I created sample according to OCSP sample by Paulo, but after signing I get
"Signature is invalid: document has been altered or corrupted since it was
signed". What could be the reason for that?
Here is my code (there is a helper class to access certificates):
String aliasForSigningCertificate =
HelperForCertificates.CardAccessorInstance.selectDocumentSigningCertificate();
PrivateKey privateKey =
(PrivateKey)HelperForCertificates.CardAccessorInstance.getKeyStoreBuilder().getKeyStore().getKey(aliasForSigningCertificate,
"CERT_PASSW".toCharArray());
Certificate[] certificates = new
Certificate[]{HelperForCertificates.SigningCertificate,
CertManager.getRootCACertificate()};
PdfReader reader = new PdfReader("C:\\test.pdf");
FileOutputStream fout = new
FileOutputStream("C:\\test_signed.pdf");
PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');
PdfSignatureAppearance sap = stp.getSignatureAppearance();
sap.setCrypto(null, certificates, null,
PdfSignatureAppearance.SELF_SIGNED);
sap.setVisibleSignature(new Rectangle(100, 100, 300, 200), 1,
"Signature");
PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE,
PdfName.ADBE_PKCS7_DETACHED);
dic.setReason(sap.getReason());
dic.setLocation(sap.getLocation());
dic.setContact(sap.getContact());
dic.setDate(new PdfDate(sap.getSignDate()));
sap.setCryptoDictionary(dic);
int contentEstimated = 15000;
HashMap exc = new HashMap();
exc.put(PdfName.CONTENTS, new Integer(contentEstimated * 2 +
2));
sap.preClose(exc);
PdfPKCS7 sgn = new PdfPKCS7(privateKey, certificates, null,
"SHA1", null, false);
InputStream data = sap.getRangeStream();
MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
byte buf[] = new byte[8192];
int n;
while ((n = data.read(buf)) > 0) {
messageDigest.update(buf, 0, n);
}
byte hash[] = messageDigest.digest();
Calendar cal = Calendar.getInstance();
byte[] ocsp = null;
if (certificates.length >= 2) {
String url =
PdfPKCS7.getOCSPURL((X509Certificate)certificates[0]);
if (url != null && url.length() > 0)
ocsp = new
OcspClientBouncyCastle((X509Certificate)certificates[0],
(X509Certificate)certificates[1], url).getEncoded();
}
byte sh[] = sgn.getAuthenticatedAttributeBytes(hash, cal, ocsp);
sgn.update(sh, 0, sh.length);
byte[] encodedSig = sgn.getEncodedPKCS7(hash, cal, new
TSAClientEME(), null);
if (contentEstimated + 2 < encodedSig.length)
throw new Exception("Not enough space");
byte[] paddedSig = new byte[contentEstimated];
System.arraycopy(encodedSig, 0, paddedSig, 0,
encodedSig.length);
PdfDictionary dic2 = new PdfDictionary();
dic2.put(PdfName.CONTENTS, new
PdfString(paddedSig).setHexWriting(true));
sap.close(dic2);
Bert Vingerhoets-2 wrote:
>
> If you like to sign with a smartcard, you usually have to use an external
> signature. Check the sample code I posted a few days ago for a possible
> way to combine this with timestamping. Copy the OCSP part from Paulo's
> example if you like to use OCSP as well.
>
> Regards,
>
> Bert Vingerhoets - Research & Development
> Inventive Designers NV
>
> Phone: +32 3 821 01 70
> Fax: +32 3 821 01 71
> Email: Bert_Vingerhoets at inventivegroup dot com
> http://www.inventivegroup.com/
>
>
> -----Original Message-----
> From: Paulo Soares [mailto:[email protected]]
> Sent: Tuesday 7 July 2009 17:18
> To: Post all your questions about iText here
> Subject: Re: [iText-questions] iText and TimeStamp
>
> I'll post tonight an example in Java and C# on how to sign with timestamps
> and OCSP. However, this may not help you as you're interested in
> smartcards and that (usually) requires an external signature bypassing the
> iText code.
>
> Paulo
>
>> -----Original Message-----
>> From: redo [mailto:[email protected]]
>> Sent: Tuesday, July 07, 2009 2:20 PM
>> To: [email protected]
>> Subject: [iText-questions] iText and TimeStamp
>>
>>
>> Could someone provide pseudo code how to add the signature and
>> timestamp to pdf because I have seen some realizations on web (for
>> example http://www.mail-archive.com/[email protected].
>> net/msg40287.html
>> ) and there are a lot of questions.
>> Currently i would like to get answers on such questions:
>> 1) from what data the hash must be sent to timestamp server?
>> as I understand
>> the signatures must be included already then hash is calculated?
>> 2) I have seen PdfSignatureAppearance.setCrypto is called and there
>> usually are variable array certChain;
>> it must contain what? (right now my smart card contains 2
>> sertificates:
>> 1 for signing and 1 SSL authorization sertificate to access TSA and
>> get
>> timestamp)
>> 3) in some realizations I have seen CMSSignedDataGenerator,
>> CMSAttributeTableGenerator and CMSSignedData usage; can somebody
>> explain when these objects are used?
>>
>> I would be really nice if someone could explain generally how to and
>> signatures with timestamp as there is really hard to find any
>> information how it must be done correctly.
>
>
> Aviso Legal: Esta mensagem ? destinada exclusivamente ao destinat?rio.
> Pode conter informa??o confidencial ou legalmente protegida. A incorrecta
> transmiss?o desta mensagem n?o significa a perca de confidencialidade. Se
> esta mensagem for recebida por engano, por favor envie-a de volta para o
> remetente e apague-a do seu sistema de imediato. ? proibido a qualquer
> pessoa que n?o o destinat?rio de usar, revelar ou distribuir qualquer
> parte desta mensagem. Disclaimer: This message is destined exclusively
> to the intended receiver. It may contain confidential or legally protected
> information. The incorrect transmission of this message does not mean the
> loss of its confidentiality. If this message is received by mistake,
> please send it back to the sender and delete it from your system
> immediately. It is forbidden to any person who is not the intended
> receiver to use, distribute or copy any part of this message.
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> --
>
>
>
> Inventive Designers' Email Disclaimer:
> http://www.inventivedesigners.com/email-disclaimer
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> --
>
>
>
> ------------------------------------------------------------------------------
> Enter the BlackBerry Developer Challenge
> This is your chance to win up to $100,000 in prizes! For a limited time,
> vendors submitting new applications to BlackBerry App World(TM) will have
> the opportunity to enter the BlackBerry Developer Challenge. See full
> prize
> details at: http://p.sf.net/sfu/Challenge
> _______________________________________________
> iText-questions mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> Buy the iText book: http://www.1t3xt.com/docs/book.php
> Check the site with examples before you ask questions:
> http://www.1t3xt.info/examples/
> You can also search the keywords list:
> http://1t3xt.info/tutorials/keywords/
>
>
--
View this message in context:
http://www.nabble.com/iText-and-TimeStamp-tp24373196p24399289.html
Sent from the iText - General mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge
This is your chance to win up to $100,000 in prizes! For a limited time,
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.1t3xt.com/docs/book.php
Check the site with examples before you ask questions:
http://www.1t3xt.info/examples/
You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
