search

unidoc / unipdf

Golang PDF library for creating and processing PDF files (pure go)
https://unidoc.io
Other
2.5k stars 249 forks source link

[FEATURE] "adobeX509RSASHA1" - Handle Multiple SHA Hash Functions for Digest #401

Closed nattyhugs closed 3 years ago

nattyhugs commented 3 years ago

Is your feature request related to a problem? Please describe. Google's KMS library requires a SHA256/384/512 digest.

Describe the solution you'd like In order to use Google's KSM for a custom signing process, we would like for type SignFunc func(sig *model.PdfSignature, digest model.Hasher) ([]byte, error) to be able to be called with a hashing function (model.Hasher) that produces a hash of 32 bytes (SHA 256).

Additional context The Signature Algorithm of the certificate we are using is SHA256 - in order to be compatible with Google's KMS API. The adobeX509RSASHA1 handler currently calls a method func getHashFromSignatureAlgorithm(sa x509.SignatureAlgorithm) (crypto.Hash, bool) to read that algorithm from the certificate. However, currently the method only returns SHA1. Rather than returning a constant value, we're hoping it would be possible to return the appropriate hashing function based on the provided x509.SignatureAlgorithm parameter.

Here's some code as reference. After I made this change to my local copy of the unipdf library, it worked with the SHA256 Signautre Algorithm specified on the certificate used with the handler.

 func getHashFromSignatureAlgorithm(sa x509.SignatureAlgorithm) (crypto.Hash, bool) {
-       return crypto.SHA1, true
+       var algo crypto.Hash
+       switch sa {
+       case x509.SHA1WithRSA:
+               algo = crypto.SHA1
+       case x509.SHA256WithRSA:
+               algo = crypto.SHA256
+       case x509.SHA384WithRSA:
+               algo = crypto.SHA384
+       case x509.SHA512WithRSA:
+               algo = crypto.SHA512
+       default:
+               return crypto.SHA1, false
+       }
+       return algo, true
 }

Thanks for your consideration!

github-actions[bot] commented 3 years ago

Welcome! Thanks for posting your first issue. The way things work here is that while customer issues are prioritized, other issues go into our backlog where they are assessed and fitted into the roadmap when suitable. If you need to get this done, consider buying a license which also enables you to use it in your commercial products. More information can be found on https://unidoc.io/

nattyhugs commented 3 years ago

v3.11.1 worked without any code changes on our end - thank you!