Hi Alfonso,
a cross-check with our iaik-based verification tool succeeded. So this
underpins the move to report a bug to BC.
Greetings,
Andreas
> Hi again,
>
> please find attached the PDFs that cause the error and my fix in PdfPKCS7.java
>
> I produced the PDFs files using SignWithBC.java sample
>
> Thank you for your help, so I am going to report the bug to BC with my fix
>
> Regards, Alfonso
>
>
>
> -----Messaggio originale-----
> Da: Paulo Soares [mailto:pgpsoa...@gmail.com]
> Inviato: martedì 9 ottobre 2012 18:00
> A: Post all your questions about iText here
> Oggetto: Re: [iText-questions] [SPAM] Re: iText-questions] failure in verify
> signature using SignWithBC
>
> Alfonso,
>
> The fix looks good but I would like to have the PDF that causes the error.
>
> Michael,
>
> Maybe this should be reported to BouncyCastle as a bug?
>
> Paulo
>
> On Tue, Oct 9, 2012 at 4:48 PM, mkl <m...@wir-sind-cool.org> wrote:
>> Alfonso,
>>
>> Massa Alfonso wrote
>>> So I modified the PdfPKCS7.java changing these lines:
>>>
>>> X509CertParser cr = new X509CertParser();
>>> cr.engineInit(new ByteArrayInputStream(contentsKey));
>>> certs = cr.engineReadAll();
>>>
>>> with:
>>>
>>> // the certificates
>>> ASN1Set certSet = null;
>>> ASN1Set crlSet = null;
>>> while (content.getObjectAt(next) instanceof
>>> ASN1TaggedObject) {
>>> ASN1TaggedObject tagged =
>>> (ASN1TaggedObject)content.getObjectAt(next);
>>> ...
>> You do seem to have unearthed a bug in BouncyCastle SignedData parsing
>> --- they assume the certificate and crl sets to be DER encoded
>> implicitly tagged objects while actually any BER encoding is allowed
>> here. Maybe you should also show them your signature and fix (which
>> amounts to replacing DERTaggedObject by ASN1TaggedObject)...
>>
>> Introducing your fix in iText also would remove the additional
>> complete parsing of the SignedData structure in the X509CertParser
>> and, thus, more possible bugs of that kind.
>>
>> Regards, Michael
>>
>>
>>
>> --
>> View this message in context:
>> http://itext-general.2136553.n4.nabble.com/iText-questions-failure-in-
>> verify-signature-using-SignWithBC-tp4656565p4656569.html
>> Sent from the iText - General mailing list archive at Nabble.com.
>>
>> ----------------------------------------------------------------------
>> -------- Don't let slow site performance ruin your business. Deploy
>> New Relic APM Deploy New Relic app performance management and know
>> exactly what is happening inside your Ruby, Python, PHP, Java, and
>> .NET app Try New Relic at no cost today and get our sweet Data Nerd
>> shirt too!
>> http://p.sf.net/sfu/newrelic-dev2dev
>> _______________________________________________
>> iText-questions mailing list
>> iText-questions@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>
>> iText(R) is a registered trademark of 1T3XT BVBA.
>> Many questions posted to this list can (and will) be answered with a
>> reference to the iText book: http://www.itextpdf.com/book/ Please
>> check the keywords list before you ask for examples:
>> http://itextpdf.com/themes/keywords.php
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly what is
> happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at
> no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> iText-questions mailing list
> iText-questions@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a
> reference to the iText book: http://www.itextpdf.com/book/ Please check the
> keywords list before you ask for examples:
> http://itextpdf.com/themes/keywords.php
> AVVISO DI RISERVATEZZA Informazioni riservate possono essere contenute nel
> messaggio o nei suoi allegati. Se non siete i destinatari indicati nel
> messaggio, o responsabili per la sua consegna alla persona, o se avete
> ricevuto il messaggio per errore, siete pregati di non trascriverlo, copiarlo
> o inviarlo a nessuno. In tal caso vi invitiamo a cancellare il messaggio ed i
> suoi allegati. Grazie. CONFIDENTIALITY NOTICE Confidential information may be
> contained in this message or in its attachments. If you are not the addressee
> indicated in this message, or responsible for message delivering to that
> person, or if you have received this message in error, you may not
> transcribe, copy or deliver this message to anyone. In that case, you should
> delete this message and its attachments. Thank you.
>
>
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
>
>
> _______________________________________________
> iText-questions mailing list
> iText-questions@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a
> reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples:
> http://itextpdf.com/themes/keywords.php
--
Andreas Kühne
phone: +49 177 293 24 97
mailto: kue...@trustable.de
Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna
Amtsgericht Hamm HRB 5868
Directors Andreas Kühne, Heiko Veit
Company UK Company No: 5218868 Registered in England and Wales
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
