I'm confused. Are you creating DSS or are you creating a document timestamp
signature?
Can you post an actual PDF sample?
Leonard
From: Albert Ciffone [mailto:[email protected]]
Sent: Wednesday, February 24, 2010 4:45 AM
To: [email protected]
Subject: [iText-questions] PAdES-LTV
Hi,
I'm trying to make a PAdES-LTV with iText but I'm not sure that the generated
timeStamp which signs the whole document (first revision with original
signature and DSS structure which contains certificate and revocation data) is
correct because adobe can't recognize it. To do this timeStamp i'm using the
class PdfSignerDemo that i found in this list with a little modifications. The
code is showed below:
PdfSigner ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
/**
* Demo using iText to digitally sign PDF document with a valid time-stamp
* Demo dependecies:
* SignerKeystore - interface providing signing certificate access
* SignerKeystorePKCS12 - implemnation importing PKCS12 (.pfx) certificate
*/
public class PdfSigner {
private SignerKeystore sks;
public PdfSigner (SignerKeystore sks) throws Exception {
this.sks = sks;
}
public void signPDF (PdfStamper stp, TSAClient tsc){
try {
PdfSignatureAppearance sap =
stp.getSignatureAppearance();
setAppearance(sap);
// Create a pdfTimeStamp
PdfSignature dic = new PdfTimeStamp();
dic.put(PdfName.V,new PdfNumber(0));
sap.setCryptoDictionary(dic);
// Estimate signature size, creating a
'fake' one using fake data
byte[] estSignature = genPKCS7Signature(new
ByteArrayInputStream("fake".getBytes()), null);
int contentEst = estSignature.length +((tsc
== null) ? 0 : tsc.getTokenSizeEstimate());
// Preallocate excluded byte-range for the
signature content (hex encoded)
HashMap exc = new HashMap();
exc.put(PdfName.CONTENTS, new
Integer(contentEst * 2 + 2));
sap.preClose(exc);
// Get the true data signature, including a
true time stamp token
byte[] encodedSig =
genPKCS7Signature(sap.getRangeStream(), tsc);
if (contentEst + 2 < encodedSig.length) {
throw new Exception("Timestamp
size estimate " + contentEst +
" is
too low for actual " +
encodedSig.length);
}
// Copy signature into a zero-filled array,
padding it up to estimate
byte[] paddedSig = new byte[contentEst];
System.arraycopy(encodedSig, 0, paddedSig,
0, encodedSig.length);
// Finally, load zero-padded signature into
the signature field /Content
PdfDictionary dic2 = new PdfDictionary();
dic2.put(PdfName.CONTENTS, new
PdfString(paddedSig).setHexWriting(true));
sap.close(dic2);
} catch (Throwable t) {
System.out.println("Signing failed" + t);
t.printStackTrace();
}
}
/**
* Setup signature appearance. Override to define specifics.
* @param sap PdfSignatureAppearance
*/
protected void setAppearance(PdfSignatureAppearance sap) {
// Make this an invisible signature
sap.setVisibleSignature(new Rectangle(0, 0, 0, 0), 1,
"Signature"); // empty makes field invisible
}
/**
* Generate the PKCS7 encoded signature
* @param data InputStream - data to digest
* @param doTimestamp boolean - true to include time-stamp
* @return byte[]
* @throws Exception
*/
protected byte[] genPKCS7Signature(InputStream data, TSAClient tsc)
throws Exception {
// assume sub-filter is adobe.pkcs7.sha1
PdfPKCS7 sgn = new PdfPKCS7(sks.getPrivateKey(),
sks.getChain(), null,"SHA1", sks.getProvider().getName(), true);
byte[] buff = new byte[2048];
int len = 0;
while ((len = data.read(buff)) > 0) {
sgn.update(buff, 0, len);
}
return sgn.getEncodedPKCS7(null, null, tsc,null);
}
}
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PdfSigner
Thanks in advance,
Regards.
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.1t3xt.com/docs/book.php
Check the site with examples before you ask questions:
http://www.1t3xt.info/examples/
You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
