Hello Paulo.Finally I obtain a PDF with a byte range in tow parts. I create a dictionary only with CONTENT before preclose ( only if I remove NAME and M values byte range contein only 2 parts) .
After this change, my PDF issue another error ->SigDict /Contents illegal.
To solve this proble I edit the pdf generated and I can see this :40 0 obj<</Filter/Adobe.PPKLITE/Type/Sig/Contents <3082098006092a864886f70d010702a08209713082096d0....24e369d5>
/SubFilter/adbe.pkcs7.detached/ByteRange [0 13155 18029 3359 ]Betwen end of contents value and /Subfiler there are some space. If I compare the pdf result with your sample I see that you fill all reserved memory with 0's.
Before preclose I reserve space with
HashMap exc = new HashMap();
exc.put(PdfName.CONTENTS, new Integer(0x130A));
sap.preClose(exc);
Is it ever necessary to fill the reserved memory with 0's ?
How can I know how many memory I must reserve ?
After this, I reserve only the necessary memory as length of pkcs7
generated. Then I can open the pdf and it recognise the signature but said
that data is modified ?
I use, as data in to sign with my pkcs7 generator, data returned by funtion getRangeStream. is this correct ?
And the last question : if I use as subfilter pkcs7.detached , is it necessary to use before call preclose the setExternalDigest ?
We send you my last code and the pdf result :
PdfReader reader = new PdfReader("holaBlank.pdf");
FileOutputStream fout = new FileOutputStream("holaSigned.pdf");
PRAcroForm form = reader.getAcroForm();
if (form == null){
System.out.println("This document has no fields.");
return true;
}
PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0', null, true);
PdfSignatureAppearance sap = stp.getSignatureAppearance();
sap.setVisibleSignature("Signature1");
sap.setLayer2Text("This is some custom made text.");
PdfDictionary dic = new PdfDictionary();
dic.put(PdfName.TYPE, PdfName.SIG);
dic.put(PdfName.FILTER, new PdfName("Adobe.PPKLITE"));
dic.put(PdfName.SUBFILTER, new PdfName("adbe.pkcs7.detached"));
sap.setCryptoDictionary(dic);
HashMap exc = new HashMap();
exc.put(PdfName.CONTENTS, new Integer(0x130A));
sap.preClose(exc);
int n;
InputStream inp = sap.getRangeStream();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
byte buf[] = new byte[8192];
while ((n = inp.read(buf)) > 0) {
baos.write( buf );
}
if ( n > 0 ) baos.write( buf );
// Call to my p7 generator
byte[] ssig = generatePKCS7( baos.toByteArray());
byte[] outc = new byte[ssig.length];
System.arraycopy(ssig, 0, outc, 0, ssig.length);
PdfDictionary dic2= new PdfDictionary();
dic2.put(PdfName.CONTENTS, new PdfString(outc).setHexWriting(true));
sap.close(dic2);
return true ;
Many thanks in advance.
From: "Paulo Soares" <[EMAIL PROTECTED]> Reply-To: "Paulo Soares" <[EMAIL PROTECTED]>To: "Juan Sanchez" <[EMAIL PROTECTED]>,<[email protected]>,"Leonard Rosenthol" <[EMAIL PROTECTED]> Subject: Re: [iText-questions] Add signatures in a existing blank signatureDate: Fri, 12 Aug 2005 00:15:22 +0100 In theory Acrobat doesn't care but in practice, at least with Acrobat 6, if the byte range has more than one exclude section it always fails. Other Acrobat plug-in may behave differently but with the standard crypto that's what I see. ----- Original Message ----- From: "Leonard Rosenthol" <[EMAIL PROTECTED]> To: "Paulo Soares" <[EMAIL PROTECTED]>; "Juan Sanchez" <[EMAIL PROTECTED]>; <[email protected]> Sent: Thursday, August 11, 2005 8:45 PM Subject: Re: [iText-questions] Add signatures in a existing blank signature > At 12:36 PM 8/11/2005, Paulo Soares wrote: > >As I said, if you want Acrobat to verify the signature you can only exclude > >the Contents from the byte range. > > Assuming that is what is being hashed and marked as such. > > You can actually exclude anything you want - and as long as > your byte ranges and hashes match, Acrobat doesn't care what you've excluded. > > It is, however, a potential security hole to exclude > anything else - but there may be good reason. > > > Leonard > > >> --------------------------------------------------------------------------- > Leonard Rosenthol <mailto:[EMAIL PROTECTED]> > Chief Technical Officer <http://www.pdfsages.com> > PDF Sages, Inc. 215-938-7080 (voice) > 215-938-0880 (fax) >
_________________________________________________________________Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
holaSigned.pdf
Description: Adobe PDF document
