feat: sign protected pdfs

src/main/java/digital/slovensko/autogram/core/Autogram.java

@@ -4,6 +4,7 @@
 import digital.slovensko.autogram.core.visualization.DocumentVisualizationBuilder;
 import digital.slovensko.autogram.core.visualization.UnsupportedVisualization;
 import digital.slovensko.autogram.drivers.TokenDriver;
+import digital.slovensko.autogram.model.ProtectedDSSDocument;
 import digital.slovensko.autogram.ui.BatchUiResult;
 import digital.slovensko.autogram.ui.UI;
 import digital.slovensko.autogram.util.Logging;
@@ -63,15 +64,20 @@ public void checkPDFACompliance(SigningJob job) {
         });
     }
 
+    public void handleProtectedPdfDocument(ProtectedDSSDocument document) {
+        if (!PDFUtils.isPdfAndPasswordProtected(document))
+            return;
+
+        var password = ui.getDocumentPassword();
+        document.setPassword(password);
+    }
+
+    public void wrapInWorkThread(Runnable callback) {
+        ui.onWorkThreadDo(callback);
+    }
+
     public void startVisualization(SigningJob job) {
         ui.onWorkThreadDo(() -> {
-            if (PDFUtils.isPdfAndPasswordProtected(job.getDocument())) {
-                ui.onUIThreadDo(() -> {
-                    ui.showError(new AutogramException("Nastala chyba", "Dokument je chránený heslom", "Snažíte sa podpísať dokument chránený heslom, čo je funkcionalita, ktorá nie je podporovaná.\n\nOdstráňte ochranu heslom a potom budete môcť dokument podpísať."));
-                });
-                return;
-            }
-
             try {
                 var visualization = DocumentVisualizationBuilder.fromJob(job, settings);
                 ui.onUIThreadDo(() -> ui.showVisualization(visualization, this));

src/main/java/digital/slovensko/autogram/core/SignatureValidator.java

@@ -15,7 +15,7 @@
 import javax.xml.transform.stream.StreamResult;
 import javax.xml.transform.stream.StreamSource;
 
-import eu.europa.esig.dss.enumerations.ASiCContainerType;
+import digital.slovensko.autogram.model.ProtectedDSSDocument;
 import eu.europa.esig.dss.simplereport.SimpleReport;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -24,7 +24,6 @@
 
 import digital.slovensko.autogram.util.XMLUtils;
 import eu.europa.esig.dss.enumerations.SignatureLevel;
-import eu.europa.esig.dss.model.DSSDocument;
 import eu.europa.esig.dss.model.DSSException;
 import eu.europa.esig.dss.service.crl.OnlineCRLSource;
 import eu.europa.esig.dss.service.http.commons.CommonsDataLoader;
@@ -167,7 +166,7 @@ public static ValidationReports getSignatureCheckReport(SigningJob job) {
         return new ValidationReports(validator.validateDocument(), job);
     }
 
-    public static SimpleReport getSignedDocumentSimpleReport(DSSDocument document) {
+    public static SimpleReport getSignedDocumentSimpleReport(ProtectedDSSDocument document) {
         var validator = createDocumentValidator(document);
         if (validator == null)
             return null;

src/main/java/digital/slovensko/autogram/core/SigningJob.java

@@ -6,14 +6,14 @@
 import digital.slovensko.autogram.core.eforms.xdc.XDCBuilder;
 import digital.slovensko.autogram.core.eforms.xdc.XDCValidator;
 import digital.slovensko.autogram.core.errors.AutogramException;
+import digital.slovensko.autogram.model.ProtectedDSSDocument;
+import digital.slovensko.autogram.model.ProtectedFileDocument;
 import digital.slovensko.autogram.util.Logging;
 import eu.europa.esig.dss.asic.cades.signature.ASiCWithCAdESService;
 import eu.europa.esig.dss.asic.xades.signature.ASiCWithXAdESService;
 import eu.europa.esig.dss.cades.signature.CAdESService;
-import eu.europa.esig.dss.enumerations.MimeTypeEnum;
 import eu.europa.esig.dss.enumerations.SignatureLevel;
 import eu.europa.esig.dss.model.DSSDocument;
-import eu.europa.esig.dss.model.FileDocument;
 import eu.europa.esig.dss.pades.signature.PAdESService;
 import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
 import eu.europa.esig.dss.validation.CommonCertificateVerifier;
@@ -24,16 +24,16 @@
 
 public class SigningJob {
     private final Responder responder;
-    private final DSSDocument document;
+    private final ProtectedDSSDocument document;
     private final SigningParameters parameters;
 
-    private SigningJob(DSSDocument document, SigningParameters parameters, Responder responder) {
+    private SigningJob(ProtectedDSSDocument document, SigningParameters parameters, Responder responder) {
         this.document = document;
         this.parameters = parameters;
         this.responder = responder;
     }
 
-    public DSSDocument getDocument() {
+    public ProtectedDSSDocument getDocument() {
         return this.document;
     }
 
@@ -46,7 +46,6 @@ public int getVisualizationWidth() {
     }
 
     public void signWithKeyAndRespond(SigningKey key) throws InterruptedException, AutogramException {
-
         Logging.log("Signing Job: " + this.hashCode() + " file " + getDocument().getName());
         boolean isContainer = getParameters().getContainer() != null;
         var doc = switch (getParameters().getSignatureType()) {
@@ -141,6 +140,7 @@ private DSSDocument signDocumentAsPAdeS(SigningKey key) {
         signatureParameters.setSigningCertificate(key.getCertificate());
         signatureParameters.setCertificateChain(key.getCertificateChain());
         signatureParameters.setSignWithExpiredCertificate(true);
+        signatureParameters.setPasswordProtection(document.getPassword());
 
         if (signatureParameters.getSignatureLevel().equals(SignatureLevel.PAdES_BASELINE_T)) {
             service.setTspSource(getParameters().getTspSource());
@@ -153,8 +153,8 @@ private DSSDocument signDocumentAsPAdeS(SigningKey key) {
         return service.signDocument(getDocument(), signatureParameters, signatureValue);
     }
 
-    public static FileDocument createDSSFileDocumentFromFile(File file) {
-        var fileDocument = new FileDocument(file);
+    public static ProtectedFileDocument createDSSFileDocumentFromFile(File file) {
+        var fileDocument = new ProtectedFileDocument(file);
 
         if (fileDocument.getName().endsWith(".xdcf"))
             fileDocument.setMimeType(XML_DATACONTAINER_WITH_CHARSET);
@@ -168,7 +168,7 @@ else if (isTxt(fileDocument.getMimeType()))
         return fileDocument;
     }
 
-    private static SigningJob build(DSSDocument document, SigningParameters params, Responder responder) {
+    private static SigningJob build(ProtectedDSSDocument document, SigningParameters params, Responder responder) {
         if (params.shouldCreateXdc() && !isXDC(document.getMimeType()) && !isAsice(document.getMimeType()))
             document = XDCBuilder.transform(params, document.getName(), EFormUtils.getXmlFromDocument(document));
 
@@ -183,17 +183,21 @@ private static SigningJob build(DSSDocument document, SigningParameters params,
         return new SigningJob(document, params, responder);
     }
 
-    public static SigningJob buildFromRequest(DSSDocument document, SigningParameters params, Responder responder) {
+    public static SigningJob buildFromRequest(ProtectedDSSDocument document, Autogram autogram, SigningParameters params, Responder responder) {
+        autogram.handleProtectedPdfDocument(document);
+
         return build(document, params, responder);
     }
 
-    public static SigningJob buildFromFile(File file, Responder responder, boolean checkPDFACompliance, SignatureLevel signatureType, boolean isEn319132, TSPSource tspSource, boolean plainXmlEnabled) {
+    public static SigningJob buildFromFile(File file, Autogram autogram, Responder responder, boolean checkPDFACompliance, SignatureLevel signatureType, boolean isEn319132, TSPSource tspSource, boolean plainXmlEnabled) {
         var document = createDSSFileDocumentFromFile(file);
+        autogram.handleProtectedPdfDocument(document);
+
         var parameters = getParametersForFile(document, checkPDFACompliance, signatureType, isEn319132, tspSource, plainXmlEnabled);
         return build(document, parameters, responder);
     }
 
-    private static SigningParameters getParametersForFile(FileDocument document, boolean checkPDFACompliance, SignatureLevel signatureType, boolean isEn319132, TSPSource tspSource, boolean plainXmlEnabled) {
+    private static SigningParameters getParametersForFile(ProtectedFileDocument document, boolean checkPDFACompliance, SignatureLevel signatureType, boolean isEn319132, TSPSource tspSource, boolean plainXmlEnabled) {
         var level = SignatureValidator.getSignedDocumentSignatureLevel(SignatureValidator.getSignedDocumentSimpleReport(document));
         if (level != null) switch (level.getSignatureForm()) {
             case PAdES:
@@ -221,6 +225,6 @@ private static SigningParameters getParametersForFile(FileDocument document, boo
     }
 
     public boolean shouldCheckPDFCompliance() {
-        return parameters.getCheckPDFACompliance() && isPDF(document.getMimeType());
+        return parameters.getCheckPDFACompliance() && isPDF(document.getMimeType()) && !document.isProtected();
     }
 }

src/main/java/digital/slovensko/autogram/core/SigningParameters.java

@@ -6,6 +6,7 @@
 import digital.slovensko.autogram.core.errors.AutogramException;
 import digital.slovensko.autogram.core.errors.SigningParametersException;
 import digital.slovensko.autogram.core.errors.UnknownEformException;
+import digital.slovensko.autogram.model.ProtectedDSSDocument;
 import digital.slovensko.autogram.util.AsicContainerUtils;
 import digital.slovensko.autogram.core.eforms.EFormUtils;
 import digital.slovensko.autogram.core.eforms.xdc.XDCValidator;
@@ -60,7 +61,7 @@ public static SigningParameters buildParameters(
             SignatureLevel level, DigestAlgorithm digestAlgorithm, ASiCContainerType container, SignaturePackaging packaging,
             boolean en319132, String infoCanonicalization, String propertiesCanonicalization, String keyInfoCanonicalization,
             EFormAttributes eFormAttributes, boolean autoLoadEform, String fsFormId, boolean checkPDFACompliance,
-            int preferredPreviewWidth, DSSDocument document, TSPSource tspSource, boolean plainXmlEnabled) throws AutogramException {
+            int preferredPreviewWidth, ProtectedDSSDocument document, TSPSource tspSource, boolean plainXmlEnabled) throws AutogramException {
 
         if (level == null)
             throw new SigningParametersException("Nebol zadaný typ podpisu", "Typ/level podpisu je povinný atribút");
@@ -107,21 +108,21 @@ public static SigningParameters buildParameters(
                 keyInfoCanonicalization, eFormAttributes, checkPDFACompliance, preferredPreviewWidth, tspSource);
     }
 
-    public static SigningParameters buildForPDF(DSSDocument document, boolean checkPDFACompliance, boolean signAsEn319132, TSPSource tspSource) throws AutogramException {
+    public static SigningParameters buildForPDF(ProtectedDSSDocument document, boolean checkPDFACompliance, boolean signAsEn319132, TSPSource tspSource) throws AutogramException {
         return buildParameters(
                 (tspSource == null) ? SignatureLevel.PAdES_BASELINE_B : SignatureLevel.PAdES_BASELINE_T, DigestAlgorithm.SHA256,
                 null, null, signAsEn319132, null, null, null, null, false,
                 null, checkPDFACompliance, 640, document, tspSource, true);
     }
 
-    public static SigningParameters buildForASiCWithXAdES(DSSDocument document, boolean checkPDFACompliance, boolean signAsEn319132, TSPSource tspSource, boolean plainXmlEnabled) throws AutogramException {
+    public static SigningParameters buildForASiCWithXAdES(ProtectedDSSDocument document, boolean checkPDFACompliance, boolean signAsEn319132, TSPSource tspSource, boolean plainXmlEnabled) throws AutogramException {
         return buildParameters(
                 (tspSource == null) ? SignatureLevel.XAdES_BASELINE_B : SignatureLevel.XAdES_BASELINE_T, DigestAlgorithm.SHA256,
                 ASiCContainerType.ASiC_E, SignaturePackaging.ENVELOPING, signAsEn319132, null, null, null,  null, true,
                 EFormUtils.getFsFormIdFromFilename(document.getName()), checkPDFACompliance, 640, document, tspSource, plainXmlEnabled);
     }
 
-    public static SigningParameters buildForASiCWithCAdES(DSSDocument document, boolean checkPDFACompliance, boolean signAsEn319132, TSPSource tspSource, boolean plainXmlEnabled) throws AutogramException {
+    public static SigningParameters buildForASiCWithCAdES(ProtectedDSSDocument document, boolean checkPDFACompliance, boolean signAsEn319132, TSPSource tspSource, boolean plainXmlEnabled) throws AutogramException {
         return buildParameters(
                 (tspSource == null) ? SignatureLevel.CAdES_BASELINE_B : SignatureLevel.CAdES_BASELINE_T, DigestAlgorithm.SHA256,
                 ASiCContainerType.ASiC_E, SignaturePackaging.ENVELOPING, signAsEn319132, null, null, null, null, true,

src/main/java/digital/slovensko/autogram/core/eforms/xdc/XDCBuilder.java

@@ -4,15 +4,15 @@
 import digital.slovensko.autogram.core.SigningParameters;
 import digital.slovensko.autogram.core.eforms.dto.XsltParams;
 import digital.slovensko.autogram.core.errors.TransformationException;
+import digital.slovensko.autogram.model.ProtectedDSSDocument;
+import digital.slovensko.autogram.model.ProtectedInMemoryDocument;
 import digital.slovensko.autogram.util.XMLUtils;
 
 import static digital.slovensko.autogram.core.eforms.EFormUtils.*;
 import static digital.slovensko.autogram.util.DSSUtils.getXdcfFilename;
 import static digital.slovensko.autogram.util.XMLUtils.getSecureDocumentBuilder;
 
 import eu.europa.esig.dss.enumerations.DigestAlgorithm;
-import eu.europa.esig.dss.model.DSSDocument;
-import eu.europa.esig.dss.model.InMemoryDocument;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -32,7 +32,7 @@
 public abstract class XDCBuilder {
     private static final Charset ENCODING = StandardCharsets.UTF_8;
 
-    public static DSSDocument transform(SigningParameters params, String filename, Document document) {
+    public static ProtectedDSSDocument transform(SigningParameters params, String filename, Document document) {
         var identifier = params.getIdentifier();
         var lastSlashIndex = identifier.lastIndexOf("/");
         if (lastSlashIndex == -1)
@@ -58,7 +58,7 @@ public static DSSDocument transform(SigningParameters params, String filename, D
 
             var content = getDocumentContent(transformedDocument).getBytes(ENCODING);
 
-            return new InMemoryDocument(content, getXdcfFilename(filename), AutogramMimeType.XML_DATACONTAINER_WITH_CHARSET);
+            return new ProtectedInMemoryDocument(content, getXdcfFilename(filename), AutogramMimeType.XML_DATACONTAINER_WITH_CHARSET);
 
         } catch (Exception e) {
             throw new TransformationException("Nastala chyba počas transformácie dokumentu",

src/main/java/digital/slovensko/autogram/core/visualization/DocumentVisualizationBuilder.java

@@ -6,6 +6,7 @@
 import javax.xml.parsers.ParserConfigurationException;
 
 import digital.slovensko.autogram.core.UserSettings;
+import digital.slovensko.autogram.model.ProtectedDSSDocument;
 import eu.europa.esig.dss.model.DSSDocument;
 
 import org.xml.sax.SAXException;
@@ -22,10 +23,10 @@
 
 public class DocumentVisualizationBuilder {
 
-    private final DSSDocument document;
+    private final ProtectedDSSDocument document;
     private final SigningParameters parameters;
 
-    private DocumentVisualizationBuilder(DSSDocument document, SigningParameters parameters) {
+    private DocumentVisualizationBuilder(ProtectedDSSDocument document, SigningParameters parameters) {
         this.document = document;
         this.parameters = parameters;
     }

src/main/java/digital/slovensko/autogram/core/visualization/PDFVisualization.java

@@ -6,6 +6,7 @@
 
 import digital.slovensko.autogram.core.SigningJob;
 import digital.slovensko.autogram.core.UserSettings;
+import digital.slovensko.autogram.model.ProtectedDSSDocument;
 import digital.slovensko.autogram.ui.Visualizer;
 import eu.europa.esig.dss.model.DSSDocument;
 import org.apache.pdfbox.pdmodel.PDDocument;
@@ -15,18 +16,18 @@
 import javax.imageio.ImageIO;
 
 public class PDFVisualization extends Visualization {
-    private final DSSDocument document;
+    private final ProtectedDSSDocument document;
     private final UserSettings settings;
 
 
-    public PDFVisualization(DSSDocument document, SigningJob job, UserSettings settings) {
+    public PDFVisualization(ProtectedDSSDocument document, SigningJob job, UserSettings settings) {
         super(job);
         this.document = document;
         this.settings = settings;
     }
 
     private ArrayList<byte []> getPdfImages() throws IOException {
-        var pdfDocument = PDDocument.load(this.document.openStream());
+        var pdfDocument = PDDocument.load(this.document.openStream(), new String(this.document.getPassword()));
         var pdfRenderer = new PDFRenderer(pdfDocument);
         var divs = new ArrayList<byte[]>();
         for (int page = 0; page < pdfDocument.getNumberOfPages(); ++page) {

src/main/java/digital/slovensko/autogram/model/ProtectedDSSDocument.java

@@ -0,0 +1,12 @@
+package digital.slovensko.autogram.model;
+
+import eu.europa.esig.dss.model.DSSDocument;
+
+public interface ProtectedDSSDocument extends DSSDocument {
+    char[] getPassword();
+    void setPassword(char[] password);
+
+    default boolean isProtected() {
+        return getPassword().length != 0;
+    }
+}

src/main/java/digital/slovensko/autogram/model/ProtectedFileDocument.java

@@ -0,0 +1,27 @@
+package digital.slovensko.autogram.model;
+
+import eu.europa.esig.dss.model.FileDocument;
+
+import java.io.File;
+
+public class ProtectedFileDocument extends FileDocument implements ProtectedDSSDocument {
+    private char[] password = new char[0];
+
+    public ProtectedFileDocument(String path) {
+        super(path);
+    }
+
+    public ProtectedFileDocument(File file) {
+        super(file);
+    }
+
+    @Override
+    public char[] getPassword() {
+        return this.password;
+    }
+
+    @Override
+    public void setPassword(char[] password) {
+        this.password = password;
+    }
+}

src/main/java/digital/slovensko/autogram/model/ProtectedInMemoryDocument.java

@@ -0,0 +1,44 @@
+package digital.slovensko.autogram.model;
+
+import eu.europa.esig.dss.enumerations.MimeType;
+import eu.europa.esig.dss.model.InMemoryDocument;
+
+import java.io.InputStream;
+
+public class ProtectedInMemoryDocument extends InMemoryDocument implements ProtectedDSSDocument {
+    private char[] password = new char[0];
+
+    public ProtectedInMemoryDocument(byte[] bytes) {
+        super(bytes);
+    }
+
+    public ProtectedInMemoryDocument(byte[] bytes, String name) {
+        super(bytes, name);
+    }
+
+    public ProtectedInMemoryDocument(byte[] bytes, String name, MimeType mimeType) {
+        super(bytes, name, mimeType);
+    }
+
+    public ProtectedInMemoryDocument(InputStream inputStream) {
+        super(inputStream);
+    }
+
+    public ProtectedInMemoryDocument(InputStream inputStream, String name) {
+        super(inputStream, name);
+    }
+
+    public ProtectedInMemoryDocument(InputStream inputStream, String name, MimeType mimeType) {
+        super(inputStream, name, mimeType);
+    }
+
+    @Override
+    public char[] getPassword() {
+        return this.password;
+    }
+
+    @Override
+    public void setPassword(char[] password) {
+        this.password = password;
+    }
+}

src/main/java/digital/slovensko/autogram/server/SignEndpoint.java

@@ -29,7 +29,7 @@ public void handle(HttpExchange exchange) throws IOException {
 
             var responder = body.getBatchId() == null ? new ServerResponder(exchange)
                     : new ResponderInBatch(new ServerResponder(exchange), autogram.getBatch(body.getBatchId()));
-            var job = SigningJob.buildFromRequest(body.getDocument(), body.getParameters(autogram.getTspSource(), autogram.isPlainXmlEnabled()), responder);
+            var job = SigningJob.buildFromRequest(body.getDocument(), autogram, body.getParameters(autogram.getTspSource(), autogram.isPlainXmlEnabled()), responder);
 
             if (body.getBatchId() != null)
                 autogram.batchSign(job, body.getBatchId());