search

Vytek / xades4j

Automatically exported from code.google.com/p/xades4j
GNU Lesser General Public License v3.0
0 stars 0 forks source link

Verification failed for property 'SignatureTimeStamp': SHA1withSHA1withRSA Signature not available #34

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

I am trying to validate the SignatureTimeStamp with 
DefaultTimeStampVerificationProvider.
The error occur in line 109 on DefaultTimeStampVerificationProvider "if (null 
== token.verify(tsaSignerInfo, null))".

What is the expected output? What do you see instead?

Expected: Validation ok.

Occur: 
xades4j.verification.TimeStampInvalidSignatureException: Verification failed 
for property 'SignatureTimeStamp': SHA1withSHA1withRSA Signature not available
    at xades4j.verification.TimeStampUtils.getEx(TimeStampUtils.java:43)
    at xades4j.verification.TimeStampUtils.verifyTokens(TimeStampUtils.java:87)
    at xades4j.verification.SignatureTimeStampVerifier.verify(SignatureTimeStampVerifier.java:64)
    at xades4j.verification.SignatureTimeStampVerifier.verify(SignatureTimeStampVerifier.java:35)
    at xades4j.verification.QualifyingPropertiesVerifierImpl.verifyProperties(QualifyingPropertiesVerifierImpl.java:59)
    at xades4j.verification.XadesVerifierImpl.getValidationDate(XadesVerifierImpl.java:299)
    at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:176)

What version of the product are you using? On what operating system?

XAdES4J 1.1.0
O.S: Windows 7
JDK: 1.6

Please provide any additional information below.

I think that the error occur because the "sun.security.pkcs.PKCS7" doesn't find 
any provider that implement the "1.2.840.113549.1.1.5" Algorithm, but there is 
the default provider SunRsaSign.

Is a example of Xades plug test 2007 to validate a Xades T.

Original issue reported on code.google.com by adilsona...@gmail.com on 28 Feb 2012 at 8:00

Attachments:

GoogleCodeExporter commented 9 years ago 
The OID 1.2.840.113549.1.1.5 is SHA1withRSA. However, the algorithm being 
requested is SHA1withSHA1withRSA (which is not correct..). This seems to be a 
bug on the sun's classes: 
http://javasourcecode.org/html/open-source/jdk/jdk-6u23/sun/security/pkcs/Signer
Info.java.html (line 325) which should have been fixed on jdk7: 
http://www.docjar.com/html/api/sun/security/pkcs/SignerInfo.java.html (line 
340).

I updated to jdk 6u31 and still got this problem.. I don't think I can force 
the fix from "the outside". Anyway, the timestamp providers will soon be based 
on bouncy castle to remove the dependencies on sun's internal classes. This 
will avoid the bug.

Original comment by luis.fgoncalv on 8 Apr 2012 at 4:03

GoogleCodeExporter commented 9 years ago

Original comment by luis.fgoncalv on 16 Apr 2012 at 9:51

GoogleCodeExporter commented 9 years ago

Original comment by luis.fgoncalv on 16 Apr 2012 at 9:52

GoogleCodeExporter commented 9 years ago 
As expected, the TS verification succeeds now that BC is being used.

Original comment by luis.fgoncalv on 16 Apr 2012 at 10:40