Hello, guys,
I used the flowing code to sign a PDF with USB smart card in java, the sign
works but it appears “signing time is from the clock on the signer's
computer” when viewing in adobe reader, I did some research and knows it is
missing timestamp functionality applied. after adding timestamp code,
whatever I changed the code it always cannot sign successfully. It was
with “signature contains incorrect unrecognized corrupted or suspicious
data tsa” when viewing. Can everybody help me how to change my code make
the timestamp functionality works? Thanks.
public void postSignPDF(String selectedAlias) throws Exception {
KeyStore keyStore = null;
Provider pjacapi = Security.getProvider("CAPI");
final Provider pmscapi =
Security.getProvider("SunMSCAPI");
if (pmscapi != null) {
AccessController
.doPrivileged(new
PrivilegedExceptionAction<Boolean>() {
@Override
public Boolean
run() throws Exception {
pmscapi.setProperty("Signature.SHA1withRSA",
"sun.security.mscapi.RSASignature$SHA1");
return
true;
}
});
keyStore = KeyStore.getInstance("Windows-MY",
pmscapi);
} else if (pjacapi != null) {
keyStore = KeyStore.getInstance("CAPI");
}
if (keyStore != null) {
keyStore.load(null, null);
}
Enumeration<String> en = keyStore.aliases();
PrivateKey key = (PrivateKey)
keyStore.getKey(selectedAlias,
"password".toCharArray());
java.security.cert.Certificate[] chain = keyStore
.getCertificateChain(selectedAlias);
TSAClient tsc = new TSAClientBouncyCastle(TSA_URL,
TSA_ACCNT, TSA_PASSW);
PdfReader reader = new PdfReader("tobesigned.pdf");
FileOutputStream fout = new
FileOutputStream("signed.pdf");
PdfStamper stp = PdfStamper.createSignature(reader,
fout, '\0', null, true);
PdfSignatureAppearance appearance =
stp.getSignatureAppearance();
appearance.setCrypto(null, chain, null,
PdfSignatureAppearance.SELF_SIGNED);
appearance.setReason("test");
appearance.setLocation("Foobar");
appearance.setVisibleSignature(new Rectangle(100, 100,
200, 200), 1,
"sign");
appearance.setExternalDigest(new byte[25600], null,
"RSA");
appearance.preClose();
Signature signature =
Signature.getInstance("SHA1withRSA");
signature.initSign(key);
byte buf[] = new byte[8192];
int n;
InputStream inp = appearance.getRangeStream();
while ((n = inp.read(buf)) > 0) {
signature.update(buf, 0, n);
}
PdfPKCS7 sig = appearance.getSigStandard().getSigner();
sig.setExternalDigest(signature.sign(), null, "RSA");
PdfDictionary dic = new PdfDictionary();
// byte[] ocsp = null;
// if (chain.length >= 2) {
// String url =
PdfPKCS7.getOCSPURL((X509Certificate)chain[0]);
// if (url != null && url.length() > 0)
// ocsp = new
OcspClientBouncyCastle().getEncoded((X509Certificate)chain[0],
(X509Certificate)chain[1], url);
// ocsp = new
OcspClientBouncyCastle((X509Certificate)chain[0],
(X509Certificate)chain[1], url).getEncoded();
// }
// byte sh[] =
sig.getAuthenticatedAttributeBytes(signature.sign(),
Calendar.getInstance(), ocsp);
// sig.update(sh, 0, sh.length);
// byte[] encodedSig = sig.getEncodedPKCS7(signature.sign(),
Calendar.getInstance(), tsc, ocsp);
// dic.put(PdfName.CONTENTS,
// new
PdfString(encodedSig).setHexWriting(true));
dic.put(PdfName.CONTENTS,
new
PdfString(sig.getEncodedPKCS1()).setHexWriting(true));
appearance.close(dic);
}
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
