Chris C <ChrisC <at> postmark.net> writes:
>
> Apologies for the long post.
>
> I am using iText (Version 1.3) to sign existing signatures fields in
> a PDF Document (using the Windows Certificate Security method). The
> signature fields were originally created using iText as well. I am
> getting an intermittent problem when creating the signatures. One of
> the following three situations occurs.
>
> 1. Signature is created and is valid in Acrobat
> 2. IllegalArgumentException is thrown with message "The key /Contents
> is too big"
> 3. Signature appears to be created successfully, but is invalid in
> acrobat (document has changed or has been corrupted).
>
> I am using the same input document and key. The only parameter that
> changes is the signing time. Having looked at the iText source I think
> the problem is occurring when the digital signature is created. In the
> getEncodedPKCS7 method in the PdfPKCS7 class, the digest is set to the
> result of the sign method called on the Signature object. However, the
> length of the byte array returned varies from 46 to 47 bytes. This
> causes a problem because the getEncodedPKCS7 method is called twice
> when generating the signature. It is called once during the
> setSignInfo method and again during the getSignerContents method in
> the PdfSigGenericPKCS class.
>
> The setSignInfo method is called during the preClose method of the
> PdfSignatureAppearance. The getSignerContents method is called from
> the PdfStamper close method. The problem occurs when the returned
> signatures are not the same length. The length of the /Contents key is
> determined by the length of the signature generated during the
> setSignInfo call. The actual byte value set in the PDF document
> appears to be the one generated during the PdfStamper close method. If
> both signatures are the same length, situation 1 occurs. If the first
> signature is shorter than the second, situation 2 occurs. If the first
> signature is longer than the second, situation 3 occurs.
>
> There doesn't appear to be any way of predicting what will happen. It
> can work 8 or 9 times in a row and then fail. Or it can fail on the
> first try. I have tried two different documents and different
> certificates. I have also tried using both the SunJCE and the
> BouncyCastle one. The problem only occurs when using a DSA signature.
>
> The following is the code I'm using to create the signatures:
>
> import java.io.FileInputStream;
> import java.io.FileOutputStream;
> import java.security.KeyStore;
> import java.security.PrivateKey;
> import java.security.cert.Certificate;
> import java.util.ArrayList;
>
> import com.lowagie.text.pdf.AcroFields;
> import com.lowagie.text.pdf.PdfReader;
> import com.lowagie.text.pdf.PdfSignatureAppearance;
> import com.lowagie.text.pdf.PdfStamper;
>
> public class Example {
>
> public static void main(String[] args) {
>
> try {
> FileOutputStream fos = new
> FileOutputStream("c:/out.pdf");
>
> KeyStore ks = KeyStore.getInstance("PKCS12");
>
> ks.load(new FileInputStream("c:/testdsa.p12"),
> "password".toCharArray());
> String alias = (String)
> ks.aliases().nextElement();
>
> //Get the private key and certificate chain
> PrivateKey key = (PrivateKey) ks.getKey(alias,
> "password".toCharArray());
> Certificate[] chain =
> ks.getCertificateChain(alias);
> PdfReader _reader = new
> PdfReader("c:/signature.pdf");
>
> //Find the signature fields
> AcroFields af = _reader.getAcroFields();
> ArrayList names = af.getSignatureNames();
> PdfStamper stp = null;
>
> if (names.size() == 0) {
> stp =
> PdfStamper.createSignature(_reader, fos, '\0');
> } else {
> stp =
> PdfStamper.createSignature(_reader, fos, '\0', null,
> true);
> }
>
> PdfSignatureAppearance sap =
> stp.getSignatureAppearance();
> sap.setCrypto(key, chain, null,
> PdfSignatureAppearance.WINCER_SIGNED);
> sap.setReason("");
> sap.setLocation("");
> sap.setVisibleSignature("mysig");
> sap.setAcro6Layers(true);
> stp.close();
>
> }catch(Exception e){
> e.printStackTrace(System.out);
> }
>
>
> }
> }
>
> Is this a problem with my set-up or a bug?
>
> Regards
>
> Chris
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput
> a projector? How fast can you ride your desk chair down the office luge track?
> If you want to score the big prize, get to know the little guy.
> Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
>
Hello,
I'm having exacly the same problem when signing a pdf
with an X.509 certificate.
I use the following commands to create a certificate :
1)Code to create a keystore containing keypairs
keytool -genkey -dname "cn=Mark Jones, ou=JavaSoft, o=Sun, c=US"
-alias business -keypass 123456 -keystore keystore.ks -storepass 123456
-validity 180
2)Export the certificate from the keystore to test.cer
keytool -export -keystore ./keystore.ks -alias business -file test.cer
And the following java code to sign the pdf:
********************************CODE*******************************
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Enumeration;
import com.lowagie.text.pdf.PdfReader;
import com.lowagie.text.pdf.PdfSignatureAppearance;
import com.lowagie.text.pdf.PdfStamper;
public class SigningTest{
public static void main(String[] args){
try
{
// Get a certificate from a file.
FileInputStream is = new FileInputStream("./data/cert.cer");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
java.security.cert.Certificate cert = cf.generateCertificate(is);
// Get the private key from the keystore.
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream("./data/keystore.ks"),"123456".toCharArray());
String alias = (String)ks.aliases().nextElement();
PrivateKey key = (PrivateKey)ks.getKey(alias, "123456".toCharArray());
// Add the certificate to the chain and sign the file.
Certificate[] chain = new Certificate[] { cert };
PdfReader reader = new PdfReader("./data/sample2.pdf");
FileOutputStream fout = new FileOutputStream("./data/sigsample2.pdf");
PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');
PdfSignatureAppearance sap = stp.getSignatureAppearance();
sap.setCrypto(key, chain, null, PdfSignatureAppearance.SELF_SIGNED);
sap.setReason("I want to sign");
sap.setLocation("Antwerpen");
stp.close();
System.out.println("The file is signed.");
}
catch (Exception e)
{
e.printStackTrace();
}
}
}
*****************************CODE******************************
Did you already found a solution to this problem ?
Regards,
Tom
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42" plasma tv or your very
own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
