[SOLVED] Error trying to verify CMS signature with pkijs

Error trying to verify CMS signature with pkijs

I'm trying to veryfy a CMS signature created with open ssl like this:

$ openssl cms -sign -signer domain.pem -inkey domain.key -binary -in README.md -outform der -out signature

Here is my code using pkijs:

import * as pkijs from "../src/shared/vendor/pkijs/index.es.js";
import * as pvtsutils from "../src/shared/vendor/pvtsutils/index.es.js";

function decodePEM(pem: string, tag = "[A-Z0-9 ]+"): ArrayBuffer[] {
  const pattern = new RegExp(
    `-{5}BEGIN ${tag}-{5}([a-zA-Z0-9=+\\/\\n\\r]+)-{5}END ${tag}-{5}`,
    "g",
  );

  const res: ArrayBuffer[] = [];
  let matches: RegExpExecArray | null = null;
  // eslint-disable-next-line no-cond-assign
  while ((matches = pattern.exec(pem))) {
    const base64 = matches[1]
      .replace(/\r/g, "")
      .replace(/\n/g, "");
    res.push(pvtsutils.Convert.FromBase64(base64));
  }

  return res;
}

const buffer = pvtsutils.BufferSourceConverter.toArrayBuffer(await Deno.readFile("./domain.pem"));
const pem = pvtsutils.Convert.ToBinary(buffer);
const certificate = pkijs.Certificate.fromBER(decodePEM(pem, "CERTIFICATE")[0]) as pkijs.Certificate;

//const publicKey = await certificate.getPublicKey();

//console.log(publicKey);
//console.log(certificate.signatureAlgorithm);


const cms = pkijs.ContentInfo.fromBER(await Deno.readFile("./signature"));
if (cms.contentType !== pkijs.ContentInfo.SIGNED_DATA) {
  throw new Error("CMS is not Signed Data");
}

const signedData = new pkijs.SignedData({ schema: cms.content });

// Verify Signed Data signature
const ok = await signedData.verify({
  signer: 0,
  checkChain: true,
  trustedCerts: [certificate],
});

console.log(ok);

Certificate is read and parsed correctly as well as SignedData but it fails at signedData.verify with following error:

error: Uncaught (in promise) SignedDataVerifyError: Missed detached data input array
                    throw new SignedDataVerifyError({

Where I'm doing wrong?

Solution

Ok, my bad... I just forgot to provide data to verify signature...

// Verify Signed Data signature
const ok = await signedData.verify({
  signer: 0,
  checkChain: true,
  trustedCerts: [certificate],
  data: await Deno.readFile("./README.md")
});