Hi Gonçalo,
faced he same problems. Maybe you can copy things from our PDF signer class.
Our you may take a look at our completet signing server, available at
http://sourceforge.net/project/showfiles.php?group_id=179267 .
Greetings
Andreas
----- original Nachricht --------
Betreff: [iText-questions] Using external signatures
Gesendet: Mo, 02. Mrz 2009
Von: Gonçalo Almeida
Hello all
I have a problem concerning the usage of external signatures.
I want my application to sign a PDF document in three moments:
(1) byte[] hash = initializeSignature(String pdf, Certificate cert, KeyStore
chain, CRL crl) / to return the signable bytes(2) byte[] rawSignature =
signExternal(hash) / to sign the hash
(3) byte[] signedPDF = finalizeSignature(byte[] signature, byte[] hash) / to
return the complete signed PDF
public byte[] initializeSignature(String pdf, Certificate cert, KeyStore chain,
CRL crl) {
PdfReader pdfReader = null;
try {
pdfReader = new PdfReader(Base64Decoder.decodeToBytes(pdf));
} catch (IOException e) {
e.printStackTrace();
}
ByteArrayOutputStream baos = new ByteArrayOutputStream();
PdfStamper pdfStamper = null;
// creates the signature on the PDF
try {
pdfStamper = PdfStamper.createSignature(pdfReader, baos, '');
} catch (DocumentException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
//certificate and revokation lists null check up
Certificate[] certificates = null;
if (cert != null)
certificates = new Certificate[] { cert };
CRL[] crls = null;
if (crl != null)
crls = new CRL[] { crl };
PdfSignatureAppearance pdfSignatureAppearance =
pdfStamper.getSignatureAppearance();
pdfSignatureAppearance.setCrypto(null, certificates, crls,
PdfSignatureAppearance.WINCER_SIGNED);
pdfSignatureAppearance.setExternalDigest(new byte[512], new byte[20],
"RSA");
try {
pdfSignatureAppearance.preClose();
} catch (DocumentException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
byte[] hash = generateDigest(pdfSignatureAppearance.getRangeStream(),
"SHA1");
return hash;
}
========================================
public byte[] finalizeSignature(byte[] signature, byte[] hash) {
/***************************/
Where to retrieve the previously created pdfSignatureAppearance presented here?
/***************************/
(...)
Calendar calendar = Calendar.getInstance();
PdfSigGenericPKCS sigPKCS = pdfSignatureAppearance.getSigStandard();
PdfLiteral tPDFLiteral = (PdfLiteral) sigPKCS.get(PdfName.CONTENTS);
byte[] contentsBytes = new byte[(tPDFLiteral.getPosLength() - 2) / 2];
PdfPKCS7 signedPKCS7 = sigPKCS.getSigner();
//set the digital signature information
signedPKCS7.setExternalDigest(signature, hash, "RSA");
PdfDictionary dictionary = new PdfDictionary();
byte[] tSsig = signedPKCS7.getEncodedPKCS7(null, calendar);
System.arraycopy(tSsig, 0, contentsBytes, 0, tSsig.length);
dictionary.put(PdfName.CONTENTS, new
PdfString(contentsBytes).setHexWriting(true));
try {
pdfSignatureAppearance.close(dictionary);
} catch (IOException e) {
e.printStackTrace();
} catch (DocumentException e) {
e.printStackTrace();
}
/***************************/
Where to retrieve the previously created ByteArrayOutputStream baos and make a
"return baos.toByteArray();"
pdfSignatureAppearance doesn't offer a method to retrieve the OutputStream to
where it wrote the final result (getOriginalOut() is protected).
/***************************/
(...)
}
Now, I would like to fill in the finalizeSignature method to return the signed
PDF byte array (ready to be stored anywhere).
The restriction is that I can't use any objects built in the
initializeSignature, because I won't be able to maintain its state.
Imagine a client-server architecture, where a client asks for initialize, then
it signs the hash and then it wants the signed PDF from that signatureBytes
array.
The problem with reading the PDF again is that I will never get the same state,
in order to insert the created signatureBytes. If I ran initializeSignature
several times over the same document, it would be always different.
I hope I was clear enough.
--
Regards,
Gonçalo Almeida
--- original Nachricht Ende ----
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.1t3xt.com/docs/book.php
