Hello all
I have a problem concerning the usage of external signatures.
I want my application to sign a PDF document in three moments:
- (1) byte[] hash = initializeSignature(String pdf, Certificate cert,
KeyStore chain, CRL crl) / *to return the signable bytes*
- (2) byte[] rawSignature = signExternal(hash) / *to sign the hash*
- (3) byte[] signedPDF = finalizeSignature(byte[] signature, byte[] hash)
/ *to return the complete signed PDF*
public byte[] initializeSignature(String pdf, Certificate cert, KeyStore
chain, CRL crl) {
PdfReader pdfReader = null;
try {
pdfReader = new PdfReader(Base64Decoder.decodeToBytes(pdf));
} catch (IOException e) {
e.printStackTrace();
}
ByteArrayOutputStream baos = new ByteArrayOutputStream();
PdfStamper pdfStamper = null;
// creates the signature on the PDF
try {
pdfStamper = PdfStamper.createSignature(pdfReader, baos, '\0');
} catch (DocumentException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
//certificate and revokation lists null check up
Certificate[] certificates = null;
if (cert != null)
certificates = new Certificate[] { cert };
CRL[] crls = null;
if (crl != null)
crls = new CRL[] { crl };
PdfSignatureAppearance pdfSignatureAppearance =
pdfStamper.getSignatureAppearance();
pdfSignatureAppearance.setCrypto(null, certificates, crls,
PdfSignatureAppearance.WINCER_SIGNED);
pdfSignatureAppearance.setExternalDigest(new byte[512], new
byte[20], "RSA");
try {
pdfSignatureAppearance.preClose();
} catch (DocumentException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
byte[] hash =
generateDigest(pdfSignatureAppearance.getRangeStream(), "SHA1");
return hash;
}
========================================
public byte[] finalizeSignature(byte[] signature, byte[] hash) {
*/***************************/*
Where to retrieve the previously created pdfSignatureAppearance presented
here?
*/***************************/*
(...)
Calendar calendar = Calendar.getInstance();
PdfSigGenericPKCS sigPKCS = pdfSignatureAppearance.getSigStandard();
PdfLiteral tPDFLiteral = (PdfLiteral) sigPKCS.get(PdfName.CONTENTS);
byte[] contentsBytes = new byte[(tPDFLiteral.getPosLength() - 2) /
2];
PdfPKCS7 signedPKCS7 = sigPKCS.getSigner();
//set the digital signature information
signedPKCS7.setExternalDigest(signature, hash, "RSA");
PdfDictionary dictionary = new PdfDictionary();
byte[] tSsig = signedPKCS7.getEncodedPKCS7(null, calendar);
System.arraycopy(tSsig, 0, contentsBytes, 0, tSsig.length);
dictionary.put(PdfName.CONTENTS, new
PdfString(contentsBytes).setHexWriting(true));
try {
pdfSignatureAppearance.close(dictionary);
} catch (IOException e) {
e.printStackTrace();
} catch (DocumentException e) {
e.printStackTrace();
}
* /***************************/*
Where to retrieve the previously created ByteArrayOutputStream baos and make
a "return baos.toByteArray();"
pdfSignatureAppearance doesn't offer a method to retrieve the OutputStream
to where it wrote the final result (getOriginalOut() is protected).
* /***************************/*
(...)
}
Now, I would like to fill in the *finalizeSignature* method to return the
signed PDF byte array (ready to be stored anywhere).
The restriction is that I can't use any objects built in the
initializeSignature, because I won't be able to maintain its state.
Imagine a client-server architecture, where a client asks for initialize,
then it signs the hash and then it wants the signed PDF from that
signatureBytes array.
The problem with reading the PDF again is that I will never get the same
state, in order to insert the created signatureBytes. If I ran
initializeSignature several times over the same document, it would be always
different.
I hope I was clear enough.
--
Regards,
Gonçalo Almeida
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.1t3xt.com/docs/book.php
