[iText-questions] Using external signature in Self Sign Mode

Thu, 13 Jul 2006 10:28:25 -0700 

Hi all,

I'm trying to use the samples in the tutorial for using external 
signature in Self Sign Mode. It compiles ok, but when I verify it, it 
always says it has been modified.

The code I'm using is:

   public static void signPDF()
   {
       try
       {
           KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
           ks.load(new FileInputStream("c:\\Downloads\\keystore.ks"), 
"password".toCharArray());
           String alias = (String)ks.aliases().nextElement();
           PrivateKey key = (PrivateKey)ks.getKey(alias, 
"password".toCharArray());
           Certificate[] chain = ks.getCertificateChain(alias);
           PdfReader reader = new PdfReader("c:\\original.pdf");
           FileOutputStream fout = new FileOutputStream("c:\\signed.pdf");

           PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');
           PdfSignatureAppearance sap = stp.getSignatureAppearance();
           sap.setCrypto(key, chain, null, 
PdfSignatureAppearance.SELF_SIGNED);
           sap.setReason("Testing");
           sap.setLocation("Sao Paulo");
           sap.setExternalDigest(new byte[128], null, "RSA");
           sap.preClose();
                               PdfPKCS7 sig = 
sap.getSigStandard().getSigner();
           Signature sign = Signature.getInstance("SHA1withRSA");
           sign.initSign(key);
           MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
           byte buf[] = new byte[8192];
           int n;
           InputStream inp = sap.getRangeStream();
           while ((n = inp.read(buf)) > 0) {
               messageDigest.update(buf, 0, n);
           }
           byte[] signature = sign.sign();
           String base64 = Conversion.byteArrayToBase64String(signature);
           sig.setExternalDigest(signature, null, "RSA");
           PdfDictionary dic = new PdfDictionary();
           dic.put(PdfName.CONTENTS, new 
PdfString(sig.getEncodedPKCS1()).setHexWriting(true));

           //     comment next line to have an invisible signature
           sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, 
null);
           PdfTemplate n1 = sap.getLayer(1); //get rid of the question mark
           PdfTemplate n2 = sap.getLayer(2);
                    n2.beginText();
           BaseFont bf = BaseFont.createFont(BaseFont.HELVETICA, 
BaseFont.CP1252, BaseFont.NOT_EMBEDDED);
           n2.setFontAndSize(bf, 7);
           n2.setLeading(2);
           n2.showText("Signature:");
           n2.setLeading(2);
           n2.newlineShowText(base64);
           n2.endText();

           sap.close(dic);
                                        }
       catch (Exception e)
       {
           e.printStackTrace();
       }
   }

   public static void checkPDF()
   {
       try
       {                    CertificateFactory cf = 
CertificateFactory.getInstance("X509");
           Collection col = cf.generateCertificates(new 
FileInputStream("C:\\Downloads\\export.cer"));
           KeyStore kall = KeyStore.getInstance(KeyStore.getDefaultType());
           kall.load(null, null);
           for (Iterator it = col.iterator(); it.hasNext();) {
               X509Certificate cert = (X509Certificate)it.next();
               
kall.setCertificateEntry(cert.getSerialNumber().toString(Character.MAX_RADIX), 
cert);
           }
                     PdfReader reader = new PdfReader("c:\\signed.pdf");
           AcroFields af = reader.getAcroFields();
           ArrayList names = af.getSignatureNames();
           for (int k = 0; k < names.size(); ++k) {
              String name = (String)names.get(k);
              System.out.println("Signature name: " + name);
              System.out.println("Signature covers whole document: " + 
af.signatureCoversWholeDocument(name));
              System.out.println("Document revision: " + 
af.getRevision(name) + " of " + af.getTotalRevisions());
              // Start revision extraction
              FileOutputStream out = new 
FileOutputStream("c:\\revision_" + af.getRevision(name) + ".pdf");
              byte bb[] = new byte[8192];
              InputStream ip = af.extractRevision(name);
              int n = 0;
              while ((n = ip.read(bb)) > 0)
                 out.write(bb, 0, n);
              out.close();
              ip.close();
              // End revision extraction
              PdfPKCS7 pk = af.verifySignature(name);
              Calendar cal = pk.getSignDate();
              Certificate pkc[] = pk.getCertificates();
              System.out.println("Subject: " + 
PdfPKCS7.getSubjectFields(pk.getSigningCertificate()));
              System.out.println("Document modified: " + !pk.verify());
              Object fails[] = PdfPKCS7.verifyCertificates(pkc, kall, 
null, cal);
              if (fails == null)
                  System.out.println("Certificates verified against the 
KeyStore");
              else
                  System.out.println("Certificate failed: " + fails[1]);
           }
       }
       catch (Exception e)
       {
           e.printStackTrace();
       }
   }

I thought it could be the fact that I'm trying to insert some text in 
the Layer2 of the signature, so I commented it, but the result was the 
same.

Does anybody have a clue on why it always detects a modification that 
does not exist?

Any help would be greatly appreciated.

Thanks in advance,

Luiz Kobayashi


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions

Reply via email to