I have found the problem!!! :-) ...but not the solution.... :-( Ok ok...it's true that I use two kind and version of iText PDF Library (iTextSharp and iText for Java). And this is the problem! I have done a compare of files pre-generated with iTextSharp and iText for java: there are different!
Now, the question is: with which version of iText library was made iTextSharp ???? Thank for all reply. Salvo. ----- Messaggio originale ----- Da: "[email protected]" <[email protected]> A: [email protected] Inviato: Dom 14 marzo 2010, 22:55:20 Oggetto: Re: Re: [iText-questions] Java applet for signing PDF documents Hi Salvo, I like to mail to you directly because I don't want to use the iText list to promote my own projects. As a part of o feasibility study in our signing server we implemented a signing applet like the one you outlined. A user can login with is smart card from a browser, review a list of signable ducuments and do the signing with its card remotely. Our server is open source so maybe it cold be interesting for you to take a look at what we already got before reinventing another wheel. And of course, we do PDF signing ;-) Greetings Andreas ----- original Nachricht -------- Betreff: Re: [iText-questions] Java applet for signing PDF documents Gesendet: So, 14. Mrz 2010 Von: Mr.Salvatore Rapisarda<[email protected]> > Il 13/03/2010 16.40, mkl ha scritto: > > > > Salvo, > > > > > > Salvo Rapisarda wrote: > >> [...] A postback of page is made with Javascript and the output of > >> signature was encapsuled with iTextSharp inside the PDF at server-side. > >> All it's done without problem, but when I open signed version of PDF > with > >> Acrobat Reader the sign is not valid with reason: the document was > >> modified after the signing. > >> > >> So the question is: I have made some mistake in my code or it's not > >> possible to do a "asynchronous" signature process? > > > > In principle it is possible, but you have to take care. > > > > On the one hand, you must be sure --- as Andreas already mentioned --- to > > calculate the hash for the range stream returned by > > PdfSignatureAppearance.getRangeStream(), not simply the whole PDF file. > > > > On the other hand, you should be aware that when you start creating a > > signature at different times, the range streams will be different, even > if > > you use the same explicite input data. You have to inject the returned > > signature container in the very PdfStamper instance whose > > PdfSignatureAppearance's RangeStream you used. > > > > Regards, Michael. > > Yes, I use getRangeStream() for calculate the PDF hash. > This is the VB.NET (in asp.net web page) code: > > Public Sub GetHash(ByVal pdfInput As String) > Dim reader As New PdfReader(pdfInput) > Dim mm As New MemoryStream > Dim st As PdfStamper = PdfStamper.CreateSignature(reader, mm, > "\0", Nothing, True) > > Dim sap As PdfSignatureAppearance = st.SignatureAppearance > sap.Acro6Layers = True > sap.SetCrypto(Nothing, Nothing, Nothing, Nothing) > > Dim dic As New PdfSignature(PdfName.ADOBE_PPKMS, > PdfName.ADBE_PKCS7_SHA1) > dic.Name = "TEST" > > sap.CryptoDictionary = dic > > > Dim csize As Integer = 4000 > Dim exc As Hashtable = New Hashtable > exc(PdfName.CONTENTS) = csize * 2 + 2 > sap.PreClose(exc) > > > Dim sha As HashAlgorithm = New SHA1CryptoServiceProvider > > sHash = Convert.ToBase64String(sha.ComputeHash(sap.RangeStream)) > > mm.Close() > mm.Dispose() > End Sub > > > Where sHash is the Base64String of ComputeHash output. > > This is the Java code: > > CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); > CMSSignedDataGenerator.DIGEST_SHA1); > generator.addSigner(theKey, > theCertificate,CMSSignedDataGenerator.DIGEST_SHA1); > > > ArrayList list = new ArrayList(); > list.add(theCertificate); > Security.addProvider(new > org.bouncycastle.jce.provider.BouncyCastleProvider()); > chainStore = CertStore.getInstance("Collection", new > CollectionCertStoreParameters(list), "BC"); > > generator.addCertificatesAndCRLs(chainStore); > > CMSProcessable content = new CMSProcessableByteArray(dataToSign); > CMSSignedData signedData = generator.generate(content,true, > "SunMSCAPI"); > > > signature = signedData.getEncoded(); > > base64SignedString = new String(Base64.encode(signature)); > > There is another fact. If I save the content of "base64SignedString" in > a .P7S file (always Base64) and verify the signature with external > program there are no problem with signature! :S :S :S > > Only for Acrobat the signature isn't valid! > > Tomorrow I post to you a example of PDF signed with my program. > > Thank you for all your reply. > > Salvo. > > ---------------------------------------------------------------------------- > -- > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > iText-questions mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/itext-questions > > Buy the iText book: http://www.1t3xt.com/docs/book.php > Check the site with examples before you ask questions: > http://www.1t3xt.info/examples/ > You can also search the keywords list: > http://1t3xt.info/tutorials/keywords/ > --- original Nachricht Ende ---- ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
