Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » iText »

[iText-questions] Problems with multiple signatures

Lars Nagel (Trium)

2007-09-03


Hi all,

When signing a PDF document twice, Acrobat 7.0 does not accept the first
signature, because of changes by the second signature.

My code looks as follows. The PDF document at pathDocument is signed
twice, the resulting document at pathResult2 is then opened in Acrobat
7.0. Acrobat 7.0 has the root certificate and tries to verify using the
root certificate and the certificate delivered with the PDF document. It
works fine for the second signature, but not for the first one (Acrobat:
"Certification INVALID" and "The document has been altered or corrupted
since the Certification was applied").

Have you any idea? Is
PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED too strict maybe?

Thanks in advance,
Lars


KeyStore ks1 = loadKeyStore(pathKeyStore1);
PrivateKey key1 = (PrivateKey)ks.getKey(alias1, password1.toCharArray());
Certificate[] chain1 = ks.getCertificateChain(alias1);
PdfReader reader1 = new PdfReader(pathDocument);
FileOutputStream fout1 = new FileOutputStream(pathResult1);
PdfStamper stp1 = PdfStamper.createSignature(reader1, fout1, '\0', null,
true);
PdfSignatureAppearance sap1 = stp1.getSignatureAppearance();
sap1.setCrypto(key1, chain1, null, PdfSignatureAppearance.WINCER_SIGNED);
sap1.setReason("reason1");
sap1.setLocation("location1");
sap1.setCertificationLevel(PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED);
stp1.close();

KeyStore ks2 = loadKeyStore(pathKeyStore2);
PrivateKey key2 = (PrivateKey)ks.getKey(alias2, password2.toCharArray());
Certificate[] chain2 = ks.getCertificateChain(alias2);
PdfReader reader2 = new PdfReader(pathResult1);
FileOutputStream fout2 = new FileOutputStream(pathResult2);
PdfStamper stp2 = PdfStamper.createSignature(reader2, fout2, '\0', null,
true);
PdfSignatureAppearance sap2 = stp2.getSignatureAppearance();
sap2.setCrypto(key2, chain2, null, PdfSignatureAppearance.WINCER_SIGNED);
sap2.setReason("reason2");
sap2.setLocation("location2");
sap2.setCertificationLevel(PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED);
stp2.close();



--
Lars Nagel

Trium Analysis Online GmbH
Hohenlindenerstr. 1
81677 M√ľnchen

Fon : +49 89 2060269 21
Fax : +49 89 2060269 11
Internet: www.trium.de

Amtsgericht Muenchen, HRB 134012
Managing Directors:
Dr. Martin Daumer, Michael Scholz


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
iText-questions mailing list
iText-questions@(protected)
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://itext.ugent.be/itext-in-action/
©2008 junlu.com - Jax Systems, LLC, U.S.A.