sig .Handler =&_ee ;sig .Filter =_ba .MakeName ("\u0041\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004c\u0069\u0074\u0065");sig .SubFilter =_ba .MakeName ("\u0061d\u0062e\u002e\u0078\u0035\u0030\u0039.\u0072\u0073a\u005f\u0073\u0068\u0061\u0031");sig .Cert =_ba .MakeString (string (_ee ._ag .Raw ));sig .Reference =nil ;_gcd ,_egc :=_ee .NewDigest (sig );if _egc !=nil {return _egc ;};_gcd .Write ([]byte ("\u0063\u0061\u006c\u0063\u0075\u006ca\u0074\u0065\u0020\u0074\u0068\u0065\u0020\u0043\u006f\u006e\u0074\u0065\u006et\u0073\u0020\u0066\u0069\u0065\u006c\u0064 \u0073\u0069\u007a\u0065"));return _ee .Sign (sig ,_gcd );};
|
|
|
|
// NewAdobeX509RSASHA1 creates a new Adobe.PPKMS/Adobe.PPKLite adbe.x509.rsa_sha1 signature handler.
|
|
// Both parameters may be nil for the signature validation.
|
|
func NewAdobeX509RSASHA1 (privateKey *_ae .PrivateKey ,certificate *_gc .Certificate )(_da .SignatureHandler ,error ){return &adobeX509RSASHA1 {_ag :certificate ,_aac :privateKey },nil ;};
|
|
|
|
// NewDigest creates a new digest.
|
|
func (_ec *docTimeStamp )NewDigest (sig *_da .PdfSignature )(_da .Hasher ,error ){return _f .NewBuffer (nil ),nil ;};
|
|
|
|
// SignFunc represents a custom signing function. The function should return
|
|
// the computed signature.
|
|
type SignFunc func (_acd *_da .PdfSignature ,_df _da .Hasher )([]byte ,error );func (_cbd *adobeX509RSASHA1 )getCertificate (_ad *_da .PdfSignature )(*_gc .Certificate ,error ){if _cbd ._ag !=nil {return _cbd ._ag ,nil ;};var _baa []byte ;switch _bbd :=_ad .Cert .(type ){case *_ba .PdfObjectString :_baa =_bbd .Bytes ();case *_ba .PdfObjectArray :if _bbd .Len ()==0{return nil ,_g .New ("\u006e\u006f\u0020s\u0069\u0067\u006e\u0061t\u0075\u0072\u0065\u0020\u0063\u0065\u0072t\u0069\u0066\u0069\u0063\u0061\u0074\u0065\u0073\u0020\u0066\u006f\u0075\u006e\u0064");};for _ ,_cdd :=range _bbd .Elements (){_cde ,_fbaa :=_ba .GetString (_cdd );if !_fbaa {return nil ,_dg .Errorf ("\u0069\u006ev\u0061\u006c\u0069\u0064\u0020\u0063\u0065\u0072\u0074\u0069\u0066\u0069\u0063\u0061\u0074\u0065\u0020\u006f\u0062j\u0065\u0063\u0074\u0020\u0074\u0079p\u0065\u0020\u0069\u006e\u0020\u0073\u0069\u0067\u006e\u0061\u0074\u0075\u0072\u0065 \u0063\u0065r\u0074\u0069\u0066\u0069c\u0061\u0074\u0065\u0020\u0063h\u0061\u0069\u006e\u003a\u0020\u0025\u0054",_cdd );};_baa =append (_baa ,_cde .Bytes ()...);};default:return nil ,_dg .Errorf ("\u0069n\u0076\u0061l\u0069\u0064\u0020s\u0069\u0067\u006e\u0061\u0074\u0075\u0072e\u0020\u0063\u0065\u0072\u0074\u0069f\u0069\u0063\u0061\u0074\u0065\u0020\u006f\u0062\u006a\u0065\u0063t\u0020\u0074\u0079\u0070\u0065\u003a\u0020\u0025\u0054",_bbd );};_fdg ,_ga :=_gc .ParseCertificates (_baa );if _ga !=nil {return nil ,_ga ;};return _fdg [0],nil ;};
|
|
|
|
// NewAdobeX509RSASHA1Custom creates a new Adobe.PPKMS/Adobe.PPKLite adbe.x509.rsa_sha1 signature handler
|
|
// with a custom signing function. Both parameters may be nil for the signature validation.
|
|
func NewAdobeX509RSASHA1Custom (certificate *_gc .Certificate ,signFunc SignFunc )(_da .SignatureHandler ,error ){return &adobeX509RSASHA1 {_ag :certificate ,_fdf :signFunc },nil ;};type timestampInfo struct{Version int ;Policy _b .RawValue ;MessageImprint struct{HashAlgorithm _dc .AlgorithmIdentifier ;HashedMessage []byte ;};SerialNumber _b .RawValue ;GeneralizedTime _d .Time ;};
|
|
|
|
// Sign sets the Contents fields for the PdfSignature.
|
|
func (_caf *adobeX509RSASHA1 )Sign (sig *_da .PdfSignature ,digest _da .Hasher )error {var _fbae []byte ;var _dbf error ;if _caf ._fdf !=nil {_fbae ,_dbf =_caf ._fdf (sig ,digest );if _dbf !=nil {return _dbf ;};}else {_eee ,_fge :=digest .(_de .Hash );if !_fge {return _g .New ("\u0068a\u0073h\u0020\u0074\u0079\u0070\u0065\u0020\u0065\u0072\u0072\u006f\u0072");};_cg ,_ :=_eec (_caf ._ag .SignatureAlgorithm );_fbae ,_dbf =_ae .SignPKCS1v15 (_gf .Reader ,_caf ._aac ,_cg ,_eee .Sum (nil ));if _dbf !=nil {return _dbf ;};};_fbae ,_dbf =_b .Marshal (_fbae );if _dbf !=nil {return _dbf ;};sig .Contents =_ba .MakeHexString (string (_fbae ));return nil ;};
|
|
|
|
// Validate validates PdfSignature.
|
|
func (_bgb *docTimeStamp )Validate (sig *_da .PdfSignature ,digest _da .Hasher )(_da .SignatureValidationResult ,error ){_cee :=sig .Contents .Bytes ();_aga ,_cae :=_cd .Parse (_cee );if _cae !=nil {return _da .SignatureValidationResult {},_cae ;};if _cae =_aga .Verify ();_cae !=nil {return _da .SignatureValidationResult {},_cae ;};var _bge timestampInfo ;_ ,_cae =_b .Unmarshal (_aga .Content ,&_bge );if _cae !=nil {return _da .SignatureValidationResult {},_cae ;};_cbe ,_cae :=_bfa (_bge .MessageImprint .HashAlgorithm .Algorithm );if _cae !=nil {return _da .SignatureValidationResult {},_cae ;};_dfc :=_cbe .New ();_gg :=digest .(*_f .Buffer );_dfc .Write (_gg .Bytes ());_egcc :=_dfc .Sum (nil );_ade :=_da .SignatureValidationResult {IsSigned :true ,IsVerified :_f .Equal (_egcc ,_bge .MessageImprint .HashedMessage ),GeneralizedTime :_bge .GeneralizedTime };return _ade ,nil ;};
|
|
|
|
// IsApplicable returns true if the signature handler is applicable for the PdfSignature.
|
|
func (_cdc *adobeX509RSASHA1 )IsApplicable (sig *_da .PdfSignature )bool {if sig ==nil ||sig .Filter ==nil ||sig .SubFilter ==nil {return false ;};return (*sig .Filter =="A\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004d\u0053"||*sig .Filter =="\u0041\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004c\u0069\u0074\u0065")&&*sig .SubFilter =="\u0061d\u0062e\u002e\u0078\u0035\u0030\u0039.\u0072\u0073a\u005f\u0073\u0068\u0061\u0031";};
|
|
|
|
// IsApplicable returns true if the signature handler is applicable for the PdfSignature.
|
|
func (_ged *docTimeStamp )IsApplicable (sig *_da .PdfSignature )bool {if sig ==nil ||sig .Filter ==nil ||sig .SubFilter ==nil {return false ;};return (*sig .Filter =="A\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004d\u0053"||*sig .Filter =="\u0041\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004c\u0069\u0074\u0065")&&*sig .SubFilter =="\u0045\u0054\u0053I\u002e\u0052\u0046\u0043\u0033\u0031\u0036\u0031";};
|
|
|
|
// DocTimeStampOpts defines options for configuring the timestamp handler.
|
|
type DocTimeStampOpts struct{
|
|
|
|
// SignatureSize is the estimated size of the signature contents in bytes.
|
|
// If not provided, a default signature size of 4192 is used.
|
|
// The signing process will report the model.ErrSignNotEnoughSpace error
|
|
// if the estimated signature size is smaller than the actual size of the
|
|
// signature.
|
|
SignatureSize int ;};
|
|
|
|
// InitSignature initialises the PdfSignature.
|
|
func (_bc *docTimeStamp )InitSignature (sig *_da .PdfSignature )error {_eb :=*_bc ;sig .Handler =&_eb ;sig .Filter =_ba .MakeName ("\u0041\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004c\u0069\u0074\u0065");sig .SubFilter =_ba .MakeName ("\u0045\u0054\u0053I\u002e\u0052\u0046\u0043\u0033\u0031\u0036\u0031");sig .Reference =nil ;if _bc ._bgg > 0{sig .Contents =_ba .MakeHexString (string (make ([]byte ,_bc ._bgg )));}else {_dea ,_bfd :=_bc .NewDigest (sig );if _bfd !=nil {return _bfd ;};_dea .Write ([]byte ("\u0063\u0061\u006c\u0063\u0075\u006ca\u0074\u0065\u0020\u0074\u0068\u0065\u0020\u0043\u006f\u006e\u0074\u0065\u006et\u0073\u0020\u0066\u0069\u0065\u006c\u0064 \u0073\u0069\u007a\u0065"));if _bfd =_eb .Sign (sig ,_dea );_bfd !=nil {return _bfd ;};_bc ._bgg =_eb ._bgg ;};return nil ;};
|
|
|
|
// Sign sets the Contents fields for the PdfSignature.
|
|
func (_dfd *docTimeStamp )Sign (sig *_da .PdfSignature ,digest _da .Hasher )error {_bfac :=digest .(*_f .Buffer );_afda :=_dfd ._dece .New ();if _ ,_dbb :=_c .Copy (_afda ,_bfac );_dbb !=nil {return _dbb ;};_bdg :=_gca .Request {HashAlgorithm :_dfd ._dece ,HashedMessage :_afda .Sum (nil ),Certificates :true ,Extensions :nil ,ExtraExtensions :nil };_ffc ,_aba :=_bdg .Marshal ();if _aba !=nil {return _aba ;};_bcc ,_aba :=_eg .Post (_dfd ._dbe ,"a\u0070\u0070\u006c\u0069\u0063\u0061t\u0069\u006f\u006e\u002f\u0074\u0069\u006d\u0065\u0073t\u0061\u006d\u0070-\u0071u\u0065\u0072\u0079",_f .NewBuffer (_ffc ));if _aba !=nil {return _aba ;};defer _bcc .Body .Close ();_agd ,_aba :=_a .ReadAll (_bcc .Body );if _aba !=nil {return _aba ;};if _bcc .StatusCode !=_eg .StatusOK {return _dg .Errorf ("\u0068\u0074\u0074\u0070\u0020\u0073\u0074\u0061\u0074\u0075\u0073\u0020\u0063\u006f\u0064e\u0020n\u006f\u0074\u0020\u006f\u006b\u0020\u0028\u0067\u006f\u0074\u0020\u0025\u0064\u0029",_bcc .StatusCode );};var _aab struct{Version _b .RawValue ;Content _b .RawValue ;};if _ ,_aba =_b .Unmarshal (_agd ,&_aab );_aba !=nil {return _aba ;};_ecc :=len (_aab .Content .FullBytes );if _dfd ._bgg > 0&&_ecc > _dfd ._bgg {return _da .ErrSignNotEnoughSpace ;};if _ecc > 0{_dfd ._bgg =_ecc +128;};sig .Contents =_ba .MakeHexString (string (_aab .Content .FullBytes ));return nil ;};func (_ed *docTimeStamp )getCertificate (_fef *_da .PdfSignature )(*_gc .Certificate ,error ){var _cba []byte ;switch _dag :=_fef .Cert .(type ){case *_ba .PdfObjectString :_cba =_dag .Bytes ();case *_ba .PdfObjectArray :if _dag .Len ()==0{return nil ,_g .New ("\u006e\u006f\u0020s\u0069\u0067\u006e\u0061t\u0075\u0072\u0065\u0020\u0063\u0065\u0072t\u0069\u0066\u0069\u0063\u0061\u0074\u0065\u0073\u0020\u0066\u006f\u0075\u006e\u0064");};for _ ,_dd :=range _dag .Elements (){_fgc ,_dda :=_ba .GetString (_dd );if !_dda {return nil ,_dg .Errorf ("\u0069\u006ev\u0061\u006c\u0069\u0064\u0020\u0063\u0065\u0072\u0074\u0069\u0066\u0069\u0063\u0061\u0074\u0065\u0020\u006f\u0062j\u0065\u0063\u0074\u0020\u0074\u0079p\u0065\u0020\u0069\u006e\u0020\u0073\u0069\u0067\u006e\u0061\u0074\u0075\u0072\u0065 \u0063\u0065r\u0074\u0069\u0066\u0069c\u0061\u0074\u0065\u0020\u0063h\u0061\u0069\u006e\u003a\u0020\u0025\u0054",_dd );};_cba =append (_cba ,_fgc .Bytes ()...);};default:return nil ,_dg .Errorf ("\u0069n\u0076\u0061l\u0069\u0064\u0020s\u0069\u0067\u006e\u0061\u0074\u0075\u0072e\u0020\u0063\u0065\u0072\u0074\u0069f\u0069\u0063\u0061\u0074\u0065\u0020\u006f\u0062\u006a\u0065\u0063t\u0020\u0074\u0079\u0070\u0065\u003a\u0020\u0025\u0054",_dag );};_fdd ,_def :=_gc .ParseCertificates (_cba );if _def !=nil {return nil ,_def ;};return _fdd [0],nil ;};
|
|
|
|
// NewDigest creates a new digest.
|
|
func (_cb *adobePKCS7Detached )NewDigest (sig *_da .PdfSignature )(_da .Hasher ,error ){return _f .NewBuffer (nil ),nil ;};
|
|
|
|
// NewDocTimeStampWithOpts returns a new DocTimeStamp configured using the
|
|
// specified options. If no options are provided, default options will be used.
|
|
// Both the timestamp server URL and the hash algorithm can be empty for the
|
|
// signature validation.
|
|
// The following hash algorithms are supported:
|
|
// crypto.SHA1, crypto.SHA256, crypto.SHA384, crypto.SHA512.
|
|
func NewDocTimeStampWithOpts (timestampServerURL string ,hashAlgorithm _ff .Hash ,opts *DocTimeStampOpts )(_da .SignatureHandler ,error ){if opts ==nil {opts =&DocTimeStampOpts {};};if opts .SignatureSize <=0{opts .SignatureSize =4192;};return &docTimeStamp {_dbe :timestampServerURL ,_dece :hashAlgorithm ,_bgg :opts .SignatureSize },nil ;};
|
|
|
|
// Sign sets the Contents fields.
|
|
func (_bb *adobePKCS7Detached )Sign (sig *_da .PdfSignature ,digest _da .Hasher )error {if _bb ._ca {_bde :=_bb ._dgb ;if _bde <=0{_bde =8192;};sig .Contents =_ba .MakeHexString (string (make ([]byte ,_bde )));return nil ;};_ge :=digest .(*_f .Buffer );_gdd ,_afd :=_cd .NewSignedData (_ge .Bytes ());if _afd !=nil {return _afd ;};if _fba :=_gdd .AddSigner (_bb ._fd ,_bb ._fg ,_cd .SignerInfoConfig {});_fba !=nil {return _fba ;};_gdd .Detach ();_ac ,_afd :=_gdd .Finish ();if _afd !=nil {return _afd ;};_cbg :=make ([]byte ,8192);copy (_cbg ,_ac );sig .Contents =_ba .MakeHexString (string (_cbg ));return nil ;};type docTimeStamp struct{_dbe string ;_dece _ff .Hash ;_bgg int ;};type adobeX509RSASHA1 struct{_aac *_ae .PrivateKey ;_ag *_gc .Certificate ;_fdf SignFunc ;};
|
|
|
|
// Validate validates PdfSignature.
|
|
func (_fe *adobeX509RSASHA1 )Validate (sig *_da .PdfSignature ,digest _da .Hasher )(_da .SignatureValidationResult ,error ){_fc ,_bee :=_fe .getCertificate (sig );if _bee !=nil {return _da .SignatureValidationResult {},_bee ;};_cff :=sig .Contents .Bytes ();var _bgc []byte ;if _ ,_efc :=_b .Unmarshal (_cff ,&_bgc );_efc !=nil {return _da .SignatureValidationResult {},_efc ;};_cda ,_aef :=digest .(_de .Hash );if !_aef {return _da .SignatureValidationResult {},_g .New ("\u0068a\u0073h\u0020\u0074\u0079\u0070\u0065\u0020\u0065\u0072\u0072\u006f\u0072");};_dfe ,_ :=_eec (_fc .SignatureAlgorithm );if _gfa :=_ae .VerifyPKCS1v15 (_fc .PublicKey .(*_ae .PublicKey ),_dfe ,_cda .Sum (nil ),_bgc );_gfa !=nil {return _da .SignatureValidationResult {},_gfa ;};return _da .SignatureValidationResult {IsSigned :true ,IsVerified :true },nil ;};
|
|
|
|
// NewAdobePKCS7Detached creates a new Adobe.PPKMS/Adobe.PPKLite adbe.pkcs7.detached signature handler.
|
|
// Both parameters may be nil for the signature validation.
|
|
func NewAdobePKCS7Detached (privateKey *_ae .PrivateKey ,certificate *_gc .Certificate )(_da .SignatureHandler ,error ){return &adobePKCS7Detached {_fd :certificate ,_fg :privateKey },nil ;}; |