Hi,
I'm trying to make a PAdES-LTV with iText but I'm not sure that the
generated timeStamp which signs the whole document (first revision with
original signature and DSS structure which contains certificate and
revocation data) is correct because adobe can't recognize it. To do this
timeStamp i'm using the class PdfSignerDemo that i found in this list with a
little modifications. The code is showed below:
PdfSigner
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
/**
* Demo using iText to digitally sign PDF document with a valid time-stamp
* Demo dependecies:
* SignerKeystore - interface providing signing certificate access
* SignerKeystorePKCS12 - implemnation importing PKCS12 (.pfx) certificate
*/
public class PdfSigner {
private SignerKeystore sks;
public PdfSigner (SignerKeystore sks) throws Exception {
this.sks = sks;
}
public void signPDF (PdfStamper stp, TSAClient tsc){
try {
PdfSignatureAppearance sap = stp.getSignatureAppearance();
setAppearance(sap);
// Create a pdfTimeStamp
PdfSignature dic = new PdfTimeStamp();
dic.put(PdfName.V,new PdfNumber(0));
sap.setCryptoDictionary(dic);
// Estimate signature size, creating a 'fake' one using fake data
byte[] estSignature = genPKCS7Signature(new
ByteArrayInputStream("fake".getBytes()), null);
int contentEst = estSignature.length +((tsc == null) ? 0 :
tsc.getTokenSizeEstimate());
// Preallocate excluded byte-range for the signature content (hex encoded)
HashMap exc = new HashMap();
exc.put(PdfName.CONTENTS, new Integer(contentEst * 2 + 2));
sap.preClose(exc);
// Get the true data signature, including a true time stamp token
byte[] encodedSig = genPKCS7Signature(sap.getRangeStream(), tsc);
if (contentEst + 2 < encodedSig.length) {
throw new Exception("Timestamp size estimate " + contentEst +
" is too low for actual " +
encodedSig.length);
}
// Copy signature into a zero-filled array, padding it up to estimate
byte[] paddedSig = new byte[contentEst];
System.arraycopy(encodedSig, 0, paddedSig, 0, encodedSig.length);
// Finally, load zero-padded signature into the signature field /Content
PdfDictionary dic2 = new PdfDictionary();
dic2.put(PdfName.CONTENTS, new PdfString(paddedSig).setHexWriting(true));
sap.close(dic2);
} catch (Throwable t) {
System.out.println("Signing failed" + t);
t.printStackTrace();
}
}
/**
* Setup signature appearance. Override to define specifics.
* @param sap PdfSignatureAppearance
*/
protected void setAppearance(PdfSignatureAppearance sap) {
// Make this an invisible signature
sap.setVisibleSignature(new Rectangle(0, 0, 0, 0), 1, "Signature"); // empty
makes field invisible
}
/**
* Generate the PKCS7 encoded signature
* @param data InputStream - data to digest
* @param doTimestamp boolean - true to include time-stamp
* @return byte[]
* @throws Exception
*/
protected byte[] genPKCS7Signature(InputStream data, TSAClient tsc) throws
Exception {
// assume sub-filter is adobe.pkcs7.sha1
PdfPKCS7 sgn = new PdfPKCS7(sks.getPrivateKey(), sks.getChain(),
null,"SHA1", sks.getProvider().getName(), true);
byte[] buff = new byte[2048];
int len = 0;
while ((len = data.read(buff)) > 0) {
sgn.update(buff, 0, len);
}
return sgn.getEncodedPKCS7(null, null, tsc,null);
}
}
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PdfSigner
Thanks in advance,
Regards.
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.1t3xt.com/docs/book.php
Check the site with examples before you ask questions:
http://www.1t3xt.info/examples/
You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
