List of usage examples for com.itextpdf.text.pdf.security CertificateUtil getTSAURL
public static String getTSAURL(X509Certificate certificate)
From source file:SigningProcess.java
public static String sign(String base64, HashMap map) { String base64string = null;//ww w. j a v a 2 s .co m try { System.out.println("map :" + map); // Getting a set of the entries Set set = map.entrySet(); System.out.println("set :" + set); // Get an iterator Iterator it = set.iterator(); // Display elements while (it.hasNext()) { Entry me = (Entry) it.next(); String key = (String) me.getKey(); if ("privateKey".equalsIgnoreCase(key)) { privateKey = (PrivateKey) me.getValue(); } if ("certificateChain".equalsIgnoreCase(key)) { certificateChain = (X509Certificate[]) me.getValue(); } } OcspClient ocspClient = new OcspClientBouncyCastle(); TSAClient tsaClient = null; for (int i = 0; i < certificateChain.length; i++) { X509Certificate cert = (X509Certificate) certificateChain[i]; String tsaUrl = CertificateUtil.getTSAURL(cert); if (tsaUrl != null) { tsaClient = new TSAClientBouncyCastle(tsaUrl); break; } } List<CrlClient> crlList = new ArrayList<CrlClient>(); crlList.add(new CrlClientOnline(certificateChain)); String property = System.getProperty("java.io.tmpdir"); BASE64Decoder decoder = new BASE64Decoder(); byte[] FileByte = decoder.decodeBuffer(base64); writeByteArraysToFile(property + "_unsigned.pdf", FileByte); // Creating the reader and the stamper PdfReader reader = new PdfReader(property + "_unsigned.pdf"); FileOutputStream os = new FileOutputStream(property + "_signed.pdf"); PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0'); // Creating the appearance PdfSignatureAppearance appearance = stamper.getSignatureAppearance(); // appearance.setReason(reason); // appearance.setLocation(location); appearance.setAcro6Layers(false); appearance.setVisibleSignature(new Rectangle(36, 748, 144, 780), 1, "sig1"); // Creating the signature ExternalSignature pks = new PrivateKeySignature((PrivateKey) privateKey, DigestAlgorithms.SHA256, providerMSCAPI.getName()); ExternalDigest digest = new BouncyCastleDigest(); MakeSignature.signDetached(appearance, digest, pks, certificateChain, crlList, ocspClient, tsaClient, 0, MakeSignature.CryptoStandard.CMS); InputStream docStream = new FileInputStream(property + "_signed.pdf"); byte[] encodeBase64 = Base64.encodeBase64(IOUtils.toByteArray(docStream)); base64string = new String(encodeBase64); } catch (IOException ex) { System.out.println("Exception :" + ex.getLocalizedMessage()); } catch (DocumentException ex) { System.out.println("Exception :" + ex.getLocalizedMessage()); } catch (GeneralSecurityException ex) { System.out.println("Exception :" + ex.getLocalizedMessage()); } return base64string; }
From source file:org.opencps.pki.PdfSigner.java
License:Open Source License
/** * Compute digest hash/*from www . j av a 2 s . co m*/ */ protected byte[] computeDigest(float llx, float lly, float urx, float ury) throws SignatureException { byte digestHash[] = null; int contentEstimated = 8192; try { PdfReader reader = new PdfReader(getOriginFilePath()); FileOutputStream os = new FileOutputStream(getTempFilePath()); PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0'); PdfSignatureAppearance appearance = stamper.getSignatureAppearance(); signatureFieldName = appearance.getNewSigName(); TSAClient tsaClient = null; appearance.setCertificate(getCertificate()); String tsaUrl = CertificateUtil.getTSAURL(getCertificate()); if (tsaUrl != null) { tsaClient = new TSAClientBouncyCastle(tsaUrl); } if (tsaClient != null) { LtvTimestamp.timestamp(appearance, tsaClient, signatureFieldName); contentEstimated += 4096; } appearance.setSignDate(signDate); CertificateInfo certInfo = new CertificateInfo(getCertificate()); appearance.setLocation(certInfo.getOrganizationUnit()); appearance.setReason("Document is signed by " + certInfo.getCommonName()); appearance.setContact(certInfo.getCommonName()); if (!isVisible) { appearance.setVisibleSignature(new Rectangle(0, 0, 0, 0), 1, signatureFieldName); } else { if (signatureImage != null) { appearance.setSignatureGraphic(signatureImage.getImage()); appearance.setRenderingMode(PdfSignatureAppearance.RenderingMode.GRAPHIC); } else { appearance.setLayer2Text(certInfo.getCommonName()); } appearance.setVisibleSignature(new Rectangle(llx, lly, urx, ury), 1, signatureFieldName); } ExternalSignatureContainer external = new ExternalBlankSignatureContainer(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_DETACHED); MakeSignature.signExternalContainer(appearance, external, contentEstimated); digestHash = DigestAlgorithms.digest(appearance.getRangeStream(), digest.getMessageDigest(getHashAlgorithm().toString())); reader.close(); os.close(); } catch (Exception e) { throw new SignatureException(e.getMessage(), e); } return digestHash; }
From source file:org.opencps.pki.Pkcs7GenerateSignatureContainer.java
License:Open Source License
/** * Produces the container with the signature. * @param data the data to sign/*from w w w.jav a 2s .co m*/ * @return a container with the signature and other objects, like CRL and OCSP. The container will generally be a PKCS7 one. * @throws GeneralSecurityException */ @Override public byte[] sign(InputStream is) throws GeneralSecurityException { X509Certificate cert = signer.getCertificate(); RSAPublicKey rsaKey = (RSAPublicKey) cert.getPublicKey(); Integer keyLength = rsaKey.getModulus().bitLength() / 8; if (keyLength != signature.length) { throw new SignatureException("Signature length not correct"); } ExternalDigest digest = signer.getExternalDigest(); byte[] digestHash = null; try { digestHash = DigestAlgorithms.digest(is, digest.getMessageDigest(signer.getHashAlgorithm().toString())); } catch (IOException e) { throw new SignatureException(e.getMessage(), e); } PdfPKCS7 sgn = new PdfPKCS7(null, new Certificate[] { cert }, signer.getHashAlgorithm().toString(), null, digest, false); byte[] sh = sgn.getAuthenticatedAttributeBytes(digestHash, null, null, CryptoStandard.CMS); Signature sig = Signature .getInstance(signer.getHashAlgorithm().toString() + "with" + cert.getPublicKey().getAlgorithm()); sig.initVerify(cert.getPublicKey()); sig.update(sh); if (!sig.verify(signature)) { throw new SignatureException("Signature is not correct"); } TSAClient tsaClient = null; String tsaUrl = CertificateUtil.getTSAURL(cert); if (tsaUrl != null) { tsaClient = new TSAClientBouncyCastle(tsaUrl); } sgn.setExternalDigest(signature, null, cert.getPublicKey().getAlgorithm()); return sgn.getEncodedPKCS7(digestHash, tsaClient, null, null, CryptoStandard.CMS); }