1
I am trying to use the Demoiselle Signer to verify the signature of a document made with the Digital Signer of Serpro Documents (https://www5.serpro.gov.br/assinador-digital).
The code is very simple:
byte[] documento = getBytesFrom("assinatura/tema-228.pdf");
byte[] assinatura = getBytesFrom("assinatura/tema-228.p7s");
PKCS7Signer signer = PKCS7Factory.getInstance().factoryDefault();
boolean ok = signer.check(documento, assinatura);
System.out.println(ok);
The files used in the test:
- Document: https://expressodrive.serpro.gov.br/public.php?service=files&t=4730dbcb900d933e6df9b34e86693207&download
- Signing: https://expressodrive.serpro.gov.br/public.php?service=files&t=b54cdfd792b917c803d9556423b6da9c&download
Pom:
<dependency>
<groupId>br.gov.frameworkdemoiselle.component</groupId>
<artifactId>demoiselle-certificate-signer</artifactId>
<version>2.0.0</version>
</dependency>
And what happened....
java.lang.NullPointerException
at br.gov.frameworkdemoiselle.certificate.signer.pkcs7.impl.CAdESSigner.check(CAdESSigner.java:178)
at br.gov.serpro.sislv.assinatura.DemoiselleSignerTest.shouldVerificarAssinatura(DemoiselleSignerTest.java:29)
I tried using the previous version of the signature:
<dependency>
<groupId>br.gov.frameworkdemoiselle.component</groupId>
<artifactId>demoiselle-certificate-signer</artifactId>
<version>1.0.9</version>
</dependency>
Then there was another mistake:
br.gov.frameworkdemoiselle.certificate.signer.SignerException: O Atributo signingCertificate não pode ser nulo.
at br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc.policies.ADRBCMS_2_1.validate(ADRBCMS_2_1.java:219)
at br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc.CAdESSigner.check(CAdESSigner.java:238)
at br.gov.serpro.sislv.assinatura.DemoiselleSignerTest.shouldVerificarAssinatura(DemoiselleSignerTest.java:29)
The use of Signer was based on the following documentation: http://demoiselle.sourceforge.net/docs/components/certificate/reference/2.0.0/html_single/#Signer-functionalities
Doubt: How can I verify a document signed by the Serpro Signer? You can use the Demoiseller Signer for this?
One bad thing is that on the Subscriber page it doesn’t count which algorithms are used =/
Is this signer basically the Demoiselle Applet
with the Demoiselle Signer
? Or is it something else?
Grateful! Leonardo Leite
PS: Demoiselle code where the null pointer
in version 2.0.0:
AttributeTable unsignedAttributes = signer.getUnsignedAttributes();
if (unsignedAttributes.size() == 0) { // null pointer aqui!
logger.info("O pacote PKCS7 não contem atributos nao assinados.");
}
Today a new version of the Serpro Subscriber was published which is now compatible with the ITI Verifier (https://verifier.iti.gov.br). But even so, the verification error remained the same in version 2.0.0 of the Demoiselle Signer (I did not check in version 1.0.9, but by the way it will also be the same).
– Leonardo Leite