Hi all
Im making an aplication that sign pdf with time stamp signature. There is no
problem with the certificates in windows keyStore or signing with a smart
card.
The problems comes when i try to sign using NSS firefox keystore. Usally i
add the time Stamp this way:
/.............../
PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, new
PdfName("adbe.pkcs7.detached"));
sap.setCryptoDictionary(dic);
//dfStamper.setFormFlattening(true);
int contentEstimated = 15000;
HashMap exc = new HashMap();
exc.put(PdfName.CONTENTS, new Integer(contentEstimated *
2 + 2));
sap.preClose(exc);
PdfPKCS7 sgn = new PdfPKCS7(key, chain, null, "SHA1",
null, false);
InputStream data = sap.getRangeStream();
MessageDigest messageDigest =
MessageDigest.getInstance("SHA1");
byte buf[] = new byte[8192];
int n;
while ((n = data.read(buf)) > 0) {
messageDigest.update(buf, 0, n);
}
byte hash[] = messageDigest.digest();
System.out.println("HASH " + hash.length);
Calendar cal = Calendar.getInstance();
byte[] ocsp = null;
if (chain.length >= 2) {
String url = PdfPKCS7.getOCSPURL((X509Certificate)
chain[0]);
if (url != null && url.length() > 0) {
ocsp = new
OcspClientBouncyCastle((X509Certificate) chain[0], (X509Certificate)
chain[1], url).getEncoded();
}
}
byte sh[] = sgn.getAuthenticatedAttributeBytes(hash,
cal, ocsp);
sgn.update(sh, 0, sh.length);
byte[] encodedSig = sgn.getEncodedPKCS7(hash, cal, tsc,
ocsp);
if (contentEstimated + 2 < encodedSig.length) {
throw new Exception("Not enough space");
}
byte[] paddedSig = new byte[contentEstimated];
System.arraycopy(encodedSig, 0, paddedSig, 0,
encodedSig.length);
PdfDictionary dic2 = new PdfDictionary();
dic2.put(PdfName.CONTENTS, new
PdfString(paddedSig).setHexWriting(true));
sap.close(dic2);
/............./
the same way i saw in the tutorials, but the problem is that firefox certs
comes in SunPKCS11-NSS RSA, so when i try to add the time stamp i get the
following error:
java.security.InvalidKeyException: Private keys must be instance of
RSAPrivate(Crt)Key or have PKCS#8 encoding.
Exactly in the this line:
PdfPKCS7 sgn = new PdfPKCS7(key, chain, null, "SHA1", null, false);
I know that are diferent types of certs, so anybody knows who to add a time
stamp using SunPKCS11, there is a way to solve it?
lots of thxs.
--
View this message in context:
http://old.nabble.com/TimeStamp-with-certs-from-firefox-tp26776381p26776381.html
Sent from the iText - General mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Return on Information:
Google Enterprise Search pays you back
Get the facts.
http://p.sf.net/sfu/google-dev2dev
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.1t3xt.com/docs/book.php
Check the site with examples before you ask questions:
http://www.1t3xt.info/examples/
You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
