PDF digital signature validation - Exception SHA1with1.2.840.10045.4.1 Signature not available

[tkalcevict]

Description
Hi,
I have a PDF file signed with ecdsa-with-SHA1 object id: 1.2.840.10045.4.1.

When I try to verify the digital signature with openpdf version "1.3.26"
Exception is thrown:
ExceptionConverter: java.security.NoSuchAlgorithmException: SHA1with1.2.840.10045.4.1 Signature not available
at java.security.Signature.getInstance(Signature.java:228)
at com.lowagie.text.pdf.PdfPKCS7.(PdfPKCS7.java:544)
at com.lowagie.text.pdf.AcroFields.verifySignature(AcroFields.java:2344)
at com.lowagie.text.pdf.AcroFields.verifySignature(AcroFields.java:2299)

By researching the openpdf source code and online resources, I came to conclusion that latest version of
open pdf does not have a support for ecdsa-with-SHA1 object id: 1.2.840.10045.4.1
http://oid-info.com/get/1.2.840.10045.4.1

Problem is also mentioned on StackOverflow (for iText free version):
https://stackoverflow.com/questions/46346144/digital-signature-verification-with-itext-not-working

As said on StackOverflow, when oid is added through reflection to field "algorithmNames" on
com.lowagie.text.pdf.PdfPKCS7 class everything works.
I only added this one particular oid.

My question is, is this fix valid and will this feature be added in future releases (alongside with other ECDSA oids)?

Thank you in advance!

To Reproduce
Code to reproduce the issue (signed PDF is company legacy and currently cannot be shared)

1. Sample Code
   package openpdf.sample;

import java.lang.reflect.Field;
import java.security.Security;
import java.util.HashMap;
import java.util.List;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

import com.lowagie.text.pdf.AcroFields;
import com.lowagie.text.pdf.PdfPKCS7;
import com.lowagie.text.pdf.PdfReader;

public class DigitalSignatureHelper {

private DigitalSignatureHelper() {
	throw new IllegalStateException("Disallowed instantiation");
}

static {
	// addOpenPdfSupportForEcdsaWithSha1(); 
}

/**
 * When oid is added throuh reflection to field "algorithmNames" on
 * com.lowagie.text.pdf.PdfPKCS7 class everything works
 */
private static void addOpenPdfSupportForEcdsaWithSha1() {
	try {
		Field algorithmNamesField = PdfPKCS7.class.getDeclaredField("algorithmNames");
		algorithmNamesField.setAccessible(true);

		@SuppressWarnings("unchecked")
		HashMap<String, String> algorithmNames = (HashMap<String, String>) algorithmNamesField.get(null);

		String oidEcdsaSha1 = "1.2.840.10045.4.1";

		if (algorithmNames != null && !algorithmNames.containsKey(oidEcdsaSha1)) {
			algorithmNames.put(oidEcdsaSha1, "ECDSA");
		}

	} catch (Exception e) {
		System.err.println("Silently reporting error");
		System.err.println(e);
	}
}

public static void verifySignaturesOfFiles(byte[] pdfBytes, String ext) {
	Security.addProvider(new BouncyCastleProvider());

	try (PdfReader pdfReader = new PdfReader(pdfBytes)) {
		AcroFields acroFields = pdfReader.getAcroFields();
		List<String> signatureNames = acroFields.getSignedFieldNames();

		for (String name : signatureNames) {
			PdfPKCS7 pkcs7 = acroFields.verifySignature(name);
			boolean valid = pkcs7.verify();

			System.err.println(valid);

		}
	} catch (Exception e) {
		throw new RuntimeException(e);
	}
}

}

Expected behavior
To validate PDF file signed with ecdsa-with-SHA1 object id: 1.2.840.10045.4.1
successfully

[andreasrosdal]

https://github.com/LibrePDF/OpenPDF/blob/0ce79b9d3f192d644164778df67090e6038ba9f0/openpdf/src/main/java/com/lowagie/text/pdf/PdfPKCS7.java

[tkalcevict]

Hi,
can you please explain me your reply?

Is comment only for future reference that problem is in
"com.lowagie.text.pdf.PdfPKCS7" class
or in it is provided solution?
I looked upon provided class and concluded that problem is still there.

Thank you in advance!

[andreasrosdal]

Pull requests welcome!