Hi, I haven't checked your code in detail but... could you not simply store the stamper, signature appearance, and any other object of interest in member variables of the object that offers those methods?
Regards, Michael. ________________________________________ Von: Gonçalo Almeida [mailto:almeida.gonca...@gmail.com] Gesendet: Montag, 2. März 2009 19:21 An: Post all your questions about iText here Betreff: [iText-questions] Using external signatures Hello all I have a problem concerning the usage of external signatures. I want my application to sign a PDF document in three moments: • (1) byte[] hash = initializeSignature(String pdf, Certificate cert, KeyStore chain, CRL crl) / to return the signable bytes • (2) byte[] rawSignature = signExternal(hash) / to sign the hash • (3) byte[] signedPDF = finalizeSignature(byte[] signature, byte[] hash) / to return the complete signed PDF public byte[] initializeSignature(String pdf, Certificate cert, KeyStore chain, CRL crl) { PdfReader pdfReader = null; try { pdfReader = new PdfReader(Base64Decoder.decodeToBytes(pdf)); } catch (IOException e) { e.printStackTrace(); } ByteArrayOutputStream baos = new ByteArrayOutputStream(); PdfStamper pdfStamper = null; // creates the signature on the PDF try { pdfStamper = PdfStamper.createSignature(pdfReader, baos, '\0'); } catch (DocumentException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } //certificate and revokation lists null check up Certificate[] certificates = null; if (cert != null) certificates = new Certificate[] { cert }; CRL[] crls = null; if (crl != null) crls = new CRL[] { crl }; PdfSignatureAppearance pdfSignatureAppearance = pdfStamper.getSignatureAppearance(); pdfSignatureAppearance.setCrypto(null, certificates, crls, PdfSignatureAppearance.WINCER_SIGNED); pdfSignatureAppearance.setExternalDigest(new byte[512], new byte[20], "RSA"); try { pdfSignatureAppearance.preClose(); } catch (DocumentException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } byte[] hash = generateDigest(pdfSignatureAppearance.getRangeStream(), "SHA1"); return hash; } ======================================== public byte[] finalizeSignature(byte[] signature, byte[] hash) { /***************************/ Where to retrieve the previously created pdfSignatureAppearance presented here? /***************************/ (...) Calendar calendar = Calendar.getInstance(); PdfSigGenericPKCS sigPKCS = pdfSignatureAppearance.getSigStandard(); PdfLiteral tPDFLiteral = (PdfLiteral) sigPKCS.get(PdfName.CONTENTS); byte[] contentsBytes = new byte[(tPDFLiteral.getPosLength() - 2) / 2]; PdfPKCS7 signedPKCS7 = sigPKCS.getSigner(); //set the digital signature information signedPKCS7.setExternalDigest(signature, hash, "RSA"); PdfDictionary dictionary = new PdfDictionary(); byte[] tSsig = signedPKCS7.getEncodedPKCS7(null, calendar); System.arraycopy(tSsig, 0, contentsBytes, 0, tSsig.length); dictionary.put(PdfName.CONTENTS, new PdfString(contentsBytes).setHexWriting(true)); try { pdfSignatureAppearance.close(dictionary); } catch (IOException e) { e.printStackTrace(); } catch (DocumentException e) { e.printStackTrace(); } /***************************/ Where to retrieve the previously created ByteArrayOutputStream baos and make a "return baos.toByteArray();" pdfSignatureAppearance doesn't offer a method to retrieve the OutputStream to where it wrote the final result (getOriginalOut() is protected). /***************************/ (...) } Now, I would like to fill in the finalizeSignature method to return the signed PDF byte array (ready to be stored anywhere). The restriction is that I can't use any objects built in the initializeSignature, because I won't be able to maintain its state. Imagine a client-server architecture, where a client asks for initialize, then it signs the hash and then it wants the signed PDF from that signatureBytes array. The problem with reading the PDF again is that I will never get the same state, in order to insert the created signatureBytes. If I ran initializeSignature several times over the same document, it would be always different. I hope I was clear enough. -- Regards, Gonçalo Almeida -- Computer Bild Tarifsieger! GMX FreeDSL - Telefonanschluss + DSL für nur 17,95 ¿/mtl.!* http://dsl.gmx.de/?ac=OM.AD.PD003K11308T4569a ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php
