Skip to content

Instantly share code, notes, and snippets.

@jesusjavierdediego
Last active April 27, 2020 07:57
Show Gist options
  • Save jesusjavierdediego/bf40d10b9787876c207475588a2dfed2 to your computer and use it in GitHub Desktop.
Save jesusjavierdediego/bf40d10b9787876c207475588a2dfed2 to your computer and use it in GitHub Desktop.
def validateAdESSignatures(businessId: String, filePath: String, packInfoOpt: Option[(String, Pack)]): (DocumentValidationResponse, Int) = {
import eu.europa.esig.dss.validation._
import eu.europa.esig.dss.validation.reports.Reports
val file: File = new File(filePath)
val document: DSSDocument = new FileDocument(file)
val pdfValidator: PDFDocumentValidator = new PDFDocumentValidator(document)
val errors: ArrayBuffer[String] = ArrayBuffer.empty[String]
if (pdfValidator.isSupported(document)) {
val certificateVerifier: CommonCertificateVerifier = new CommonCertificateVerifier()
pdfValidator.setCertificateVerifier(certificateVerifier)
val firstReport = pdfValidator.validateDocument()
val sp = firstReport.getDiagnosticData
val certificateSource: CommonTrustedCertificateSource = new CommonTrustedCertificateSource()
packInfoOpt match {
case Some(pi) => { // A specific certificate has been provdied
val certChain = getUsersCertificateChain(pi)
certChain.foreach(certificateSource.addCertificate)
}
case None => { // Iterate ALL certificates involved
val signatures: List[SignatureWrapper] = sp.getAllSignatures.asScala.toList
signatures.foreach(s => {
val userCert = s.getCertificateChain.get(0)
val pkiRecord: Option[PKIInfo] = PKIDAO.getPKIInfoBySerial(userCert.getSerialNumber)
pkiRecord match {
case Some(p) => {
val certChain = getUsersCertificateChain(getIDPack(p.piiid, businessId))
certChain.foreach(certificateSource.addCertificate)
}
case None => {
val msg: String = s"Digital Identity items (certificate) is not currently available in the PKI - Serial: ${userCert.getSerialNumber}"
logger.warn(msg)
errors += msg
}
}
})
}
}
if (errors.size > 0) { // The validation has detected errors in some signature
(composeFailedAdESReport(businessId, file.getName, errors.toArray), 9)
} else { // All signatures have been valdidated as OK
val certPool: CertificatePool = new CertificatePool
certPool.importCerts(certificateSource)
val keystoreCertSource: CertificateSource = new KeyStoreCertificateSource("PKCS12", "password", certPool)
certificateSource.importAsTrusted(keystoreCertSource)
certificateVerifier.setTrustedCertSource(certificateSource)
pdfValidator.setCertificateVerifier(certificateVerifier)
val finalPdfReport: Reports = pdfValidator.validateDocument()
println(finalPdfReport.getXmlSimpleReport)
val response: DocumentValidationResponse = composeAdESReport(businessId, finalPdfReport.getSimpleReportJaxb)
(response, 0)
}
} else { // For some reason the signatures were not able to be validatedin the AdES way
val msg: String = s"Document '${file.getName}' is not compatible with AdES validation"
logger.warn(msg)
errors += msg
(composeFailedAdESReport(businessId, file.getName, errors.toArray), 3)
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment