Who knows what comes out of those helper classes... Paulo
----- Original Message ----- From: "redo" <[email protected]> To: <[email protected]> Sent: Wednesday, July 08, 2009 10:01 PM Subject: Re: [iText-questions] iText and TimeStamp I created sample according to OCSP sample by Paulo, but after signing I get "Signature is invalid: document has been altered or corrupted since it was signed". What could be the reason for that? Here is my code (there is a helper class to access certificates): String aliasForSigningCertificate = HelperForCertificates.CardAccessorInstance.selectDocumentSigningCertificate(); PrivateKey privateKey = (PrivateKey)HelperForCertificates.CardAccessorInstance.getKeyStoreBuilder().getKeyStore().getKey(aliasForSigningCertificate, "CERT_PASSW".toCharArray()); Certificate[] certificates = new Certificate[]{HelperForCertificates.SigningCertificate, CertManager.getRootCACertificate()}; PdfReader reader = new PdfReader("C:\\test.pdf"); FileOutputStream fout = new FileOutputStream("C:\\test_signed.pdf"); PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0'); PdfSignatureAppearance sap = stp.getSignatureAppearance(); sap.setCrypto(null, certificates, null, PdfSignatureAppearance.SELF_SIGNED); sap.setVisibleSignature(new Rectangle(100, 100, 300, 200), 1, "Signature"); PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_DETACHED); dic.setReason(sap.getReason()); dic.setLocation(sap.getLocation()); dic.setContact(sap.getContact()); dic.setDate(new PdfDate(sap.getSignDate())); sap.setCryptoDictionary(dic); int contentEstimated = 15000; HashMap exc = new HashMap(); exc.put(PdfName.CONTENTS, new Integer(contentEstimated * 2 + 2)); sap.preClose(exc); PdfPKCS7 sgn = new PdfPKCS7(privateKey, certificates, null, "SHA1", null, false); InputStream data = sap.getRangeStream(); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); byte buf[] = new byte[8192]; int n; while ((n = data.read(buf)) > 0) { messageDigest.update(buf, 0, n); } byte hash[] = messageDigest.digest(); Calendar cal = Calendar.getInstance(); byte[] ocsp = null; if (certificates.length >= 2) { String url = PdfPKCS7.getOCSPURL((X509Certificate)certificates[0]); if (url != null && url.length() > 0) ocsp = new OcspClientBouncyCastle((X509Certificate)certificates[0], (X509Certificate)certificates[1], url).getEncoded(); } byte sh[] = sgn.getAuthenticatedAttributeBytes(hash, cal, ocsp); sgn.update(sh, 0, sh.length); byte[] encodedSig = sgn.getEncodedPKCS7(hash, cal, new TSAClientEME(), null); if (contentEstimated + 2 < encodedSig.length) throw new Exception("Not enough space"); byte[] paddedSig = new byte[contentEstimated]; System.arraycopy(encodedSig, 0, paddedSig, 0, encodedSig.length); PdfDictionary dic2 = new PdfDictionary(); dic2.put(PdfName.CONTENTS, new PdfString(paddedSig).setHexWriting(true)); sap.close(dic2); Bert Vingerhoets-2 wrote: > > If you like to sign with a smartcard, you usually have to use an external > signature. Check the sample code I posted a few days ago for a possible > way to combine this with timestamping. Copy the OCSP part from Paulo's > example if you like to use OCSP as well. > > Regards, > > Bert Vingerhoets - Research & Development > Inventive Designers NV > > Phone: +32 3 821 01 70 > Fax: +32 3 821 01 71 > Email: Bert_Vingerhoets at inventivegroup dot com > http://www.inventivegroup.com/ > > > -----Original Message----- > From: Paulo Soares [mailto:[email protected]] > Sent: Tuesday 7 July 2009 17:18 > To: Post all your questions about iText here > Subject: Re: [iText-questions] iText and TimeStamp > > I'll post tonight an example in Java and C# on how to sign with timestamps > and OCSP. However, this may not help you as you're interested in > smartcards and that (usually) requires an external signature bypassing the > iText code. > > Paulo > >> -----Original Message----- >> From: redo [mailto:[email protected]] >> Sent: Tuesday, July 07, 2009 2:20 PM >> To: [email protected] >> Subject: [iText-questions] iText and TimeStamp >> >> >> Could someone provide pseudo code how to add the signature and >> timestamp to pdf because I have seen some realizations on web (for >> example http://www.mail-archive.com/[email protected]. >> net/msg40287.html >> ) and there are a lot of questions. >> Currently i would like to get answers on such questions: >> 1) from what data the hash must be sent to timestamp server? >> as I understand >> the signatures must be included already then hash is calculated? >> 2) I have seen PdfSignatureAppearance.setCrypto is called and there >> usually are variable array certChain; >> it must contain what? (right now my smart card contains 2 >> sertificates: >> 1 for signing and 1 SSL authorization sertificate to access TSA and >> get >> timestamp) >> 3) in some realizations I have seen CMSSignedDataGenerator, >> CMSAttributeTableGenerator and CMSSignedData usage; can somebody >> explain when these objects are used? >> >> I would be really nice if someone could explain generally how to and >> signatures with timestamp as there is really hard to find any >> information how it must be done correctly. ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
