I'm sorry for the lack of clearness of my thread and also of my english.
I'll try at my best to explain again what I need.
Obviusly I need to sign a pdf.
I am able to do it with this code:
//get the certificate used to sign, call it certificate
PdfReader reader = new PdfReader("pdf_to_be_signed.pdf");
FileOutputStream fout = new FileOutputStream("signed_pdf.pdf");
PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');
PdfSignatureAppearance sap = stp.getSignatureAppearance();
sap.setCrypto(null, new Certificate[]{certificate}, null,
PdfSignatureAppearance.SELF_SIGNED);
sap.setReason("Hello");
sap.setLocation("Italy");
sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, null);
sap.setExternalDigest(new byte[128], new byte[20], null);
sap.preClose();
MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
byte buf[] = new byte[8192];
int n;
InputStream inp = sap.getRangeStream();
while ((n = inp.read(buf)) > 0)
{
messageDigest.update(buf, 0, n);
}
byte hash[] = messageDigest.digest();
//sign this hash with an external procedure that gives me signed_hash
PdfPKCS7 sig = sap.getSigStandard().getSigner();
sig.setExternalDigest(signed_hash, null, "RSA");
PdfDictionary dic2 = new PdfDictionary();
dic2.put(PdfName.CONTENTS, new
PdfString(sig.getEncodedPKCS1()).setHexWriting(true));
sap.close(dic2);
Call this piece of code CASE1.
So what's the problem?
The problem is that to use the CASE1 I need to observe a strict order for
the operations:
1-get the certificate to use for the signature operation
2-use a PDFReader to read the pdf to sign
3-use a PDFStamper to modify the pdf creating the signed one
4-use PdfSignatureAppearance to create the "signature field"
5-fill this signature filed with certificate, reason, location etc....
6-get the hash to be signed
7-sign it with an external proc
8-add the signature
The problem is the first point. I have the certificate only at the point 7.
It means that I don't choose the certificate used to sign. It's the external
signature procedure that,
on the base of the user that does the login, uses a certificate rather than
another and returns to me the
signature and the certificate used to sign.
QUESTION 1:
Is it possible to change the code of the CASE1, so to not have the need of a
certificate during the creation of the
PdfSignatureAppearance object and so to add it only after the point 7?
If yes, could you help me with a sample code?
If the answer to the question 1 is no, the only thing I can do is to use a
"fake" certificate.
Doing so, I obtain a pdf signed with the wrong certificate and then I need
to replace into the
signed pdf signature and certificate with the right ones.
I think there are 2 possibilities:
1-sign the pdf once simply to obtain the certificate and then sign again to
obtain the real signed pdf.
2-sign the pdf once simply to obtain the certificate and then replace into
the signed pdf the certificate and the signature with the right ones.
If the solution is the second one, I have no idea about the way to do it.
In this case it would be great a sample code to drive me step by step.
--
View this message in context:
http://www.nabble.com/signing-pdf-with-external-signature-tp21917425p22034825.html
Sent from the iText - General mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.1t3xt.com/docs/book.php
