Hi Alessandro,
I would bet that you missed to register the JCE provider, e.g. Bouncy Castle.
'SHA-1 RSA' probably refers to the signing algorithm of the certificate but
doesn't affect the document digest. There are several different digests
involved in a usual signature ...
Greetings
Andreas
----- original Nachricht --------
Betreff: [iText-questions] problems reading a signed pdf
Gesendet: Di, 19. Jul 2011
Von: Alessandro Pedrotti
I have problems reading a signed pdf
the Exception is:
java.security.NoSuchAlgorithmException: SHA256 MessageDigest notavailable
atsun.security.jca.GetInstance.getInstance(GetInstance.java:142)
atjava.security.Security.getImpl(Security.java:659)
atjava.security.MessageDigest.getInstance(MessageDigest.java:129)
atcom.itextpdf.text.pdf.PdfPKCS7.<init>(PdfPKCS7.java:529)
atcom.itextpdf.text.pdf.AcroFields.verifySignature(AcroFields.java:2296)
atcom.itextpdf.text.pdf.AcroFields.verifySignature(AcroFields.java:2249)
the java code is:
KeyStore kall = PdfPKCS7.loadCacertsKeyStore();
PdfReader reader = new PdfReader(item.openStream());
AcroFields af = reader.getAcroFields();
ArrayList names = af.getSignatureNames();
System.out.println("name.size(): " + names.size());
if(names != null && names.size() > 0){
for (int k = 0; k < names.size(); ++k) {
String name = (String) names.get(k);
System.out.println("Signature name: " + name);
boolean signatureCoversAllDocument
=af.signatureCoversWholeDocument(name);
System.out.println("Signature covers wholedocument: " +
signatureCoversAllDocument);
System.out.println("Document revision: "
+af.getRevision(name) + " of " + af.getTotalRevisions());
// Start revision extraction
FileOutputStream fout = newFileOutputStream("revision_" +
af.getRevision(name) + ".pdf");
byte bb[] = new byte[8192];
InputStream ip = af.extractRevision(name);
int n = 0;
while ((n = ip.read(bb)) > 0) {
fout.write(bb, 0, n);
}
fout.close();
ip.close();
// End revision extraction
PdfPKCS7 pk = af.verifySignature(name);
Calendar cal = pk.getSignDate();
Certificate pkc[] = pk.getCertificates();
PdfPKCS7.X509Name subject
=PdfPKCS7.getSubjectFields(pk.getSigningCertificate());
System.out.println("Subject: " + subject);
System.out.println("Document modified: " +!pk.verify());
Object fails[] = PdfPKCS7.verifyCertificates(pkc,kall,
null, cal);
/*
//this is to verify certificate trust(certification chain)
if (fails == null) {
System.out.println("Certificates verifiedagainst the
KeyStore");
} else {
System.out.println("Certificate failed: " +fails[1]);
}*/
if(signatureCoversAllDocument
&&Str.more(subject.toString())){
%>
<div style="padding-left:2.5em;padding-bottom:1em;">
Dettagli della firma:<br/>
Firma: <%= subject.toString()%><br/>
Firma copre l'intero documento:
<%=signatureCoversAllDocument %><br/>
</div>
<font color="green">TESTSUPERATO</font><%
}else{
%>Firma non eistente o la firma non coprel'intero
documento <br/><%
%><font color="red">TEST NONSUPERATO</font><%
}
}
}
I CANNOT ATTACH THE SIGNED PDF (FOR PRIVACY PROBLEMS) BUT THESIGNATURE
ALGORITHM IS "SHA-1 RSA"
ANY HELP?
-- __________________Alessandro PedrottiAnthesi s.r.l.Via dei Capitelli 26,
Cologna di Tenno (ITALY)Tel. +39 0464 553300 Fax. +39 0464
559010Http://www.anthesi.it -
www.isiportal.com-----------------------------------------------------------------------Nota
di riservatezza : Il presente messaggio, corredato dei relativi allegati,
contiene informazioni da considerarsi strettamente riservate,ed è destinato
esclusivamente al destinatario sopra indicato, il quale è l'unico autorizzato
ad usarlo, copiarlo e, sotto la propria responsabilità, diffonderlo.Chiunque
ricevesse questo messaggio per errore o comunque lo leggesse senza esserne
legittimato è avvertito che trattenerlo, copiarlo, divulgarlo, distribuirlo a
persone diverse dal destinatario è severamente proibito, ed è pregato di
rinviarlo immediatamente al mittente distruggendone l'originale.
Grazie.Confidentiality Notice : This message, together with its annexes,
contains information to be deemed strictly confidential and is destined only to
the addressee(s) identified above who only may use, copy and, under his/their
responsibility, further disseminate it. If anyone received this message by
mistake or reads it without entitlement is forewarned that keeping, copying,
disseminating or distributing this message to persons other than the
addressee(s) is strictly forbidden and is asked to transmit it immediately to
the sender and to erase the original message received. Thank you.
--- original Nachricht Ende ----
------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
