I am in need for some guidance. I have a scenario where I am required to
sign PDFs using a smartcard. The catch is that it needs to be done on a
server (Jboss) and the only interaction allowed is via a web browser
(Microsoft IE). I found several threads but I am unable to put it all
together for a final solution. This is way out of my comfort zone and I
have just started learning this.
In my first design I was hoping to leverage access of the smartcard private
key using the ActiveX CAPICOM but that proved useless. I suspect there is
some type of mechanisms that prevents me to do that otherwise it would be
too easy. Although I was able to display what appears to be a key in the
browser using Signer.Certificate.PrivateKey.
This is my second design after the first one crashed and burned:
1) The user interacts with IE and selects the PDF that need to signed
(The PDFs are stored in SQL server). The process in initiated by the user
via an AJAX call
2) The Java servlet receives the AJAX call and requests the PDF from
the SQL server and uses iText to begin the process of signing the document.
Here are some high-level steps (based on examples form itext and the
forums but the main inspiration was from
http://itext-general.2136553.n4.nabble.com/HASH-SMARTCARD-and-PKCS-7-detached-td3047252.html
)
a. creates a PdfStamper,
b. uses the setExternaldigest
c. preCloses the stamper
d. creates digest and sends it back to the browser via AJAX
e. Place the PdfStampre object in session so that it can be reused for
the final step
3) The client browser receives the digest and uses the internal
CAPICOM ActiveX control using javascript (
ActiveXObject("CAPICOM.SignedData") ) ) Idea came from
http://bozhobg.wordpress.com/2009/04/16/how-to-create-a-digital-signing-solution-with-only-javascript/
a. The user is asked via the browser to enter their smartcarcd and
their pin
b. Set the digest that came from the server to the SignedData.Content
of the activex
c. Call the CAPICOM activex SignedData.Sign(Signer, false,
CAPICOM_ENCODE_BASE64) which returns the signed hash
d. Return he signed hash to the server to sign the PDF via another
AJAX call
4) This is where things break down I cannot figure what I should do
next
a. I have the signed hash
b. I convert it to byte[] data =
Base64.decodeBase64(signedHash.trim().getBytes());
c. I get the PdfSamper back from session
d. I invoke PdfSigGenericPKCS sg = appearance.getSigStandard() but
it’sNULL.
Now I am not sure if this is even possible or what I am doing wrong. I also
saw a c# example that addressed the smartcard but I was not able to fully
comprehend and could not find and equivalent in Java since it was using the
.net framework.
Has anyone solved this type of problem with just Java, a browser and some
server side code? Sample code or ideas would be greatly appreciated?
Thanks in advance
max
--
View this message in context:
http://itext-general.2136553.n4.nabble.com/Sign-and-PDF-with-SmartCard-and-web-browser-only-tp4319344p4319344.html
Sent from the iText - General mailing list archive at Nabble.com.------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
