Does it verify in Acrobat? Paulo
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Luiz Kobayashi > Sent: Thursday, July 13, 2006 9:27 PM > To: Post all your questions about iText here > Subject: Re: [iText-questions] Using external signature in > Self Sign Mode > > Thanks Paulo for the quick answer. But I am using a SHA1withRSA with > 1024 bits certificate (sending as attachment), still with the > same problem. > > System.out.println("Document modified: " + !pk.verify()); > > output: > Document modified: true > > Do you have any idea of what may be the problem? > > Thanks again, > > Luiz Kobayashi > > <[EMAIL PROTECTED]> Paulo Soares escreveu: > > Your certificate must be a SHA1withRSA one with 1024 bits. > If it isn't it > > won't work. > > > > Paulo > > > > ----- Original Message ----- > > From: "Luiz Kobayashi" <[EMAIL PROTECTED]> > > To: "Post all your questions about iText here" > > <[email protected]> > > Sent: Thursday, July 13, 2006 6:28 PM > > Subject: [iText-questions] Using external signature in Self > Sign Mode > > > > > > > >> Hi all, > >> > >> I'm trying to use the samples in the tutorial for using external > >> signature in Self Sign Mode. It compiles ok, but when I > verify it, it > >> always says it has been modified. > >> > >> The code I'm using is: > >> > >> public static void signPDF() > >> { > >> try > >> { > >> KeyStore ks = > KeyStore.getInstance(KeyStore.getDefaultType()); > >> ks.load(new > FileInputStream("c:\\Downloads\\keystore.ks"), > >> "password".toCharArray()); > >> String alias = (String)ks.aliases().nextElement(); > >> PrivateKey key = (PrivateKey)ks.getKey(alias, > >> "password".toCharArray()); > >> Certificate[] chain = ks.getCertificateChain(alias); > >> PdfReader reader = new PdfReader("c:\\original.pdf"); > >> FileOutputStream fout = new > FileOutputStream("c:\\signed.pdf"); > >> > >> PdfStamper stp = > PdfStamper.createSignature(reader, fout, '\0'); > >> PdfSignatureAppearance sap = > stp.getSignatureAppearance(); > >> sap.setCrypto(key, chain, null, > >> PdfSignatureAppearance.SELF_SIGNED); > >> sap.setReason("Testing"); > >> sap.setLocation("Sao Paulo"); > >> sap.setExternalDigest(new byte[128], null, "RSA"); > >> sap.preClose(); > >> PdfPKCS7 sig = > >> sap.getSigStandard().getSigner(); > >> Signature sign = Signature.getInstance("SHA1withRSA"); > >> sign.initSign(key); > >> MessageDigest messageDigest = > MessageDigest.getInstance("SHA1"); > >> byte buf[] = new byte[8192]; > >> int n; > >> InputStream inp = sap.getRangeStream(); > >> while ((n = inp.read(buf)) > 0) { > >> messageDigest.update(buf, 0, n); > >> } > >> byte[] signature = sign.sign(); > >> String base64 = > Conversion.byteArrayToBase64String(signature); > >> sig.setExternalDigest(signature, null, "RSA"); > >> PdfDictionary dic = new PdfDictionary(); > >> dic.put(PdfName.CONTENTS, new > >> PdfString(sig.getEncodedPKCS1()).setHexWriting(true)); > >> > >> // comment next line to have an invisible signature > >> sap.setVisibleSignature(new Rectangle(100, 100, > 200, 200), 1, > >> null); > >> PdfTemplate n1 = sap.getLayer(1); //get rid of > the question mark > >> PdfTemplate n2 = sap.getLayer(2); > >> n2.beginText(); > >> BaseFont bf = BaseFont.createFont(BaseFont.HELVETICA, > >> BaseFont.CP1252, BaseFont.NOT_EMBEDDED); > >> n2.setFontAndSize(bf, 7); > >> n2.setLeading(2); > >> n2.showText("Signature:"); > >> n2.setLeading(2); > >> n2.newlineShowText(base64); > >> n2.endText(); > >> > >> sap.close(dic); > >> } > >> catch (Exception e) > >> { > >> e.printStackTrace(); > >> } > >> } > >> > >> public static void checkPDF() > >> { > >> try > >> { CertificateFactory cf = > >> CertificateFactory.getInstance("X509"); > >> Collection col = cf.generateCertificates(new > >> FileInputStream("C:\\Downloads\\export.cer")); > >> KeyStore kall = > KeyStore.getInstance(KeyStore.getDefaultType()); > >> kall.load(null, null); > >> for (Iterator it = col.iterator(); it.hasNext();) { > >> X509Certificate cert = (X509Certificate)it.next(); > >> > >> > kall.setCertificateEntry(cert.getSerialNumber().toString(Chara > cter.MAX_RADIX), > >> cert); > >> } > >> PdfReader reader = new > PdfReader("c:\\signed.pdf"); > >> AcroFields af = reader.getAcroFields(); > >> ArrayList names = af.getSignatureNames(); > >> for (int k = 0; k < names.size(); ++k) { > >> String name = (String)names.get(k); > >> System.out.println("Signature name: " + name); > >> System.out.println("Signature covers whole > document: " + > >> af.signatureCoversWholeDocument(name)); > >> System.out.println("Document revision: " + > >> af.getRevision(name) + " of " + af.getTotalRevisions()); > >> // Start revision extraction > >> FileOutputStream out = new > >> FileOutputStream("c:\\revision_" + af.getRevision(name) + ".pdf"); > >> byte bb[] = new byte[8192]; > >> InputStream ip = af.extractRevision(name); > >> int n = 0; > >> while ((n = ip.read(bb)) > 0) > >> out.write(bb, 0, n); > >> out.close(); > >> ip.close(); > >> // End revision extraction > >> PdfPKCS7 pk = af.verifySignature(name); > >> Calendar cal = pk.getSignDate(); > >> Certificate pkc[] = pk.getCertificates(); > >> System.out.println("Subject: " + > >> PdfPKCS7.getSubjectFields(pk.getSigningCertificate())); > >> System.out.println("Document modified: " + > !pk.verify()); > >> Object fails[] = > PdfPKCS7.verifyCertificates(pkc, kall, > >> null, cal); > >> if (fails == null) > >> System.out.println("Certificates verified > against the > >> KeyStore"); > >> else > >> System.out.println("Certificate failed: " > + fails[1]); > >> } > >> } > >> catch (Exception e) > >> { > >> e.printStackTrace(); > >> } > >> } > >> > >> I thought it could be the fact that I'm trying to insert > some text in > >> the Layer2 of the signature, so I commented it, but the > result was the > >> same. > >> > >> Does anybody have a clue on why it always detects a > modification that > >> does not exist? > >> > >> Any help would be greatly appreciated. > >> > >> Thanks in advance, > >> > >> Luiz Kobayashi > >> > Aviso Legal: Esta mensagem é destinada exclusivamente ao destinatário. Pode conter informação confidencial ou legalmente protegida. A incorrecta transmissão desta mensagem não significa a perca de confidencialidade. Se esta mensagem for recebida por engano, por favor envie-a de volta para o remetente e apague-a do seu sistema de imediato. É proibido a qualquer pessoa que não o destinatário de usar, revelar ou distribuir qualquer parte desta mensagem. Disclaimer: This message is destined exclusively to the intended receiver. It may contain confidential or legally protected information. The incorrect transmission of this message does not mean the loss of its confidentiality. If this message is received by mistake, please send it back to the sender and delete it from your system immediately. It is forbidden to any person who is not the intended receiver to use, distribute or copy any part of this message.
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions
