As I said before you need an external signature. With an external signature you
provide iText with the signed PKCS7 structure. See the iTextSharp example. The
actual generation of the signed PKCS7 will depend on your particular case, it's
impossible to give an example.
Paulo
> -----Original Message-----
> From: amarianoelaide [mailto:[email protected]]
> Sent: Monday, February 16, 2009 10:31 AM
> To: [email protected]
> Subject: Re: [iText-questions] signing pdf with external signature
>
>
> I'm sorry for the lack of clearness of my thread and also of
> my english.
> I'll try at my best to explain again what I need.
>
> Obviusly I need to sign a pdf.
> I am able to do it with this code:
>
> //get the certificate used to sign, call it certificate
> PdfReader reader = new PdfReader("pdf_to_be_signed.pdf");
> FileOutputStream fout = new FileOutputStream("signed_pdf.pdf");
> PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');
> PdfSignatureAppearance sap = stp.getSignatureAppearance();
> sap.setCrypto(null, new Certificate[]{certificate}, null,
> PdfSignatureAppearance.SELF_SIGNED);
> sap.setReason("Hello");
> sap.setLocation("Italy");
> sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, null);
> sap.setExternalDigest(new byte[128], new byte[20], null);
> sap.preClose();
>
> MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
> byte buf[] = new byte[8192];
> int n;
> InputStream inp = sap.getRangeStream();
> while ((n = inp.read(buf)) > 0)
> {
> messageDigest.update(buf, 0, n);
> }
> byte hash[] = messageDigest.digest();
>
> //sign this hash with an external procedure that gives me signed_hash
>
> PdfPKCS7 sig = sap.getSigStandard().getSigner();
> sig.setExternalDigest(signed_hash, null, "RSA");
>
> PdfDictionary dic2 = new PdfDictionary();
> dic2.put(PdfName.CONTENTS, new
> PdfString(sig.getEncodedPKCS1()).setHexWriting(true));
> sap.close(dic2);
>
> Call this piece of code CASE1.
> So what's the problem?
>
> The problem is that to use the CASE1 I need to observe a
> strict order for
> the operations:
> 1-get the certificate to use for the signature operation
> 2-use a PDFReader to read the pdf to sign
> 3-use a PDFStamper to modify the pdf creating the signed one
> 4-use PdfSignatureAppearance to create the "signature field"
> 5-fill this signature filed with certificate, reason, location etc....
> 6-get the hash to be signed
> 7-sign it with an external proc
> 8-add the signature
>
> The problem is the first point. I have the certificate only
> at the point 7.
> It means that I don't choose the certificate used to sign.
> It's the external
> signature procedure that,
> on the base of the user that does the login, uses a
> certificate rather than
> another and returns to me the
> signature and the certificate used to sign.
>
> QUESTION 1:
> Is it possible to change the code of the CASE1, so to not
> have the need of a
> certificate during the creation of the
> PdfSignatureAppearance object and so to add it only after the point 7?
> If yes, could you help me with a sample code?
>
> If the answer to the question 1 is no, the only thing I can
> do is to use a
> "fake" certificate.
> Doing so, I obtain a pdf signed with the wrong certificate
> and then I need
> to replace into the
> signed pdf signature and certificate with the right ones.
>
> I think there are 2 possibilities:
> 1-sign the pdf once simply to obtain the certificate and then
> sign again to
> obtain the real signed pdf.
> 2-sign the pdf once simply to obtain the certificate and then
> replace into
> the signed pdf the certificate and the signature with the right ones.
>
> If the solution is the second one, I have no idea about the
> way to do it.
> In this case it would be great a sample code to drive me step
> by step.
Aviso Legal:
Esta mensagem é destinada exclusivamente ao destinatário. Pode conter
informação confidencial ou legalmente protegida. A incorrecta transmissão desta
mensagem não significa a perca de confidencialidade. Se esta mensagem for
recebida por engano, por favor envie-a de volta para o remetente e apague-a do
seu sistema de imediato. É proibido a qualquer pessoa que não o destinatário de
usar, revelar ou distribuir qualquer parte desta mensagem.
Disclaimer:
This message is destined exclusively to the intended receiver. It may contain
confidential or legally protected information. The incorrect transmission of
this message does not mean the loss of its confidentiality. If this message is
received by mistake, please send it back to the sender and delete it from your
system immediately. It is forbidden to any person who is not the intended
receiver to use, distribute or copy any part of this message.
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.1t3xt.com/docs/book.php
