折纸验证Rails中pdf的数字签名时出现OpenSSL错误 [英] Origami & OpenSSL error while validating digital signature of a pdf in rails

问题描述

我需要验证收到的PDF的数字签名，搜索了几颗宝石，然后找到了Origami pdf阅读器和openssl来解析证书.我有两个证书文件，一个是.cer类型和子过滤器 adbe.x509.rsa_sha1 ，另一个是扩展名.p7c和子过滤器PKCS7.我使用openssl gem读取.cer类型的证书，当我尝试使用pdf对其进行验证时，它给我错误 NotImplementedError:不支持的签名方法"adbe.x509.rsa_sha1" ，并且当我尝试读取时.p7c文件OpenSSL给我错误 OpenSSL :: X509 :: CertificateError:嵌套asn1错误

I need to verify the digital signature of a PDF that i receive, i searched for a couple of gems and i found Origami pdf reader and openssl to parse the certificate. I have two certificate files one of type .cer and subfilter adbe.x509.rsa_sha1 and other of extension .p7c and of subfilter PKCS7 . I user openssl gem to read the certificate of type .cer and when i try to verify it with pdf it gives me error NotImplementedError: Unsupported signature method "adbe.x509.rsa_sha1" and when i try to read .p7c file OpenSSL gives me error OpenSSL::X509::CertificateError: nested asn1 error

如果还有其他相同目的的宝石，如何克服这些错误??

how to overcome these errors if there are any other gems for the same purpose??.

我已引用此堆栈溢出问题但这对我有帮助，因为我的代码与该问题中的代码相似.

I have referenced to this stack over flow question but it dint help be my code is similar to the code in that question.

cert = OpenSSL::X509::Certificate.new(File::read('2.p7c')) 

它引发第二个错误

cert = OpenSSL::X509::Certificate.new(File::read('a.cer'))
pdf.verify(trusted_certs: [cert])

它给了我第一个错误

谢谢

推荐答案

# REFERENCE
# https://www.rubydoc.info/gems/origami/Origami/PDF
# https://github.com/gdelugre/origami/blob/master/test/test_pdf_sign.rb
# https://ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/OpenSSL/X509/Certificate.html


# Usage
# ruby pdf_signer.rb some_file.pdf

require 'openssl'
require 'stringio'
require "time"
# require 'byebug' Not necessary but useful

begin
    require 'origami'
rescue LoadError
    $: << File.join(__dir__, "../../lib")
    require 'origami'
end
include Origami


input_file = ARGV[0]
OUTPUT_FILE = "#{File.basename(__FILE__, ".rb")}.pdf"

puts "Generating a RSA key pair."
key = OpenSSL::PKey::RSA.new 2048

puts "Generating a self-signed certificate."
name = OpenSSL::X509::Name.parse 'CN=origami/DC=example'

cert = OpenSSL::X509::Certificate.new
cert.version = 2
cert.serial = 0
cert.not_before = Time.now
cert.not_after = Time.now + 3600
cert.public_key = key.public_key
cert.subject = name
cert.issuer = name
cert.sign key, OpenSSL::Digest::SHA256.new
extension_factory = OpenSSL::X509::ExtensionFactory.new
extension_factory.issuer_certificate = cert
extension_factory.subject_certificate = cert

cert.add_extension extension_factory.create_extension('basicConstraints', 'CA:TRUE', true)
cert.add_extension extension_factory.create_extension('keyUsage', 'digitalSignature,keyCertSign')
cert.add_extension extension_factory.create_extension('subjectKeyIdentifier', 'hash')
#################################################
# Read input PDF
#################################################
pdf = PDF.read(input_file)
page = pdf.get_page(1)

#################################################
# prepare annotation data ( visable time_stamp )
#################################################

width = 200.0
height = 50.0
x = page.MediaBox[2].to_f - width - height
y = height
size = 8

now = Time.now

text_annotation = Annotation::AppearanceStream.new
text_annotation.Type = Origami::Name.new("XObject")
text_annotation.Resources = Resources.new
text_annotation.Resources.ProcSet = [Origami::Name.new("Text")]
text_annotation.set_indirect(true)
text_annotation.Matrix = [ 1, 0, 0, 1, 0, 0 ]
text_annotation.BBox = [ 0, 0, width, height ]
text_annotation.write("Signed at #{now.iso8601}", x: size, y: (height/2)-(size/2), size: size)

# Add signature annotation (so it becomes visibles in PDF document)
signature_annotation = Annotation::Widget::Signature.new
signature_annotation.Rect = Rectangle[llx: x, lly: y+height, urx: x+width, ury: y]
signature_annotation.F = Annotation::Flags::PRINT
signature_annotation.set_normal_appearance(text_annotation)

page.add_annotation(signature_annotation)

############################
# Sign the PDF with the specified keys
pdf.sign( cert,
          key,
          method: 'adbe.pkcs7.detached',
          annotation: signature_annotation,
          location: "Canada",
          contact: "someone@localhost.com",
          reason: "Proof of concept")

# Save the resulting file
pdf.save(OUTPUT_FILE)

puts "PDF file saved as #{OUTPUT_FILE}."

# Now that we have signed and saved, lets re-open it and prove the concept

document = PDF.read(OUTPUT_FILE)
document.signature.inspect
begin
  puts "******"
  puts document.verify(trusted_certs: [cert])
  puts "******"
rescue StandardError => e
  puts e.message
end
#puts document.author
open 'cert_123.crt', 'w' do |io|
  io.write cert
end

cert_2 = OpenSSL::X509::Certificate.new(File.read('cert_123.crt'))

puts "$" * 40
  puts document.verify(trusted_certs: [cert_2])
puts "$" * 40

# To verify that all of this has worked use adobe acrobat reader or similar
# product in which you can inspect the signatures. Not all PDF readers will
# allow you to read these signatures```

这篇关于折纸验证Rails中pdf的数字签名时出现OpenSSL错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！