Il 13/03/2010 16.40, mkl ha scritto:
>
> Salvo,
>
>
> Salvo Rapisarda wrote:
>> [...] A postback of page is made with Javascript and the output of
>> signature was encapsuled with iTextSharp inside the PDF at server-side.
>> All it's done without problem, but when I open signed version of PDF with
>> Acrobat Reader the sign is not valid with reason: the document was
>> modified after the signing.
>>
>> So the question is: I have made some mistake in my code or it's not
>> possible to do a "asynchronous" signature process?
>
> In principle it is possible, but you have to take care.
>
> On the one hand, you must be sure --- as Andreas already mentioned --- to
> calculate the hash for the range stream returned by
> PdfSignatureAppearance.getRangeStream(), not simply the whole PDF file.
>
> On the other hand, you should be aware that when you start creating a
> signature at different times, the range streams will be different, even if
> you use the same explicite input data. You have to inject the returned
> signature container in the very PdfStamper instance whose
> PdfSignatureAppearance's RangeStream you used.
>
> Regards, Michael.
Yes, I use getRangeStream() for calculate the PDF hash.
This is the VB.NET (in asp.net web page) code:
Public Sub GetHash(ByVal pdfInput As String)
Dim reader As New PdfReader(pdfInput)
Dim mm As New MemoryStream
Dim st As PdfStamper = PdfStamper.CreateSignature(reader, mm,
"\0", Nothing, True)
Dim sap As PdfSignatureAppearance = st.SignatureAppearance
sap.Acro6Layers = True
sap.SetCrypto(Nothing, Nothing, Nothing, Nothing)
Dim dic As New PdfSignature(PdfName.ADOBE_PPKMS,
PdfName.ADBE_PKCS7_SHA1)
dic.Name = "TEST"
sap.CryptoDictionary = dic
Dim csize As Integer = 4000
Dim exc As Hashtable = New Hashtable
exc(PdfName.CONTENTS) = csize * 2 + 2
sap.PreClose(exc)
Dim sha As HashAlgorithm = New SHA1CryptoServiceProvider
sHash = Convert.ToBase64String(sha.ComputeHash(sap.RangeStream))
mm.Close()
mm.Dispose()
End Sub
Where sHash is the Base64String of ComputeHash output.
This is the Java code:
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
CMSSignedDataGenerator.DIGEST_SHA1);
generator.addSigner(theKey,
theCertificate,CMSSignedDataGenerator.DIGEST_SHA1);
ArrayList list = new ArrayList();
list.add(theCertificate);
Security.addProvider(new
org.bouncycastle.jce.provider.BouncyCastleProvider());
chainStore = CertStore.getInstance("Collection", new
CollectionCertStoreParameters(list), "BC");
generator.addCertificatesAndCRLs(chainStore);
CMSProcessable content = new CMSProcessableByteArray(dataToSign);
CMSSignedData signedData = generator.generate(content,true,
"SunMSCAPI");
signature = signedData.getEncoded();
base64SignedString = new String(Base64.encode(signature));
There is another fact. If I save the content of "base64SignedString" in
a .P7S file (always Base64) and verify the signature with external
program there are no problem with signature! :S :S :S
Only for Acrobat the signature isn't valid!
Tomorrow I post to you a example of PDF signed with my program.
Thank you for all your reply.
Salvo.
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.1t3xt.com/docs/book.php
Check the site with examples before you ask questions:
http://www.1t3xt.info/examples/
You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
