Hi Bram, thanks for your quick reply !
Good to hear that the code works out for you. The small change turned out into a big copy battle : The new class cannot be in the bouncy castle package because this is signed. So I need to work in a new package. But the helper classes are of a package-only scope. So many method needed to be copied ... Maybe we could approach the bouncy castle team and propose this solution. Greetings Andreas ----- original Nachricht -------- Betreff: Re: [iText-questions] HASH, SMARTCARD and PKCS#7 detached Gesendet: Mi, 09. Mrz 2011 Von: Bram<[email protected]> > Hi Andreas, > > Thank you very much for your sample code. This is much appreciated. > > In order to make this work for my situation with a Belgian EID card, I had > to change the implementation of > CMSSignedExternalDataGenerator#getSignerIdentifier(X509Certificate) to the > code that was commented out. > This was necessary because the cert.getIssuerDN() method returned a > sun.security.x509.X500Name object for my certificate, and the suggested > implementation of getSignerIdentifier(X509Certificate) didn't really like > that. > (This also required the addition of CMSUtils.java and CMSException.java to > de.trustable.bouncycastle.cms, simply copied from the BC source code.) > I'm not sure what happens in the code below, but I no longer get an > Exception, so I assume it's fine. > > > > TBSCertificateStructure tbs = > > CMSUtils.getTBSCertificateStructure(cert); > > IssuerAndSerialNumber encSid = new IssuerAndSerialNumber(tbs > > .getIssuer(), tbs.getSerialNumber().getValue()); > > return new SignerIdentifier(encSid); > > > > > Other adjustments are based on the example that can be found here: > http://itext.ugent.be/articles/eid-pdf/index.php?page=3#recipient > > 1. in main(String[]): > > > > final BelpicCard scd = new BelpicCard(""); > > X509Certificate signCert = scd.getNonRepudiationCertificate(); > > > > 2. in PlainSignMethodCallbackHandler#sign(...): > > > > try { > > byte[] hash = > > MessageDigest.getInstance("SHA-1").digest(sigIntContent); > > signedBytes = scd.generateNonRepudiationSignature(hash); > > } catch (Exception e) { > > throw new SignatureException( e.getMessage()); > > } > > > > 3. in main(String[]); in order to include the full certificate chain in the > PDF: > > > > // add all your certificates here, any order will do > > certList.add(scd.getCertificationAuthorityCertificate()); > > certList.add(scd.getRootCertificationAuthorityCertificate()); > > > > With these adjustments, this works perfectly fine for me. > > Thanks again for your help, > Bram > > > kuehne wrote: > > > > Hi, > > > > I talked myself into providing sample code for signing a PDF with a PKCS7 > > signature using a smartcard. So here it is : > > > > Look at the SampleExternalSigning class in the package > > de.trustable.bouncycastle.cms : > > > > In the 'main' method the in- and outfiles were read from the command > line, > > a test certificate and a key pair gets created and the BouncyCastle > > security provider is registered. > > > > The more interesting part starts at line 194 : As we are not able to > > forward the private key to the crypto lib directly now there is an > > interface called 'PlainSignMethodCallbackHandler' that will be called > when > > it comes to signing. There is only one method required. Here you can see > a > > sample implementation using the pregenerated private key. In a real life > > scenario you'll need to fill in the smartcard api access code instead. > > That's the tricky part .. > > > > The other code is more or less a standard singning sample using the > > PDFStamper. The major difference here is the use of the > > CMSSignedExternalDataGenerator class, which is not from BouncyCastle but > > from this sample package. It's mostly a copy of the already existing > > CMSSignedDataGenerator with the required changes to use a callback method > > instead of a private key. Most of the other code was required to be > copied > > due to visibility limatiations, no magic in there ... > > > > To run the sample you need to have iText-5.0.6.jar, bcprov-jdk16-146.jar, > > bcmail-jdk16-146.jar and the mail.jar in the classpath additionally to > the > > classes ... older BC versions will surely cause problems as some internal > > method signatures changed recently. > > > > Let me know if you come across problems with this sample ... > > > > Good luck, > > > > Andreas > > > > -- > View this message in context: > http://itext-general.2136553.n4.nabble.com/Re-HASH-SMARTCARD-and-PKCS-7-deta > ched-tp3341984p3343838.html > Sent from the iText - General mailing list archive at Nabble.com. > > ---------------------------------------------------------------------------- > -- > Colocation vs. Managed Hosting > A question and answer guide to determining the best fit > for your organization - today and in the future. > http://p.sf.net/sfu/internap-sfd2d > _______________________________________________ > iText-questions mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/itext-questions > > iText(R) is a registered trademark of 1T3XT BVBA. > Many questions posted to this list can (and will) be answered with a > reference to the iText book: http://www.itextpdf.com/book/ > Please check the keywords list before you ask for examples: > http://itextpdf.com/themes/keywords.php > --- original Nachricht Ende ---- ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
