Make sure that your certificate issuer is trusted by Acrobat or the OCSP won't
be used.
Paulo
-----Original Message-----
From: jfsa [mailto:[email protected]]
Sent: Thursday, October 14, 2010 3:07 PM
To: [email protected]
Subject: Re: [iText-questions] Adding revocation information to a pdf
signature(java-iText)
For CRLs it's Ok,
But now I want to add ocsp responses that are got online while signing and
used offline when the pdf document is opened. Actually I tried some sources
from the web and from the iText in action book but that doesn't work. As
result, signature is considered as valid only when pdf document is obline.
I tried this source code :
http://itextpdf.sourceforge.net/howtosign.html#signtsocspjava
and this one :
PdfReader reader = new PdfReader(SOURCE_FILE_DIR +
PDF_FILE_NAME);
FileOutputStream fout = new
FileOutputStream(BUILD_SIGNATURE_DIR +
SIGNED_PDF_WITH_OCSP_NAME);
PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');
PdfSignatureAppearance sap = stp.getSignatureAppearance();
sap.setVisibleSignature(new Rectangle(72, 732, 144, 780), 1,
"Signature");
Certificate signingCertificate = null;
signingCertificate = CertificateUtil.loadCertificate(new
File("sign_certificate.cer"));
Certificate intermediateCertificate = null;
intermediateCertificate = CertificateUtil.loadCertificate(new
File("intermediate_certificate.cer"));
Certificate rootCertificate =
CertificateUtil.loadCertificate(new
File("root_certificate.cer"));
Certificate[] certificateValues = new
Certificate[]{signingCertificate,
intermediateCertificate, rootCertificate};
sap.setCrypto(null, certificateValues, null,
PdfSignatureAppearance.WINCER_SIGNED);
// Create signature dictionary
PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, new
PdfName(
"adbe.pkcs7.detached"));
dic.setReason(sap.getReason());
dic.setLocation(sap.getLocation());
dic.setContact(sap.getContact());
dic.setDate(new PdfDate(sap.getSignDate()));
sap.setCryptoDictionary(dic);
// End of signature dictionary creation
// Reserving space for signature content
int contentEstimated = 15000;
HashMap<PdfName, Integer> exc = new HashMap<PdfName, Integer>();
exc.put(PdfName.CONTENTS, new Integer(contentEstimated * 2 +
2));
sap.preClose(exc);
// End of reserving space for signature content
// Creating a hash of the content
InputStream data = sap.getRangeStream();
MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
byte buf[] = new byte[8192];
int n;
while ((n = data.read(buf)) > 0) {
messageDigest.update(buf, 0, n);
}
byte hash[] = messageDigest.digest();
// End of hash creation
Calendar cal = Calendar.getInstance();
TSAClientImpl timestampingClient = null;
// Creating a timestamp client
boolean withTS = false;
// End of timestamp client creation
// Creating an OCSP client
byte[] ocsp = null;
// Variable to activate/deactivate OCSP
boolean withOCSP = true;
if (withOCSP) {
X509Certificate issuerCertificate = (X509Certificate)
intermediateCertificate;
OCSPRequester ocspRequester = new OCSPRequesterImpl();
OCSPRequest ocspRequest = ocspRequester.buildRequest(
signingCertificate, issuerCertificate,
true, "SHA-1");
OCSPRequestParameters ocspRequestParameters = new
OCSPRequestParameters();
ocspRequestParameters.setUri(ocspServerURL);
ocspRequestParameters.setAcceptMaxDesync(3000000);
ocspRequestParameters.setOcspRequest(ocspRequest);
OCSPResponse ocspResponse = ocspRequester
.sendRequest(ocspRequestParameters);
ocsp = ocspResponse.getEncoded();
}
// End of OCSP client creation
// Loading the keyStore
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(new FileInputStream(PRIVATE_KEY_FILE),
privateKeyPassword
.toCharArray());
String alias = (String) ks.aliases().nextElement();
PrivateKey privateKey = (PrivateKey) ks.getKey(alias,
privateKeyPassword.toCharArray());
// Signed hash creation
PdfPKCS7 sgn = new PdfPKCS7(privateKey, certificateValues,
null, "SHA1",
null,
false);
if (withTS) {
timestampingClient = new TSAClientImpl(1800);
}
byte sh[] = sgn.getAuthenticatedAttributeBytes(hash, cal, ocsp);
sgn.update(sh, 0, sh.length);
byte[] encodedSig = sgn.getEncodedPKCS7(hash, cal,
timestampingClient,
ocsp);
if (contentEstimated + 2 < encodedSig.length)
throw new DocumentException("Not enough space");
byte[] paddedSig = new byte[contentEstimated];
System.arraycopy(encodedSig, 0, paddedSig, 0,
encodedSig.length);
// End of signed hash creation
// Adding the signature content
PdfDictionary dic2 = new PdfDictionary();
dic2
.put(PdfName.CONTENTS, new PdfString(paddedSig)
.setHexWriting(true));
// End of adding signature content
sap.close(dic2);
--
View this message in context:
http://itext-general.2136553.n4.nabble.com/Adding-revocation-information-to-a-pdf-signature-java-iText-tp2956044p2995372.html
Sent from the iText - General mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
Aviso Legal:
Esta mensagem é destinada exclusivamente ao destinatário. Pode conter
informação confidencial ou legalmente protegida. A incorrecta transmissão desta
mensagem não significa a perca de confidencialidade. Se esta mensagem for
recebida por engano, por favor envie-a de volta para o remetente e apague-a do
seu sistema de imediato. É proibido a qualquer pessoa que não o destinatário de
usar, revelar ou distribuir qualquer parte desta mensagem.
Disclaimer:
This message is destined exclusively to the intended receiver. It may contain
confidential or legally protected information. The incorrect transmission of
this message does not mean the loss of its confidentiality. If this message is
received by mistake, please send it back to the sender and delete it from your
system immediately. It is forbidden to any person who is not the intended
receiver to use, distribute or copy any part of this message.
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
