Tryanks/pdfsign
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Calculate chain length, certificate length and signature length, only open file once in benchmark

Browse Source
This commit is contained in:
Jeroen Bobbeldijk
2017-09-30 15:44:50 +02:00
parent 07ae3c8eaa
commit bb93a21027
3 changed files with 75 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
sign/pdfsignature.go
View File

@@ -118,10 +118,10 @@ func (context *SignContext) fetchRevocationData() error {
// Calculate space needed for signature. // Calculate space needed for signature.
for _, crl := range context.SignData.RevocationData.CRL { for _, crl := range context.SignData.RevocationData.CRL {
context.SignatureMaxLength += uint32(len(crl.FullBytes) * 2) context.SignatureMaxLength += uint32(hex.EncodedLen(len(crl.FullBytes)))
} }
for _, ocsp := range context.SignData.RevocationData.OCSP { for _, ocsp := range context.SignData.RevocationData.OCSP {
context.SignatureMaxLength += uint32(len(ocsp.FullBytes) * 2) context.SignatureMaxLength += uint32(hex.EncodedLen(len(ocsp.FullBytes)))
} }
return nil return nil

52
sign/sign.go
View File

@@ -3,12 +3,14 @@ package sign
import ( import (
"crypto" "crypto"
"crypto/x509" "crypto/x509"
"encoding/hex"
"io" "io"
"os" "os"
"time" "time"
"bitbucket.org/digitorus/pdf" "bitbucket.org/digitorus/pdf"
"bitbucket.org/digitorus/pdfsign/revocation" "bitbucket.org/digitorus/pdfsign/revocation"
"github.com/digitorus/pkcs7"
"github.com/mattetti/filebuffer" "github.com/mattetti/filebuffer"
) )
@@ -148,12 +150,58 @@ func (context *SignContext) SignPDF() error {
} }
// Base size for signature. // Base size for signature.
context.SignatureMaxLength = 100000 context.SignatureMaxLength = uint32(hex.EncodedLen(512))
switch string(context.SignData.Certificate.SignatureAlgorithm) {
case "SHA1-RSA":
case "ECDSA-SHA1":
case "DSA-SHA1":
context.SignatureMaxLength += uint32(hex.EncodedLen(128))
break
case "SHA256-RSA":
case "ECDSA-SHA256":
case "DSA-SHA256":
context.SignatureMaxLength += uint32(hex.EncodedLen(256))
break
case "SHA384-RSA":
case "ECDSA-SHA384":
context.SignatureMaxLength += uint32(hex.EncodedLen(384))
break
case "SHA512-RSA":
case "ECDSA-SHA512":
context.SignatureMaxLength += uint32(hex.EncodedLen(512))
break
}
// Add size for my certificate.
degenerated, err := pkcs7.DegenerateCertificate(context.SignData.Certificate.Raw)
if err != nil {
return err
}
context.SignatureMaxLength += uint32(hex.EncodedLen(len(degenerated)))
// Add size for certificate chain.
var certificate_chain []*x509.Certificate
if len(context.SignData.CertificateChains) > 0 && len(context.SignData.CertificateChains[0]) > 1 {
certificate_chain = context.SignData.CertificateChains[0][1:]
}
if len(certificate_chain) > 0 {
for _, cert := range certificate_chain {
degenerated, err := pkcs7.DegenerateCertificate(cert.Raw)
if err != nil {
return err
}
context.SignatureMaxLength += uint32(hex.EncodedLen(len(degenerated)))
}
}
// Add estimated size for TSA. // Add estimated size for TSA.
// We can't kow actual size of TSA until after signing. // We can't kow actual size of TSA until after signing.
if context.SignData.TSA.URL != "" { if context.SignData.TSA.URL != "" {
context.SignatureMaxLength += 10000 context.SignatureMaxLength += uint32(hex.EncodedLen(5000))
} }
// Fetch revocation data before adding signature placeholder. // Fetch revocation data before adding signature placeholder.

44
sign/sign_test.go
View File

@@ -265,27 +265,29 @@ func BenchmarkSignPDF(b *testing.B) {
certificate_chains := make([][]*x509.Certificate, 0) certificate_chains := make([][]*x509.Certificate, 0)
input_file, err := os.Open("../testfiles/testfile20.pdf")
if err != nil {
b.Errorf("%s: %s", "testfile20.pdf", err.Error())
return
}
finfo, err := input_file.Stat()
if err != nil {
input_file.Close()
b.Errorf("%s: %s", "testfile20.pdf", err.Error())
return
}
size := finfo.Size()
rdr, err := pdf.NewReader(input_file, size)
if err != nil {
input_file.Close()
b.Errorf("%s: %s", "testfile20.pdf", err.Error())
return
}
for n := 0; n < b.N; n++ { for n := 0; n < b.N; n++ {
input_file, err := os.Open("../testfiles/testfile20.pdf")
if err != nil {
b.Errorf("%s: %s", "testfile20.pdf", err.Error())
return
}
finfo, err := input_file.Stat()
if err != nil {
input_file.Close()
b.Errorf("%s: %s", "testfile20.pdf", err.Error())
return
}
size := finfo.Size()
rdr, err := pdf.NewReader(input_file, size)
if err != nil {
input_file.Close()
b.Errorf("%s: %s", "testfile20.pdf", err.Error())
return
}
err = Sign(input_file, ioutil.Discard, rdr, size, SignData{ err = Sign(input_file, ioutil.Discard, rdr, size, SignData{
Signature: SignDataSignature{ Signature: SignDataSignature{
@@ -305,11 +307,11 @@ func BenchmarkSignPDF(b *testing.B) {
RevocationData: revocation.InfoArchival{}, RevocationData: revocation.InfoArchival{},
}) })
input_file.Close()
if err != nil { if err != nil {
b.Errorf("%s: %s", "testfile20.pdf", err.Error()) b.Errorf("%s: %s", "testfile20.pdf", err.Error())
return return
} }
} }
input_file.Close()
} }