SignatureHandler.java

/*
 * Copyright 2006-2017 ICEsoft Technologies Canada Corp.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the
 * License. You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an "AS
 * IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
 * express or implied. See the License for the specific language
 * governing permissions and limitations under the License.
 */
package org.icepdf.core.pobjects.acroform;

import org.icepdf.core.pobjects.acroform.signature.DigitalSignatureFactory;
import org.icepdf.core.pobjects.acroform.signature.SignatureValidator;
import org.icepdf.core.pobjects.acroform.signature.exceptions.SignatureIntegrityException;
import org.icepdf.core.util.Defs;

import java.security.Provider;
import java.security.Security;
import java.util.logging.Level;
import java.util.logging.Logger;

/**
 * The signature handler is responsible for returning validation results for a given Digital signature's
 * signature field dictionary.  The returned Validation objected can be interrogated to see which properties
 * are considered valid.
 */
public class SignatureHandler {

    private static final Logger logger =
            Logger.getLogger(SignatureHandler.class.toString());

    static {
        // Load security handler from system property if possible
        String defaultSecurityProvider =
                "org.bouncycastle.jce.provider.BouncyCastleProvider";

        // check system property security provider
        String customSecurityProvider =
                Defs.sysProperty("org.icepdf.core.security.jceProvider");

        // if no custom security provider load default security provider
        if (customSecurityProvider != null) {
            defaultSecurityProvider = customSecurityProvider;
        }
        try {
            // try and create a new provider
            Object provider = Class.forName(defaultSecurityProvider).newInstance();
            Security.insertProviderAt((Provider) provider, 2);
        } catch (ClassNotFoundException e) {
            logger.log(Level.FINE, "Optional BouncyCastle security provider not found");
        } catch (InstantiationException e) {
            logger.log(Level.FINE, "Optional BouncyCastle security provider could not be instantiated");
        } catch (IllegalAccessException e) {
            logger.log(Level.FINE, "Optional BouncyCastle security provider could not be created");
        }
    }

    public SignatureHandler() {
    }

    /**
     * Validates the given SignatureFieldDictionary.
     *
     * @param signatureFieldDictionary signature to validate
     * @return SignatureValidator object if cert and public key verified, null otherwise.
     */
    public SignatureValidator validateSignature(SignatureFieldDictionary signatureFieldDictionary) {

        SignatureDictionary signatureDictionary = signatureFieldDictionary.getSignatureDictionary();
        if (signatureDictionary != null) {
            // Generate the correct validator and try to validate the signature.
            try {
                SignatureValidator signatureValidator = DigitalSignatureFactory.getInstance().getValidatorInstance(signatureFieldDictionary);
                return signatureValidator;
            } catch (SignatureIntegrityException e) {
                logger.log(Level.WARNING, "Signature certificate could not be initialized.", e);
            } catch (Throwable e) {
                logger.log(Level.WARNING, "Signature validation was unsuccessful.", e);
            }
        }
        return null;
    }
}