Hi all,

I'm trying to use the samples in the tutorial for using external
signature in Self Sign Mode. It compiles ok, but when I verify it, it
always says it has been modified.

The code I'm using is:

 public static void signPDF()
 {
    try
    {
      KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
      ks.load(new FileInputStream("c:\\Downloads\\keystore.ks"),
"password".toCharArray());
      String alias = (String)ks.aliases().nextElement();
      PrivateKey key = (PrivateKey)ks.getKey(alias,
"password".toCharArray());
      Certificate[] chain = ks.getCertificateChain(alias);
      PdfReader reader = new PdfReader("c:\\original.pdf");
      FileOutputStream fout = new FileOutputStream("c:\\signed.pdf");

      PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');
      PdfSignatureAppearance sap = stp.getSignatureAppearance();
      sap.setCrypto(key, chain, null,
PdfSignatureAppearance.SELF_SIGNED);
      sap.setReason("Testing");
      sap.setLocation("Sao Paulo");
      sap.setExternalDigest(new byte[128], null, "RSA");
      sap.preClose();
                    PdfPKCS7 sig =
sap.getSigStandard().getSigner();
      Signature sign = Signature.getInstance("SHA1withRSA");
      sign.initSign(key);
      MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
      byte buf[] = new byte[8192];
      int n;
      InputStream inp = sap.getRangeStream();
      while ((n = inp.read(buf)) > 0) {
         messageDigest.update(buf, 0, n);
      }
      byte[] signature = sign.sign();
      String base64 = Conversion.byteArrayToBase64String(signature);
      sig.setExternalDigest(signature, null, "RSA");
      PdfDictionary dic = new PdfDictionary();
      dic.put(PdfName.CONTENTS, new
PdfString(sig.getEncodedPKCS1()).setHexWriting(true));

      //   comment next line to have an invisible signature
      sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1,
null);
      PdfTemplate n1 = sap.getLayer(1); //get rid of the question mark
      PdfTemplate n2 = sap.getLayer(2);
            n2.beginText();
      BaseFont bf = BaseFont.createFont(BaseFont.HELVETICA,
BaseFont.CP1252, BaseFont.NOT_EMBEDDED);
      n2.setFontAndSize(bf, 7);
      n2.setLeading(2);
      n2.showText("Signature:");
      n2.setLeading(2);
      n2.newlineShowText(base64);
      n2.endText();

      sap.close(dic);
                          }
    catch (Exception e)
    {
      e.printStackTrace();
    }
 }

 public static void checkPDF()
 {
    try
    {             CertificateFactory cf =
CertificateFactory.getInstance("X509");
      Collection col = cf.generateCertificates(new
FileInputStream("C:\\Downloads\\export.cer"));
      KeyStore kall = KeyStore.getInstance(KeyStore.getDefaultType());
      kall.load(null, null);
      for (Iterator it = col.iterator(); it.hasNext();) {
         X509Certificate cert = (X509Certificate)it.next();
         
kall.setCertificateEntry(cert.getSerialNumber().toString(Character.MAX_RADIX),
cert);
      }
             PdfReader reader = new PdfReader("c:\\signed.pdf");
      AcroFields af = reader.getAcroFields();
      ArrayList names = af.getSignatureNames();
      for (int k = 0; k < names.size(); ++k) {
        String name = (String)names.get(k);
        System.out.println("Signature name: " + name);
        System.out.println("Signature covers whole document: " +
af.signatureCoversWholeDocument(name));
        System.out.println("Document revision: " +
af.getRevision(name) + " of " + af.getTotalRevisions());
        // Start revision extraction
        FileOutputStream out = new
FileOutputStream("c:\\revision_" + af.getRevision(name) + ".pdf");
        byte bb[] = new byte[8192];
        InputStream ip = af.extractRevision(name);
        int n = 0;
        while ((n = ip.read(bb)) > 0)
          out.write(bb, 0, n);
        out.close();
        ip.close();
        // End revision extraction
        PdfPKCS7 pk = af.verifySignature(name);
        Calendar cal = pk.getSignDate();
        Certificate pkc[] = pk.getCertificates();
        System.out.println("Subject: " +
PdfPKCS7.getSubjectFields(pk.getSigningCertificate()));
        System.out.println("Document modified: " + !pk.verify());
        Object fails[] = PdfPKCS7.verifyCertificates(pkc, kall,
null, cal);
        if (fails == null)
           System.out.println("Certificates verified against the
KeyStore");
        else
           System.out.println("Certificate failed: " + fails[1]);
      }
    }
    catch (Exception e)
    {
      e.printStackTrace();
    }
 }

I thought it could be the fact that I'm trying to insert some text in
the Layer2 of the signature, so I commented it, but the result was the
same.

Does anybody have a clue on why it always detects a modification that
does not exist?

Any help would be greatly appreciated.

Thanks in advance,

Luiz Kobayashi


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
iText-questions mailing list
iText-questions@(protected)
https://lists.sourceforge.net/lists/listinfo/itext-questions