Last active
April 27, 2020 07:57
-
-
Save jesusjavierdediego/bf40d10b9787876c207475588a2dfed2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def validateAdESSignatures(businessId: String, filePath: String, packInfoOpt: Option[(String, Pack)]): (DocumentValidationResponse, Int) = { | |
import eu.europa.esig.dss.validation._ | |
import eu.europa.esig.dss.validation.reports.Reports | |
val file: File = new File(filePath) | |
val document: DSSDocument = new FileDocument(file) | |
val pdfValidator: PDFDocumentValidator = new PDFDocumentValidator(document) | |
val errors: ArrayBuffer[String] = ArrayBuffer.empty[String] | |
if (pdfValidator.isSupported(document)) { | |
val certificateVerifier: CommonCertificateVerifier = new CommonCertificateVerifier() | |
pdfValidator.setCertificateVerifier(certificateVerifier) | |
val firstReport = pdfValidator.validateDocument() | |
val sp = firstReport.getDiagnosticData | |
val certificateSource: CommonTrustedCertificateSource = new CommonTrustedCertificateSource() | |
packInfoOpt match { | |
case Some(pi) => { // A specific certificate has been provdied | |
val certChain = getUsersCertificateChain(pi) | |
certChain.foreach(certificateSource.addCertificate) | |
} | |
case None => { // Iterate ALL certificates involved | |
val signatures: List[SignatureWrapper] = sp.getAllSignatures.asScala.toList | |
signatures.foreach(s => { | |
val userCert = s.getCertificateChain.get(0) | |
val pkiRecord: Option[PKIInfo] = PKIDAO.getPKIInfoBySerial(userCert.getSerialNumber) | |
pkiRecord match { | |
case Some(p) => { | |
val certChain = getUsersCertificateChain(getIDPack(p.piiid, businessId)) | |
certChain.foreach(certificateSource.addCertificate) | |
} | |
case None => { | |
val msg: String = s"Digital Identity items (certificate) is not currently available in the PKI - Serial: ${userCert.getSerialNumber}" | |
logger.warn(msg) | |
errors += msg | |
} | |
} | |
}) | |
} | |
} | |
if (errors.size > 0) { // The validation has detected errors in some signature | |
(composeFailedAdESReport(businessId, file.getName, errors.toArray), 9) | |
} else { // All signatures have been valdidated as OK | |
val certPool: CertificatePool = new CertificatePool | |
certPool.importCerts(certificateSource) | |
val keystoreCertSource: CertificateSource = new KeyStoreCertificateSource("PKCS12", "password", certPool) | |
certificateSource.importAsTrusted(keystoreCertSource) | |
certificateVerifier.setTrustedCertSource(certificateSource) | |
pdfValidator.setCertificateVerifier(certificateVerifier) | |
val finalPdfReport: Reports = pdfValidator.validateDocument() | |
println(finalPdfReport.getXmlSimpleReport) | |
val response: DocumentValidationResponse = composeAdESReport(businessId, finalPdfReport.getSimpleReportJaxb) | |
(response, 0) | |
} | |
} else { // For some reason the signatures were not able to be validatedin the AdES way | |
val msg: String = s"Document '${file.getName}' is not compatible with AdES validation" | |
logger.warn(msg) | |
errors += msg | |
(composeFailedAdESReport(businessId, file.getName, errors.toArray), 3) | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment