Cleanup
This commit is contained in:
Jeroen Bobbeldijk
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@@ -0,0 +1 @@
|
|||||||
|
.idea
|
||||||
@@ -1,19 +0,0 @@
|
|||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIDBDCCAm2gAwIBAgIJAP6vkkLP72OOMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
|
|
||||||
VQQGEwJOTDEVMBMGA1UECAwMWnVpZC1Ib2xsYW5kMRIwEAYDVQQHDAlSb3R0ZXJk
|
|
||||||
YW0xEjAQBgNVBAoMCVVuaWNvZGVyczELMAkGA1UECwwCSVQxGjAYBgNVBAMMEUpl
|
|
||||||
cm9lbiBCb2JiZWxkaWprMSIwIAYJKoZIhvcNAQkBFhNqZXJvZW5AdW5pY29kZXJz
|
|
||||||
Lm5sMCAXDTE3MDcwNjE5MzYwOVoYDzMwMTYxMTA2MTkzNjA5WjCBmTELMAkGA1UE
|
|
||||||
BhMCTkwxFTATBgNVBAgMDFp1aWQtSG9sbGFuZDESMBAGA1UEBwwJUm90dGVyZGFt
|
|
||||||
MRIwEAYDVQQKDAlVbmljb2RlcnMxCzAJBgNVBAsMAklUMRowGAYDVQQDDBFKZXJv
|
|
||||||
ZW4gQm9iYmVsZGlqazEiMCAGCSqGSIb3DQEJARYTamVyb2VuQHVuaWNvZGVycy5u
|
|
||||||
bDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArpfaVUltYdOSISuc8V5vAy6b
|
|
||||||
jpqYuxsS5I6jpL1nMKms9IB5+uk+Glo2O/tb+W/R8zxQ3xrQ6JWZ4ZSsBhKNVink
|
|
||||||
Su3+kdAQJfHn3NLJzx0QGceo0TF2RvVGo5c91zxuA8rchdNz1QxrD6QesGKyfsXn
|
|
||||||
F+oELezafT346PbeqikCAwEAAaNQME4wHQYDVR0OBBYEFKA68BB0iwhY2RIRFIYs
|
|
||||||
gmq0l6y7MB8GA1UdIwQYMBaAFKA68BB0iwhY2RIRFIYsgmq0l6y7MAwGA1UdEwQF
|
|
||||||
MAMBAf8wDQYJKoZIhvcNAQELBQADgYEAZ75HjcE/d/nclPTQbCN9qvUyuU76ml4O
|
|
||||||
jDN8T+loOsUKmI4VVsNLzF6DXq8sg4EP7s8kEEzM7qhoijw09OUhVniBYN3SzJYX
|
|
||||||
l8AiThPGqcIm1TrkqPULYQBu/FnMoL6SP7kAULcsUvEmn1rPcG9ESQ4sK/ceJhFZ
|
|
||||||
zk9o3rVC0PU=
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
145
p11sign.go
145
p11sign.go
@@ -1,145 +0,0 @@
|
|||||||
package main
|
|
||||||
|
|
||||||
import (
|
|
||||||
"flag"
|
|
||||||
"log"
|
|
||||||
"os"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"crypto/x509"
|
|
||||||
"io/ioutil"
|
|
||||||
|
|
||||||
"bitbucket.org/digitorus/pdfsign/revocation"
|
|
||||||
"bitbucket.org/digitorus/pdfsign/sign"
|
|
||||||
"bitbucket.org/digitorus/pdfsign/verify"
|
|
||||||
"bitbucket.org/digitorus/pkcs11"
|
|
||||||
)
|
|
||||||
|
|
||||||
func usage() {
|
|
||||||
log.Fatal("Usage: sign input.pdf output.pdf pkcs11-password [chain.crt] OR verify input.pdf")
|
|
||||||
}
|
|
||||||
|
|
||||||
func main() {
|
|
||||||
flag.Parse()
|
|
||||||
|
|
||||||
if len(flag.Args()) < 2 {
|
|
||||||
usage()
|
|
||||||
}
|
|
||||||
|
|
||||||
method := flag.Arg(0)
|
|
||||||
if method != "sign" && method != "verify" {
|
|
||||||
usage()
|
|
||||||
}
|
|
||||||
|
|
||||||
input := flag.Arg(1)
|
|
||||||
if len(input) == 0 {
|
|
||||||
usage()
|
|
||||||
}
|
|
||||||
|
|
||||||
if method == "verify" {
|
|
||||||
input_file, err := os.Open(input)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
defer input_file.Close()
|
|
||||||
|
|
||||||
resp, err := verify.Verify(input_file)
|
|
||||||
log.Println(resp)
|
|
||||||
if err != nil {
|
|
||||||
log.Println(err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if method == "sign" {
|
|
||||||
if len(flag.Args()) < 4 {
|
|
||||||
usage()
|
|
||||||
}
|
|
||||||
|
|
||||||
output := flag.Arg(2)
|
|
||||||
if len(output) == 0 {
|
|
||||||
usage()
|
|
||||||
}
|
|
||||||
|
|
||||||
// pkcs11 key
|
|
||||||
lib, err := pkcs11.FindLib("/lib64/libeTPkcs11.so")
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Load Library
|
|
||||||
ctx := pkcs11.New(lib)
|
|
||||||
if ctx == nil {
|
|
||||||
log.Fatal("Failed to load library")
|
|
||||||
}
|
|
||||||
err = ctx.Initialize()
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
// login
|
|
||||||
session, err := pkcs11.CreateSession(ctx, 0, flag.Arg(3), false)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
// select the first certificate
|
|
||||||
cert, ckaId, err := pkcs11.GetCert(ctx, session, nil)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
// private key
|
|
||||||
pkey, err := pkcs11.InitPrivateKey(ctx, session, ckaId)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
certificate_chains := make([][]*x509.Certificate, 0)
|
|
||||||
|
|
||||||
if flag.Arg(4) != "" {
|
|
||||||
certificate_pool := x509.NewCertPool()
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
chain_data, err := ioutil.ReadFile(flag.Arg(4))
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
certificate_pool.AppendCertsFromPEM(chain_data)
|
|
||||||
certificate_chains, err = cert.Verify(x509.VerifyOptions{
|
|
||||||
Intermediates: certificate_pool,
|
|
||||||
})
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO: Obtain TSA from certificate or CLI
|
|
||||||
err = sign.SignFile(input, output, sign.SignData{
|
|
||||||
Signature: sign.SignDataSignature{
|
|
||||||
Info: sign.SignDataSignatureInfo{
|
|
||||||
Name: "Jeroen Bobbeldijk",
|
|
||||||
Location: "Rotterdam",
|
|
||||||
Reason: "Test",
|
|
||||||
ContactInfo: "Geen",
|
|
||||||
Date: time.Now().Local(),
|
|
||||||
},
|
|
||||||
CertType: 2,
|
|
||||||
Approval: false,
|
|
||||||
},
|
|
||||||
Signer: pkey,
|
|
||||||
Certificate: cert,
|
|
||||||
CertificateChains: certificate_chains,
|
|
||||||
TSA: sign.TSA{
|
|
||||||
URL: "http://aatl-timestamp.globalsign.com/tsa/aohfewat2389535fnasgnlg5m23",
|
|
||||||
},
|
|
||||||
RevocationData: revocation.InfoArchival{},
|
|
||||||
RevocationFunction: sign.DefaultEmbedRevocationStatusFunction,
|
|
||||||
})
|
|
||||||
if err != nil {
|
|
||||||
log.Println(err)
|
|
||||||
} else {
|
|
||||||
log.Println("Signed PDF written to " + output)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Binary file not shown.
Binary file not shown.
File diff suppressed because one or more lines are too long
4146
testdoc/multi.pdf
4146
testdoc/multi.pdf
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Reference in New Issue
Block a user