Hi Paulo , the signature works fine before I put the CRL on the constructor
of the PdfPKCS7
When i put my array of CRLS ... got and ArrayIndexOutOfBound Exception .
Here the code :
public void signPdfTest(IDigitalIdentity id) throws
NoSuchAlgorithmException, KeyStoreException, CertificateException,
IOException, DocumentException, InvalidKeyException,
NoSuchProviderException, SignatureException
{
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(null,null);
PrivateKey key = id.getPrivateKey();
Certificate[] chain = id.getCertificateChain();
PdfReader reader = new PdfReader("original.pdf");
FileOutputStream fout = new FileOutputStream("signed.pdf");
PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');
PdfSignatureAppearance sap = stp.getSignatureAppearance();
// comment next line to have an invisible signature
sap.setVisibleSignature(new com.lowagie.text.Rectangle(100, 100,
300, 200), 1, null);
sap.setLayer2Text("This is some custom made text.\n\nDate: some
date");
Calendar cal = Calendar.getInstance();
PdfDictionary dic = new PdfDictionary();
dic.put(PdfName.FT, PdfName.SIG);
dic.put(PdfName.FILTER, new PdfName("SAFE.PPKSF"));
dic.put(PdfName.SUBFILTER, new PdfName("adbe.pkcs7.detached"));
dic.put(PdfName.M, new PdfDate(cal));
dic.put(PdfName.NAME, new
PdfString(PdfPKCS7.getSubjectFields((X509Certificate)chain[0]).getField("CN")));
sap.setCryptoDictionary(dic);
HashMap exc = new HashMap();
exc.put(PdfName.CONTENTS, new Integer(0x2502));
sap.preClose(exc);
PdfPKCS7 pk7 = new PdfPKCS7(key, chain, id.getCrlList(), "SHA1",
null, false);
MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
byte buf[] = new byte[8192];
int n;
InputStream inp = sap.getRangeStream();
while ((n = inp.read(buf)) > 0) {
messageDigest.update(buf, 0, n);
}
byte hash[] = messageDigest.digest();
byte sh[] = pk7.getAuthenticatedAttributeBytes(hash, cal,null);
pk7.update(sh, 0, sh.length);
PdfDictionary dic2 = new PdfDictionary();
byte sg[] = pk7.getEncodedPKCS7(hash, cal);
byte out[] = new byte[0x2500 / 2];
System.arraycopy(sg, 0, out, 0, sg.length);
dic2.put(PdfName.CONTENTS, new PdfString(out).setHexWriting(true));
sap.close(dic2);
}
that's pretty confusing , maybe my buffer is not enought at this point :
byte buf[] = new byte[8192];
I try to put an bigger size of the buf array but ... no result :( !
You have another idea ?
Paulo Soares-3 wrote:
>
> You'll have to increase the array size depending on the signature size,
> 128 for 1024 bit, 256 for 2048 and so on. I'm guessing on what the might
> be but there's no limit in iText for the signature size.
>
> Paulo
>
>> -----Original Message-----
>> From: java-chris [mailto:[email protected]]
>> Sent: Tuesday, September 29, 2009 3:33 PM
>> To: [email protected]
>> Subject: Re: [iText-questions] Embeded CRL not recognize by Adobe
>>
>>
>> Iv'e got the certificate of the trusted root,
>> The signature is fine, its realy the CRL that is not embeded.
>>
>> Like Paulo Soares said, I have to add the crl has Signature
>> Attributes.
>> But the problems is , I can't add the signature via external signature
>> dictionary because I use Entrust
>> and the hash provide by entrust is too large for the
>> signature ... well ..
>> Iv'e got an exception.
>>
>> Maybe I miss something but I will have to modify
>> PdfPKCS7.Java to set the
>> attribute after this part.
>>
>> if (!crls.isEmpty()) {
>> v = new ASN1EncodableVector();
>> for (Iterator i = crls.iterator();i.hasNext();) {
>> ASN1InputStream t = new ASN1InputStream(new
>> ByteArrayInputStream(((X509CRL)i.next()).getEncoded()));
>> v.add(t.readObject());
>> }
>> DERSet dercrls = new DERSet(v);
>> body.add(new DERTaggedObject(false, 1, dercrls));
>> }
>>
>> ??
>>
>>
>> Leonard Rosenthol-3 wrote:
>> >
>> > Signature looks fine - but since it's not chained to a
>> trusted root, I get
>> > unknown validity.
>> >
>> > -----Original Message-----
>> > From: java-chris [mailto:[email protected]]
>> > Sent: Tuesday, September 29, 2009 9:48 AM
>> > To: [email protected]
>> > Subject: Re: [iText-questions] Embeded CRL not recognize by Adobe
>> >
>> >
>> > Thanks for your quick answers !
>> >
>> > Here my concerns :
>> >
>> >
>> > CRLs must be added as a signed attribute.
>> >
>> > Ok , any clue of how I can do this, im pretty new with itext and
>> > signatures
>> > field ?
>> >
>> > By the way I use
>> >
>> > Adobe Reader 9
>> > Windows Xp Pro
>> >
>> > Put the document here :
>> >
>> > http://chris.sphere3solutions.com/test_crl.pdf Here
>> >
>> >
>> >
>> >
>> >
>> > Paulo Soares-3 wrote:
>> >>
>> >> CRLs must be added as a signed attribute.
>> >>
>> >> Paulo
>> >>
>> >>> -----Original Message-----
>> >>> From: java-chris [mailto:[email protected]]
>> >>> Sent: Monday, September 28, 2009 8:32 PM
>> >>> To: [email protected]
>> >>> Subject: [iText-questions] Embeded CRL not recognize by Adobe
>> >>>
>> >>>
>> >>> Hi guy's,
>> >>>
>> >>> Iv'e got problems with Embeded CRL'S with itext.
>> >>>
>> >>> I have an application that sign a PDF File with some
>> certificate in
>> >>> Microsoft Capi. ( Certificates is provide by Entrust provider)
>> >>>
>> >>> Well .. when im Embeded my CRL'S in the pdf, everything works
>> >>> fine without
>> >>> errors.
>> >>> When I Re-Open my pdf with my application, everythings works
>> >>> fine too,the
>> >>> document have some embeded CRL.
>> >>>
>> >>> Now the problems is , when I open the PDF in ADOBE READER the
>> >>> CRL is not
>> >>> recognize.
>> >>> Adobe Reader tells me that no CRL is embeded in the document.
>> >>>
>> >>> Well .. im screwed because I really need this CRL things to
>> >>> works by the end
>> >>> of the week :o( !
>> >>> Can someone help me with that ??
>> >>>
>> >>> Here some codes :
>> >>>
>> >>> appearance.setCrypto(aDigitalIdentity.getPrivateKey(),
>> >>> aDigitalIdentity
>> >>> .getCertificateChain(),
>> aDigitalIdentity.getCrlList(),
>> >>> PdfSignatureAppearance.WINCER_SIGNED);
>> >>>
>> >>>
>> >>> And I add you the way I get the CRL in attachement, maybe the
>> >>> problems is
>> >>> from the crl array.
>> >>>
>> >>> http://www.nabble.com/file/p25650913/CRLFetcher.java
>> CRLFetcher.java
>> >>> http://www.nabble.com/file/p25650913/CRLHolder.java
>> CRLHolder.java
>
>
> Aviso Legal:
>
> Esta mensagem é destinada exclusivamente ao destinatário. Pode conter
> informação confidencial ou legalmente protegida. A incorrecta transmissão
> desta mensagem não significa a perca de confidencialidade. Se esta
> mensagem for recebida por engano, por favor envie-a de volta para o
> remetente e apague-a do seu sistema de imediato. É proibido a qualquer
> pessoa que não o destinatário de usar, revelar ou distribuir qualquer
> parte desta mensagem.
>
>
>
> Disclaimer:
>
> This message is destined exclusively to the intended receiver. It may
> contain confidential or legally protected information. The incorrect
> transmission of this message does not mean the loss of its
> confidentiality. If this message is received by mistake, please send it
> back to the sender and delete it from your system immediately. It is
> forbidden to any person who is not the intended receiver to use,
> distribute or copy any part of this message.
>
>
>
>
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry® Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9-12, 2009. Register
> now!
> http://p.sf.net/sfu/devconf
> _______________________________________________
> iText-questions mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> Buy the iText book: http://www.1t3xt.com/docs/book.php
> Check the site with examples before you ask questions:
> http://www.1t3xt.info/examples/
> You can also search the keywords list:
> http://1t3xt.info/tutorials/keywords/
>
--
View this message in context:
http://www.nabble.com/Embeded-CRL-not-recognize-by-Adobe-tp25650913p25665381.html
Sent from the iText - General mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.1t3xt.com/docs/book.php
Check the site with examples before you ask questions:
http://www.1t3xt.info/examples/
You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
