Stephan,
Stephan Wagner (calac) wrote
> The call that fails is when the digest is verified in the verify()
> method of PdfPKCS7 class:
>
> boolean sigVerify = sig.verify(digest);
The cause is interesting. Only a little bit before that failing line the
signed attributes are considered by the signature:
sig.update(sigAttr);
These sigAttr are retrieved from the signature container in a somewhat
mangled way in the PdfPkcs7 constructor:
ASN1TaggedObject tagsig =
(ASN1TaggedObject)signerInfo.getObjectAt(next);
ASN1Set sseq = ASN1Set.getInstance(tagsig, false);
sigAttr = sseq.getEncoded(ASN1Encoding.DER);
And at least in the case of your signature,
sseq.getEncoded(ASN1Encoding.DER) SORTS the contents of the set before
DER-encoding. (It uses DEROutputStream which in turn calls the toDERObject
method of the set which (because the Sorted-attribute of the set is false)
sorts it.
This sorting indeed does change the order of the set: Originally the
SigningCertificate was first, after sorting it is last. And this obviously
breaks the signature.
But why does sorting change the order? The signed attributes (being a DER
encoded SET, cf. RFC 5652) should have been sorted to start with!
Thus, either the signed attributes of your signature are not correctly
sorted (in which case your signature is broken) or BouncyCastle's sorting
routine ASN1Set.sort is broken...
As I'm not that knowledgeable concerning ASN.1 encoding details, I don't
dare tell whether it's your signature or BouncyCastle. But wouldn't such an
error in BC have been found long ago? Unless there were recent changes in
that BC method, that is...
Regards, Michael
PS: looking at the initial bytes of the signed attributes set contents in
your signature (30 81 B3 ..., 30 1C ..., 30 18 ..., and 30 23 ...) and
comparing to the BC-sorted order (30 18 ..., 30 1C ..., 30 23 ..., and 30 81
B3 ...) I am very much tempted to say that BC is right and your signature's
signed attributes are unsorted, i.e. not DER encoded, and, therefore,
broken.
--
View this message in context:
http://itext-general.2136553.n4.nabble.com/Signed-PDF-fails-to-verify-in-iText-Java-but-succeeds-in-iTextSharp-and-Acrobat-Reader-tp4658692p4658707.html
Sent from the iText - General mailing list archive at Nabble.com.
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
