Invalid password

[tasagore]

Hi

I've upgraded from RC5 to RC7 and still every time I try to sign a file I get the invalid password error and it's right. Tested in two instances (same server).

I thought this was fixed, isn't it?

Regards

[JeffStarkman]

First, thanks for the good work!

Nextcloud 28.0.3, PHP 8.2. LibreSign rc6 / rc7
I have the same problem. I created a certificate with: user - libresign - settings - create certificate. After creation, I change the password 2 times to see if I use the correct password. this works.

Now try to sign a pdf, i get always the message "wrong password".

Second try, I import a certificate file "mycert.pfx" with a known password, I get the same error.

Greetings

[JeffStarkman]

Additional Information, I found this error in my nextcloud Log:

[PHP] Fehler: Undefined array key "profileElementId" at /var/www/nextcloud/apps/libresign/lib/Helper/ValidateHelper.php#306
POST /ocs/v2.php/apps/libresign/api/v1/sign/uuid/e9e23453-ff3c-4fe3-9373-3c77a5bf51bd

[vitormattos]

@JeffStarkman could you provide the scenario to reproduce this problem? Looking at the code, this isn't related with password and I can't create a scenario to reproduce your report.

[JeffStarkman]

• Create a certifikate with known password:

• ok

• change password:
  

• Password change is ok

• sign a document:

Error in the right upper corner:

• same in the way, click on Icon:
  

• signing windows as a overlay, same result

• error Log:

  [PHP] Fehler: Undefined array key "profileElementId" at /var/www/nextcloud/apps/libresign/lib/Helper/ValidateHelper.php#306
  POST /ocs/v2.php/apps/libresign/api/v1/sign/uuid/2bd4563b-9932-4c91-a19b-c33b48b994ee

• my System:

  Betriebssystem: Linux 5.15.0-100-generic x86_64

  Prozessor: Intel(R) N100 (2 cores)

  Speicher: 9.67 GB

  Server-Zeit: Tue Mar 12 22:39:07 CET 2024

• PHP

  Version: 8.2.16
  Speicherlimit: 4 GB
  Maximale Ausführungszeit: 3600

  Maximale Größe zum Hochladen: 8 GB
  OPcache-Revalidierungshäufigkeit: 2

  Erweiterungen: Core, date, libxml, openssl, pcre, zlib, filter, hash, json, random, Reflection, SPL, session, standard, sodium, cgi-fcgi, pdlib, PDO, xml, apcu, bcmath, bz2, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, igbinary, imagick, imap, intl, ldap, exif, msgpack, pdo_pgsql, pgsql, Phar, posix, readline, redis, shmop, SimpleXML, smbclient, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, xmlreader, xmlwriter, xsl, zip, memcached, libsmbclient, Zend OPcache

• Database

  Art: pgsql
  Version: PostgreSQL 14.11 (Ubuntu 14.11-1.pgdg22.04+1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0, 64-bit
  Größe: 643,7 MB

Greetings

[tasagore]

@JeffStarkman could you provide the scenario to reproduce this problem? Looking at the code, this isn't related with password and I can't create a scenario to reproduce your report.

Hi @vitormattos , since you can't create a scenario to reproduce it and a few of us have the same problem I can setup a VM with all stuff installed and give you access or send you a link to download the entire VM and make your own test locally if it helps.

[vitormattos]

Hi @tasagore I'm making improvements at flow to generate root certificate and also to generate the signer certificate here:

• Fixes and tests coverage when generate CFSSL and OpenSSL root cert and PFX cert #2524

It might be a good idea to wait for these improvements to be completed as I won't be able to test in another environment at the moment.

If the problem persists on your side after this pull request, I will be very happy to be able to reproduce the steps in an environment where the problem is occurring.

We are currently in need of financing for the project to be able to pay for the development as today the project does not have the funds to maintain itself financially.

[vitormattos]

@tasagore and @JeffStarkman
I published now the RC-8 with a lot of improvements at certificates. Could test again?
I recommend to generate a new root cert because I made changes at root cert generation too.

[JeffStarkman]

I have tested again (rc8), with the following steps:

• delete root certificate
• create new root certifikate
• upload a pdf
  
• sign
  
• insert password
  

=> same error

back to settings, I take a look at my certificate and also try to change my password:

• read my certificate
  

=> ok

• change password (from 123456 to 1234 and vice versa)
  

=> ok

• read my certificate with new password

=> ok

my settings with openssl:

warnings in log:
[PHP] Fehler: Undefined array key "OU" at /var/www/nextcloud/apps/libresign/lib/Handler/CertificateEngine/AEngineHandler.php#138
POST /ocs/v2.php/apps/libresign/api/v1/account/pfx/read

i didnt fillout the field "OU", so maybe this error is not important

nextsteps for me,

• I will delete the root certificate, my certificate,
• change to CFSSL
• create a new root-ca (with all fields) and a new personell certificate
• and test again:
  

=> same error

next try, make updates (most php8.2), uninstall libresign, reboot and install libresign again:

• make a new personell certificate

=> same error

I found a new error in log:
[PHP] Fehler: fsockopen(): Unable to connect to 127.0.0.1:8888 (Connection refused) at /var/www/nextcloud/apps/libresign/lib/Handler/CertificateEngine/CfsslHandler.php#269
GET /apps/files

short story:
in settings and personel settings I can change / create certificate and passwords, every thing works.

Remark: if I read my certificate and type a wrong password, I get no msg Password wrong, I have to close the small window

(the circle dont stop rotating)

an type it again.

only in the last step signing the document, it won't work.

helpfull was the new "read certificate" button to check the password!

Greetings

[tasagore]

@vitormattos same with RC8, invalid password. I've deleted the root cert, the personal cert, change passwords...no way, always same error.

NC Logs:

[vitormattos]

Hi @tasagore could you provide the entire row log of this entry? The backtrace could help to identify what happening.

[tasagore]

Entire row log? Do you mean the nextcloud.log content?

[vitormattos]

No, only the rows of the errors that stays in your print screen.

[vitormattos]

Maybe was resolved by:

• Fix password field name #2599

Wait next release candidate

[vitormattos]

[PHP] Fehler: Undefined array key "profileElementId" at /var/www/nextcloud/apps/libresign/lib/Helper/ValidateHelper.php#306
POST /ocs/v2.php/apps/libresign/api/v1/sign/uuid/e9e23453-ff3c-4fe3-9373-3c77a5bf51bd

Fixed by:

• Remove dead code #2605

[vitormattos]

Fixed at https://github.com/LibreSign/libresign/releases/download/v8.0.0-rc9/libresign-v8.0.0-rc9.tar.gz

[JeffStarkman]

works also for me after installed version rc9:

• update LibresignApp to version rc9
• sign an "old" pdf (see last tries above, very old PDF)

after insert password a get an error in the upper right corner:

The chosen hash algorithm (SHA-1) requires a newer PDF version (PDF-1.3) than the original (PDF-1.2).
THe PDF version update is impossible in the "append" signature mode.
Either disable the append mode or pick another hash algorithm.
These are the algorithm requirements: SHA-1 (PDF-1.3, SHA-256 (PDF-1.6), SHA-384 (PDF-1.7), SHA-512 (PDF-1.7), RIPEMD160 (PDF-1.7)

• create and sign a new PDF (PDF version 1.5)

=> IT WORKS!

[vitormattos]

Hi @JeffStarkman this is an error message from JSignPdf that haven't support to PDF-1.2

I prefixed this message by:

Error at JSignPdf side. LibreSign can not do nothing. Follow the error message: