search

ApryseSDK / pdftron-sign-app

Sign and request signatures on PDFs, MS Office documents
Other
203 stars 56 forks source link

SigningCertificateV2 error in DSS verification #55

Open IonutCorbu opened 9 months ago

IonutCorbu commented 9 months ago

Hello! I'm trying to develop an API for PAdES Signatures using PDFTron and OpenSSL and I have an issue while adding signingCertificatev2 attribute which is required by PAdES standard. I tried to use this slice of code to create ESS_SIGNING_CERT field:

ESS_SIGNING_CERT_V2* signing_cert = OSSL_ESS_signing_cert_v2_new_init(EVP_get_digestbyname(this->hash_type.c_str()), this->x509_cert, this->x509_chain, -1);

    int len_sign_cert = i2d_ESS_SIGNING_CERT_V2(signing_cert, NULL);

    unsigned char* encoded_data = (unsigned char*)malloc(len_sign_cert * sizeof(unsigned char));
    unsigned char* copy = encoded_data;
    i2d_ESS_SIGNING_CERT_V2(signing_cert, &encoded_data);

    ASN1_OCTET_STRING* octet_string = ASN1_OCTET_STRING_new();
    ASN1_OCTET_STRING_set(octet_string, copy, len_sign_cert);

    PKCS7_add_signed_attribute(p7Si, NID_id_smime_aa_signingCertificateV2, V_ASN1_OCTET_STRING, octet_string);

I also tried to create this field using this method:

static std::vector<UChar> pdftron::PDF::DigitalSignatureField::GenerateESSSigningCertPAdESAttribute (const Crypto::X509Certificate &  in_signer_cert,
  const Crypto::DigestAlgorithm::Type  in_digest_algorithm_type)

my function has the following code:

PDFDoc& PadesSignatureService::signfile(SignatureHandler&handler,char*Reason)
{

    SignatureHandlerId sigHandlerId = this->document->AddSignatureHandler(handler);

    this->signature_field->SignOnNextSaveWithCustomHandler(sigHandlerId);

    Date* d = new Date();
    d->SetCurrentTime();
    this->signature_field->SetSigDictTimeOfSigning(*d);

        //i tried with and without this sequence (i replaced it with the OpenSSL field for ESSSIgnatureCert when i didn't use this call)
    std::vector<unsigned char>signing_certificate = this->signature_field->GenerateESSSigningCertPAdESAttribute(((PadesSignatureBHandler&)handler).getcertificate(), ((PadesSignatureBHandler&)handler).getdigestalgorithm());

    Obj sig_dict = this->signature_field->GetSDFObj();

    sig_dict.FindObj("V").PutName("SubFilter", "ETSI.CAdES.detached");

    this->signature_field->SetReason(Reason);

    char *output_file=get_output_filename(this->filename);
    try {
        this->document->Save(output_file, SDFDoc::e_incremental, NULL);
    }
    catch (pdftron::Common::Exception e)
    {
        std::cout << e.GetMessage();
    }
    return *(this->document);
}

Now, the issue is that my signature is recognized by FoxitReader, but not by AdobeReader. The error that I encounter is this one: image

In FoxitReader, the signature does not have any problem: image

Using DSS Verification I obtained the following results: image image

I attach here also the report of DSS: DSS-Detailed-report.pdf

I used a GemBox PKCS12 for testing.

Could you help me? Best Wishes, Ionut Corbu

IonutCorbu commented 9 months ago

UPDATE: I modified the code to add the ESS_Signing_Certificate_V2, but I receive this error:

An error occurred while trying to save the file.
        The file might be locked, corrupt, or unavailable.
Detailed error:
        vector too long

I think this happens because the size of the initial vector allocated for the signature is exceeded, do you know how to resize it to don't exceed the limits?