Class: HexaPDF::Type::Signature::AdbeX509RsaSha1

Inherits:

Handler

Object
Handler
HexaPDF::Type::Signature::AdbeX509RsaSha1

show all

Defined in:: lib/hexapdf/type/signature/adbe_x509_rsa_sha1.rb

Overview

The signature handler for the adbe.x509.rsa_sha1 sub-filter.

Since this handler is deprecated with PDF 2.0 it only provides the implementation for reading and verifying signatures.

Instance Attribute Summary

Attributes inherited from Handler

#signature_dict

Instance Method Summary collapse

#certificate_chain ⇒ Object

Returns the certificate chain.
#signer_certificate ⇒ Object

Returns the signer certificate (an instance of OpenSSL::X509::Certificate).
#verify(store, allow_self_signed: false) ⇒ Object

Verifies the signature using the provided OpenSSL::X509::Store object.

Methods inherited from Handler

#initialize, #signer_name, #signing_time

Constructor Details

This class inherits a constructor from HexaPDF::Type::Signature::Handler

Instance Method Details

#certificate_chain ⇒ `Object`

Returns the certificate chain.

# File 'lib/hexapdf/type/signature/adbe_x509_rsa_sha1.rb', line 51

def certificate_chain
  return [] unless signature_dict.key?(:Cert)
  [signature_dict[:Cert]].flatten.map {|str| OpenSSL::X509::Certificate.new(str) }
end

#signer_certificate ⇒ `Object`

Returns the signer certificate (an instance of OpenSSL::X509::Certificate).



57
58
59

# File 'lib/hexapdf/type/signature/adbe_x509_rsa_sha1.rb', line 57

def signer_certificate
  certificate_chain.first
end

#verify(store, allow_self_signed: false) ⇒ `Object`

Verifies the signature using the provided OpenSSL::X509::Store object.

# File 'lib/hexapdf/type/signature/adbe_x509_rsa_sha1.rb', line 62

def verify(store, allow_self_signed: false)
  result = super

  signer_certificate = self.signer_certificate
  certificate_chain = self.certificate_chain

  if certificate_chain.empty?
    result.log(:error, "No certificates for verification found")
    return result
  end

  signature = OpenSSL::ASN1.decode(signature_dict.contents)
  if signature.tag != OpenSSL::ASN1::OCTET_STRING
    result.log(:error, "PKCS1 signature object invalid, octet string expected")
    return result
  end

  store.verify(signer_certificate, certificate_chain)

  if signer_certificate.public_key.verify(OpenSSL::Digest.new('SHA1'),
                                          signature.value, signature_dict.signed_data)
    result.log(:info, "Signature valid")
  else
    result.log(:error, "Signature verification failed")
  end

  result
end