I think the only way you are going to solve your problem cleanly is to modify iText and provide an alternative set of signing APIs that work in your model, which as Paulo points out, is quite unusual.
Leonard -----Original Message----- From: amarianoelaide [mailto:[email protected]] Sent: Monday, February 16, 2009 5:31 AM To: [email protected] Subject: Re: [iText-questions] signing pdf with external signature I'm sorry for the lack of clearness of my thread and also of my english. I'll try at my best to explain again what I need. Obviusly I need to sign a pdf. I am able to do it with this code: //get the certificate used to sign, call it certificate PdfReader reader = new PdfReader("pdf_to_be_signed.pdf"); FileOutputStream fout = new FileOutputStream("signed_pdf.pdf"); PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0'); PdfSignatureAppearance sap = stp.getSignatureAppearance(); sap.setCrypto(null, new Certificate[]{certificate}, null, PdfSignatureAppearance.SELF_SIGNED); sap.setReason("Hello"); sap.setLocation("Italy"); sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, null); sap.setExternalDigest(new byte[128], new byte[20], null); sap.preClose(); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); byte buf[] = new byte[8192]; int n; InputStream inp = sap.getRangeStream(); while ((n = inp.read(buf)) > 0) { messageDigest.update(buf, 0, n); } byte hash[] = messageDigest.digest(); //sign this hash with an external procedure that gives me signed_hash PdfPKCS7 sig = sap.getSigStandard().getSigner(); sig.setExternalDigest(signed_hash, null, "RSA"); PdfDictionary dic2 = new PdfDictionary(); dic2.put(PdfName.CONTENTS, new PdfString(sig.getEncodedPKCS1()).setHexWriting(true)); sap.close(dic2); Call this piece of code CASE1. So what's the problem? The problem is that to use the CASE1 I need to observe a strict order for the operations: 1-get the certificate to use for the signature operation 2-use a PDFReader to read the pdf to sign 3-use a PDFStamper to modify the pdf creating the signed one 4-use PdfSignatureAppearance to create the "signature field" 5-fill this signature filed with certificate, reason, location etc.... 6-get the hash to be signed 7-sign it with an external proc 8-add the signature The problem is the first point. I have the certificate only at the point 7. It means that I don't choose the certificate used to sign. It's the external signature procedure that, on the base of the user that does the login, uses a certificate rather than another and returns to me the signature and the certificate used to sign. QUESTION 1: Is it possible to change the code of the CASE1, so to not have the need of a certificate during the creation of the PdfSignatureAppearance object and so to add it only after the point 7? If yes, could you help me with a sample code? If the answer to the question 1 is no, the only thing I can do is to use a "fake" certificate. Doing so, I obtain a pdf signed with the wrong certificate and then I need to replace into the signed pdf signature and certificate with the right ones. I think there are 2 possibilities: 1-sign the pdf once simply to obtain the certificate and then sign again to obtain the real signed pdf. 2-sign the pdf once simply to obtain the certificate and then replace into the signed pdf the certificate and the signature with the right ones. If the solution is the second one, I have no idea about the way to do it. In this case it would be great a sample code to drive me step by step. -- View this message in context: http://www.nabble.com/signing-pdf-with-external-signature-tp21917425p22034825.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php
