Thank you, I'll add it to the iText distribution. Paulo
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Robert Esterer > Sent: Friday, April 27, 2007 4:48 PM > To: 'Post all your questions about iText here' > Subject: Re: [iText-questions] Including the CRL in the signature > > I modified "PdfPKCS7.java" to also include the CRLs in that > Adobe sequence, if authenticatedAttributes are used (Adobe > puts it there). > It works fine with the code from the authenticatedAttributes example. > > I attached the diff and uploaded one file created with the > sample code and my modified iText here: > http://www.secardeo.de/temp/crl_new.pdf > > -Robert > > -----Ursprüngliche Nachricht----- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Im > Auftrag von Paulo Soares > Gesendet: Freitag, 27. April 2007 12:41 > An: Post all your questions about iText here > Betreff: Re: [iText-questions] Including the CRL in the signature > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Robert Esterer > > Sent: Friday, April 27, 2007 11:30 AM > > To: 'Post all your questions about iText here' > > Subject: Re: [iText-questions] Including the CRL in the signature > > > > I did some diging and I think I found the reason. > > iText seems to embed the CRLs into the optional CRL attribute > > specified in the PKCS#7 standard. > > Yes (not an attribute but rather a sequence in the body). > > > The PDF Reference (p. 698 in Version 1.6) specifies a > special OID for > > it, and the Acrobat does it like that. > > > > >From the PDF reference it's not clear if Acrobat only looks > at the special signed attribute or if it also looks at what's > defined in the standard for this. > > Paulo > > > -Robert > > > > -----Ursprüngliche Nachricht----- > > Von: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Im > Auftrag von > > Robert Esterer > > Gesendet: Freitag, 27. April 2007 10:01 > > An: 'Post all your questions about iText here' > > Betreff: Re: [iText-questions] Including the CRL in the signature > > > > Of course. > > I uploaded two PDFs, both of which should contain two CRLs > (signer and > > issuing CA). > > http://www.secardeo.de/temp/crl_test.zip > > > > -Robert > > > > -----Ursprüngliche Nachricht----- > > Von: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Im > Auftrag von > > Paulo Soares > > Gesendet: Donnerstag, 26. April 2007 17:54 > > An: Post all your questions about iText here > > Betreff: Re: [iText-questions] Including the CRL in the signature > > > > I don't see anything wrong with you code or with iTexts code. > > Can I have a > > look at the PDF? > > > > Paulo > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On > Behalf Of > > > Robert Esterer > > > Sent: Thursday, April 26, 2007 4:11 PM > > > To: 'Post all your questions about iText here' > > > Subject: Re: [iText-questions] Including the CRL in the signature > > > > > > The rest is just the usual signing code: > > > > > > md = MessageDigest.getInstance("SHA1"); > > > byte[] buf = new byte[8192]; > > > > > > inp = sap.getRangeStream(); > > > int n = 0; > > > while ((n = inp.read(buf)) > 0) > > > { > > > md.update(buf, 0, n); > > > } > > > inp.close(); > > > hash = md.digest(); > > > > > > signature = s.sign(hash); > > > pkcs = sap.getSigStandard(); > > > slit = (PdfLiteral) pkcs.get(PdfName.CONTENTS); > > > buf = new byte[(slit.getPosLength() - 2) / 2]; > > > p7Sig = pkcs.getSigner(); > > > p7Sig.setExternalDigest(signature, hash, "RSA"); > > > dic = new PdfDictionary(); > > > byte[] p7Bytes = p7Sig.getEncodedPKCS7(); > > > System.arraycopy(p7Bytes, 0, buf, 0, p7Bytes.length); > > > dic.put(PdfName.CONTENTS, new > > > PdfString(buf).setHexWriting(true)); > > > sap.close(dic); > > > > > > I use iText 2.0.2 btw. > > > > > > -Robert > > > > > > -----Ursprüngliche Nachricht----- > > > Von: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] Im > > Auftrag von > > > Paulo Soares > > > Gesendet: Donnerstag, 26. April 2007 15:44 > > > An: Post all your questions about iText here > > > Betreff: Re: [iText-questions] Including the CRL in the signature > > > > > > Works for me, although I'm not an heavy user of CRLs. Can > > you post the > > > rest of the code until the final close and a link for the > resulting > > > PDF? > > > > > > Paulo > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] On > > Behalf Of > > > > Robert Esterer > > > > Sent: Thursday, April 26, 2007 1:55 PM > > > > To: 'Post all your questions about iText here' > > > > Subject: [iText-questions] Including the CRL in the signature > > > > > > > > Hello, > > > > > > > > Im currenty trying to include the CRLs for the > > certificate chain in > > > > the signature. > > > > The signature creation itself works perfectly fine, only > > problem is > > > > that the CRLs seem to be missing. At least the Acrobat > > tells me so. > > > > > > > > My Code looks like this: > > > > > > > > sap.setCrypto(null, s.getCertificateChain(), s.getCRLs(), > > > > PdfSignatureAppearance.WINCER_SIGNED); > > > > sap.setExternalDigest(new byte[s.sigLength], new > > > byte[s.hashLength], > > > > "RSA"); > > > > sap.preClose(); > > > > System.out.println(sap.getCrlList().length); > > > > System.out.println(((java.security.cert.X509CRL)sap.getCrlList > > > > ()[0]).getNext > > > > Update().toString()); > > > > > > > > The last two lines are just output for me to make sure that the > > > > SignatureAppearance object does have the CRLs. > > > > The array returned by "getCrlList()" does indeed contain > > > the correct > > > > CRLs, but the final PDF does not seem to contain them. > > > > > > > > Am I missing some flag or is this a bug? > > > > > > > > Regards, > > > > -Robert > > > Aviso Legal: > Esta mensagem é destinada exclusivamente ao destinatário. > Pode conter informação confidencial ou legalmente protegida. > A incorrecta transmissão desta mensagem não significa a perca > de confidencialidade. Se esta mensagem for recebida por > engano, por favor envie-a de volta para o remetente e > apague-a do seu sistema de imediato. É proibido a qualquer > pessoa que não o destinatário de usar, revelar ou distribuir > qualquer parte desta mensagem. > > Disclaimer: > This message is destined exclusively to the intended > receiver. It may contain confidential or legally protected > information. The incorrect transmission of this message does > not mean the loss of its confidentiality. If this message is > received by mistake, please send it back to the sender and > delete it from your system immediately. It is forbidden to > any person who is not the intended receiver to use, > distribute or copy any part of this message. > > -------------------------------------------------------------- > ----------- > This SF.net email is sponsored by DB2 Express Download DB2 > Express C - the FREE version of DB2 express and take control > of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > iText-questions mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/itext-questions > Buy the iText book: http://itext.ugent.be/itext-in-action/ > Aviso Legal: Esta mensagem é destinada exclusivamente ao destinatário. Pode conter informação confidencial ou legalmente protegida. A incorrecta transmissão desta mensagem não significa a perca de confidencialidade. Se esta mensagem for recebida por engano, por favor envie-a de volta para o remetente e apague-a do seu sistema de imediato. É proibido a qualquer pessoa que não o destinatário de usar, revelar ou distribuir qualquer parte desta mensagem. Disclaimer: This message is destined exclusively to the intended receiver. It may contain confidential or legally protected information. The incorrect transmission of this message does not mean the loss of its confidentiality. If this message is received by mistake, please send it back to the sender and delete it from your system immediately. It is forbidden to any person who is not the intended receiver to use, distribute or copy any part of this message. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://itext.ugent.be/itext-in-action/
