itext - MakeSignature.signDetached throws No Such Algorithm exception (SUN provider & SHA-256) -
i trying digitally sign pdf document itext. since using hardware encryptor jce provider trying test getting rid of bountycastle in unit test , instead use default sun implementation time being (until hardware encryptor arrives).
however, following exception when run program:
exception in thread "main" java.security.nosuchalgorithmexception: no such algorithm: sha256 provider sun @ sun.security.jca.getinstance.getservice(getinstance.java:87) @ sun.security.jca.getinstance.getinstance(getinstance.java:206) @ java.security.security.getimpl(security.java:698) @ java.security.messagedigest.getinstance(messagedigest.java:215) @ com.itextpdf.text.pdf.security.digestalgorithms.getmessagedigest(digestalgorithms.java:159) @ com.itextpdf.text.pdf.security.providerdigest.getmessagedigest(providerdigest.java:61) @ com.itextpdf.text.pdf.security.makesignature.signdetached(makesignature.java:130) @ signdoc.signpdf(signdoc.java:142) @ signdoc.main(signdoc.java:182)
the last few lines of codes below:
//externalsignature es = new privatekeysignature(pk, "sha-256", "bc"); //externaldigest digest = new bouncycastledigest(); //externalsignature es = new privatekeysignature(pk, "sha-256", "sun"); externalsignature es = new privatekeysignature(pk, "sha-256", "sunrsasign"); externaldigest digest = new providerdigest("sun"); makesignature.signdetached(appearance, digest, es, chain, null, null, null, 0, cryptostandard.cms);
as can see, copying samples , changed provider name , call 'new bouncycastledigest()' 'new providerdigest("sun")'
peeking @ source codes of itext (5.5.1-snapshot), find followings code fragments suspicious:
makesignature.java line 142 - 145
hashalgorithm = externalsignature.gethashalgorithm() called , used in
digestalgorithms.digest(data, externaldigest.getmessagedigest(hashalgorithm));
privatekeysignature.java line 76
since using privatekeysignature, peek @ privatekeysignature.java , find returns private class member hashalgorithm , how obtains value during construction (line 76):
this.hashalgorithm = digestalgorithms.getdigest(digestalgorithms.getalloweddigests(hashalgorithm));
digestalgorithms.java methods getalloweddigests() , getdigest()
in turn, getalloweddigests() returns oid of algorithm if algorithm name found in alloweddigests hash map (2.16.840.1.101.3.4.2.1 in case), otherwise returns null.
getdigest gets digest name oid using digestnames hash map.
however, name in digestnames hash map corresponds oid sha256, not sha-256.
as result, final digest name got "sha256" opposed "sha-256" , "sha256" causing nosuchalgorithm exception in sun provider.
(i tried getting message digest instance directly using sun provider. succeeded sha-256 threw same exception reporting here sha256.
is problem itext when using jce providers other bc?
appreciate if shed light on problem.
as temporary workaround, added followings privatekeysignature.java:
// temporary fix - remove hyphenation in hashalgorithm name // string signmode = hashalgorithm + "with" + encryptionalgorithm; string signmode = hashalgorithm.replaceall("-","") + "with" + encryptionalgorithm; // end temporary fix
it works me @ least now. has investigate how standard names of different algorithms in different context go before long term solution can devised, believe.
Comments
Post a Comment