System.out.println("Document modified: " + !pk.verify());output: Document modified: true Do you have any idea of what may be the problem? Thanks again, Luiz Kobayashi <[EMAIL PROTECTED]> Paulo Soares escreveu:
Your certificate must be a SHA1withRSA one with 1024 bits. If it isn't it won't work.Paulo----- Original Message ----- From: "Luiz Kobayashi" <[EMAIL PROTECTED]> To: "Post all your questions about iText here" <[email protected]>Sent: Thursday, July 13, 2006 6:28 PM Subject: [iText-questions] Using external signature in Self Sign ModeHi all, I'm trying to use the samples in the tutorial for using external signature in Self Sign Mode. It compiles ok, but when I verify it, it always says it has been modified. The code I'm using is: public static void signPDF() { try { KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(new FileInputStream("c:\\Downloads\\keystore.ks"), "password".toCharArray()); String alias = (String)ks.aliases().nextElement(); PrivateKey key = (PrivateKey)ks.getKey(alias, "password".toCharArray()); Certificate[] chain = ks.getCertificateChain(alias); PdfReader reader = new PdfReader("c:\\original.pdf"); FileOutputStream fout = new FileOutputStream("c:\\signed.pdf"); PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0'); PdfSignatureAppearance sap = stp.getSignatureAppearance(); sap.setCrypto(key, chain, null, PdfSignatureAppearance.SELF_SIGNED); sap.setReason("Testing"); sap.setLocation("Sao Paulo"); sap.setExternalDigest(new byte[128], null, "RSA"); sap.preClose(); PdfPKCS7 sig = sap.getSigStandard().getSigner(); Signature sign = Signature.getInstance("SHA1withRSA"); sign.initSign(key); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); byte buf[] = new byte[8192]; int n; InputStream inp = sap.getRangeStream(); while ((n = inp.read(buf)) > 0) { messageDigest.update(buf, 0, n); } byte[] signature = sign.sign(); String base64 = Conversion.byteArrayToBase64String(signature); sig.setExternalDigest(signature, null, "RSA"); PdfDictionary dic = new PdfDictionary(); dic.put(PdfName.CONTENTS, new PdfString(sig.getEncodedPKCS1()).setHexWriting(true)); // comment next line to have an invisible signature sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, null); PdfTemplate n1 = sap.getLayer(1); //get rid of the question mark PdfTemplate n2 = sap.getLayer(2); n2.beginText(); BaseFont bf = BaseFont.createFont(BaseFont.HELVETICA, BaseFont.CP1252, BaseFont.NOT_EMBEDDED); n2.setFontAndSize(bf, 7); n2.setLeading(2); n2.showText("Signature:"); n2.setLeading(2); n2.newlineShowText(base64); n2.endText(); sap.close(dic); } catch (Exception e) { e.printStackTrace(); } } public static void checkPDF() { try { CertificateFactory cf = CertificateFactory.getInstance("X509"); Collection col = cf.generateCertificates(new FileInputStream("C:\\Downloads\\export.cer")); KeyStore kall = KeyStore.getInstance(KeyStore.getDefaultType()); kall.load(null, null); for (Iterator it = col.iterator(); it.hasNext();) { X509Certificate cert = (X509Certificate)it.next(); kall.setCertificateEntry(cert.getSerialNumber().toString(Character.MAX_RADIX), cert); } PdfReader reader = new PdfReader("c:\\signed.pdf"); AcroFields af = reader.getAcroFields(); ArrayList names = af.getSignatureNames(); for (int k = 0; k < names.size(); ++k) { String name = (String)names.get(k); System.out.println("Signature name: " + name); System.out.println("Signature covers whole document: " + af.signatureCoversWholeDocument(name)); System.out.println("Document revision: " + af.getRevision(name) + " of " + af.getTotalRevisions()); // Start revision extraction FileOutputStream out = new FileOutputStream("c:\\revision_" + af.getRevision(name) + ".pdf"); byte bb[] = new byte[8192]; InputStream ip = af.extractRevision(name); int n = 0; while ((n = ip.read(bb)) > 0) out.write(bb, 0, n); out.close(); ip.close(); // End revision extraction PdfPKCS7 pk = af.verifySignature(name); Calendar cal = pk.getSignDate(); Certificate pkc[] = pk.getCertificates(); System.out.println("Subject: " + PdfPKCS7.getSubjectFields(pk.getSigningCertificate())); System.out.println("Document modified: " + !pk.verify()); Object fails[] = PdfPKCS7.verifyCertificates(pkc, kall, null, cal); if (fails == null) System.out.println("Certificates verified against the KeyStore"); else System.out.println("Certificate failed: " + fails[1]); } } catch (Exception e) { e.printStackTrace(); } } I thought it could be the fact that I'm trying to insert some text in the Layer2 of the signature, so I commented it, but the result was the same. Does anybody have a clue on why it always detects a modification that does not exist? Any help would be greatly appreciated. Thanks in advance, Luiz Kobayashi
export.cer
Description: application/x509-ca-cert
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions
