Demoiselle Signer and Serpro Digital Signer

Asked

Viewed 1,270 times

1

I am trying to use the Demoiselle Signer to verify the signature of a document made with the Digital Signer of Serpro Documents (https://www5.serpro.gov.br/assinador-digital).

The code is very simple:

    byte[] documento = getBytesFrom("assinatura/tema-228.pdf");
    byte[] assinatura = getBytesFrom("assinatura/tema-228.p7s");
    PKCS7Signer signer = PKCS7Factory.getInstance().factoryDefault();
    boolean ok = signer.check(documento, assinatura);
    System.out.println(ok);

The files used in the test:

Pom:

    <dependency>
        <groupId>br.gov.frameworkdemoiselle.component</groupId>
        <artifactId>demoiselle-certificate-signer</artifactId>
        <version>2.0.0</version>
    </dependency>

And what happened....

java.lang.NullPointerException
    at br.gov.frameworkdemoiselle.certificate.signer.pkcs7.impl.CAdESSigner.check(CAdESSigner.java:178)
    at br.gov.serpro.sislv.assinatura.DemoiselleSignerTest.shouldVerificarAssinatura(DemoiselleSignerTest.java:29)

I tried using the previous version of the signature:

    <dependency>
        <groupId>br.gov.frameworkdemoiselle.component</groupId>
        <artifactId>demoiselle-certificate-signer</artifactId>
        <version>1.0.9</version>
    </dependency>

Then there was another mistake:

br.gov.frameworkdemoiselle.certificate.signer.SignerException: O Atributo signingCertificate não pode ser nulo.
    at br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc.policies.ADRBCMS_2_1.validate(ADRBCMS_2_1.java:219)
    at br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc.CAdESSigner.check(CAdESSigner.java:238)
    at br.gov.serpro.sislv.assinatura.DemoiselleSignerTest.shouldVerificarAssinatura(DemoiselleSignerTest.java:29)

The use of Signer was based on the following documentation: http://demoiselle.sourceforge.net/docs/components/certificate/reference/2.0.0/html_single/#Signer-functionalities

Doubt: How can I verify a document signed by the Serpro Signer? You can use the Demoiseller Signer for this?

One bad thing is that on the Subscriber page it doesn’t count which algorithms are used =/ Is this signer basically the Demoiselle Applet with the Demoiselle Signer? Or is it something else?

Grateful! Leonardo Leite

PS: Demoiselle code where the null pointer in version 2.0.0:

    AttributeTable unsignedAttributes = signer.getUnsignedAttributes();
    if (unsignedAttributes.size() == 0) { // null pointer aqui!
        logger.info("O pacote PKCS7 não contem atributos nao assinados.");
    }
  • Today a new version of the Serpro Subscriber was published which is now compatible with the ITI Verifier (https://verifier.iti.gov.br). But even so, the verification error remained the same in version 2.0.0 of the Demoiselle Signer (I did not check in version 1.0.9, but by the way it will also be the same).

1 answer

1

Leonardo,

To generate a signature you can use the Demoiselle-Certificate-Signer: http://demoiselle.sourceforge.net/docs/components/certificate/reference/2.0.0/html_single/#d0e1950

As for the page of the subscriber I can not provide much information, because it is an application of Serpro. But if you use the component in its most up-to-date version (from 1.0.8 or 2.0.0) it is generated according to the ITI Policies. Current policies 2.0 and 2.1 use SHA2 for encryption.

As for the Nullpointer reported in version 2.0 is indeed a bug. I reported the bug in https://demoiselle.atlassian.net/browse/CER-6 and should come out a fix in the next version.

When to bug reported in version 1, I ask you to check again since there was a new version of the subscriber.

  • These days a new version of Subscriber came out and the problem has been fixed!

Browser other questions tagged

You are not signed in. Login or sign up in order to post.