-
Pdf文件签名检查
如何检查pdf的签名
首先这里有一个已经签名的pdf文件,通过pdf软件可以看到文件的数字签名。
图1为签名后的文件,图2为签名后文件被篡改。
下面就是如何代码检查这里pdf文件的签名
1.引入依赖<dependency> <groupId>org.projectlombokgroupId> <artifactId>lombokartifactId> <optional>trueoptional> dependency> <dependency> <groupId>com.itextpdfgroupId> <artifactId>itextpdfartifactId> <version>5.5.13.3version> dependency> <dependency> <groupId>org.bouncycastlegroupId> <artifactId>bcprov-jdk15onartifactId> <version>1.70version> dependency> <dependency> <groupId>org.bouncycastlegroupId> <artifactId>bcpkix-jdk15onartifactId> <version>1.70version> dependency>- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 编写检查签名的方法
import com.itextpdf.text.pdf.AcroFields; import com.itextpdf.text.pdf.PdfReader; import com.itextpdf.text.pdf.security.PdfPKCS7; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.Principal; import java.security.Provider; import java.security.Security; import java.security.cert.X509Certificate; import java.util.Calendar; import java.util.List; /** * pdf文件签名检查 */ public class PdfDigitalSignatureCheck { private static final Logger LOGGER = LoggerFactory.getLogger(PdfDigitalSignatureCheck.class); public static final boolean verifySignature(PdfReader pdfReader) throws GeneralSecurityException, IOException { boolean valid = false; AcroFields acroFields = pdfReader.getAcroFields(); List<String> signatureNames = acroFields.getSignatureNames(); if (!signatureNames.isEmpty()) { for (String name : signatureNames) { if (acroFields.signatureCoversWholeDocument(name)) { //设定签名提供者 Provider provider=Security.getProvider(BouncyCastleProvider.PROVIDER_NAME); if(provider==null){ provider=new BouncyCastleProvider(); Security.addProvider(provider); } PdfPKCS7 pkcs7 = acroFields.verifySignature(name); valid = pkcs7.verify(); String reason = pkcs7.getReason(); Calendar signedAt = pkcs7.getSignDate(); X509Certificate signingCertificate = pkcs7.getSigningCertificate(); Principal issuerDN = signingCertificate.getIssuerDN(); Principal subjectDN = signingCertificate.getSubjectDN(); LOGGER.info("valid = {}, date = {}, reason = '{}', issuer = '{}', subject = '{}'", valid, signedAt.getTime(), reason, issuerDN, subjectDN); break; } } } return valid; } /** * 验证签名 * * @param name * @return * @throws IOException * @throws GeneralSecurityException */ public static boolean validate(String name) throws IOException, GeneralSecurityException { PdfReader reader = new PdfReader(name); boolean isSign = verifySignature(reader); return isSign; } }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 编写测试用例,并执行,可以看到数字证书相关信息。
如果有多个签名,则会显示多个签名
@Test void pdfDigitalSignatureCheck() throws IOException, GeneralSecurityException { System.out.println("-----------数字签名检查------------"); String[] files = {"D:\\test3\\test1_sign.pdf", "D:\\test3\\test1.pdf","D:\\test3\\test1_sign_wrapper.pdf"}; for (String file : files) { boolean validate = PdfDigitalSignatureCheck.validate(file); log.info("{} 是否签名:{}", file, validate); } }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
备注: test1_sign.pdf 为已签名文件,test1.pdf为原始未签名文件,test1_sign_wrapper.pdf为签名后更改过的文件(模拟签名后文件被篡改)
遇到的问题
签名设定
如果你的签入使用的BouncyCastleProvider,那么你的签名检查也应该使用BouncyCastleProvider,否则可能会报错。
-
相关阅读:
【Windows编程】windows窗口创建过程详解
Ubuntu基于Docker快速配置GDAL的Python、C++环境
JWFD开源工作流-随机函数发生器最新进展
OS模块中获取当前文件的绝对路径的相关方法
Linux中的用户和用户组
一、配置环境
mysql底层是如何存放数据的
java Random()获取指定范围内随机数
使用电销外呼系统的回拨线路真的不会封号吗?
【力扣刷题】Day11——栈和队列专题
- 原文地址:https://blog.csdn.net/u011628753/article/details/132907453