Acrobat 9 (not sure about 8) only considers the last signature as valid even if
the others also are. If you use Acrobat 7 both will show as valid.
Paulo
________________________________________
From: Stephen Byrne [step...@lincware.com]
Sent: Tuesday, March 30, 2010 2:15 PM
To: itext-questions@lists.sourceforge.net
Subject: [iText-questions] Multiple signatures and verification by Acrobat
I am using iText to sign a document, save it to a file, read that file,
add another signature, and save it to a second file. If I read my output
files and verify the signatures with iText, they both verify. If I open
the once-signed with Adobe Acrobat, it shows the signature as valid. I
expected that if I opened the twice-signed file with Acrobat it would
show both signatures as valid, but it shows the second signature as
valid and the first as invalid.
If I view the signature properties of the first signature (in the
twice-signed file) and compute modifications, it says that there have
been no changes made since the signature was applied. If I view the
signed version, the signature shows as valid.
As expected, if I open the twice-signed file in a hex editor and
truncate everything after the \n%%EOF\n (0a 25 25 45 4f 46 0a), it is
identical to the once-signed file.
Am I doing something wrong, or am I misunderstanding how Acrobat should
work?
----
File sourceFile = new File( "data/source.pdf" );
File signedFile = new File( "data/signed.pdf" );
File twiceSignedFile = new File( "data/twicesigned.pdf" );
// Load the PKI certs
String alias = "stephen";
char[] pass = "changeit".toCharArray();
KeyStore ks = KeyStore.getInstance( KeyStore.getDefaultType() );
ks.load( new FileInputStream( "keystore.ks" ), pass );
PrivateKey key = (PrivateKey) ks.getKey( alias, pass );
Certificate[] chain = ks.getCertificateChain( alias );
// Read from the source file and write to the signed file
PdfReader sourceReader =
new PdfReader( new FileInputStream( sourceFile ) );
FileOutputStream signedFileOut = new FileOutputStream( signedFile );
PdfStamper stamper =
PdfStamper.createSignature( sourceReader, signedFileOut, '\0' );
// Sign the first field
PdfSignatureAppearance psa = stamper.getSignatureAppearance();
psa.setCrypto( key, chain, null, PdfSignatureAppearance.WINCER_SIGNED );
psa.setReason( "I'm the author" );
psa.setLocation( "Here" );
psa.setVisibleSignature( "sig1" );
psa.setSignDate( new GregorianCalendar() );
psa.setCertificationLevel( psa.CERTIFIED_FORM_FILLING );
// close and write out.
stamper.close();
sourceReader.close();
// Read from the signed file and write to the twice signed file
PdfReader signedReader =
new PdfReader( new FileInputStream( signedFile ) );
FileOutputStream twiceSignedFileOut =
new FileOutputStream( twiceSignedFile );
PdfStamper stamper2 =
PdfStamper.createSignature( signedReader, twiceSignedFileOut, '\0',
null, true );
// Sign the second field.
PdfSignatureAppearance psa2 = stamper2.getSignatureAppearance();
psa2.setCrypto( key, chain, null, PdfSignatureAppearance.WINCER_SIGNED );
psa2.setReason( "I'm the author" );
psa2.setLocation( "Here" );
psa2.setVisibleSignature( "sig2" );
psa2.setSignDate( new GregorianCalendar() );
psa2.setCertificationLevel( psa.CERTIFIED_NO_CHANGES_ALLOWED );
// close and write out
stamper2.close();
signedReader.close();
--
Stephen Byrne
step...@lincware.com
(585) 286-5817
Aviso Legal:
Esta mensagem é destinada exclusivamente ao destinatário. Pode conter
informação confidencial ou legalmente protegida. A incorrecta transmissão desta
mensagem não significa a perca de confidencialidade. Se esta mensagem for
recebida por engano, por favor envie-a de volta para o remetente e apague-a do
seu sistema de imediato. É proibido a qualquer pessoa que não o destinatário de
usar, revelar ou distribuir qualquer parte desta mensagem.
Disclaimer:
This message is destined exclusively to the intended receiver. It may contain
confidential or legally protected information. The incorrect transmission of
this message does not mean the loss of its confidentiality. If this message is
received by mistake, please send it back to the sender and delete it from your
system immediately. It is forbidden to any person who is not the intended
receiver to use, distribute or copy any part of this message.
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.itextpdf.com/book/
Check the site with examples before you ask questions:
http://www.1t3xt.info/examples/
You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
