itext - MakeSignature.signDetached throws No Such Algorithm exception (SUN provider & SHA-256) -


i trying digitally sign pdf document itext. since using hardware encryptor jce provider trying test getting rid of bountycastle in unit test , instead use default sun implementation time being (until hardware encryptor arrives).

however, following exception when run program:

exception in thread "main" java.security.nosuchalgorithmexception: no such algorithm: sha256 provider sun @ sun.security.jca.getinstance.getservice(getinstance.java:87) @ sun.security.jca.getinstance.getinstance(getinstance.java:206) @ java.security.security.getimpl(security.java:698) @ java.security.messagedigest.getinstance(messagedigest.java:215) @ com.itextpdf.text.pdf.security.digestalgorithms.getmessagedigest(digestalgorithms.java:159) @ com.itextpdf.text.pdf.security.providerdigest.getmessagedigest(providerdigest.java:61) @ com.itextpdf.text.pdf.security.makesignature.signdetached(makesignature.java:130) @ signdoc.signpdf(signdoc.java:142) @ signdoc.main(signdoc.java:182)

the last few lines of codes below:

    //externalsignature es = new privatekeysignature(pk, "sha-256", "bc");     //externaldigest digest = new bouncycastledigest();     //externalsignature es = new privatekeysignature(pk, "sha-256", "sun");     externalsignature es = new privatekeysignature(pk, "sha-256", "sunrsasign");     externaldigest digest = new providerdigest("sun");     makesignature.signdetached(appearance, digest, es, chain, null, null, null, 0, cryptostandard.cms); 

as can see, copying samples , changed provider name , call 'new bouncycastledigest()' 'new providerdigest("sun")'

peeking @ source codes of itext (5.5.1-snapshot), find followings code fragments suspicious:

  1. makesignature.java line 142 - 145

    hashalgorithm = externalsignature.gethashalgorithm() called , used in

    digestalgorithms.digest(data, externaldigest.getmessagedigest(hashalgorithm));

  2. privatekeysignature.java line 76

    since using privatekeysignature, peek @ privatekeysignature.java , find returns private class member hashalgorithm , how obtains value during construction (line 76):

    this.hashalgorithm = digestalgorithms.getdigest(digestalgorithms.getalloweddigests(hashalgorithm));

  3. digestalgorithms.java methods getalloweddigests() , getdigest()

    in turn, getalloweddigests() returns oid of algorithm if algorithm name found in alloweddigests hash map (2.16.840.1.101.3.4.2.1 in case), otherwise returns null.

    getdigest gets digest name oid using digestnames hash map.

    however, name in digestnames hash map corresponds oid sha256, not sha-256.

as result, final digest name got "sha256" opposed "sha-256" , "sha256" causing nosuchalgorithm exception in sun provider.

(i tried getting message digest instance directly using sun provider. succeeded sha-256 threw same exception reporting here sha256.

is problem itext when using jce providers other bc?

appreciate if shed light on problem.

as temporary workaround, added followings privatekeysignature.java:

// temporary fix - remove hyphenation in hashalgorithm name // string signmode = hashalgorithm + "with" + encryptionalgorithm; string signmode = hashalgorithm.replaceall("-","") + "with" + encryptionalgorithm; // end temporary fix

it works me @ least now. has investigate how standard names of different algorithms in different context go before long term solution can devised, believe.


Comments

Popular posts from this blog

android - Get AccessToken using signpost OAuth without opening a browser (Two legged Oauth) -

org.mockito.exceptions.misusing.InvalidUseOfMatchersException: mockito -

google shop client API returns 400 bad request error while adding an item -