Author: tilman
Date: Thu Jul 16 03:54:42 2020
New Revision: 1879917
URL: http://svn.apache.org/viewvc?rev=1879917&view=rev
Log:
PDFBOX-3017: verify signature hash in timestamp (inspired by stackoverflow
question 62872844 comment by mkl)
Modified:
pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
Modified:
pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
URL:
http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java?rev=1879917&r1=1879916&r2=1879917&view=diff
==============================================================================
---
pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
(original)
+++
pdfbox/trunk/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
Thu Jul 16 03:54:42 2020
@@ -407,6 +407,12 @@ public class TestCreateSignature
{
Assert.assertNotNull(timeStampToken);
validateTimestampToken(timeStampToken);
+
+ // compare the hash of the signed content with the hash in
the timestamp
+ byte[] tsMessageImprintDigest =
timeStampToken.getTimeStampInfo().getMessageImprintDigest();
+ String hashAlgorithm =
timeStampToken.getTimeStampInfo().getMessageImprintAlgOID().getId();
+ byte[] sigMessageImprintDigest =
MessageDigest.getInstance(hashAlgorithm).digest(signerInformation.getSignature());
+ Assert.assertArrayEquals("timestamp signature verification
failed", sigMessageImprintDigest, tsMessageImprintDigest);
}
else
{
