I use this code in iext 4.22 (but I guess you are using 5.3.x). Because I
have to make the porting of this code to the 5.3.x and I have the same
CoSign appliance, I think my code could be useful to you and me.
Some details: I invoke a WS exposed by the CoSign Appliance and I sent only
the digest of the PDF (not the entire PDF).
Following the code to make the CMS signature:
********************
DSS service = new DSSLocator();
DSSSoap ARService = service.getDSSSoap( new
java.net.URL(HTTPS_CSN00XXX_8080_SAPIWS_DSS_ASMX) );
SignRequest request = new SignRequest();
RequestBaseTypeInputDocuments inputDocs = new
RequestBaseTypeInputDocuments();
RequestBaseTypeOptionalInputs optionalParams = new
RequestBaseTypeOptionalInputs();
// The certificate for the signature
RequestBaseTypeOptionalInputsKeySelector keySelector = new
RequestBaseTypeOptionalInputsKeySelector() ;
KeyInfoType keyInfo = new KeyInfoType() ;
X509DataType x509Data = new X509DataType() ;
x509Data.setX509Certificate(chooseUserCertificate(User, Domain, Pass,
SignPass)) ; ==> chooseUserCertificate is a mine code to get the signing
user certificate
KeyInfo.setX509Data(x509Data) ;
keySelector.setKeyInfo(keyInfo) ;
optionalParams.setKeySelector(keySelector) ;
// Set the signature type
optionalParams.setSignatureType( new URI( URN_IETF_RFC_3369 ) ); ===> should
be a CMS signature...
// Set the username of the signer for the WS invokation
RequestBaseTypeOptionalInputsClaimedIdentity cosignUser = new
RequestBaseTypeOptionalInputsClaimedIdentity();
NameIdentifierType userName = new NameIdentifierType( User );
userName.setNameQualifier( Domain );
cosignUser.setName( userName );
cosignUser.setSupportingInfo( new CoSignAuthDataType( Pass, null,SignPass )
);
optionalParams.setClaimedIdentity( cosignUser );
// Set the SHA1
optionalParams.setFlags( new UnsignedInt( FLAG_SHA1 ) );
===> SHA is the PDF sha1 generated through the code
DocumentType myDoc = new DocumentType();
DocumentTypeBase64Data docBytes = new DocumentTypeBase64Data( sha );
docBytes.setMimeType( APPLICATION_OCTET_STRING );
myDoc.setBase64Data( docBytes );
inputDocs.setDocument( myDoc );
// Set the request and does the call to the appliance WSs
request.setOptionalInputs( optionalParams );
request.setInputDocuments( inputDocs );
result = ARService.dssSign( request );
// Check the result
ResponseBaseTypeResult rc = result.getResult();
String errmsg = "" + rc.getResultMajor();
if (errmsg.compareTo( URN_OASIS_NAMES_TC_DSS_1_0_RESULTMAJOR_SUCCESS ) != 0)
{
throw new Exception( rc.getResultMessage().get_value() );
}
// Return the PDF signature
ResponseBaseTypeOptionalOutputs doc = result.getOptionalOutputs();
ResponseBaseTypeOptionalOutputsDocumentWithSignature SignedDoc = doc
.getDocumentWithSignature(); ==> this is the CMS of the
SHA1 returned from the CoSign appliance
return SignedDoc.getDocument().getBase64Data().get_value();
********************
Following the code to make the signed PDF:
********************
PdfReader reader = getPdfReader(srcStream);
PdfStamper stamper = PdfStamper.createSignature(reader, destStream, '\0');
PdfSignatureAppearance sap = stamper.getSignatureAppearance();
sap.setCrypto(null, chainFull, null, PdfSignatureAppearance.SELF_SIGNED);
setSigAppearance(certified, graphic, useLayer, sap); ==> my code to set the
Appearance...not so important for the signature
setPdfEncryption(stamper);
PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE,
PdfName.ADBE_PKCS7_DETACHED);
dic.setName(CertificateInfo.getSubjectFields((X509Certificate)chainFull[0]).getField("CN"));
if (sap.getSignDate()!= null) dic.setDate(new PdfDate(sap.getSignDate()));
if (sap.getReason()!= null) dic.setReason(sap.getReason());
if (sap.getLocation() != null) dic.setLocation(sap.getLocation());
if (sap.getContact() != null) dic.setContact(sap.getContact());
sap.setCryptoDictionary(dic);
// set the space to allocate the signature ==> this is the key code :)
int contentEstimated = 15000;
HashMap<PdfName, Integer> exc = new HashMap<PdfName, Integer>();
exc.put(PdfName.CONTENTS, contentEstimated * 2 + 2);
sap.preClose(exc);
// ----- HASH and SIGNATURE --------------
InputStream inp = sap.getRangeStream();
byte[] hash = getSHA1(IOUtils.toByteArray(inp));
byte[] signature = WSSignDigest(hash, this.username, this.domain,
this.caType, this.caSubType);
// ------- Signature in the PDF field ---------
byte[] paddedSignature = new byte[contentEstimated];
System.arraycopy(signature, 0, paddedSignature, 0, signature.length);
PdfDictionary dic2 = new PdfDictionary();
dic2.put(PdfName.CONTENTS, new
PdfString(paddedSignature).setHexWriting(true));
sap.close(dic2);
destStream.flush();
********************
This code works enough well and return a valid signed PDF. But sure it's for
4.22 iText...
Your code will be very useful for me :)
Thanks a lot
Roberto
--
View this message in context:
http://itext-general.2136553.n4.nabble.com/Signing-a-PDF-with-itext-using-an-ARX-CoSign-device-tp4656792p4656853.html
Sent from the iText - General mailing list archive at Nabble.com.
------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
