I am using ColdFusion (CFMX 7.02). In order not to break the bundled iText
version, I am using Mark Mandels JavaLoader utility to directly load the
latest iText and Bouncy Castle jar files.
No matter what I try, when I attempt to do "acrofields.verifySignature" I
get the error "java.security.NoSuchAlgorithmException: SHA256 MessageDigest
not available".
I am using the the most up-to-date (last) Sun JRE 1.4.2_19. In the
JRE\LIB\SECURITY folder I am using the JCE files from Sun for "unlimited
strength" along with a pointer in my Java.Security to
"security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider".
Here is a snippet of my code and the error. According to other sources,
SHA256 is supported in JVM 1.4.2. I should add I am getting the same error
even when using the JRE 1.5.0_22.
It works in CF9 but the current environment for the client is CFMX 7.02 and
will be for a while to come.
Code:
<cfscript>
paths = arrayNew(1);
paths[1] = expandPath("/iText/iText-2.1.7.jar");
paths[2] = expandPath("/iText/bcprov-jdk14-144.jar");
paths[3] = expandPath("/iText/bctsp-jdk14-144.jar");
server.loader = createObject("component",
"comnew.javaloader.JavaLoader").init( paths );
// File with valid entrust certificate signed
fullPathToSignedFile = ExpandPath(filetoread);
// load class for PKCS##7 signature handling
PdfPKCS7 =
server.loader.create("com.lowagie.text.pdf.PdfPKCS7");
// Loads the default root certificates at
<java.home>/lib/security/cacerts
keyStore = PdfPKCS7.loadCacertsKeyStore();
// create a reader for the document
pdfReader =
server.loader.create("com.lowagie.text.pdf.PdfReader").init(
fullPathToSignedFile );
// get a read-only copy of the fields in the document
acroFields = pdfReader.getAcroFields();
// create an output stream used later to extract revisions
outStream =
createObject("java","java.io.FileOutputStream");
// get an array of signature names
signatureNames = acroFields.getSignatureNames();
//for (k = 1; k LTE arrayLen(signatureNames); kk = k + 1) {
// get current signature
name = signatureNames[1];
// display signature+revision information
WriteOutput("<div
style='float:left;font-family:arial;color:
black;font-weight:normal;'><strong>Signature covers whole document:
</strong>"& acroFields.signatureCoversWholeDocument(name) &"</div><br
clear='all' />");
WriteOutput("<div
style='float:left;font-family:arial;color:
black;font-weight:normal;'><strong>Document revision: </strong>"&
acroFields.getRevision(name) &" of "& acroFields.getTotalRevisions()
&"</div><br clear='all' />");
// Start revision extraction
out = outStream.init("revision_"&
acroFields.getRevision(name) &
".pdf");
// create a byte array for extracting revision
byteClass = createObject("java",
"java.lang.Byte").TYPE;
byteArray =
createObject("java","java.lang.reflect.Array").newInstance(byteClass,
javacast("int", 8192));
inputStream = acroFields.extractRevision(name);
offset = javacast("int", 0);
// read up to 8192 bytes into the array
length = inputStream.read(byteArray);
// if there is any data to read
while ( length GT 0) {
// write the bytes to the output file
out.write(byteArray, offset, length);
// read up to the next 8192 bytes into the array
length = inputStream.read(byteArray);
}
// close the file streams
out.close();
inputStream.close();
// End revision extraction
pk = acroFields.verifySignature(name);
calendar = pk.getSignDate();
validSig = pk.verify();
newVar1 =
PdfPKCS7.getSubjectFields(pk.getSigningCertificate());
sigNew = newVar1.getFields();
sigC = newVar1.getField("C");
sigCN = newVar1.getField("CN");
sigO = newVar1.getField("O");
sigOU = newVar1.getField("OU");
sigEmail = newVar1.getField("E");
certificateArray = pk.getCertificates();
WriteOutput("<div
style='float:left;font-family:arial;color:
black;font-weight:normal;'><strong>Subject: </strong> "&
PdfPKCS7.getSubjectFields(pk.getSigningCertificate()) &"</div>");
WriteOutput("<br clear='all' /><div
style='float:left;font-family:arial;color:
black;font-weight:normal;'><strong>Document modified: </strong>"& (NOT
pk.verify()) &"</div>");
WriteOutput("<br clear='all' /><div
style='float:left;font-family:arial;color:
black;font-weight:normal;'><strong>Signers Name: </strong>"& sigCN
&"</div>");
if ( NOT IsDefined("sigEmail")) {
sigEmail = "";
}
// verify the array of certificates
failureArray = PdfPKCS7.verifyCertificates(
certificateArray,
keyStore, javacast("null", ""), calendar );
// note, java null values are not defined in CF
if ( NOT IsDefined("failureArray")) {
WriteOutput("<br clear='all'><div
style='float:left;font-family:arial;color:
blue;font-weight:bold;'>Certificate verified against the KeyStore" &"
</div>");
success = "pass";
}
else {
// WriteOutput("<br clear='all'><div
style='float:left;color:
red;'>Certificate failed[1]: "& failureArray[1] &" </div>");
WriteOutput("<br clear='all'><div
style='float:left;font-family:arial;color:
black;font-weight:normal;'><strong>Certificate failed (Details):</strong>
<pre>"& failureArray[1] &"</pre></div> ");
success = "fail";
}
//}
getComments = acroFields.getField("comments");
getUserName = acroFields.getField("username");
//WriteOutput("<br clear='all' /><br /><div
style='float:left;font-family:arial;color: black;font-weight:bold;'>Finished
Processing!</div>");
</cfscript>
--
View this message in context:
http://old.nabble.com/iText-and-Bouncy-Castle-using-JVM-1.4.2%21-tp26269181p26269181.html
Sent from the iText - General mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.1t3xt.com/docs/book.php
Check the site with examples before you ask questions:
http://www.1t3xt.info/examples/
You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
