search

demoiselle / signer

Repositório que contém os componentes para facilitar a implementação de assinatura digital nos padrões da ICP-BRASIL
https://www.frameworkdemoiselle.gov.br/v3/signer/
GNU Lesser General Public License v3.0
142 stars 73 forks source link

Como gerar e assinar um documento com um certificado auto assinado ? #343

Open HelloWar75 opened 2 years ago

HelloWar75 commented 2 years ago

Aqui na empresa temos uma demanda onde alguns usuários assinam com um certificado A1 ou A3 da Safeweb e outros com um certificado auto assinado com o CA Root sendo um que nós geramos tem como fazer isso utilizando a biblioteca ?

Fora isso toda vez que tento assinar importando o PFX via base64 ele gera esse erro alguém conseguiria me ajudar ?

hashPDFtoSign: 856f8c7f4feb2800f0c3a8cbfe7ebb1bf999e31e1d1ee121b701edda1a17871e java.io.IOException: Short read of DER length at sun.security.util.DerInputStream.getLength(DerInputStream.java:582) at sun.security.util.DerValue.init(DerValue.java:391) at sun.security.util.DerValue.<init>(DerValue.java:332) at sun.security.util.DerValue.<init>(DerValue.java:345) at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1938) at java.security.KeyStore.load(KeyStore.java:1445) at br.com.luisjustin.engines.PADES$1.sign(PADES.java:269) at org.apache.pdfbox.pdfwriter.COSWriter.doWriteSignature(COSWriter.java:793) at org.apache.pdfbox.pdfwriter.COSWriter.visitFromDocument(COSWriter.java:1199) at org.apache.pdfbox.cos.COSDocument.accept(COSDocument.java:452) at org.apache.pdfbox.pdfwriter.COSWriter.write(COSWriter.java:1435) at org.apache.pdfbox.pdmodel.PDDocument.saveIncremental(PDDocument.java:1410) at br.com.luisjustin.engines.PADES.signPDF(PADES.java:297) at br.com.luisjustin.PlaygroundSingByP12.main(PlaygroundSingByP12.java:56)

package br.com.luisjustin;

import br.com.luisjustin.engines.PADES;
import br.com.luisjustin.models.SignFile;
import org.demoiselle.signer.core.keystore.loader.KeyStoreLoader;
import org.demoiselle.signer.core.keystore.loader.factory.KeyStoreLoaderFactory;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Base64;
import java.util.Enumeration;
import java.util.Properties;

public class PlaygroundSingByP12 {

    public static void main(String[] args) throws IOException {

        InputStream configFile = new FileInputStream("C:/config.properties");
        Properties prop = new Properties();
        prop.load(configFile);

        SignFile file = new SignFile();
        file.setFileB64(prop.getProperty("pdfBase64"));
        file.setCertBase64(true);

        String b64Cert = "MIIKWQIBAzCCCh8GCSqGSIb3DQEHAaCCChAEggoMMIIKCDCCBL8GCSqGSIb3DQEHBqCCBLAwggSsAgEAMIIEpQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI/udZv/w+KHcCAggAgIIEeO0qqnaNbf4iSbo5MkFEPFvd2PDS0oyuVCDK6UpYxlkyxbvLxQ4aElO4JGsFTngrFuASGxzrI7nLveZGM/cPszC646WlG59w/GJ6xja0Di1MvQ4QF3kPZE67aF/eS4x6uuYj7cO3kq7HC7UzSfrZu35rk/aQgxa/EdZ0W85/ubAzMN0Ff+KZ/AjiMGaYvCyQ0LERNI/Qt4A3Ltz3k/7DAefKvzj8mOD1cbUoiBoObqCNnpx/Au3RwOxSl/bG0KnGpUkB3udEM15ObhXrArUbibRKZRUEUlp6E8baOe+LdGUK95OoULN8BXI5HTEvIPWBv+YmxuC0fjkK5vBzar10fc4rPTHSHSw7t3SpkUciAtxSuPUzJ+MiMSyTsRC72GifMjDuwo1B8ux+xiKfZIjObvfO85vHef1mZN7IikqlSTZuUSZiwxczWadJq3Z1MPHhNhVfsj6cRnifH0edKIP14xo7MXoeOERY8rKgVWvsbGYjPOizaaxMcYO21+E7840h3DcvdIVOvJjEteA0gcKTaqi1IFahSZ8xZLDFXU1NAoLsn5fzCO15zi8loMEIdxzVkAfiW6ZIMkIgvXAowfH/Px5c9C00U5596Ka+WpO+gnR70sAVsrf7140q9IHeT67AsEbRLp5yygeuiF7GAylnUSe4GG1so5sO9EqWE6ggb1v5USEl0KoxTNJ9/F+/qM9LwozW5lRxjTpFxche8h62lHnwGzGdr+0WZwWxSki5DL/wgQ4dbyfNtvUyBU+HbVFaznifIS4aIxmis6iDEQGL6mtU0FCSqhJzMx6gZzEnd3NS8CyA37UBZrcyN09JQ6kxG0zG/yi8emj5OUwdZTV8cKXnG0JHsd5FGN3DDrafgDYzHmYcIr4X6ESkQMg19UiJvcOXA8sLqURdSq+VblnHRoNh4xpV9+1v+bAJwHDcPnEdqz0smbkfKjl89OLEbRUV5FQUKyqWonRw8AMF0vIx+d8QIw4DdD6c8lpycYvTnH/7TnQlTBqloQQLfY8syna+umAUXZtO+6wsEcfPKUPmldK8Ed8BbP2Cr98du7xjpGdqXRYJoP/NtZLAH2Qpc4cxZX2bPVETDmMuqTYWe2nUatlGHsiqG2qTMlgogy/j6avDXq/Ca2rJCTlAxKTZ2mejNXWZG8RLiIT8MexkFoDiY+8YrOrAne7jwt11sGBCm75tcYrQVMisHDHy/UUyJH4Mxtf6LsRswGbJ/KHuooim9gHeormHLVbdMYgGnud+Z0xCuy8CVK7voEGDFCEFs9m+yBIDpph31hqm+fQtBR9PcOzmevoFUsFi4nj/RHW2nJ3pWoEGU6KQ/QVT++Vk+1+AVYSrSAGLsRtz0Of4rxXHLHl3KPmFUlnYy/F48oBcGpMActN6IXKCbSBhTNrkZQY/qeQNHo3XIDAfb4sV0KQvAhrOWSXpVDwvv+jWFSBSk0eML8wJhgw1SHh6YgWOOc2gMm5YmyV4X6bDHVnSEo55pqEX0DHwKBndQfPBVkUudx42e8q8qLKKUVYwggVBBgkqhkiG9w0BBwGgggUyBIIFLjCCBSowggUmBgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEMAQMwDgQIK1c+zfbJaB4CAggABIIEyLTO5SkcLOz0980sEJeoJvOWlhYGm26eukI9rTv6lA6D8qfFEo0eXOq8TUqS25qKl4+ycPcsbuoQkuBKnIAibvg/U226XRdpUg1dcDDtuIPxzYh67tJuZCumj1euOjMHzY4y7iEAjD1PxP/ARYXOHTdJ2S8xcJ6wl5hh58zMtsI/4bXoXNXkymO1rOhxwlFdwysXJxpd4DurnUKnfjccHzWpmyOkMPRMYNWeXCHir+5w+uDYA+9EFuTUMLTzhmna9afBCjcEt8AC1XaG0wn7TCedn+mxfi+W1UjATL1tN/s8c03nxJ40G/Evtq4WaKp8a27IiJc7cn20+Za3FQtMZuA7xa1Dpn8QokC7V/sXLGIBWNXezxFSOJqVurLRZFeRQI2Yr4lKB/l8ijBBxeItCKAPe2DsVjvbhXSgLx87DFu5WSWAMmQLunwEHiwYUBZweOESkqInt0p6TwlCGaG/lxkUNCGJUTf008oEC7ENaAOGjTCqk2ztVq8IDlxVvo1iyRzznIrXdPRHe1LxBkZn0cvB9AOA+G0v1uowccSsEdRsavutFFB1CAFntDshwZJ7dkm/TXq/Vgncp8BftXM2kblWdIEYpWOSSTfN5hWhARrHu8Wsypp+i2AAfhCSFkqep34loHGIVLxZQvqEwbPZ9qKql4B7MfciMScKYmyWNp46hRR1rWRuJmGrH/yMf5Gk0mR8igHHNcUe72tWWC1aOUFeQZ8ZJx5ftVBl0uoxMb4JS9GhsLoqUZMSf7gite0dXcgWG9NSnXvAKajZ/kk3iVrAIbJIW9uZDheRP4u3l12J7B2FeUxpZOSHzL7i+99kFr4j5XtmShvMaeHVcw/n7eaxDo7gSOvOgLZ/9dRJvBw6rvUaDXMuLBXmYWpypGeXt19T7KweuvpZjhoW1O9wYvQNFRGZSfcaev5jHkVCYwkLSifUlHR3haxqVb9sYz8LzvlPQ0Zz5TkMtfv5dUmm7CsNS0OrxSV58O+h6UUEdVYcCfg/b++0j5y5eovhmURfJPvhI07c6Mng3G37Nr50yNyFX2csIwdZ38WEjSnD6DMDOjgrPU9IlFO+wh2NrWCTJO/gK7jZ/rVMKQt/XtNIj6aL+nHyKY6/HCCChavleMCRXMJCt8Gbt4GhVhDQ3ve8HL+29ifk11Kr4jIcrhPR1C8CTA9Ksy3V+UC592GtDD1/sT+QcOjeII1ofWNHtiaOzX1SQh3d6JkYWUMpf8+bgymN7PDSzSnAgm6HQtt8MsV8+eXImt4xdoelUbFDdCISPe+ppYGU1v7aFThbeke5zvJe0yMqkpWO4hUIyfduuM7b+2LL4QJvjeJRcIQf15PzsMeu7KsWNU55qt8wigO5pMW5yS8dhXG5ryGV8ks/fboTRvOwI0YS2c22iFd3ZLPaKQDN7V0VBEWOqNg8rGfAwidIBnEcFyjr9rlK+jIXaWA/KAAPT58hvJMnm/UloxYO+TDZRLhQBd3e/SkIjUpZpPpdR28vuWdz9T/lVDWSlbu/kyL6fkUa2d7mEnVCelZsr2bl8zyxx609sNYQ/90v9F7rnG+sQSWXzvcnndmtXVi42wpDI8OwEuyXwmzXScBj5P5wzFUV4g6IvuCgbsjSkrwd6Kx/CjGZ8DElMCMGCSqGSIb3DQEJFTEWBBSaPRkIVZPtjKEEQYMZHI9xjVa80zAxMCEwCQYFKw4DAhoFAAQUr9lwCatwh1X4ou5PWKya49rz6OsECDAdwgC5BRpjAgIIAA==";

        file.setCertB64(b64Cert);

        System.out.println("------------------------------");
        System.out.println(file.getFileID());
        System.out.println(file.getFileB64());
        System.out.println("------------------------------");

        if ( file.isCertBase64() ) {
            file.setFileCertificate("1");
        }

        byte[] pdfContent = Base64.getDecoder().decode(file.getFileB64());
        PADES pades = new PADES();

        int numberOfSigns = pades.getNumberOfSigns(pdfContent);

        if( numberOfSigns == 0 ) {
            pdfContent = pades.addSignPage(pdfContent);
        }

        if( numberOfSigns == 0) {
            pdfContent = pades.signPDF(pdfContent, file, "Signature1", numberOfSigns);
        }else{
            pdfContent = pades.signPDF(pdfContent, file, "Signature" + (numberOfSigns + 1), numberOfSigns);
        }

//        String b64Encoded = Base64.getEncoder().encodeToString(pdfContent);
//        file.setFileB64(b64Encoded);

    }
}
esaito commented 2 years ago

O certificado final usado para assinatura não pode ser auto-assinado, precisa de no mínimo um nível acima. No caso daqueles emitido pela SafeWeb OK. Nestes casos precisa implementar seu componente de cadeia, use esse como exemplo: https://github.com/demoiselle/signer/tree/master/chain-icp-brasil-homolog.

HelloWar75 commented 2 years ago

O certificado final usado para assinatura não pode ser auto-assinado, precisa de no mínimo um nível acima. No caso daqueles emitido pela SafeWeb OK. Nestes casos precisa implementar seu componente de cadeia, use esse como exemplo: https://github.com/demoiselle/signer/tree/master/chain-icp-brasil-homolog.

Implementando resolvo o problema de DER ? pois o DER acontece esse problema quando envio via base64 se instalar ele no Windows ele roda dai só da o problema de politica.