Thanks roboboot,
you made my day!
After all these years working on the DSS TC
(https://www.oasis-open.org/committees/dss-x/) you showed me he first
DSS implementation code 'in the wild'! So really someone read the specs ;-)
Does ARX also implement the 'Visible signature profile'? This would do
all the PDF specific stuff for you ... usually build upon iText!
@all:
Would there be interest in an adapter for iText to access a DSS server
doing the signature creation stuff remotely?
I would be proud to contribute!
Greetings,
Andreas
> I use this code in iext 4.22 (but I guess you are using 5.3.x). Because I
> have to make the porting of this code to the 5.3.x and I have the same
> CoSign appliance, I think my code could be useful to you and me.
>
> Some details: I invoke a WS exposed by the CoSign Appliance and I sent only
> the digest of the PDF (not the entire PDF).
>
> Following the code to make the CMS signature:
>
> ********************
> DSS service = new DSSLocator();
> DSSSoap ARService = service.getDSSSoap( new
> java.net.URL(HTTPS_CSN00XXX_8080_SAPIWS_DSS_ASMX) );
>
> SignRequest request = new SignRequest();
>
> RequestBaseTypeInputDocuments inputDocs = new
> RequestBaseTypeInputDocuments();
> RequestBaseTypeOptionalInputs optionalParams = new
> RequestBaseTypeOptionalInputs();
>
> // The certificate for the signature
> RequestBaseTypeOptionalInputsKeySelector keySelector = new
> RequestBaseTypeOptionalInputsKeySelector() ;
> KeyInfoType keyInfo = new KeyInfoType() ;
> X509DataType x509Data = new X509DataType() ;
> x509Data.setX509Certificate(chooseUserCertificate(User, Domain, Pass,
> SignPass)) ; ==> chooseUserCertificate is a mine code to get the signing
> user certificate
> KeyInfo.setX509Data(x509Data) ;
> keySelector.setKeyInfo(keyInfo) ;
> optionalParams.setKeySelector(keySelector) ;
>
> // Set the signature type
> optionalParams.setSignatureType( new URI( URN_IETF_RFC_3369 ) ); ===> should
> be a CMS signature...
>
> // Set the username of the signer for the WS invokation
> RequestBaseTypeOptionalInputsClaimedIdentity cosignUser = new
> RequestBaseTypeOptionalInputsClaimedIdentity();
> NameIdentifierType userName = new NameIdentifierType( User );
> userName.setNameQualifier( Domain );
> cosignUser.setName( userName );
> cosignUser.setSupportingInfo( new CoSignAuthDataType( Pass, null,SignPass )
> );
> optionalParams.setClaimedIdentity( cosignUser );
>
> // Set the SHA1
> optionalParams.setFlags( new UnsignedInt( FLAG_SHA1 ) );
>
> ===> SHA is the PDF sha1 generated through the code
> DocumentType myDoc = new DocumentType();
> DocumentTypeBase64Data docBytes = new DocumentTypeBase64Data( sha );
> docBytes.setMimeType( APPLICATION_OCTET_STRING );
> myDoc.setBase64Data( docBytes );
> inputDocs.setDocument( myDoc );
>
> // Set the request and does the call to the appliance WSs
> request.setOptionalInputs( optionalParams );
> request.setInputDocuments( inputDocs );
>
> result = ARService.dssSign( request );
>
> // Check the result
> ResponseBaseTypeResult rc = result.getResult();
>
> String errmsg = "" + rc.getResultMajor();
> if (errmsg.compareTo( URN_OASIS_NAMES_TC_DSS_1_0_RESULTMAJOR_SUCCESS ) != 0)
> {
> throw new Exception( rc.getResultMessage().get_value() );
> }
>
> // Return the PDF signature
> ResponseBaseTypeOptionalOutputs doc = result.getOptionalOutputs();
> ResponseBaseTypeOptionalOutputsDocumentWithSignature SignedDoc = doc
> .getDocumentWithSignature(); ==> this is the CMS of the
> SHA1 returned from the CoSign appliance
> return SignedDoc.getDocument().getBase64Data().get_value();
>
> ********************
>
> Following the code to make the signed PDF:
>
> ********************
> PdfReader reader = getPdfReader(srcStream);
> PdfStamper stamper = PdfStamper.createSignature(reader, destStream, '\0');
> PdfSignatureAppearance sap = stamper.getSignatureAppearance();
> sap.setCrypto(null, chainFull, null, PdfSignatureAppearance.SELF_SIGNED);
> setSigAppearance(certified, graphic, useLayer, sap); ==> my code to set the
> Appearance...not so important for the signature
> setPdfEncryption(stamper);
>
> PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE,
> PdfName.ADBE_PKCS7_DETACHED);
>
> dic.setName(CertificateInfo.getSubjectFields((X509Certificate)chainFull[0]).getField("CN"));
>
> if (sap.getSignDate()!= null) dic.setDate(new PdfDate(sap.getSignDate()));
> if (sap.getReason()!= null) dic.setReason(sap.getReason());
> if (sap.getLocation() != null) dic.setLocation(sap.getLocation());
> if (sap.getContact() != null) dic.setContact(sap.getContact());
> sap.setCryptoDictionary(dic);
>
> // set the space to allocate the signature ==> this is the key code :)
> int contentEstimated = 15000;
> HashMap<PdfName, Integer> exc = new HashMap<PdfName, Integer>();
> exc.put(PdfName.CONTENTS, contentEstimated * 2 + 2);
> sap.preClose(exc);
>
> // ----- HASH and SIGNATURE --------------
> InputStream inp = sap.getRangeStream();
> byte[] hash = getSHA1(IOUtils.toByteArray(inp));
> byte[] signature = WSSignDigest(hash, this.username, this.domain,
> this.caType, this.caSubType);
>
> // ------- Signature in the PDF field ---------
>
> byte[] paddedSignature = new byte[contentEstimated];
> System.arraycopy(signature, 0, paddedSignature, 0, signature.length);
>
> PdfDictionary dic2 = new PdfDictionary();
> dic2.put(PdfName.CONTENTS, new
> PdfString(paddedSignature).setHexWriting(true));
>
> sap.close(dic2);
>
> destStream.flush();
> ********************
>
> This code works enough well and return a valid signed PDF. But sure it's for
> 4.22 iText...
>
> Your code will be very useful for me :)
>
> Thanks a lot
>
> Roberto
>
>
>
> --
> View this message in context:
> http://itext-general.2136553.n4.nabble.com/Signing-a-PDF-with-itext-using-an-ARX-CoSign-device-tp4656792p4656853.html
> Sent from the iText - General mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> LogMeIn Central: Instant, anywhere, Remote PC access and management.
> Stay in control, update software, and manage PCs from one command center
> Diagnose problems and improve visibility into emerging IT issues
> Automate, monitor and manage. Do more in less time with Central
> http://p.sf.net/sfu/logmein12331_d2d
> _______________________________________________
> iText-questions mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a
> reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples:
> http://itextpdf.com/themes/keywords.php
>
--
Andreas Kühne
phone: +49 177 293 24 97
mailto: [email protected]
Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna
Amtsgericht Hamm HRB 5868
Directors Andreas Kühne, Heiko Veit
Company UK Company No: 5218868 Registered in England and Wales
------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
