@@ -12,6 +12,7 @@ import (
12
12
"crypto/x509"
13
13
"encoding/asn1"
14
14
"errors"
15
+ "fmt"
15
16
"hash"
16
17
17
18
"github.com/unidoc/unipdf/v3/core"
@@ -70,16 +71,35 @@ func getHashFromSignatureAlgorithm(sa x509.SignatureAlgorithm) (crypto.Hash, boo
70
71
}
71
72
72
73
func (a * adobeX509RSASHA1 ) getCertificate (sig * model.PdfSignature ) (* x509.Certificate , error ) {
73
- certificate := a .certificate
74
- if certificate == nil {
75
- certData := sig .Cert .(* core.PdfObjectString ).Bytes ()
76
- certs , err := x509 .ParseCertificates (certData )
77
- if err != nil {
78
- return nil , err
74
+ if a .certificate != nil {
75
+ return a .certificate , nil
76
+ }
77
+
78
+ var certData []byte
79
+ switch certObj := sig .Cert .(type ) {
80
+ case * core.PdfObjectString :
81
+ certData = certObj .Bytes ()
82
+ case * core.PdfObjectArray :
83
+ if certObj .Len () == 0 {
84
+ return nil , errors .New ("no signature certificates found" )
79
85
}
80
- certificate = certs [0 ]
86
+ for _ , obj := range certObj .Elements () {
87
+ certStr , ok := core .GetString (obj )
88
+ if ! ok {
89
+ return nil , fmt .Errorf ("invalid certificate object type in signature certificate chain: %T" , obj )
90
+ }
91
+ certData = append (certData , certStr .Bytes ()... )
92
+ }
93
+ default :
94
+ return nil , fmt .Errorf ("invalid signature certificate object type: %T" , certObj )
95
+ }
96
+
97
+ certs , err := x509 .ParseCertificates (certData )
98
+ if err != nil {
99
+ return nil , err
81
100
}
82
- return certificate , nil
101
+
102
+ return certs [0 ], nil
83
103
}
84
104
85
105
// NewDigest creates a new digest.
@@ -94,15 +114,11 @@ func (a *adobeX509RSASHA1) NewDigest(sig *model.PdfSignature) (model.Hasher, err
94
114
95
115
// Validate validates PdfSignature.
96
116
func (a * adobeX509RSASHA1 ) Validate (sig * model.PdfSignature , digest model.Hasher ) (model.SignatureValidationResult , error ) {
97
- certData := sig .Cert .(* core.PdfObjectString ).Bytes ()
98
- certs , err := x509 .ParseCertificates (certData )
117
+ certificate , err := a .getCertificate (sig )
99
118
if err != nil {
100
119
return model.SignatureValidationResult {}, err
101
120
}
102
- if len (certs ) == 0 {
103
- return model.SignatureValidationResult {}, errors .New ("certificate not found" )
104
- }
105
- cert := certs [0 ]
121
+
106
122
signed := sig .Contents .Bytes ()
107
123
var sigHash []byte
108
124
if _ , err := asn1 .Unmarshal (signed , & sigHash ); err != nil {
@@ -112,12 +128,8 @@ func (a *adobeX509RSASHA1) Validate(sig *model.PdfSignature, digest model.Hasher
112
128
if ! ok {
113
129
return model.SignatureValidationResult {}, errors .New ("hash type error" )
114
130
}
115
- certificate , err := a .getCertificate (sig )
116
- if err != nil {
117
- return model.SignatureValidationResult {}, err
118
- }
119
131
ha , _ := getHashFromSignatureAlgorithm (certificate .SignatureAlgorithm )
120
- if err := rsa .VerifyPKCS1v15 (cert .PublicKey .(* rsa.PublicKey ), ha , h .Sum (nil ), sigHash ); err != nil {
132
+ if err := rsa .VerifyPKCS1v15 (certificate .PublicKey .(* rsa.PublicKey ), ha , h .Sum (nil ), sigHash ); err != nil {
121
133
return model.SignatureValidationResult {}, err
122
134
}
123
135
return model.SignatureValidationResult {IsSigned : true , IsVerified : true }, nil
0 commit comments