class HexaPDF::DigitalSignature::PKCS1Handler
See: PDF2.0 s12.8.3.2
Note that PKCS#1 signatures are deprecated with PDF 2.0.
sub-filter.
The signature handler for PKCS#1 based sub-filters, the only being the adbe.x509.rsa_sha1
def certificate_chain
def certificate_chain return [] unless signature_dict.key?(:Cert) [signature_dict[:Cert]].flatten.map {|str| OpenSSL::X509::Certificate.new(str) } end
def signer_certificate
def signer_certificate certificate_chain.first end
def verify(store, allow_self_signed: false)
def verify(store, allow_self_signed: false) result = super signer_certificate = self.signer_certificate certificate_chain = self.certificate_chain if certificate_chain.empty? result.log(:error, "No certificates for verification found") return result end signature = OpenSSL::ASN1.decode(signature_dict.contents) if signature.tag != OpenSSL::ASN1::OCTET_STRING result.log(:error, "PKCS1 signature object invalid, octet string expected") return result end store.verify(signer_certificate, certificate_chain) if signer_certificate.public_key.verify(OpenSSL::Digest.new('SHA1'), signature.value, signature_dict.signed_data) result.log(:info, "Signature valid") else result.log(:error, "Signature verification failed") end result end