Dear Danny, Bruno
and Paulo,
As promised on the
forum (http://homes.esat.kuleuven.be/~decockd/wiki/bin/view.cgi/Eid/EidForum -
28 feb 2006), you can find as attachment a sample code with iText and the new
belgium EID card.
Thanks to Danny for
his wonderfull code ;-)
I've also tested
iText, the EID card and IAIK (http://jce.iaik.tugraz.at) without any
problem.
Here is the code
:
package
be.nsi.security.signature.pdf;
import
java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.security.MessageDigest;
import java.security.cert.Certificate;
import
com.lowagie.text.*;
import com.lowagie.text.pdf.*;
import com.lowagie.text.pdf.*;
import
be.godot.sc.engine.BelpicCard;
public class
PDFSign
{
String[] args;
public PDFSign(String[] args)
{
super();
this.args = args;
}
public void selfSignMode() throws Throwable
{
File file = new File(args[0]);
if (!file.exists())
throw new FileNotFoundException("File "+ file.getPath() + "doesn't exist");
PdfReader reader = new PdfReader(file.getPath());
FileOutputStream fout = new FileOutputStream(args[0]+".selfsignmode.pdf");
PdfStamper stamper = PdfStamper.createSignature(reader, fout, '\0');
PdfSignatureAppearance sap = stamper.getSignatureAppearance();
Certificate[] certs = new Certificate[1];
BelpicCard scd = new BelpicCard("");
certs[0] = scd.getNonRepudiationCertificate();
{
String[] args;
public PDFSign(String[] args)
{
super();
this.args = args;
}
public void selfSignMode() throws Throwable
{
File file = new File(args[0]);
if (!file.exists())
throw new FileNotFoundException("File "+ file.getPath() + "doesn't exist");
PdfReader reader = new PdfReader(file.getPath());
FileOutputStream fout = new FileOutputStream(args[0]+".selfsignmode.pdf");
PdfStamper stamper = PdfStamper.createSignature(reader, fout, '\0');
PdfSignatureAppearance sap = stamper.getSignatureAppearance();
Certificate[] certs = new Certificate[1];
BelpicCard scd = new BelpicCard("");
certs[0] = scd.getNonRepudiationCertificate();
//sap.setCrypto(iKeyStore.getPrivateKey(eidCertificate.getAlias(),null), certs,
null, PdfSignatureAppearance.WINCER_SIGNED);
sap.setCrypto(null, certs, null, PdfSignatureAppearance.SELF_SIGNED);
sap.setReason("How to use iText with the new belgian electronic identity card");
sap.setLocation("Belgium");
// comment next line to have an invisible signature
sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, null);
sap.setExternalDigest(new byte[128], new byte[20], "RSA");
sap.preClose();
// Self-Sign mode
PdfPKCS7 sig = sap.getSigStandard().getSigner();
byte[] content = streamToByteArray(sap.getRangeStream());
byte[] hash= MessageDigest.getInstance("SHA-1").digest(content);
byte[] signatureBytes = scd.generateNonRepudiationSignature(hash);
sig.setExternalDigest(signatureBytes, null, "RSA");
PdfDictionary dic = new PdfDictionary();
dic.put(PdfName.CONTENTS, new PdfString(sig.getEncodedPKCS1()).setHexWriting(true));
sap.close(dic);
}
public static byte[] streamToByteArray(InputStream stream) throws Throwable
{
if (stream == null)
{
return null;
}
else
{
ByteArrayOutputStream byteArray = new ByteArrayOutputStream();
byte buffer[] = new byte[1024];
int c = 0;
while ( (c = stream.read(buffer)) > 0)
{
byteArray.write(buffer, 0, c);
}
byteArray.flush();
return byteArray.toByteArray();
}
}
sap.setCrypto(null, certs, null, PdfSignatureAppearance.SELF_SIGNED);
sap.setReason("How to use iText with the new belgian electronic identity card");
sap.setLocation("Belgium");
// comment next line to have an invisible signature
sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, null);
sap.setExternalDigest(new byte[128], new byte[20], "RSA");
sap.preClose();
// Self-Sign mode
PdfPKCS7 sig = sap.getSigStandard().getSigner();
byte[] content = streamToByteArray(sap.getRangeStream());
byte[] hash= MessageDigest.getInstance("SHA-1").digest(content);
byte[] signatureBytes = scd.generateNonRepudiationSignature(hash);
sig.setExternalDigest(signatureBytes, null, "RSA");
PdfDictionary dic = new PdfDictionary();
dic.put(PdfName.CONTENTS, new PdfString(sig.getEncodedPKCS1()).setHexWriting(true));
sap.close(dic);
}
public static byte[] streamToByteArray(InputStream stream) throws Throwable
{
if (stream == null)
{
return null;
}
else
{
ByteArrayOutputStream byteArray = new ByteArrayOutputStream();
byte buffer[] = new byte[1024];
int c = 0;
while ( (c = stream.read(buffer)) > 0)
{
byteArray.write(buffer, 0, c);
}
byteArray.flush();
return byteArray.toByteArray();
}
}
public static void main(String[] args)
{
try
{
PDFSign pdfsign = new PDFSign(args);
pdfsign.selfSignMode();
}
catch(Throwable t)
{
t.printStackTrace();
}
}
}
|
|
|
|
|
Philippe Frankinet |
|
NSI S.A.
(www.nsi-sa.be) |
