class HexaPDF::DigitalSignature::PKCS1Handler

See: PDF2.0 s12.8.3.2
Note that PKCS#1 signatures are deprecated with PDF 2.0.
sub-filter.
The signature handler for PKCS#1 based sub-filters, the only being the adbe.x509.rsa_sha1

def certificate_chain

Returns the certificate chain.

def certificate_chain
  return [] unless signature_dict.key?(:Cert)
  [signature_dict[:Cert]].flatten.map {|str| OpenSSL::X509::Certificate.new(str) }
end

def signer_certificate

Returns the signer certificate (an instance of OpenSSL::X509::Certificate).

def signer_certificate
  certificate_chain.first
end

def verify(store, allow_self_signed: false)

Verifies the signature using the provided OpenSSL::X509::Store object.

def verify(store, allow_self_signed: false)
  result = super
  signer_certificate = self.signer_certificate
  certificate_chain = self.certificate_chain
  if certificate_chain.empty?
    result.log(:error, "No certificates for verification found")
    return result
  end
  signature = OpenSSL::ASN1.decode(signature_dict.contents)
  if signature.tag != OpenSSL::ASN1::OCTET_STRING
    result.log(:error, "PKCS1 signature object invalid, octet string expected")
    return result
  end
  store.verify(signer_certificate, certificate_chain)
  if signer_certificate.public_key.verify(OpenSSL::Digest.new('SHA1'),
                                          signature.value, signature_dict.signed_data)
    result.log(:info, "Signature valid")
  else
    result.log(:error, "Signature verification failed")
  end
  result
end

Namespace

HexaPDF::DigitalSignature

Parent class

HexaPDF::DigitalSignature::Handler

Instance Methods

Defined in

lib/hexapdf/digital_signature/pkcs1_handler.rb

Modules

Classes