def test_sign_pss_md_discrepancy():
# Acrobat refuses to validate PSS signatures where the internal
# hash functions disagree, but mathematically speaking, that shouldn't
# be an issue.
signer = signers.SimpleSigner.load(
CRYPTO_DATA_DIR + '/selfsigned.key.pem',
CRYPTO_DATA_DIR + '/selfsigned.cert.pem',
ca_chain_files=(CRYPTO_DATA_DIR + '/selfsigned.cert.pem',),
key_passphrase=b'secret', signature_mechanism=SignedDigestAlgorithm({
'algorithm': 'rsassa_pss',
'parameters': RSASSAPSSParams({
'mask_gen_algorithm': MaskGenAlgorithm({
'algorithm': 'mgf1',
'parameters': DigestAlgorithm({'algorithm': 'sha512'})
}),
'hash_algorithm': DigestAlgorithm({'algorithm': 'sha256'}),
'salt_length': 478
})
})
)
w = IncrementalPdfFileWriter(BytesIO(MINIMAL))
meta = signers.PdfSignatureMetadata(field_name='Sig1')
out = signers.sign_pdf(w, meta, signer=signer)
r = PdfFileReader(out)
emb = r.embedded_signatures[0]
assert emb.field_name == 'Sig1'
sda: SignedDigestAlgorithm = emb.signer_info['signature_algorithm']
assert sda.signature_algo == 'rsassa_pss'
val_untrusted(emb)
def test_overspecify_cms_digest_algo():
# TODO this behaviour is not ideal, but at least this test documents it
signer = signers.SimpleSigner.load(
CRYPTO_DATA_DIR + '/selfsigned.key.pem',
CRYPTO_DATA_DIR + '/selfsigned.cert.pem',
ca_chain_files=(CRYPTO_DATA_DIR + '/selfsigned.cert.pem',),
key_passphrase=b'secret',
# specify an algorithm object that also mandates a specific
# message digest
signature_mechanism=SignedDigestAlgorithm(
{'algorithm': 'sha256_rsa'}
)
)
w = IncrementalPdfFileWriter(BytesIO(MINIMAL))
# digest methods agree, so that should be OK
out = signers.sign_pdf(
w,
signers.PdfSignatureMetadata(field_name='Sig1', md_algorithm='sha256'),
signer=signer
)
r = PdfFileReader(out)
s = r.embedded_signatures[0]
val_untrusted(s)
w = IncrementalPdfFileWriter(BytesIO(MINIMAL))
with pytest.raises(SigningError):
signers.sign_pdf(
w, signers.PdfSignatureMetadata(
field_name='Sig1', md_algorithm='sha512'
), signer=signer
)
def test_verify_sig_without_signed_attrs():
# pyHanko never produces signatures of this type, but we should be able
# to validate them (this file was created using a modified version of
# pyHanko's signing code, which will never see the light of day)
with open(PDF_DATA_DIR + '/sig-no-signed-attrs.pdf', 'rb') as f:
r = PdfFileReader(f)
s = r.embedded_signatures[0]
assert s.field_name == 'Sig1'
val_untrusted(s)
def test_sign_pss():
signer = signers.SimpleSigner.load(
CRYPTO_DATA_DIR + '/selfsigned.key.pem',
CRYPTO_DATA_DIR + '/selfsigned.cert.pem',
ca_chain_files=(CRYPTO_DATA_DIR + '/selfsigned.cert.pem',),
key_passphrase=b'secret', prefer_pss=True
)
w = IncrementalPdfFileWriter(BytesIO(MINIMAL))
meta = signers.PdfSignatureMetadata(field_name='Sig1')
out = signers.sign_pdf(w, meta, signer=signer)
r = PdfFileReader(out)
emb = r.embedded_signatures[0]
assert emb.field_name == 'Sig1'
sda: SignedDigestAlgorithm = emb.signer_info['signature_algorithm']
assert sda.signature_algo == 'rsassa_pss'
val_untrusted(emb)
def test_verify_sig_with_ski_sid():
with open(PDF_DATA_DIR + '/sig-with-ski-sid.pdf', 'rb') as f:
r = PdfFileReader(f)
s = r.embedded_signatures[0]
assert s.field_name == 'Sig1'
val_untrusted(s)