Hi,
I am trying to run your SignatureTest sample but using OpenSSL as a CMS generator. I have successfully managed to create a CMS by OpenSSL and the sample runs fine without any error but the resultant PDF when opened in Adobe Acrobat shows that the signature is invalid. It says that the document has been modified after creating the digital signature. I dumped the DER bytes of CMS to disk and opened it into an ASN.1 viewer. Upon normal examination it looks correct i.e. according to the ASN.1 structure of a CSM signed data. Can you please take a look at this issue and help spot something wrong I might be doing? I am attaching the OpenSSLSignatureGenerator class and the DER bytes of CMS for your review. Thanks and Regards, Hashim Saleem Sent from my Windows 8 PC
sign.pdf
Description: sign.pdf
/** OpenSSL signature generator
*/
#include "OpenSSLSignatureGenerator.h"
#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/err.h>
#include <podofo.h>
OpenSSLSignatureGenerator::OpenSSLSignatureGenerator()
{
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in signer certificate and private key */
BIO *tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
throw std::exception();
scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!scert || !skey)
{
BIO_free(tbio);
throw std::exception();
}
if (tbio)
BIO_free(tbio);
in = BIO_new(BIO_s_mem());
}
OpenSSLSignatureGenerator::~OpenSSLSignatureGenerator()
{
if (cms)
CMS_ContentInfo_free(cms);
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (in)
BIO_free(in);
}
bool OpenSSLSignatureGenerator::init()
{
return true;
}
bool OpenSSLSignatureGenerator::appendData(const char *pData, unsigned int
dataSize)
{
int ret = BIO_write(in, pData, dataSize);
return true;
}
bool OpenSSLSignatureGenerator::finishData()
{
int flags = CMS_DETACHED|CMS_STREAM|CMS_BINARY;
// int flags = CMS_DETACHED|CMS_STREAM;
cms = CMS_sign(scert, skey, NULL, in, flags);
if (cms)
{
BIO *out = BIO_new(BIO_s_mem());
int ret = i2d_CMS_bio(out, cms);
char buffer[1024] = {0};
for( ; ;)
{
int bytes = ::BIO_read( out, buffer, 1024);
if( -1 == bytes)
break;
signature_ += std::string( buffer, bytes );
}
return true;
}
return false;
}
const PoDoFo::PdfData* OpenSSLSignatureGenerator::getSignature()
{
if( signature_.empty() )
return NULL;
return new PoDoFo::PdfData( signature_.c_str(), signature_.size() );
}
/** OpenSSL signature generator
*/
#ifndef _OPEN_SSL_SIGNATURE_GENERATOR_H_
#define _OPEN_SSL_SIGNATURE_GENERATOR_H_
#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/err.h>
#include "SignatureGenerator.h"
#include <string>
namespace PoDoFo
{
class PdfData;
};
class OpenSSLSignatureGenerator : public SignatureGenerator
{
public:
OpenSSLSignatureGenerator();
virtual ~OpenSSLSignatureGenerator();
virtual bool init();
virtual bool appendData(const char *pData, unsigned int dataSize);
virtual bool finishData();
virtual const PoDoFo::PdfData *getSignature();
private:
PoDoFo::PdfData *pSignature;
X509 *scert;
EVP_PKEY *skey;
BIO *in;
CMS_ContentInfo *cms;
std::string signature_;
};
#endif // _OPEN_SSL_SIGNATURE_GENERATOR_H_
signer.pem
Description: signer.pem
cms.der
Description: cms.der
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Podofo-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/podofo-users
