thank you for your interest,
i have resolved the problem.
The default provider was SUN, and the algorithm was SHA-256, but SUN
doesn't implement SHA-256, so i have to switch to buoncycastle provider.
Now all works fine.
Thanks a lot!
Follows below the updated code , with the added code in bold
KeyStore kall = PdfPKCS7.loadCacertsKeyStore();
Provider provider = null;
try {
Class c =
Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
java.security.Security.insertProviderAt((java.security.Provider)c.newInstance(),
2000);
//provider = "BC";
provider = (Provider)c.newInstance();
} catch(Exception e) {
provider = null;
// provider is not available }
}
PdfReader reader = new PdfReader(pdfInputStream);
AcroFields af = reader.getAcroFields();
ArrayList names = af.getSignatureNames();
Logger.log(LOGGERID, "name.size(): " + names.size());
for (int k = 0; k < names.size(); ++k) {
String name = (String) names.get(k);
Logger.log(LOGGERID, "Signature name: " + name);
Logger.log(LOGGERID, "Signature covers whole document: " +
af.signatureCoversWholeDocument(name));
Logger.log(LOGGERID, "Document revision: " +
af.getRevision(name) + " of " + af.getTotalRevisions());
// Start revision extraction
/*FileOutputStream fout = new FileOutputStream("revision_"
+ af.getRevision(name) + ".pdf");
byte bb[] = new byte[8192];
InputStream ip = af.extractRevision(name);
int n = 0;
while ((n = ip.read(bb)) > 0) {
fout.write(bb, 0, n);
}
fout.close();
ip.close();*/
// End revision extraction
PdfPKCS7 pk = af.verifySignature(name, "BC");
//forcing to use the bouncycastle provider rather than the default one
"SUN".
Andreas Kuehne wrote:
Hi Alessandro,
I would bet that you missed to register the JCE provider, e.g. Bouncy Castle.
'SHA-1 RSA' probably refers to the signing algorithm of the certificate but doesn't affect the document digest. There are several different digests involved in a usual signature ...
Greetings
Andreas
----- original Nachricht --------
Betreff: [iText-questions] problems reading a signed pdf
Gesendet: Di, 19. Jul 2011
Von: Alessandro Pedrotti
I have problems reading a signed pdf
the Exception is:
java.security.NoSuchAlgorithmException: SHA256 MessageDigest notavailable
atsun.security.jca.GetInstance.getInstance(GetInstance.java:142)
atjava.security.Security.getImpl(Security.java:659)
atjava.security.MessageDigest.getInstance(MessageDigest.java:129)
atcom.itextpdf.text.pdf.PdfPKCS7.<init>(PdfPKCS7.java:529)
atcom.itextpdf.text.pdf.AcroFields.verifySignature(AcroFields.java:2296)
atcom.itextpdf.text.pdf.AcroFields.verifySignature(AcroFields.java:2249)
the java code is:
KeyStore kall = PdfPKCS7.loadCacertsKeyStore();
PdfReader reader = new PdfReader(item.openStream());
AcroFields af = reader.getAcroFields();
ArrayList names = af.getSignatureNames();
System.out.println("name.size(): " + names.size());
if(names != null && names.size() > 0){
for (int k = 0; k < names.size(); ++k) {
String name = (String) names.get(k);
System.out.println("Signature name: " + name);
boolean signatureCoversAllDocument =af.signatureCoversWholeDocument(name);
System.out.println("Signature covers wholedocument: " + signatureCoversAllDocument);
System.out.println("Document revision: " +af.getRevision(name) + " of " + af.getTotalRevisions());
// Start revision extraction
FileOutputStream fout = newFileOutputStream("revision_" + af.getRevision(name) + ".pdf");
byte bb[] = new byte[8192];
InputStream ip = af.extractRevision(name);
int n = 0;
while ((n = ip.read(bb)) > 0) {
fout.write(bb, 0, n);
}
fout.close();
ip.close();
// End revision extraction
PdfPKCS7 pk = af.verifySignature(name);
Calendar cal = pk.getSignDate();
Certificate pkc[] = pk.getCertificates();
PdfPKCS7.X509Name subject =PdfPKCS7.getSubjectFields(pk.getSigningCertificate());
System.out.println("Subject: " + subject);
System.out.println("Document modified: " +!pk.verify());
Object fails[] = PdfPKCS7.verifyCertificates(pkc,kall, null, cal);
/*
//this is to verify certificate trust(certification chain)
if (fails == null) {
System.out.println("Certificates verifiedagainst the KeyStore");
} else {
System.out.println("Certificate failed: " +fails[1]);
}*/
if(signatureCoversAllDocument &&Str.more(subject.toString())){
%>
<div style="padding-left:2.5em;padding-bottom:1em;">
Dettagli della firma:<br/>
Firma: <%= subject.toString()%><br/>
Firma copre l'intero documento: <%=signatureCoversAllDocument %><br/>
</div>
<font color="green">TESTSUPERATO</font><%
}else{
%>Firma non eistente o la firma non coprel'intero documento <br/><%
%><font color="red">TEST NONSUPERATO</font><%
}
}
}
I CANNOT ATTACH THE SIGNED PDF (FOR PRIVACY PROBLEMS) BUT THESIGNATURE ALGORITHM IS "SHA-1 RSA"
ANY HELP?
-- __________________Alessandro PedrottiAnthesi s.r.l.Via dei Capitelli 26, Cologna di Tenno (ITALY)Tel. +39 0464 553300 Fax. +39 0464 559010Http://www.anthesi.it - www.isiportal.com-----------------------------------------------------------------------Nota di riservatezza : Il presente messaggio, corredato dei relativi allegati, contiene informazioni da considerarsi strettamente riservate,ed è destinato esclusivamente al destinatario sopra indicato, il quale è l'unico autorizzato ad usarlo, copiarlo e, sotto la propria responsabilità, diffonderlo.Chiunque ricevesse questo messaggio per errore o comunque lo leggesse senza esserne legittimato è avvertito che trattenerlo, copiarlo, divulgarlo, distribuirlo a persone diverse dal destinatario è severamente proibito, ed è pregato di rinviarlo im
mediatamente al mittente distruggendone l'originale. Grazie.Confidentiality Notice : This message, together with its annexes, contains information to be deemed strictly confidential and is destined only to the addressee(s) identified above who only may use, copy and, under his/their responsibility, further disseminate it. If anyone received this message by mistake or reads it without entitlement is forewarned that keeping, copying, disseminating or distributing this message to persons other than the addressee(s) is strictly forbidden and is asked to transmit it immediately to the sender and to erase the original message received. Thank you.
--- original Nachricht Ende ----
------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
--
__________________
Alessandro Pedrotti
Anthesi s.r.l.
Via dei Capitelli 26, Cologna di Tenno (ITALY)
Tel. +39 0464 553300 Fax. +39 0464 559010
Http://www.anthesi.it - www.isiportal.com
-----------------------------------------------------------------------
Nota di riservatezza : Il presente messaggio, corredato dei relativi allegati, contiene informazioni da considerarsi strettamente riservate,ed è destinato esclusivamente al destinatario sopra indicato, il quale è l'unico autorizzato ad usarlo, copiarlo e, sotto la propria responsabilità, diffonderlo.Chiunque ricevesse questo messaggio per errore o comunque lo leggesse senza esserne legittimato è avvertito che trattenerlo, copiarlo, divulgarlo, distribuirlo a persone diverse dal destinatario è severamente proibito, ed è pregato di rinviarlo immediatamente al mittente distruggendone l'originale. Grazie.
Confidentiality Notice : This message, together with its annexes, contains information to be deemed strictly confidential and is destined only to the addressee(s) identified above who only may use, copy and, under his/their responsibility, further disseminate it. If anyone received this message by mistake or reads it without entitlement is forewarned that keeping, copying, disseminating or distributing this message to persons other than the addressee(s) is strictly forbidden and is asked to transmit it immediately to the sender and to erase the original message received. Thank you.
|
