Well, that would surely work.
But now I have a Flash client which has to call initializeSignature from me,
signDocument from other party and finally finalizeSignature from me again.
As Flash doesn't maintain the invoked Java classes' state, I can't save
anything from one call to the other...
The methods should be completly independent.
2009/3/2 <m...@wir-sind-cool.org>
> Hi,
>
> I haven't checked your code in detail but... could you not simply store the
> stamper, signature appearance, and any other object of interest in member
> variables of the object that offers those methods?
>
> Regards, Michael.
> ________________________________________
> Von: Gonçalo Almeida [mailto:almeida.gonca...@gmail.com]
> Gesendet: Montag, 2. März 2009 19:21
> An: Post all your questions about iText here
> Betreff: [iText-questions] Using external signatures
>
> Hello all
>
> I have a problem concerning the usage of external signatures.
> I want my application to sign a PDF document in three moments:
> • (1) byte[] hash = initializeSignature(String pdf, Certificate cert,
> KeyStore chain, CRL crl) / to return the signable bytes
> • (2) byte[] rawSignature = signExternal(hash) / to sign the hash
> • (3) byte[] signedPDF = finalizeSignature(byte[] signature, byte[]
> hash) / to return the complete signed PDF
>
>
> public byte[] initializeSignature(String pdf, Certificate cert, KeyStore
> chain, CRL crl) {
>
> PdfReader pdfReader = null;
> try {
> pdfReader = new PdfReader(Base64Decoder.decodeToBytes(pdf));
> } catch (IOException e) {
> e.printStackTrace();
> }
> ByteArrayOutputStream baos = new ByteArrayOutputStream();
>
> PdfStamper pdfStamper = null;
>
> // creates the signature on the PDF
> try {
> pdfStamper = PdfStamper.createSignature(pdfReader, baos, '\0');
> } catch (DocumentException e) {
> e.printStackTrace();
> } catch (IOException e) {
> e.printStackTrace();
> }
>
> //certificate and revokation lists null check up
> Certificate[] certificates = null;
> if (cert != null)
> certificates = new Certificate[] { cert };
> CRL[] crls = null;
> if (crl != null)
> crls = new CRL[] { crl };
>
> PdfSignatureAppearance pdfSignatureAppearance =
> pdfStamper.getSignatureAppearance();
> pdfSignatureAppearance.setCrypto(null, certificates, crls,
> PdfSignatureAppearance.WINCER_SIGNED);
>
> pdfSignatureAppearance.setExternalDigest(new byte[512], new
> byte[20], "RSA");
> try {
> pdfSignatureAppearance.preClose();
> } catch (DocumentException e) {
> e.printStackTrace();
> } catch (IOException e) {
> e.printStackTrace();
> }
>
> byte[] hash =
> generateDigest(pdfSignatureAppearance.getRangeStream(), "SHA1");
>
> return hash;
> }
>
> ========================================
>
> public byte[] finalizeSignature(byte[] signature, byte[] hash) {
>
> /***************************/
> Where to retrieve the previously created pdfSignatureAppearance presented
> here?
> /***************************/
> (...)
> Calendar calendar = Calendar.getInstance();
> PdfSigGenericPKCS sigPKCS = pdfSignatureAppearance.getSigStandard();
> PdfLiteral tPDFLiteral = (PdfLiteral) sigPKCS.get(PdfName.CONTENTS);
> byte[] contentsBytes = new byte[(tPDFLiteral.getPosLength() - 2) /
> 2];
> PdfPKCS7 signedPKCS7 = sigPKCS.getSigner();
>
> //set the digital signature information
> signedPKCS7.setExternalDigest(signature, hash, "RSA");
> PdfDictionary dictionary = new PdfDictionary();
> byte[] tSsig = signedPKCS7.getEncodedPKCS7(null, calendar);
> System.arraycopy(tSsig, 0, contentsBytes, 0, tSsig.length);
> dictionary.put(PdfName.CONTENTS, new
> PdfString(contentsBytes).setHexWriting(true));
>
> try {
> pdfSignatureAppearance.close(dictionary);
> } catch (IOException e) {
> e.printStackTrace();
> } catch (DocumentException e) {
> e.printStackTrace();
> }
>
>
> /***************************/
> Where to retrieve the previously created ByteArrayOutputStream baos and
> make a "return baos.toByteArray();"
> pdfSignatureAppearance doesn't offer a method to retrieve the OutputStream
> to where it wrote the final result (getOriginalOut() is protected).
> /***************************/
> (...)
> }
>
>
> Now, I would like to fill in the finalizeSignature method to return the
> signed PDF byte array (ready to be stored anywhere).
> The restriction is that I can't use any objects built in the
> initializeSignature, because I won't be able to maintain its state.
>
> Imagine a client-server architecture, where a client asks for initialize,
> then it signs the hash and then it wants the signed PDF from that
> signatureBytes array.
>
> The problem with reading the PDF again is that I will never get the same
> state, in order to insert the created signatureBytes. If I ran
> initializeSignature several times over the same document, it would be always
> different.
>
> I hope I was clear enough.
>
>
> --
> Regards,
> Gonçalo Almeida
>
> --
> Computer Bild Tarifsieger! GMX FreeDSL - Telefonanschluss + DSL
> für nur 17,95 ¿/mtl.!* http://dsl.gmx.de/?ac=OM.AD.PD003K11308T4569a
>
>
> ------------------------------------------------------------------------------
> Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco,
> CA
> -OSBC tackles the biggest issue in open source: Open Sourcing the
> Enterprise
> -Strategies to boost innovation and cut costs with open source
> participation
> -Receive a $600 discount off the registration fee with the source code:
> SFAD
> http://p.sf.net/sfu/XcvMzF8H
> _______________________________________________
> iText-questions mailing list
> iText-questions@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> Buy the iText book: http://www.1t3xt.com/docs/book.php
--
Cumprimentos,
Gonçalo Almeida
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.1t3xt.com/docs/book.php
