将XML-DSIG附加到PDF

时间:2018-09-11 14:25:23

标签: pdf digital-signature

我正在尝试实现BankID(瑞典eID提供程序)来对node.js中的PDF文件进行签名。它们具有用于用户身份验证和文件签名的API。关键是在过程结束时获取PAdES文件。首先,我修改PDF并注入占位符零,这些零将被数字签名十六进制值替换,如下所示:

const addSignaturePlaceholder = ({pdf, reason, signatureLength = 8192}) => {
    const signature = pdf.ref({
        Type: 'Sig',
        Filter: 'Adobe.PPKLite',
        SubFilter: 'adbe.pkcs7.detached',
        ByteRange: [
            0,
            DEFAULT_BYTE_RANGE_PLACEHOLDER,
            DEFAULT_BYTE_RANGE_PLACEHOLDER,
            DEFAULT_BYTE_RANGE_PLACEHOLDER,
        ],
        Contents: Buffer.from(String.fromCharCode(0).repeat(signatureLength)),
        Reason: new String(reason),
        M: new Date(),
    });

    return signature;
};

然后,我发送此PDF-转换为字节,将Base-64编码为BankID。签名过程完成后,BankID返回XML-DSig。

我的问题是,下一步我该怎么做?可以直接将签名附加到PDF吗?

这是缩写的BankID响应:

 <?xml version="1.0" encoding="UTF-8"?>
 <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
     <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
     <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
     <Reference Type="http://www.bankid.com/signature/v1.0.0/types" URI="#bidSignedData">
        <Transforms>
           <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <DigestValue>LCJtWcNyKWs03NkV0mh2OHB4/9bX1kS8mWLdWIDNoHk=</DigestValue>
     </Reference>
     <Reference URI="#bidKeyInfo">
        <Transforms>
           <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <DigestValue>base64digest</DigestValue>
     </Reference>
  </SignedInfo>
  <SignatureValue>sigbase64</SignatureValue>
  <KeyInfo Id="bidKeyInfo">
     <X509Data>
        <X509Certificate>signercertinBase64</X509Certificate>
        <X509Certificate>intermediateCRinBase64</X509Certificate>
        <X509Certificate>intermediate2</X509Certificate>
     </X509Data>
  </KeyInfo>
  <Object>
     <bankIdSignedData xmlns="http://www.bankid.com/signature/v1.0.0/types" Id="bidSignedData">
        <usrVisibleData charset="UTF-8" visible="wysiwys">Q29udHJhY3QgYmV0d2VlbiBBIGFuZCBC</usrVisibleData>
        <usrNonVisibleData>encodedPDF</usrNonVisibleData>
        <srvInfo>
           <name>...</name>
           <nonce>...</nonce>
           <displayName>...</displayName>
        </srvInfo>
        <clientInfo>
           <funcId>Signing</funcId>
           <version>...</version>
        </clientInfo>
     </bankIdSignedData>
  </Object>

0 个答案:

没有答案
相关问题
最新问题