EldoS | Feel safer!

Software components for data protection, secure storage and transfer

[Java] CAdES signature date issue

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
Posted: 01/21/2014 10:58:43
by Mickaël Bénès (Standard support level)
Joined: 02/26/2013
Posts: 72

Hi there !

On every CAdES-BES signature I create, when I check the signing time it's 1 hour earlier that the current time (ex : signing at 17:30, the verification returns 16:30).
I'd like to know if there is a TimeZone parameter to set on the TElCAdESSignatureProcessor or TElSignedCMSMessage ? Or maybe directly on the TElCMSSignature ?

Here is my signing code :
Calendar cal = new GregorianCalendar(TimeZone.getTimeZone("Europe/Paris"));
cal.setTime(new Date());

TElFileStream fs         = null;
TElCAdESSignatureProcessor processor   = new TElCAdESSignatureProcessor();
TElSignedCMSMessage cms         = new TElSignedCMSMessage();

try {
   fs = new TElFileStream(this._fileToSign.getAbsolutePath(), "r", true);
   cms.CreateNew(fs, 0, fs.GetLength());
   int indexNewSign   = cms.AddSignature();
   TElCMSSignature sig   = cms.GetSignature(indexNewSign);
   File fileSig = new File(this._fileToSign.getAbsolutePath() + PKCS7.CADES_EXTENSIONS[0]);
   CAdES.saveCMS(cms, fileSig);
   System.out.println("Signature done !");
catch (Exception e) {
   throw e;
finally {
   if (fs != null) {

Thanks !
Posted: 01/22/2014 01:32:55
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Signing time should be set to UTC time and then manually converted to a local time. You can use SBUtils.DateTimeUtcNow() to retrieve it.
Posted: 01/24/2014 09:16:54
by Mickaël Bénès (Standard support level)
Joined: 02/26/2013
Posts: 72


I hesitated to contact you again since the problem is pure Java and not related to SBB but I still have the issue so I'll give it a shot.

I spent many hours reading things and Howtos on Java and dates, so I tried many conversion and it still doesn't display me the right time, still says the signing time is one (or more) hour(s) earlier than the current time.
I'm in France (Grenoble) so I'm on the CET (Europe/Paris), which is UTC+1.

I tried all of this :
TElCMSSignature sig               = cms.GetSignature(i);
int nbCounterSig               = sig.GetCountersignatureCount();
Date sigDate                  = sig.GetSigningTime();
TSBCMSSignatureValidity sigVal      = sig.Validate();

int tzOffset = (TimeZone.getTimeZone("Europe/Paris").getOffset(sigDate.getTime()) / 1000) / 3600;

AppletAWS.println("TimeZone offset : " + tzOffset);
AppletAWS.println("No TimeZone : " + df.format(sigDate) + "\n");

AppletAWS.println("UTC : " + df.format(sigDate));

AppletAWS.println("UTC+1 : " + df.format(sigDate) + "\n");

AppletAWS.println("CET : " + df.format(sigDate));

AppletAWS.println("CET+1 : " + df.format(sigDate) + "\n");

AppletAWS.println("Europe/Paris : " + df.format(sigDate) + "\n");

AppletAWS.println("GMT : " + df.format(sigDate));

AppletAWS.println("GMT+1 : " + df.format(sigDate));

AppletAWS.println("GMT+2 : " + df.format(sigDate) + "\n");

df.setTimeZone(TimeZone.getTimeZone("UTC+" + tzOffset));
AppletAWS.println("UTC+" + tzOffset + " : " + df.format(sigDate) + "\n");

Here is the output of it :
TimeZone offset : 1
No TimeZone : 24-01-2014 15:04

UTC : 24-01-2014 14:04
UTC+1 : 24-01-2014 14:04

CET : 24-01-2014 15:04
CET+1 : 24-01-2014 14:04

Europe/Paris : 24-01-2014 15:04

GMT : 24-01-2014 14:04
GMT+1 : 24-01-2014 15:04
GMT+2 : 24-01-2014 16:04

UTC+1 : 24-01-2014 14:04

I signed at 16:04 so I don't understand why the UTC+1 is 2 hours earlier...
Posted: 01/24/2014 09:28:18
by Vsevolod Ievgiienko (EldoS Corp.)

Did you create a signature using next code

sig.SetSigningTime(SBUtils.DateTimeUtcNow(new Date()));

and the time returned is still 2 hours earlier?
Posted: 01/24/2014 09:45:51
by Mickaël Bénès (Standard support level)
Joined: 02/26/2013
Posts: 72

Yes I did. Sorry I forgot to say it. Just, I can't give a parameter to the method SBUtils.DateTimeUtcNow() so I did like that :
Posted: 01/24/2014 10:23:23
by Mickaël Bénès (Standard support level)
Joined: 02/26/2013
Posts: 72

OK I'm an idiot. I forgot I could add hours to a given date...
TimeZone tz      = TimeZone.getTimeZone("Europe/Paris");
int tzOffset   = (tz.getOffset(sigDate.getTime()) / 1000) / 3600;
Calendar cal   = new GregorianCalendar(tz);
cal.add(Calendar.HOUR_OF_DAY, tzOffset);

AppletAWS.println("Signature date : " + df.format(cal.getTime()) + "\n");

Displays :
Signature date : 24-01-2014 17:16

And I signed at 17:16.
Even with the DST on, I should still work.

Sorry for the bother, have a good week-end.
Posted: 07/02/2014 10:10:17
by Mickaël Bénès (Standard support level)
Joined: 02/26/2013
Posts: 72


I'm reopening this because the problem is actually happening when the DST is on.

No matter how I set the signing date, the TElCMSSignature.GetSigningTime() always seems to return the UTC date of my signing date. I'm in France so we currently are at UTC +2, but instead of giving me a date 2 hours earlier than my datetime, it's only 1 hour earlier.

As I pointed out in the helpdesk, there is a bug on the SBUtils.DateTimeUtcNow() method that doesn't seem to take the DST into account when calculating the UTC datetime.

Is it why I have the bug ?

Thank you.
Posted: 07/02/2014 10:45:31
by Eugene Mayevski (EldoS Corp.)

Here's the code of the method:

function DateTimeUtcNow(): TElDateTime;
  Calendar: JUCalendar;
  Calendar := JUCalendar.getInstance();
  Result := Calendar.getTime();
  Result.setTime(Result.getTime - Calendar.get(Calendar.ZONE_OFFSET) - Calendar.get(Calendar.DST_OFFSET));

As you can see, it does take DST_OFFSET into account. Do you see any problems with this function?

Sincerely yours
Eugene Mayevski
Posted: 07/02/2014 12:05:13
by Dmytro Bogatskyy (EldoS Corp.)


In fact, issue with DST_OFFSET was fixed about a month ago, but not yet released.
Posted: 07/03/2014 02:50:34
by Mickaël Bénès (Standard support level)
Joined: 02/26/2013
Posts: 72


Yeah that's what we were talking about in the helpdesk.

But is it why I got the wrong signing date ? Because even when I set the signing date with a simple new Date(), when I verify the signature, the TElCMSSignature.GetSigningTime() returns a wrong UTC date (by "wrong", I mean that it is on UTC+1 instead of an UTC+2). So when I display it in my TimeZone (Europe/Paris) it is an hour later than the real signing date.

Example :
// Signing code...
TElCMSSignature sig = cms.GetSignature(index);
sig.SetSigningDate( new Date() ); // Datetime = 2014/07/03 09:46 CEST (UTC+2)

// Processing signature with CAdES parameters etc.

// Verifying the signature...
TElCMSSignature sig = cms.GetSignature(index);
Date signingDate = sig.GetSigningTime(); // Datetime = 2014/07/03 08:46 (seems to be UTC but actually is UTC+1)

System.out.println( convertDateUTCToTimeZone(signingDate, TimeZone.getDefault()) ); // Displays 2014/07/03 10:46

public static Date convertDateUTCToTimeZone(Date date, TimeZone tz) {
   if (tz == null) {
      tz = TimeZone.getDefault();
   int tzOffset   = (tz.getOffset(date.getTime()) / 1000) / 3600;
   Calendar cal   = new GregorianCalendar(tz);
   cal.add(Calendar.HOUR_OF_DAY, tzOffset);
   return cal.getTime();
I don't know if I'm being clear or not, so tell me if you don't understand what I'm saying.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.



Topic viewed 2957 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!