Hi,
I've already used iText to obtain signed pdf with external signature with
code like this:
/PdfReader pdfReader = new PdfReader("mypdf");
PdfStamper pdfStamper = PdfStamper.createSignature(pdfReader,
myByteArrayOutputStream, '\0', null, true);
PdfSignatureAppearance pdfSigApp = pdfStamper.getSignatureAppearance();
PdfSignature sigDic = new PdfSignature(PdfName.ADOBE_PPKLITE,
PdfName.ADBE_PKCS7_DETACHED);
sigDic.put(PdfName.FT, PdfName.SIG);
sigDic.put(PdfName.M, new PdfDate(cal));
pdfSigApp.setCryptoDictionary(sigDic);
HashMap exclusions = new HashMap();
exclusions.put(PdfName.CONTENTS, excSize*2+2);
pdfSigApp.preClose(exclusions);
then I obtain bytes to sign
byte[] bytesToHash = myFunctionToReadStream(pdfSigApp.getRangeStream());
at this point I sign the hash and create my pkcs7 envelope
byte[] pkcs7DER = myFunctionToSignAndPackage(bytesToHash);
PdfDictionary updates = new PdfDictionary();
byte out[] = new byte[excSize];
System.arraycopy(pkcs7DER, 0, out, 0, pkcs7DER.length);
updates.put(PdfName.CONTENTS, new PdfString(out).setHexWriting(true));
pdfSigApp.close(updates);/
This code works like a charm. What's the problem?
Now I need to add a new entry to the exclusions HashMap, because I need to
insert new data
excluded from hash computation.
But if I try to do:
/exclusions.put(new PdfName(myName), newExcSize*2+2);/
than
/byte[] out2 = new byte[newExcSize];
System.arraycopy(myData, 0, out2, 0, myData.length);
updates.put(new PdfName(myName), new PdfString(out2).setHexWriting(true));/
I obtain a pdf that cause a problem in Adobe Reader about SigDict/ByteRange
value.
I've already tried to do a simplier test
/exclusions.put(PdfName.NAME, new Integer(0x1f));/
than
/updates.put(PdfName.NAME, new PdfString("test"));/
but nothing changes.
>From iText javadoc:
/If using an external signature exclusionSizes must contain at least the
PdfName.CONTENTS key with the size that it will take in the document. Note
that due to the hex string coding this size should be byte_size*2+2. /
"At least" should mean that I can insert two, three, etc... entries into
the exclusionSizes hashmap.
My two cents: it seems that iText doesn't really exclude exclusionSizes
entries, other than CONTENTS, from hash computation. So when I update the
exclusions hashmap, after signing, I break the signature.
Where am I wrong? Thanks a lot
--
View this message in context:
http://itext-general.2136553.n4.nabble.com/Problem-with-preClose-function-and-exclusion-hashmap-tp3903958p3903958.html
Sent from the iText - General mailing list archive at Nabble.com.
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
