search

open-eid / digidoc4j

DigiDoc for Java. Javadoc:
http://open-eid.github.io/digidoc4j
GNU Lesser General Public License v2.1
72 stars 40 forks source link

BDOC: Hard coded Signature Policy value digest is wrong #86

Closed heikih closed 3 years ago

heikih commented 3 years ago

Hard coded digest("7pudpH4eXlguSZY2e/pNbKzGsq+fu//woYL1SZFws1A=") in https://github.com/open-eid/digidoc4j/blob/master/digidoc4j/src/main/java/org/digidoc4j/utils/PolicyUtils.java#L30 doesnt match with manually calculated hash 3Tl1oILSvOAWomdI9VeWV6IA/32eSXRUri9kPEz1IVs=

wget https://www.sk.ee/repository/bdoc-spec21.pdf
openssl dgst -binary -sha256 < bdoc-spec21.pdf | openssl base64

This element is not mandatory in validation though European Comissions validator https://ec.europa.eu/cefdigital/DSS/webapp-demo/validation is checking Signature Policy Hash and reports BDOC signature as not valid.

naare commented 3 years ago

In DD4J 4.2.0 correct hash is written to the signature policy.