For CRLs it's Ok, But now I want to add ocsp responses that are got online while signing and used offline when the pdf document is opened. Actually I tried some sources from the web and from the iText in action book but that doesn't work. As result, signature is considered as valid only when pdf document is obline.
I tried this source code : http://itextpdf.sourceforge.net/howtosign.html#signtsocspjava and this one : PdfReader reader = new PdfReader(SOURCE_FILE_DIR + PDF_FILE_NAME); FileOutputStream fout = new FileOutputStream(BUILD_SIGNATURE_DIR + SIGNED_PDF_WITH_OCSP_NAME); PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0'); PdfSignatureAppearance sap = stp.getSignatureAppearance(); sap.setVisibleSignature(new Rectangle(72, 732, 144, 780), 1, "Signature"); Certificate signingCertificate = null; signingCertificate = CertificateUtil.loadCertificate(new File("sign_certificate.cer")); Certificate intermediateCertificate = null; intermediateCertificate = CertificateUtil.loadCertificate(new File("intermediate_certificate.cer")); Certificate rootCertificate = CertificateUtil.loadCertificate(new File("root_certificate.cer")); Certificate[] certificateValues = new Certificate[]{signingCertificate, intermediateCertificate, rootCertificate}; sap.setCrypto(null, certificateValues, null, PdfSignatureAppearance.WINCER_SIGNED); // Create signature dictionary PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, new PdfName( "adbe.pkcs7.detached")); dic.setReason(sap.getReason()); dic.setLocation(sap.getLocation()); dic.setContact(sap.getContact()); dic.setDate(new PdfDate(sap.getSignDate())); sap.setCryptoDictionary(dic); // End of signature dictionary creation // Reserving space for signature content int contentEstimated = 15000; HashMap<PdfName, Integer> exc = new HashMap<PdfName, Integer>(); exc.put(PdfName.CONTENTS, new Integer(contentEstimated * 2 + 2)); sap.preClose(exc); // End of reserving space for signature content // Creating a hash of the content InputStream data = sap.getRangeStream(); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); byte buf[] = new byte[8192]; int n; while ((n = data.read(buf)) > 0) { messageDigest.update(buf, 0, n); } byte hash[] = messageDigest.digest(); // End of hash creation Calendar cal = Calendar.getInstance(); TSAClientImpl timestampingClient = null; // Creating a timestamp client boolean withTS = false; // End of timestamp client creation // Creating an OCSP client byte[] ocsp = null; // Variable to activate/deactivate OCSP boolean withOCSP = true; if (withOCSP) { X509Certificate issuerCertificate = (X509Certificate) intermediateCertificate; OCSPRequester ocspRequester = new OCSPRequesterImpl(); OCSPRequest ocspRequest = ocspRequester.buildRequest( signingCertificate, issuerCertificate, true, "SHA-1"); OCSPRequestParameters ocspRequestParameters = new OCSPRequestParameters(); ocspRequestParameters.setUri(ocspServerURL); ocspRequestParameters.setAcceptMaxDesync(3000000); ocspRequestParameters.setOcspRequest(ocspRequest); OCSPResponse ocspResponse = ocspRequester .sendRequest(ocspRequestParameters); ocsp = ocspResponse.getEncoded(); } // End of OCSP client creation // Loading the keyStore KeyStore ks = KeyStore.getInstance("pkcs12"); ks.load(new FileInputStream(PRIVATE_KEY_FILE), privateKeyPassword .toCharArray()); String alias = (String) ks.aliases().nextElement(); PrivateKey privateKey = (PrivateKey) ks.getKey(alias, privateKeyPassword.toCharArray()); // Signed hash creation PdfPKCS7 sgn = new PdfPKCS7(privateKey, certificateValues, null, "SHA1", null, false); if (withTS) { timestampingClient = new TSAClientImpl(1800); } byte sh[] = sgn.getAuthenticatedAttributeBytes(hash, cal, ocsp); sgn.update(sh, 0, sh.length); byte[] encodedSig = sgn.getEncodedPKCS7(hash, cal, timestampingClient, ocsp); if (contentEstimated + 2 < encodedSig.length) throw new DocumentException("Not enough space"); byte[] paddedSig = new byte[contentEstimated]; System.arraycopy(encodedSig, 0, paddedSig, 0, encodedSig.length); // End of signed hash creation // Adding the signature content PdfDictionary dic2 = new PdfDictionary(); dic2 .put(PdfName.CONTENTS, new PdfString(paddedSig) .setHexWriting(true)); // End of adding signature content sap.close(dic2); -- View this message in context: http://itext-general.2136553.n4.nabble.com/Adding-revocation-information-to-a-pdf-signature-java-iText-tp2956044p2995372.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
