Chris C <ChrisC <at> postmark.net> writes: > > Apologies for the long post. > > I am using iText (Version 1.3) to sign existing signatures fields in > a PDF Document (using the Windows Certificate Security method). The > signature fields were originally created using iText as well. I am > getting an intermittent problem when creating the signatures. One of > the following three situations occurs. > > 1. Signature is created and is valid in Acrobat > 2. IllegalArgumentException is thrown with message "The key /Contents > is too big" > 3. Signature appears to be created successfully, but is invalid in > acrobat (document has changed or has been corrupted). > > I am using the same input document and key. The only parameter that > changes is the signing time. Having looked at the iText source I think > the problem is occurring when the digital signature is created. In the > getEncodedPKCS7 method in the PdfPKCS7 class, the digest is set to the > result of the sign method called on the Signature object. However, the > length of the byte array returned varies from 46 to 47 bytes. This > causes a problem because the getEncodedPKCS7 method is called twice > when generating the signature. It is called once during the > setSignInfo method and again during the getSignerContents method in > the PdfSigGenericPKCS class. > > The setSignInfo method is called during the preClose method of the > PdfSignatureAppearance. The getSignerContents method is called from > the PdfStamper close method. The problem occurs when the returned > signatures are not the same length. The length of the /Contents key is > determined by the length of the signature generated during the > setSignInfo call. The actual byte value set in the PDF document > appears to be the one generated during the PdfStamper close method. If > both signatures are the same length, situation 1 occurs. If the first > signature is shorter than the second, situation 2 occurs. If the first > signature is longer than the second, situation 3 occurs. > > There doesn't appear to be any way of predicting what will happen. It > can work 8 or 9 times in a row and then fail. Or it can fail on the > first try. I have tried two different documents and different > certificates. I have also tried using both the SunJCE and the > BouncyCastle one. The problem only occurs when using a DSA signature. > > The following is the code I'm using to create the signatures: > > import java.io.FileInputStream; > import java.io.FileOutputStream; > import java.security.KeyStore; > import java.security.PrivateKey; > import java.security.cert.Certificate; > import java.util.ArrayList; > > import com.lowagie.text.pdf.AcroFields; > import com.lowagie.text.pdf.PdfReader; > import com.lowagie.text.pdf.PdfSignatureAppearance; > import com.lowagie.text.pdf.PdfStamper; > > public class Example { > > public static void main(String[] args) { > > try { > FileOutputStream fos = new > FileOutputStream("c:/out.pdf"); > > KeyStore ks = KeyStore.getInstance("PKCS12"); > > ks.load(new FileInputStream("c:/testdsa.p12"), > "password".toCharArray()); > String alias = (String) > ks.aliases().nextElement(); > > //Get the private key and certificate chain > PrivateKey key = (PrivateKey) ks.getKey(alias, > "password".toCharArray()); > Certificate[] chain = > ks.getCertificateChain(alias); > PdfReader _reader = new > PdfReader("c:/signature.pdf"); > > //Find the signature fields > AcroFields af = _reader.getAcroFields(); > ArrayList names = af.getSignatureNames(); > PdfStamper stp = null; > > if (names.size() == 0) { > stp = > PdfStamper.createSignature(_reader, fos, '\0'); > } else { > stp = > PdfStamper.createSignature(_reader, fos, '\0', null, > true); > } > > PdfSignatureAppearance sap = > stp.getSignatureAppearance(); > sap.setCrypto(key, chain, null, > PdfSignatureAppearance.WINCER_SIGNED); > sap.setReason(""); > sap.setLocation(""); > sap.setVisibleSignature("mysig"); > sap.setAcro6Layers(true); > stp.close(); > > }catch(Exception e){ > e.printStackTrace(System.out); > } > > > } > } > > Is this a problem with my set-up or a bug? > > Regards > > Chris > > ------------------------------------------------------- > This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput > a projector? How fast can you ride your desk chair down the office luge track? > If you want to score the big prize, get to know the little guy. > Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 >
Hello, I'm having exacly the same problem when signing a pdf with an X.509 certificate. I use the following commands to create a certificate : 1)Code to create a keystore containing keypairs keytool -genkey -dname "cn=Mark Jones, ou=JavaSoft, o=Sun, c=US" -alias business -keypass 123456 -keystore keystore.ks -storepass 123456 -validity 180 2)Export the certificate from the keystore to test.cer keytool -export -keystore ./keystore.ks -alias business -file test.cer And the following java code to sign the pdf: ********************************CODE******************************* import java.io.FileInputStream; import java.io.FileOutputStream; import java.security.KeyStore; import java.security.PrivateKey; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.util.Enumeration; import com.lowagie.text.pdf.PdfReader; import com.lowagie.text.pdf.PdfSignatureAppearance; import com.lowagie.text.pdf.PdfStamper; public class SigningTest{ public static void main(String[] args){ try { // Get a certificate from a file. FileInputStream is = new FileInputStream("./data/cert.cer"); CertificateFactory cf = CertificateFactory.getInstance("X.509"); java.security.cert.Certificate cert = cf.generateCertificate(is); // Get the private key from the keystore. KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(new FileInputStream("./data/keystore.ks"),"123456".toCharArray()); String alias = (String)ks.aliases().nextElement(); PrivateKey key = (PrivateKey)ks.getKey(alias, "123456".toCharArray()); // Add the certificate to the chain and sign the file. Certificate[] chain = new Certificate[] { cert }; PdfReader reader = new PdfReader("./data/sample2.pdf"); FileOutputStream fout = new FileOutputStream("./data/sigsample2.pdf"); PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0'); PdfSignatureAppearance sap = stp.getSignatureAppearance(); sap.setCrypto(key, chain, null, PdfSignatureAppearance.SELF_SIGNED); sap.setReason("I want to sign"); sap.setLocation("Antwerpen"); stp.close(); System.out.println("The file is signed."); } catch (Exception e) { e.printStackTrace(); } } } *****************************CODE****************************** Did you already found a solution to this problem ? Regards, Tom ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions