Dear *,
the last days I tried to embed an external signature in a PDF. To be
more precice, see my wishlist as follows:
1. prepare a PDF to embed a signature later on
2. create a hash that includes signed attributes
3. sign that hash externally and retrieve a PKCS1 back
4. embed the PKCS1 into a PKCS7
5. merge the PKCS7 and the prepared PDF to a valid signed PDF
I figured out that according to the HowToSign tutorial it is possible
to do somewhat like that, but it seems that such a signed PDF carries
a flat PKCS1?, instead making use of signed attributes. So maybe I've
not understood the whole context around this complex principle, but
what I really need right now (no, not another recommendation for a
good book ;-)) is, to create a hash with signed attributes and later
on a PKCS7 that holds a PKCS1 using signed attributes.
To started somewhere, first of all I wanted to get a full featured
PKCS7 embedded into a PDF and then extend this functionality to
support external PKCS1 signatures.
Here in short how it is done right now:
// prepare in/out (signedFile != document)
PdfReader reader = new PdfReader(document);
FileOutputStream fout = new FileOutputStream(signedFile);
// get stamper
PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');
PdfSignatureAppearance sap = stp.getSignatureAppearance();
sap.setCrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED);
sap.setReason("I'm the author");
sap.setLocation("Lisbon");
// prepare external signature
sap.setExternalDigest(new byte[128], null, "RSA");
// write file
sap.preClose();
// create external PKCS7 (P7S) using BC and the file we just wrote
byte[] p7s = ...
PdfSigGenericPKCS sg = sap.getSigStandard();
PdfLiteral slit = (PdfLiteral)sg.get(PdfName.CONTENTS);
// allocate bytes for PKCS7
byte[] outc = new byte[(slit.getPosLength() - 2) / 2];
// check length
System.out.println("#outc: "+outc.length+", #p7s: "+p7s.length);
// copy P7S
System.arraycopy(p7s, 0, outc, 0, p7s.length);
PdfDictionary dic = new PdfDictionary();
// embed signature
dic.put(PdfName.CONTENTS, new PdfString(outc).setHexWriting(true));
sap.close(dic);
The part computeP7X() does is quite simple:
CMSSignedData signedData = null;
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
generator.addSigner(key, cert, CMSSignedDataGenerator.DIGEST_SHA1);
ArrayList<Certificate> list = new ArrayList<Certificate>();
for (int i = 0, length = chain == null ? 0 : chain.length; i <
length; i++) {
list.add(chain[i]);
}
CertStore chainStore = CertStore.getInstance("Collection", new
CollectionCertStoreParameters(list), "BC");
generator.addCertificatesAndCRLs( chainStore );
CMSProcessable content = new CMSProcessableFile(new File(signedFile));
signedData = generator.generate( content, false, "BC" );
byte[] pkcs7 = signedData.getEncoded();
Well, I hope the problem is obvious and someone already started
laughing at my code :-) If not, let me add why this does not work.
Once I start this up, I'll get and ArrayIndexOutOfBounds exception at
this point:
// copy P7S
System.arraycopy(p7s, 0, outc, 0, p7s.length);
Right before I print both array lengths on console and it shows:
#outc: 1001, #p7s: 1036
So what happened here. Seems like I have not allocated enough space
for my PKCS7. Ok, but how is this computed anyway? Maybe someone could
point me in the right direction?
Thanks in advance,
Max
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.1t3xt.com/docs/book.php
