Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SigningCertificateV2 error in DSS verification #55

Open
IonutCorbu opened this issue Dec 5, 2023 · 1 comment
Open

SigningCertificateV2 error in DSS verification #55

IonutCorbu opened this issue Dec 5, 2023 · 1 comment

Comments

@IonutCorbu
Copy link

IonutCorbu commented Dec 5, 2023
edited

Hello! I'm trying to develop an API for PAdES Signatures using PDFTron and OpenSSL and I have an issue while adding signingCertificatev2 attribute which is required by PAdES standard. I tried to use this slice of code to create ESS_SIGNING_CERT field:

ESS_SIGNING_CERT_V2* signing_cert = OSSL_ESS_signing_cert_v2_new_init(EVP_get_digestbyname(this->hash_type.c_str()), this->x509_cert, this->x509_chain, -1);

	int len_sign_cert = i2d_ESS_SIGNING_CERT_V2(signing_cert, NULL);

	unsigned char* encoded_data = (unsigned char*)malloc(len_sign_cert * sizeof(unsigned char));
	unsigned char* copy = encoded_data;
	i2d_ESS_SIGNING_CERT_V2(signing_cert, &encoded_data);

	ASN1_OCTET_STRING* octet_string = ASN1_OCTET_STRING_new();
	ASN1_OCTET_STRING_set(octet_string, copy, len_sign_cert);

	PKCS7_add_signed_attribute(p7Si, NID_id_smime_aa_signingCertificateV2, V_ASN1_OCTET_STRING, octet_string);

I also tried to create this field using this method:

static std::vector<UChar> pdftron::PDF::DigitalSignatureField::GenerateESSSigningCertPAdESAttribute (const Crypto::X509Certificate &  in_signer_cert,
  const Crypto::DigestAlgorithm::Type  in_digest_algorithm_type)

my function has the following code:

PDFDoc& PadesSignatureService::signfile(SignatureHandler&handler,char*Reason)
{

	SignatureHandlerId sigHandlerId = this->document->AddSignatureHandler(handler);
	
	this->signature_field->SignOnNextSaveWithCustomHandler(sigHandlerId);
	
	Date* d = new Date();
	d->SetCurrentTime();
	this->signature_field->SetSigDictTimeOfSigning(*d);

        //i tried with and without this sequence (i replaced it with the OpenSSL field for ESSSIgnatureCert when i didn't use this call)
	std::vector<unsigned char>signing_certificate = this->signature_field->GenerateESSSigningCertPAdESAttribute(((PadesSignatureBHandler&)handler).getcertificate(), ((PadesSignatureBHandler&)handler).getdigestalgorithm());

	Obj sig_dict = this->signature_field->GetSDFObj();

	sig_dict.FindObj("V").PutName("SubFilter", "ETSI.CAdES.detached");

	this->signature_field->SetReason(Reason);

	char *output_file=get_output_filename(this->filename);
	try {
		this->document->Save(output_file, SDFDoc::e_incremental, NULL);
	}
	catch (pdftron::Common::Exception e)
	{
		std::cout << e.GetMessage();
	}
	return *(this->document);
}

Now, the issue is that my signature is recognized by FoxitReader, but not by AdobeReader. The error that I encounter is this one:
image

In FoxitReader, the signature does not have any problem:
image

Using DSS Verification I obtained the following results:
image
image

I attach here also the report of DSS:
DSS-Detailed-report.pdf

I used a GemBox PKCS12 for testing.

Could you help me?
Best Wishes,
Ionut Corbu
@IonutCorbu
Copy link
Author

UPDATE:
I modified the code to add the ESS_Signing_Certificate_V2, but I receive this error:

An error occurred while trying to save the file.
        The file might be locked, corrupt, or unavailable.
Detailed error:
        vector too long

I think this happens because the size of the initial vector allocated for the signature is exceeded, do you know how to resize it to don't exceed the limits?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@IonutCorbu