Tanmay Sharma created PDFBOX-5709:
-------------------------------------
Summary: Getting document corrupted while signing hash which has
DER encoded signed attributes
Key: PDFBOX-5709
URL: https://issues.apache.org/jira/browse/PDFBOX-5709
Project: PDFBox
Issue Type: Bug
Components: Signing
Reporter: Tanmay Sharma
I am trying to do external signing. For that we use to calculate hash of pdf
and get it sign using some external trust service provider. Now our use case is
that instead of signing hash bytes we need to do signing over DER encoding
signing attributes. But after generating signed hash and embedding it to
document we are getting document corrupted error.
Code of content signer is
{code:java}
ContentSigner contentSigner = new ContentSigner() {
private MessageDigest digest = MessageDigest.getInstance("SHA-256");
private OutputStream stream = OutputStreamFactory.createStream(digest);
@SneakyThrows
@Override
public byte[] getSignature() {
try {
byte[] b = new byte[4096];
int count;
while ((count = inputStream.read(b)) > 0) {
digest.update(b, 0, count);
}
byte[] hashBytes = digest.digest();
byte[] derEncoded = getAuthenticatedAttributeSet(hashBytes,
calendar).getEncoded(ASN1Encoding.DER);
List<String> hash = Arrays.asList(new
String(org.bouncycastle.util.encoders.Base64.encode(derEncoded)));
byte[] signedHash = getSignedHash(hash,
cscCredentialOptions.getAuthorizationContext().getAccessToken(),
cscCredentialOptions.getCredentialId(),
cscCredentialOptions.getCredentialAuthParameters().getPin(), signAlgo);
return signedHash;
} catch (Exception e) {
LOG.error(e.getMessage());
}
}
@Override
public OutputStream getOutputStream() {
return stream;
}
@Override
public AlgorithmIdentifier getAlgorithmIdentifier() {
return new AlgorithmIdentifier(new
ASN1ObjectIdentifier("1.2.840.113549.1.1.11"));
}
};{code}
{code:java}
public DERSet getAuthenticatedAttributeSet(byte secondDigest[], Calendar
signingTime) {
ASN1EncodableVector attribute = new ASN1EncodableVector();
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier("1.2.840.113549.1.9.3"));
v.add(new DERSet(new ASN1ObjectIdentifier("1.2.840.113549.1.7.1")));
attribute.add(new DERSequence(v));
v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier("1.2.840.113549.1.9.5"));
v.add(new DERSet(new DERUTCTime(signingTime.getTime())));
attribute.add(new DERSequence(v));
v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier("1.2.840.113549.1.9.4"));
v.add(new DERSet(new DEROctetString(secondDigest)));
attribute.add(new DERSequence(v));
boolean haveCrl = false;
return new DERSet(attribute);
}{code}
Whats wrong in above code?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
