Hi mkl,
In the light of this I wonder why in your case both the org.btrust.signer.PDFSigner (in initSignPDF() called by signPDF()) and com.lowagie.text.pdf.PdfPKCS7 (in the constructor called by PdfSigGenericPKCS.setSignInfo() which in turn is called by PdfSignatureAppearance.preClose) initialize a P11Signature for signing. Either you allow iText to create the signature or do it yourself externally. no double signing is required, just the two exceptions are from SAME code but on different packages, I guess that is why you thought I double sign something in the code. In any case simply change the code to not initialize a superfluous P11Signature, in the former case by fixing org.btrust.signer.PDFSigner and in the latter by not injecting your PrivateKey into iText. I have never initialize "P11Signature" class by myself, this class is initialize internally by "java.security.Signature.initSign(Unknown Source)". And about the injection, this is the code I am using to sign PDF (it is 100% the same like http://itextpdf.sourceforge.net/howtosign.html#signextstd HERE ): PdfReader reader = new PdfReader("original.pdf"); > FileOutputStream fout = new FileOutputStream("signed.pdf"); > PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0'); > PdfSignatureAppearance sap = stp.getSignatureAppearance(); > sap.setCrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED); > sap.setReason("I'm the author"); > sap.setLocation("Lisbon"); > // comment next line to have an invisible signature > sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, null); > sap.setExternalDigest(new byte[128], new byte[20], "RSA"); > sap.preClose(); > MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); > byte buf[] = new byte[8192]; > int n; > InputStream inp = sap.getRangeStream(); > while ((n = inp.read(buf)) > 0) { > messageDigest.update(buf, 0, n); > } > byte hash[] = messageDigest.digest(); > PdfSigGenericPKCS sg = sap.getSigStandard(); > PdfLiteral slit = (PdfLiteral)sg.get(PdfName.CONTENTS); > byte[] outc = new byte[(slit.getPosLength() - 2) / 2]; > PdfPKCS7 sig = sg.getSigner(); > Signature sign = Signature.getInstance("SHA1withRSA"); > sign.initSign(key); > sign.update(hash); > sig.setExternalDigest(sign.sign(), hash, "RSA"); > PdfDictionary dic = new PdfDictionary(); > byte[] ssig = sig.getEncodedPKCS7(); > System.arraycopy(ssig, 0, outc, 0, ssig.length); > dic.put(PdfName.CONTENTS, new PdfString(outc).setHexWriting(true)); > sap.close(dic); Please could you tell me what line is injecting PrivateKey into iText? Please understand me, I do not have so much knowledge on iText as I wish to. In either case that fallback clean might occur to late in your context. And it depends on your garbage collection settings and available memory anyway which isn't too predictable after all. Do you want to tell me that neither Java Providers nor iText have not made opportunity to manually clean the resources? And rely on Java GC. I hope this will be changed in future, otherwise it sounds like a hit under the belt regarding Java language. I don't know what to do. My Provider tells me the dll is OK, here i understand the iText is OK, so where the hell I should look for that problem. I am going crazy. I test this case for(10 000 times) { Signature sign = Signature.getInstance("SHA1withRSA", provider); sign.initSign(getPrivKey); sign.update( "abc".getBytes() ); byte[] bb = sign.sign(); } that works perfect, therefore the problem is not in the provider. But when i add pdf signing it goes wrong the way i have described above!!! The only line i give PrivateKey to iText is *PdfSignatureAppearance.setCrypto(PrivKey, chain, null, PdfSignatureAppearance.WINCER_SIGNED);* The memory is continously rising, i guess something in PdfSignatureAppearance is not releasing the session. And this could be proven if you sign many times, the exception depends on the max session counter in your provider. That is why i have to create new Provider every few files. Can someone confirm this by signing thousand times? Am i the only one who is trying to sign thousands files? -- View this message in context: http://itext-general.2136553.n4.nabble.com/SunPKC11-Exception-when-signing-PDF-tp4340293p4351142.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
