search

demoiselle / signer

Repositório que contém os componentes para facilitar a implementação de assinatura digital nos padrões da ICP-BRASIL
https://www.frameworkdemoiselle.gov.br/v3/signer/
GNU Lesser General Public License v3.0
142 stars 73 forks source link

Problema em assinatura ao verificar no ITI #329

Closed HelloWar75 closed 1 year ago

HelloWar75 commented 2 years ago

Estou tendo esse erro: IdMessageDigest: Reprovado. Falha ao construir o atributo: 1.2.840.113549.1.9.4 - Problemas ao obter o hash

Relatório PDF gerado no ITI: https://drive.google.com/file/d/1AK_NyQz8jMCGFAX6gPlWlXa4sx8s-4gj/view?usp=sharing

PDF que estou assinando: https://drive.google.com/file/d/1aRG0JcBKFj2gfrJzE5UAbtm6hYhmdqrZ/view?usp=sharing

Código que criei:

package br.com.luisjustin;

import com.sun.corba.se.impl.oa.poa.POAPolicyMediatorBase_R;
import org.apache.pdfbox.cos.COSName;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.apache.pdfbox.pdmodel.encryption.PDEncryption;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.ExternalSigningSupport;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.SignatureOptions;
import org.demoiselle.signer.core.keystore.loader.KeyStoreLoader;
import org.demoiselle.signer.core.keystore.loader.factory.KeyStoreLoaderFactory;
import org.demoiselle.signer.cryptography.DigestAlgorithmEnum;
import org.demoiselle.signer.policy.engine.factory.PolicyFactory;
import org.demoiselle.signer.policy.engine.repository.PolicyEngineConfig;
import org.demoiselle.signer.policy.impl.cades.SignerAlgorithmEnum;
import org.demoiselle.signer.policy.impl.cades.factory.PKCS7Factory;
import org.demoiselle.signer.policy.impl.cades.pkcs7.PKCS7Signer;
import org.demoiselle.signer.policy.impl.pades.pkcs7.impl.PAdESSigner;

import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.*;
import java.util.Calendar;
import java.util.TimeZone;

public class Playground {

    public static void main(String[] args) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, InterruptedException, IOException {

        //Config for cert
        String aliases = "LUIS HENRIQUE JUSTIN BRUNO:01386292001";

        //load and convert pdf to byte array
        Path pdfPath = Paths.get("C:/doc.pdf");

        byte[] pdfContent = Files.readAllBytes(pdfPath);
        PDDocument doc = PDDocument.load(pdfContent);
        OutputStream output = new FileOutputStream("./doc_assinado.pdf");

        // Load smartcard to key store
        KeyStoreLoader keyStoreLoader = KeyStoreLoaderFactory.factoryKeyStoreLoader();
        KeyStore keyStore = keyStoreLoader.getKeyStore();

        java.security.MessageDigest md = java.security.MessageDigest.getInstance(DigestAlgorithmEnum.SHA_256.getAlgorithm());
        byte[] hash = md.digest(pdfContent);

        //signer hash
//        PKCS7Signer signer = PKCS7Factory.getInstance().factoryDefault();
//        signer.setCertificates(keyStore.getCertificateChain(aliases));
//        signer.setPrivateKey((PrivateKey) keyStore.getKey(aliases, null));
//        signer.setAlgorithm(SignerAlgorithmEnum.SHA256withRSA);
//        signer.setSignaturePolicy(PolicyFactory.Policies.AD_RB_CADES_2_3);
//        byte[] assinatura = signer.doDetachedSign(pdfContent);

        //Signer Old
        PAdESSigner signer = new PAdESSigner();
        signer.setCertificates(keyStore.getCertificateChain(aliases)); //Carrega o certificado com timestamp
        signer.setPrivateKey((PrivateKey) keyStore.getKey(aliases, null)); //Configura a chave privada
        signer.setSignaturePolicy(PolicyFactory.Policies.AD_RB_PADES_1_1); //Configura a politica de assinatura
        byte[] assinatura = signer.doDetachedSign(pdfContent);

        PDSignature signature = new PDSignature();
        signature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
        signature.setSubFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED);
        signature.setName("LUIS HENRIQUE JUSTIN BRUNO:01386292001");
        signature.setLocation("Porto Alegre, RS");
        signature.setReason("Assinatura");

        signature.setSignDate(Calendar.getInstance(TimeZone.getTimeZone("America/Sao_Paulo")));

        doc.addSignature(signature);

        ExternalSigningSupport externalSigning = doc.saveIncrementalForExternalSigning(output);

        externalSigning.setSignature(assinatura);

        doc.saveIncremental(output);

    }

}
esaito commented 2 years ago

O problema não está no Demoiselle-Signer, mas na forma como deve estar manipulando o PDF. Já pensou em utilizar o Assinador SERPRO? https://www.assinadorserpro.estaleiro.serpro.gov.br/minimalista/tutorial/