Thank you very much!!!! With this Code it works:
Certificate[] tCertificates = new Certificate[]{tSigningCertificate};
Calendar tCalendar = Calendar.getInstance();
PdfStamper tStamper =
PdfStamper.createSignature(tReader,tOutStream,'\0');
PdfSignatureAppearance tSignatureAppearance =
tStamper.getSignatureAppearance ();
tSignatureAppearance.setCrypto (null, tCertificates, null,
PdfSignatureAppearance.WINCER_SIGNED);
tSignatureAppearance.setReason ("REASON");
tSignatureAppearance.setLocation ("Würzburg");
tSignatureAppearance.setVisibleSignature (new Rectangle (100, 100, 400,
130), tReader.getNumberOfPages(), null);
// sap.setExternalDigest (new byte[128], new byte[20], "RSA");
tSignatureAppearance.setExternalDigest (new byte[512], new byte[20],
"RSA"); // UPGRADED
tSignatureAppearance.preClose ();
MessageDigest tMessageDigest = MessageDigest.getInstance ("SHA1");
byte buf[] = new byte[8192];
int n;
InputStream tInputStream = tSignatureAppearance.getRangeStream ();
while ((n = tInputStream.read (buf)) > 0)
{
tMessageDigest.update (buf, 0, n);
}
byte tHash[] = tMessageDigest.digest ();
PdfSigGenericPKCS tSig = tSignatureAppearance.getSigStandard ();
PdfLiteral tPDFLiteral = (PdfLiteral)tSig.get (PdfName.CONTENTS);
byte[] tOutBytes = new byte[(tPDFLiteral.getPosLength () - 2) / 2];
PdfPKCS7 tSigner = tSig.getSigner ();
byte [] tSignatureHash = Gov2SmartCardHelper.getInstance().sign(tHash);
tSigner.setExternalDigest (tSignatureHash, tHash, "RSA");
PdfDictionary tPDFDic = new PdfDictionary ();
byte[] tSsig = tSigner.getEncodedPKCS7 ();
System.arraycopy (tSsig, 0, tOutBytes, 0, tSsig.length);
tPDFDic.put (PdfName.CONTENTS, new PdfString (tOutBytes).setHexWriting
(true));
tSignatureAppearance.close (tPDFDic);
Paulo Soares wrote:
>
> After calling PdfSignatureAppearance.preClose() you must call
> PdfSignatureAppearance.getRangeStream() to get the bytes that are going
> to be signed.
>
> Paulo
>
>> -----Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] On
>> Behalf Of Fionn
>> Sent: Wednesday, October 17, 2007 10:19 AM
>> To: [email protected]
>> Subject: [iText-questions] Signing PDF-Document with external
>> Certificate and Signature (Signature is INVALID)
>>
>>
>> Hi, i am a German student and i would like to create an
>> application wich sign
>> PDF-Documents with external signatures.
>> Ok, the following things i want to do:
>> 1) get the signature + certificate from Smard-Card(REINER) with OCF
>> //the certificate
>> X509Certificate tSigningCertificate =
>> Gov2SmartCardHelper.getInstance().getSignatureX509Certificate();
>> //sign the file and get the hash bytes with SHA1withRSA algorithm
>> byte [] tBs =
>> Gov2SmartCardHelper.getInstance().sign(IOHelper.getBytesFromFi
>> le(tUnsignedFile));
>> Certificate[] tCertificates = new
>> Certificate[]{tSigningCertificate};
>> 2) Add signature + certificate to the PDF-Document
>>
>> Calendar tCalendar = Calendar.getInstance();
>> PdfStamper tStamper =
>> PdfStamper.createSignature(tReader,tOutStream,'\0');
>>
>> PdfSignatureAppearance tSignatureAppearance =
>> tStamper.getSignatureAppearance();
>> tSignatureAppearance.setLayer2Text("signature.\n\nDate: today");
>>
>> tSignatureAppearance.setVisibleSignature(new
>> com.lowagie.text.Rectangle(100, 180, 200, 200), 1, null);
>> tSignatureAppearance.setSignDate(tCalendar);
>> //Add the certificate
>> tSignatureAppearance.setCrypto(null,tCertificates , null,
>> PdfSignatureAppearance.SELF_SIGNED);
>> tSignatureAppearance.setReason("AI-Signing reason");
>> tSignatureAppearance.setLocation("Far far away");
>> //i need this, otherwise i get a NullPointerException in the
>> next line. The
>> stacktrace, see end of message.
>> tSignatureAppearance.setExternalDigest(new byte[128], null, "RSA");
>> tSignatureAppearance.preClose();
>>
>> //add signature
>> PdfPKCS7 tSig = tSignatureAppearance.getSigStandard().getSigner();
>> tSig.setExternalDigest(tBs, null, "RSA");
>>
>> PdfDictionary dic = new PdfDictionary();
>> dic.put(PdfName.CONTENTS, new
>> PdfString(tSig.getEncodedPKCS1()).setHexWriting(true));
>> tSignatureAppearance.close(dic);
>>
>> Its work but my Acrobat Reader says: Signature is INVALID
>> - The Document hast been altered or Corrupt since th
>> Signature was applied.
>> - The Signer's Identety is Unknown becous it has not been
>> included in your
>> list of Trusted Identities and none of its parent
>> Certificates are Trusted
>> Identities.
>>
>> But i can see the certificate in Adobe-Reader!
>> Sorry i am not a signing specialist but i think i have a
>> working knowledge
>> of signing.
>>
>> I would be very happy if anyone can help me or give me any tips.
>>
>> Greetings
>>
>> Fionn
>>
>> java.lang.NullPointerException
>> at com.lowagie.text.pdf.PdfPKCS7.getEncodedPKCS1(Unknown Source)
>> at
>> com.lowagie.text.pdf.PdfSigGenericPKCS.setSignInfo(Unknown Source)
>> at
>> com.lowagie.text.pdf.PdfSignatureAppearance.preClose(Unknown Source)
>> at
>> com.lowagie.text.pdf.PdfSignatureAppearance.preClose(Unknown Source)
>> at PDFSigner.sign(PDFSigner.java:103)
>> tSignatureAppearance.close(dic);
>
>
> Aviso Legal:
>
> Esta mensagem é destinada exclusivamente ao destinatário. Pode conter
> informação confidencial ou legalmente protegida. A incorrecta transmissão
> desta mensagem não significa a perca de confidencialidade. Se esta
> mensagem for recebida por engano, por favor envie-a de volta para o
> remetente e apague-a do seu sistema de imediato. É proibido a qualquer
> pessoa que não o destinatário de usar, revelar ou distribuir qualquer
> parte desta mensagem.
>
>
>
> Disclaimer:
>
> This message is destined exclusively to the intended receiver. It may
> contain confidential or legally protected information. The incorrect
> transmission of this message does not mean the loss of its
> confidentiality. If this message is received by mistake, please send it
> back to the sender and delete it from your system immediately. It is
> forbidden to any person who is not the intended receiver to use,
> distribute or copy any part of this message.
>
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> iText-questions mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
> Buy the iText book: http://itext.ugent.be/itext-in-action/
>
>
--
View this message in context:
http://www.nabble.com/Signing-PDF-Document-with-external-Certificate-and-Signature-%28Signature-is-INVALID%29-tf4639103.html#a13250567
Sent from the iText - General mailing list archive at Nabble.com.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://itext.ugent.be/itext-in-action/
