EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CAdES verification, signing time error

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#26626
Posted: 09/26/2013 04:52:57
by Mickaël Bénès (Standard support level)
Joined: 02/26/2013
Posts: 74

Hi.

I did a little sample that allows me to create CaDES signature and do the verification of it. The problem is, when I do the verification, the signing time isn't right. Is there a parameter to set so that it will be correct ?

Here is my class :
Code
package signature.cades;

import java.io.File;
import java.text.SimpleDateFormat;
import java.util.Date;

import signature.Certificat;

import SecureBlackbox.Base.SBConstants;
import SecureBlackbox.Base.TElFileStream;
import SecureBlackbox.Base.TElMemoryCertStorage;
import SecureBlackbox.Base.TElMessageSigner;
import SecureBlackbox.Base.TElMessageVerifier;
import SecureBlackbox.Base.TElX509Certificate;
import SecureBlackbox.Base.TSBInteger;
import SecureBlackbox.Base.TSBMessageSignatureType;

public class Cades {
   
   private File _fileToSign;
   private File _fileSignature;
   private TElFileStream _fileStream;
   private TElX509Certificate _certificate;
   private TElMemoryCertStorage _certStorage;
   
   public Cades(File fileToSignInit, String certFilePath, String certPwd) {
      this._fileToSign   = fileToSignInit;
      this._fileSignature   = new File(this._fileToSign.getAbsolutePath() + ".p7s");
      this._fileStream   = null;
      this._certificate   = new TElX509Certificate();
      this._certStorage   = new TElMemoryCertStorage();
      
      this._certificate.LoadFromFileAuto(certFilePath, certPwd);
      this._certStorage.Clear();
      this._certStorage.Add(this._certificate, true);
   }
   
   public void sign() throws Exception {
      System.out.println("Signing file " + this._fileToSign.getName() + " (" + this._fileToSign.length() + " o)...\n");
      
      try {
         byte[] buf = new byte[(int) this._fileToSign.length()];
         
         try {
            this._fileStream   = new TElFileStream(this._fileToSign.getAbsolutePath(), "rw", true);
            this._fileStream.Read(buf, 0, buf.length);
         }
         catch (Exception e) {
            throw e;
         }
         finally {
            if (this._fileStream != null) {
               this._fileStream.Free();
               this._fileStream.Destroy();
               this._fileStream = null;
            }
         }
      
         Date dateSign = new Date();
         System.out.println("Signature date : " + new SimpleDateFormat("dd/MM/yyyy HH:mm").format(dateSign) + "\n");
         
         TElMessageSigner signer = new TElMessageSigner();
         signer.SetCertStorage(this._certStorage);
         signer.SetSignatureType(TSBMessageSignatureType.mstPublicKey);
         signer.SetIncludeCertificates(true);
         signer.SetIncludeChain(true);
         signer.SetHashAlgorithm(SBConstants.SB_ALGORITHM_DGST_SHA1);
         signer.SetSigningTime(new Date());
         
         TSBInteger iSize   = new TSBInteger();
         byte[] outBuf      = new byte[0];
         
         signer.Sign(buf, outBuf, iSize, false);
         
         outBuf = new byte[iSize.Value];
         
         int i = signer.Sign(buf, outBuf, iSize, false);
         if (i != 0) {
            throw new Exception("Signature failed. Error code : #" + i);
         }
         
         TElFileStream fs = null;
         try {
            fs = new TElFileStream(this._fileSignature.getAbsolutePath(), "rw", true);
            fs.Write(outBuf, 0, iSize.Value);
         }
         catch (Exception e) {
            throw e;
         }
         finally {
            if (fs != null) {
               fs.Free();
            }
         }   
         
         System.out.println("Signature done !");
      }
      catch (Exception e) {
         throw e;
      }
   }
   
   public void verifSign() throws Exception {
      System.out.println("Verifying signature file " + this._fileSignature.getName() + " (" + this._fileSignature.length() + " o)...\n");
      
      try {
         byte[] buf         = null;
         TElFileStream fs   = null;
         
         try {
            buf      = new byte[(int) this._fileSignature.length()];
            fs      = new TElFileStream(this._fileSignature.getAbsolutePath(), "r", true);
            
            fs.Read(buf, 0, buf.length);               
         }
         catch(Exception e) {
            throw e;
         }
         finally {
            if (fs != null) {
               fs.Free();
            }
         }
         
         TElMessageVerifier v   = new TElMessageVerifier();
         TSBInteger iSize      = new TSBInteger();
         byte[] outbuf         = new byte[0];
         
         v.Verify(buf, outbuf, iSize);
         outbuf = new byte[iSize.Value];
         int i = v.Verify(buf, outbuf, iSize);
         
         if (i != 0) {
            throw new Exception("Verification failed. Error code : #" + i);
         }
         
         System.out.println("Signature date : " + new SimpleDateFormat("dd/MM/yyyy HH:mm").format(v.GetSigningTime()));
         
         TElMemoryCertStorage certStorage = v.GetCertificates();
         for (int j = 0; j < certStorage.GetCount(); j++) {
            Certificat signCert = new Certificat(certStorage, certStorage.GetCertificate(j));
            signCert.validate(false, v.GetSigningTime());
         }
         
         System.out.println("Verification done !");
      }
      catch (Exception e) {
         throw e;
      }
   }
}


Here is the output of the sign() method :
Quote
Signing file lot1_light-01.pdf (181072 o)...

Signature date : 26/09/2013 11:49

Signature done !


Here is the output of the verifSign() method :
Quote
Verifying signature file lot1_light-01.pdf.p7s (182496 o)...

Signature date : 30/12/1899 00:00
Vérification du certificat de signature :

Subject DN ==>
/2.5.4.6=FR/2.5.4.8=Isere/2.5.4.7=Grenoble/2.5.4.10=AWS - Avenue-Web Systemes/2.5.4.11=AWS - Avenue-Web Systemes/2.5.4.3=AWS-Legalite 2013/1.2.840.113549.1.9.1=technique@aws-france.com

- common name : AWS-Legalite 2013
- valide à partir du : 07/02/2013 10:14
- valide jusqu'au : 07/02/2015 10:14
- état : valid
Verification done !

Thank you !

Mickaël
#26627
Posted: 09/26/2013 05:00:22
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

soInsertSigningTime flag of the TElMessageSigner.SigningOptions should be enabled in order to make TElMessageSigner write the SigningTime attribute.

This can be done next way:
Code
TElMessageSigner signer = new TElMessageSigner();
signer.SetSigningOptions(signer.GetSigningOptions() | SBMessages.soInsertSigningTime);
...
#26628
Posted: 09/26/2013 05:23:28
by Mickaël Bénès (Standard support level)
Joined: 02/26/2013
Posts: 74

It worked perfectly, but I needed to cast the argument of the method to make it work.

Code
signer.SetSigningOptions((short) (signer.GetSigningOptions() | SBMessages.soInsertSigningTime));

Thank you for your help !

Reply

Statistics

Topic viewed 1712 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!