Package eu.europa.esig.dss.pdf

Class AbstractPDFSignatureService

java.lang.Object
eu.europa.esig.dss.pdf.AbstractPDFSignatureService
All Implemented Interfaces:
PDFSignatureService
Direct Known Subclasses:
ITextPDFSignatureService, PdfBoxSignatureService
public abstract class AbstractPDFSignatureService extends Object implements PDFSignatureService
The abstract implementation of a PDF signature service

  • Field Details

    • resourcesHandlerBuilder

      protected DSSResourcesHandlerBuilder resourcesHandlerBuilder
      The builder to be used to create a new DSSResourcesHandler for each internal call, defining a way working with internal resources (e.g. in memory or by using temporary files). The resources are used on a document creation Default : eu.europa.esig.dss.signature.resources.InMemoryResourcesHandler, working with data in memory

    • pdfDifferencesFinder

      protected PdfDifferencesFinder pdfDifferencesFinder
      Used to find differences occurred between PDF revisions (e.g. visible changes). Default : DefaultPdfDifferencesFinder

    • pdfObjectModificationsFinder

      protected PdfObjectModificationsFinder pdfObjectModificationsFinder
      Used to find differences within internal PDF objects occurred between PDF revisions . Default : DefaultPdfModificationsFinder

    • pdfPermissionsChecker

      protected PdfPermissionsChecker pdfPermissionsChecker
      Used to verify PDF document permissions regarding a new signature creation

    • pdfSignatureFieldPositionChecker

      protected PdfSignatureFieldPositionChecker pdfSignatureFieldPositionChecker
      Used to verify the signature field position placement validity

  • Constructor Details

    • AbstractPDFSignatureService

      protected AbstractPDFSignatureService(PDFServiceMode serviceMode, SignatureDrawerFactory signatureDrawerFactory)
      Constructor for the PDFSignatureService
      Parameters:
      serviceMode - current instance is used to generate Signature or DocumentTimeStamp revision
      signatureDrawerFactory - the factory of SignatureDrawer

  • Method Details

    • setResourcesHandlerBuilder

      public void setResourcesHandlerBuilder(DSSResourcesHandlerBuilder resourcesHandlerBuilder)
      Description copied from interface: PDFSignatureService
      Sets DSSResourcesFactoryBuilder to be used for a DSSResourcesHandler creation in internal methods. DSSResourcesHandler defines a way to operate with OutputStreams and create DSSDocuments. Default : eu.europa.esig.dss.signature.resources.InMemoryResourcesHandler. Works with data in memory.
      Specified by:
      setResourcesHandlerBuilder in interface PDFSignatureService
      Parameters:
      resourcesHandlerBuilder - DSSResourcesHandlerBuilder

    • setPdfDifferencesFinder

      public void setPdfDifferencesFinder(PdfDifferencesFinder pdfDifferencesFinder)
      Description copied from interface: PDFSignatureService
      Sets the PdfDifferencesFinder used to find the differences on pages between given PDF revisions. Default : eu.europa.esig.dss.pdf.modifications.DefaultPdfDifferencesFinder
      Specified by:
      setPdfDifferencesFinder in interface PDFSignatureService
      Parameters:
      pdfDifferencesFinder - PdfDifferencesFinder

    • setPdfObjectModificationsFinder

      public void setPdfObjectModificationsFinder(PdfObjectModificationsFinder pdfObjectModificationsFinder)
      Description copied from interface: PDFSignatureService
      Sets the PdfObjectModificationsFinder used to find the differences between internal PDF objects occurred between given PDF revisions. Default : eu.europa.esig.dss.pdf.modifications.DefaultPdfObjectModificationsFinder
      Specified by:
      setPdfObjectModificationsFinder in interface PDFSignatureService
      Parameters:
      pdfObjectModificationsFinder - PdfObjectModificationsFinder

    • setPdfPermissionsChecker

      public void setPdfPermissionsChecker(PdfPermissionsChecker pdfPermissionsChecker)
      Description copied from interface: PDFSignatureService
      Sets the PdfPermissionsChecker used to verify the PDF document rules for a new signature creation
      Specified by:
      setPdfPermissionsChecker in interface PDFSignatureService
      Parameters:
      pdfPermissionsChecker - PdfPermissionsChecker

    • setPdfSignatureFieldPositionChecker

      public void setPdfSignatureFieldPositionChecker(PdfSignatureFieldPositionChecker pdfSignatureFieldPositionChecker)
      Description copied from interface: PDFSignatureService
      Sets the PdfSignatureFieldPositionChecker used to verify the validity of new signature field placement. For example to ensure the new signature field lies within PDF page borders and/or it does not overlap with existing signature fields.
      Specified by:
      setPdfSignatureFieldPositionChecker in interface PDFSignatureService
      Parameters:
      pdfSignatureFieldPositionChecker - PdfPermissionsChecker

    • setAlertOnSignatureFieldOverlap

      @Deprecated public void setAlertOnSignatureFieldOverlap(StatusAlert alertOnSignatureFieldOverlap)
      Deprecated.
      since DSS 5.12. Use PdfSignatureFieldPositionChecker pdfSignatureFieldPositionChecker = new PdfSignatureFieldPositionChecker(); pdfSignatureFieldPositionChecker.setAlertOnSignatureFieldOverlap(alertOnSignatureFieldOutsidePageDimensions); pdfObjFactory.setPdfSignatureFieldPositionChecker(pdfSignatureFieldPositionChecker);
      Sets alert on a signature field overlap with existing fields or/and annotations Default : ExceptionOnStatusAlert - throw the exception
      Parameters:
      alertOnSignatureFieldOverlap - StatusAlert to execute

    • setAlertOnSignatureFieldOutsidePageDimensions

      @Deprecated public void setAlertOnSignatureFieldOutsidePageDimensions(StatusAlert alertOnSignatureFieldOutsidePageDimensions)
      Deprecated.
      since DSS 5.12. Use PdfSignatureFieldPositionChecker pdfSignatureFieldPositionChecker = new PdfSignatureFieldPositionChecker(); pdfSignatureFieldPositionChecker.setAlertOnSignatureFieldOutsidePageDimensions(alertOnSignatureFieldOutsidePageDimensions); pdfObjFactory.setPdfSignatureFieldPositionChecker(pdfSignatureFieldPositionChecker);
      Sets a behavior to follow when a new signature field is created outside the page's dimensions Default : ExceptionOnStatusAlert - throw the exception
      Parameters:
      alertOnSignatureFieldOutsidePageDimensions - StatusAlert to execute

    • setAlertOnForbiddenSignatureCreation

      @Deprecated public void setAlertOnForbiddenSignatureCreation(StatusAlert alertOnForbiddenSignatureCreation)
      Deprecated.
      since DSS 5.12. Use PdfPermissionsChecker pdfPermissionsChecker = new PdfPermissionsChecker(); pdfPermissionsChecker.setAlertOnForbiddenSignatureCreation(alertOnForbiddenSignatureCreation); pdfObjFactory.setPdfPermissionsChecker(pdfPermissionsChecker);
      Sets a behavior to follow when creating a new signature in a document that forbids creation of new signatures Default : ProtectedDocumentExceptionOnStatusAlert - throws the eu.europa.esig.dss.pades.exception.ProtectedDocumentException exception
      Parameters:
      alertOnForbiddenSignatureCreation - StatusAlert to execute

    • loadSignatureDrawer

      protected SignatureDrawer loadSignatureDrawer(SignatureImageParameters imageParameters)
      Returns a SignatureDrawer initialized from a provided signatureDrawerFactory
      Parameters:
      imageParameters - SignatureImageParameters to use
      Returns:
      SignatureDrawer

    • instantiateResourcesHandler

      protected DSSResourcesHandler instantiateResourcesHandler() throws IOException
      This method instantiates a new DSSResourcesFactory
      Returns:
      DSSResourcesHandler
      Throws:
      IOException - if an error occurs on DSSResourcesHandler instantiation

    • digest

      @Deprecated public byte[] digest(DSSDocument toSignDocument, PAdESCommonParameters parameters)
      Deprecated.
      Description copied from interface: PDFSignatureService
      Returns the digest value of a PDF document.
      Specified by:
      digest in interface PDFSignatureService
      Parameters:
      toSignDocument - the document to be signed
      parameters - the signature/timestamp parameters
      Returns:
      the digest value

    • messageDigest

      public DSSMessageDigest messageDigest(DSSDocument toSignDocument, PAdESCommonParameters parameters)
      Description copied from interface: PDFSignatureService
      Returns the message-digest computed on PDF signature revision's ByteRange
      Specified by:
      messageDigest in interface PDFSignatureService
      Parameters:
      toSignDocument - the document to be signed
      parameters - the signature/timestamp parameters
      Returns:
      DSSMessageDigest

    • computeDigest

      protected abstract DSSMessageDigest computeDigest(DSSDocument toSignDocument, PAdESCommonParameters parameters)
      Computes digest on to be signed data computed on the toSignDocument respectively to the given parameters
      Parameters:
      toSignDocument - DSSDocument to be signed
      parameters - PAdESCommonParameters
      Returns:
      DSSMessageDigest

    • sign

      public DSSDocument sign(DSSDocument toSignDocument, byte[] cmsSignedData, PAdESCommonParameters parameters)
      Description copied from interface: PDFSignatureService
      Signs a PDF document
      Specified by:
      sign in interface PDFSignatureService
      Parameters:
      toSignDocument - the pdf document to be signed
      cmsSignedData - the encoded CMS Signed data
      parameters - the signature/timestamp parameters
      Returns:
      DSSDocument

    • signDocument

      protected abstract DSSDocument signDocument(DSSDocument toSignDocument, byte[] cmsSignedData, PAdESCommonParameters parameters)
      This method creates a signed document from the original toSignDocument, incorporating a new revision, enveloping the provided cmsSignedData
      Parameters:
      toSignDocument - DSSDocument to be signed
      cmsSignedData - byte array representing the encoded CMS signed data's binaries
      parameters - PAdESCommonParameters
      Returns:
      DSSDocument

    • isDocumentTimestampLayer

      protected boolean isDocumentTimestampLayer()
      Checks if a DocumentTimestamp has to be added in the current mode
      Returns:
      TRUE if it is a DocumentTimestamp layer, FALSE otherwise

    • getType

      protected String getType()
      Gets the type of the signature dictionary
      Returns:
      String

    • getRevisions

      @Deprecated public List<PdfRevision> getRevisions(DSSDocument document, String pwd)
      Deprecated.
      Description copied from interface: PDFSignatureService
      Retrieves revisions from a PDF document
      Specified by:
      getRevisions in interface PDFSignatureService
      Parameters:
      document - the document to extract revisions from
      pwd - the password protection phrase used to encrypt the PDF document use 'null' value for not an encrypted document
      Returns:
      list of extracted PdfRevisions

    • getRevisions

      public List<PdfRevision> getRevisions(DSSDocument document, char[] pwd)
      Description copied from interface: PDFSignatureService
      Retrieves revisions from a PDF document
      Specified by:
      getRevisions in interface PDFSignatureService
      Parameters:
      document - the document to extract revisions from
      pwd - the password protection phrase used to encrypt the PDF document use 'null' value for not an encrypted document
      Returns:
      list of extracted PdfRevisions

    • addDssDictionary

      public DSSDocument addDssDictionary(DSSDocument document, PdfValidationDataContainer validationDataForInclusion)
      Description copied from interface: PDFSignatureService
      This method adds the DSS dictionary (Baseline-LT) to a document without password-protection and without VRI dictionary.
      Specified by:
      addDssDictionary in interface PDFSignatureService
      Parameters:
      document - the document to be extended
      validationDataForInclusion - PdfValidationDataContainer
      Returns:
      the pdf document with the added dss dictionary

    • addDssDictionary

      @Deprecated public DSSDocument addDssDictionary(DSSDocument document, PdfValidationDataContainer validationDataForInclusion, String pwd)
      Deprecated.
      Description copied from interface: PDFSignatureService
      This method adds the DSS dictionary (Baseline-LT) to a password-protected document
      Specified by:
      addDssDictionary in interface PDFSignatureService
      Parameters:
      document - the document to be extended
      validationDataForInclusion - PdfValidationDataContainer
      pwd - the password protection used to create the encrypted document (optional)
      Returns:
      the pdf document with the added dss dictionary

    • addDssDictionary

      public DSSDocument addDssDictionary(DSSDocument document, PdfValidationDataContainer validationDataForInclusion, char[] pwd)
      Description copied from interface: PDFSignatureService
      This method adds the DSS dictionary (Baseline-LT) to a password-protected document without inclusion of VRI dictionary.
      Specified by:
      addDssDictionary in interface PDFSignatureService
      Parameters:
      document - the document to be extended
      validationDataForInclusion - PdfValidationDataContainer
      pwd - the password protection used to create the encrypted document (optional)
      Returns:
      the pdf document with the added dss dictionary

    • getAvailableSignatureFields

      public List<String> getAvailableSignatureFields(DSSDocument document)
      Description copied from interface: PDFSignatureService
      This method returns not signed signature-fields
      Specified by:
      getAvailableSignatureFields in interface PDFSignatureService
      Parameters:
      document - the pdf document
      Returns:
      the list of empty signature fields

    • getAvailableSignatureFields

      @Deprecated public List<String> getAvailableSignatureFields(DSSDocument document, String pwd)
      Deprecated.
      Description copied from interface: PDFSignatureService
      Returns not-signed signature fields from an encrypted document
      Specified by:
      getAvailableSignatureFields in interface PDFSignatureService
      Parameters:
      document - the pdf document
      pwd - the password protection phrase used to encrypt the document
      Returns:
      the list of not signed signature field names

    • addNewSignatureField

      public DSSDocument addNewSignatureField(DSSDocument document, SignatureFieldParameters parameters)
      Description copied from interface: PDFSignatureService
      This method allows to add a new signature field to an existing pdf document
      Specified by:
      addNewSignatureField in interface PDFSignatureService
      Parameters:
      document - the pdf document
      parameters - the parameters with the coordinates,... of the signature field
      Returns:
      the pdf document with the new added signature field

    • addNewSignatureField

      @Deprecated public DSSDocument addNewSignatureField(DSSDocument document, SignatureFieldParameters parameters, String pwd)
      Deprecated.
      Description copied from interface: PDFSignatureService
      This method allows to add a new signature field to an existing encrypted pdf document
      Specified by:
      addNewSignatureField in interface PDFSignatureService
      Parameters:
      document - the pdf document
      parameters - the parameters with the coordinates,... of the signature field
      pwd - the password protection used to create the encrypted document (optional)
      Returns:
      the pdf document with the new added signature field

    • loadPdfDocumentReader

      protected abstract PdfDocumentReader loadPdfDocumentReader(DSSDocument dssDocument, char[] passwordProtection) throws IOException, InvalidPasswordException
      Loads PdfDocumentReader instance
      Parameters:
      dssDocument - DSSDocument to read
      passwordProtection - the password used to protect the document
      Returns:
      PdfDocumentReader
      Throws:
      IOException - in case of loading error
      InvalidPasswordException - if the password is not provided or invalid for a protected document

    • validateByteRange

      protected boolean validateByteRange(ByteRange byteRange, DSSDocument document, byte[] cms)
      This method verifies the validity of /ByteRange field against the extracted from /Contents field cms and the current pdf document
      Parameters:
      byteRange - ByteRange to be validated
      document - DSSDocument current PDF document
      cms - byte array representing the binaries extracted from /Contents field
      Returns:
      TRUE if the /ByteRange is valid, FALSE otherwise

    • isDocTimestamp

      protected boolean isDocTimestamp(PdfSignatureDictionary pdfSigDict)
      Checks if the given signature dictionary represents a DocTimeStamp
      Parameters:
      pdfSigDict - PdfSignatureDictionary to check
      Returns:
      TRUE if the signature dictionary represents a DocTimeStamp, FALSE otherwise

    • isSignature

      protected boolean isSignature(PdfSignatureDictionary pdfSigDict)
      Checks if the given signature dictionary represents a Signature
      Parameters:
      pdfSigDict - PdfSignatureDictionary to check
      Returns:
      TRUE if the signature dictionary represents a Signature, FALSE otherwise

    • getVisibleSignatureFieldBoxPosition

      protected AnnotationBox getVisibleSignatureFieldBoxPosition(SignatureDrawer signatureDrawer, PdfDocumentReader documentReader, SignatureFieldParameters fieldParameters) throws IOException
      Checks validity of the SignatureField position and returns the calculated signature field box
      Parameters:
      signatureDrawer - SignatureDrawer
      documentReader - PdfDocumentReader
      fieldParameters - SignatureFieldParameters
      Returns:
      AnnotationBox
      Throws:
      IOException - if an exception occurs

    • buildSignatureFieldBox

      protected AnnotationBox buildSignatureFieldBox(SignatureDrawer signatureDrawer) throws IOException
      Returns a SignatureFieldBox. Used for a SignatureField position validation.
      Parameters:
      signatureDrawer - SignatureDrawer
      Returns:
      AnnotationBox
      Throws:
      IOException - if an exception occurs

    • getVisibleSignatureFieldBoxPosition

      protected AnnotationBox getVisibleSignatureFieldBoxPosition(PdfDocumentReader reader, SignatureFieldParameters parameters) throws IOException
      Checks if the signatureFieldBox overlaps with any existing annotations on the given page and returns the respectful signature field box
      Parameters:
      reader - PdfDocumentReader to be validated
      parameters - SignatureFieldParameters
      Returns:
      AnnotationBox computed signature field box
      Throws:
      IOException - if an exception occurs

    • assertSignatureFieldPositionValid

      protected void assertSignatureFieldPositionValid(PdfDocumentReader documentReader, AnnotationBox annotationBox, int pageNumber)
      This method verifies validity of the signature field box configuration calling the provided pdfSignatureFieldPositionChecker
      Parameters:
      documentReader - PdfDocumentReader document where the new signature field should be created
      annotationBox - AnnotationBox defining position and dimensions of the new signature field
      pageNumber - the number of a page where the new signature should be created

    • toPdfPageCoordinates

      protected AnnotationBox toPdfPageCoordinates(AnnotationBox fieldAnnotationBox, AnnotationBox pageBox)
      This method transforms a fieldAnnotationBox's positions and dimensions according to the given page
      Parameters:
      fieldAnnotationBox - AnnotationBox computed field of a signature
      pageBox - AnnotationBox page's box
      Returns:
      AnnotationBox

    • analyzePdfModifications

      @Deprecated public void analyzePdfModifications(DSSDocument document, List<AdvancedSignature> signatures, String pwd)
      Deprecated.
      Description copied from interface: PDFSignatureService
      Analyze the PDF revision and try to detect any modification (shadow attacks)
      Specified by:
      analyzePdfModifications in interface PDFSignatureService
      Parameters:
      document - DSSDocument the document
      signatures - the different signatures to analyse
      pwd - String password protection

    • analyzePdfModifications

      public void analyzePdfModifications(DSSDocument document, List<AdvancedSignature> signatures, char[] pwd)
      Description copied from interface: PDFSignatureService
      Analyze the PDF revision and try to detect any modification (shadow attacks) for signatures
      Specified by:
      analyzePdfModifications in interface PDFSignatureService
      Parameters:
      document - DSSDocument the document
      signatures - the different signatures to be analysed
      pwd - String password protection

    • analyzeTimestampPdfModifications

      public void analyzeTimestampPdfModifications(DSSDocument document, List<TimestampToken> timestamps, char[] pwd)
      Description copied from interface: PDFSignatureService
      Analyze the PDF revision and try to detect any modification (shadow attacks) for PDf document timestamps
      Specified by:
      analyzeTimestampPdfModifications in interface PDFSignatureService
      Parameters:
      document - DSSDocument the document
      timestamps - the detached document timestamps to be analysed
      pwd - String password protection

    • analyzePdfModifications

      protected void analyzePdfModifications(DSSDocument document, PdfCMSRevision pdfRevision, PdfDocumentReader finalRevisionReader, char[] pwd) throws IOException
      This method performs a modification analysis for a single given pdfRevision
      Parameters:
      document - DSSDocument the validating document
      pdfRevision - PdfCMSRevision signature revision to be validated
      finalRevisionReader - PdfDocumentReader final document revision
      pwd - char array representing the password string
      Throws:
      IOException - if an exception occurs while reading the PDF document

    • getVisualDifferences

      protected List<PdfModification> getVisualDifferences(PdfDocumentReader signedRevisionReader, PdfDocumentReader finalRevisionReader)
      Returns a list of visual differences between the provided PDF and the signed content
      Parameters:
      signedRevisionReader - PdfDocumentReader for the signed revision content
      finalRevisionReader - PdfDocumentReader for the input PDF document
      Returns:
      a list of PdfModifications

    • checkPdfPermissions

      protected void checkPdfPermissions(PdfDocumentReader documentReader, SignatureFieldParameters fieldParameters)
      This method verifies the PDF permissions dictionaries
      Parameters:
      documentReader - PdfDocumentReader document to be checked
      fieldParameters - SignatureFieldParameters identifying a new signature field configuration