From 19a9bab9f7300936282a3b72c975d388ea969078 Mon Sep 17 00:00:00 2001 From: German Arutyunov Date: Tue, 23 Mar 2021 17:31:39 +0300 Subject: [PATCH] fixed signature verification --- src/api/addAttachedSignature.ts | 10 ++++---- src/api/addDetachedSignature.test.ts | 36 +++++++++++++++++++++++++--- src/api/addDetachedSignature.ts | 12 ++++++---- 3 files changed, 46 insertions(+), 12 deletions(-) diff --git a/src/api/addAttachedSignature.ts b/src/api/addAttachedSignature.ts index 48ee4a0..433bb4e 100644 --- a/src/api/addAttachedSignature.ts +++ b/src/api/addAttachedSignature.ts @@ -6,14 +6,14 @@ import { _getCadesCert } from '../helpers/_getCadesCert'; import { _getDateObj } from '../helpers/_getDateObj'; /** - * Создает присоединенную подпись сообщения по отпечатку сертификата + * Добавляет присоединенную подпись к подписанному сообщению по отпечатку сертификата * * @param thumbprint - отпечаток сертификата - * @param message - подписываемое сообщение + * @param signedMessage - подписанное сообщение * @returns подпись в формате PKCS#7 */ export const addAttachedSignature = _afterPluginsLoaded( - async (thumbprint: string, unencryptedMessage: string | ArrayBuffer): Promise => { + async (thumbprint: string, signedMessage: string | ArrayBuffer): Promise => { const { cadesplugin } = window; const cadesCertificate = await _getCadesCert(thumbprint); @@ -47,7 +47,7 @@ export const addAttachedSignature = _afterPluginsLoaded( let messageBase64; try { - messageBase64 = Buffer.from(unencryptedMessage).toString('base64'); + messageBase64 = Buffer.from(signedMessage).toString('base64'); } catch (error) { console.error(error); @@ -72,7 +72,7 @@ export const addAttachedSignature = _afterPluginsLoaded( let signature: string; try { - void (__cadesAsyncToken__ + cadesSignedData.VerifyCades(messageBase64, cadesplugin.CADESCOM_PKCS7_TYPE)); + void (__cadesAsyncToken__ + cadesSignedData.VerifyCades(signedMessage, cadesplugin.CADESCOM_PKCS7_TYPE)); signature = __cadesAsyncToken__ + cadesSignedData.CoSignCades(cadesSigner, cadesplugin.CADESCOM_PKCS7_TYPE); } catch (error) { console.error(error); diff --git a/src/api/addDetachedSignature.test.ts b/src/api/addDetachedSignature.test.ts index 6225f62..447ea23 100644 --- a/src/api/addDetachedSignature.test.ts +++ b/src/api/addDetachedSignature.test.ts @@ -3,6 +3,7 @@ import { rawCertificates, parsedCertificates } from '../__mocks__/certificates'; import { createDetachedSignature } from './createDetachedSignature'; import { _getCadesCert } from '../helpers/_getCadesCert'; import { addDetachedSignature } from './addDetachedSignature'; +import { createHash } from './createHash'; const [rawCertificateMock] = rawCertificates; const [parsedCertificateMock] = parsedCertificates; @@ -21,6 +22,7 @@ const executionSteps = [ Symbol('step 4'), Symbol('step 5'), Symbol('step 6'), + Symbol('step 7'), ]; const executionFlow = { @@ -32,7 +34,7 @@ const executionFlow = { propset_ContentEncoding: jest.fn(), propset_Content: jest.fn(), SignHash: jest.fn(() => executionSteps[4]), - VerifyCades: jest.fn(), + VerifyHash: jest.fn(), CoSignHash: jest.fn(() => executionSteps[6]), }, [executionSteps[2]]: { @@ -46,9 +48,13 @@ const executionFlow = { [executionSteps[4]]: 'signature', [executionSteps[5]]: { propset_Algorithm: jest.fn(), + propset_DataEncoding: jest.fn(), + Hash: jest.fn(), + Value: executionSteps[7], SetHashValue: jest.fn(), }, [executionSteps[6]]: 'newSignature', + [executionSteps[7]]: 'hash', }; window.cadesplugin.__defineExecutionFlow(executionFlow); @@ -67,16 +73,40 @@ window.cadesplugin.CreateObjectAsync.mockImplementation((object) => { describe('addDetachedSignature', () => { test('uses specified certificate', async () => { + const originalBufferFrom = global.Buffer.from; + + (global.Buffer.from as jest.Mock) = jest.fn(() => ({ + toString: jest.fn(), + })); + const signature = await createDetachedSignature(parsedCertificateMock.thumbprint, 'message'); - await addDetachedSignature(parsedCertificateMock.thumbprint, signature); + const signatureHash = await createHash(signature); + await addDetachedSignature(parsedCertificateMock.thumbprint, signature, signatureHash); expect(_getCadesCert).toHaveBeenCalledWith(parsedCertificateMock.thumbprint); + + expect(global.Buffer.from).toHaveBeenCalledTimes(1); + + global.Buffer.from = originalBufferFrom; }); test('returns new signature', async () => { + const originalBufferFrom = global.Buffer.from; + + (global.Buffer.from as jest.Mock) = jest.fn(() => ({ + toString: jest.fn(), + })); + let signature = await createDetachedSignature(parsedCertificateMock.thumbprint, 'message'); - signature = await addDetachedSignature(parsedCertificateMock.thumbprint, signature); + const signatureHash = await createHash(signature); + signature = await addDetachedSignature(parsedCertificateMock.thumbprint, signature, signatureHash); + + expect(_getCadesCert).toHaveBeenCalledWith(parsedCertificateMock.thumbprint); + + expect(global.Buffer.from).toHaveBeenCalledTimes(1); expect(signature).toEqual('newSignature'); + + global.Buffer.from = originalBufferFrom; }); }); diff --git a/src/api/addDetachedSignature.ts b/src/api/addDetachedSignature.ts index abd57d6..9503354 100644 --- a/src/api/addDetachedSignature.ts +++ b/src/api/addDetachedSignature.ts @@ -6,14 +6,15 @@ import { _getCadesCert } from '../helpers/_getCadesCert'; import { _getDateObj } from '../helpers/_getDateObj'; /** - * Создает отсоединенную подпись хеша по отпечатку сертификата + * Добавляет отсоединенную подпись хеша к подписанному сообщению по отпечатку сертификата * * @param thumbprint - отпечаток сертификата - * @param messageHash - хеш подписываемого сообщения, сгенерированный по ГОСТ Р 34.11-2012 256 бит + * @param signedMessage - подписанное сообщение + * @param messageHash - хеш подписанного сообщения, сгенерированный по ГОСТ Р 34.11-2012 256 бит * @returns подпись в формате PKCS#7 */ export const addDetachedSignature = _afterPluginsLoaded( - async (thumbprint: string, messageHash: string): Promise => { + async (thumbprint: string, signedMessage: string | ArrayBuffer, messageHash: string): Promise => { const { cadesplugin } = window; const cadesCertificate = await _getCadesCert(thumbprint); @@ -74,7 +75,10 @@ export const addDetachedSignature = _afterPluginsLoaded( let signature: string; try { - void (__cadesAsyncToken__ + cadesSignedData.VerifyCades(cadesHashedData, cadesplugin.CADESCOM_PKCS7_TYPE)); + void ( + __cadesAsyncToken__ + + cadesSignedData.VerifyHash(cadesHashedData, signedMessage, cadesplugin.CADESCOM_PKCS7_TYPE) + ); signature = __cadesAsyncToken__ + cadesSignedData.CoSignHash(cadesHashedData, cadesSigner, cadesplugin.CADESCOM_PKCS7_TYPE);