Extract info about signatures - Cades & Pades (Java)

Question

I have a document (pdf) signed with 1 Pades signature and 2 Cades signatures and I need to extract the information about the signer of each signature.

I'm using CMSSignedData (bouncy castle library), but when I try to get the info, I only get the information about the last signature.

byte[] buffer = new byte[(int) tmpFile.length()];
    DataInputStream dataIn = new DataInputStream(new FileInputStream(tmpFile));
    dataIn.readFully(buffer);
    dataIn.close();
    
        CMSSignedData signature = new CMSSignedData(buffer);
        Store cs = signature.getCertificates();
        SignerInformationStore signers = signature.getSignerInfos();
        String hashOriginalFile = DigestUtils.sha256Hex(
                (byte[])signature.getSignedContent().getContent());

        List<SignInfo> certificatesInfo = signers.getSigners().stream()
                .map(si -> cs.getMatches(si.getSID()))
                .flatMap(Collection::stream)
                .map(o -> (X509CertificateHolder) o)
                .map(cert -> new SignInfo(hashOriginalFile, getCommonName(cert.getSubject()), cert.getIssuer().toString(), null, null))
                .collect(Collectors.toList());
        

There is a way to get all the signatures information? even using another library.

Thank you!

Answer 1

I would say it depends on how the document was signed:

• If signatures are added in a parallel way (3 signatures covering the same document hash), you should be able to see them using your code;
• If signatures are added sequentially (original document signed first time, then the signed document is signed again, etc.), you should implement a recursive approach.

I'd suggest having a look at the SD-DSS library, which offers this functionality out of the box - see https://github.com/esig/dss . You will probably need to validate the signature in order to retrieve this info.