Das externe Zeichen von PDFBox 3.0.5 verursacht „Signatur ist ungültig“Java

Java-Forum
Post Reply Previous topicNext topic
Anonymous
 Das externe Zeichen von PDFBox 3.0.5 verursacht „Signatur ist ungültig“

Post by Anonymous »

Ich habe versucht, viele Lösungen im Internet zu finden, aber es hat nicht funktioniert. Ich muss ein PDF signieren, indem ich den Hash aus dem PDF extrahiere und ihn an einen anderen Serverdienst sende, um den Hash zu signieren und ihn wieder in die PDF-Signatur einzufügen. Bitte helfen Sie mir! Das Folgende ist mein Code, wobei der DataSigner eine Drittanbieter-Dienst-API ist, um den Server aufzurufen, um den Hash zu signieren:
Das signierte PDF ist https://drive.google.com/file/d/1cyMetO ... sp=sharing

Code: Select all

    public class CreateSignature1 {

final DataSigner signer;
private Certificate cert;
private Certificate[] certificateChain;

public CreateSignature1(DataSigner signer) {
this.signer = signer;
}

/**
* Signs the given PDF file.
*
* @param inFile the original PDF file
*/
public void signDocument(File inFile, Certificate cert, Certificate[] certChain) throws
IOException,
CertificateEncodingException,
NoSuchAlgorithmException,
OperatorCreationException,
CMSException {

this.cert = cert;

// we're being given the certificate chain with public key
setCertificateChain(certChain);

String name = inFile.getName();
String substring = name.substring(0, name.lastIndexOf('.'));

File outFile = new File(inFile.getParent(), substring + "_signed_pdfbox.pdf");
signDocument(inFile, outFile);
}

private void setCertificateChain(final Certificate[] certificateChain) {
this.certificateChain = certificateChain;
}

private void signDocument(File inFile, File outFile) throws
IOException,
NoSuchAlgorithmException,
OperatorCreationException,
CertificateEncodingException,
CMSException {
try (
FileOutputStream output = new FileOutputStream(outFile);
PDDocument document = Loader.loadPDF(inFile)
) {
PDSignature signature = new PDSignature();

signature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
//signature.setSubFilter(PDSignature.SUBFILTER_ETSI_CADES_DETACHED);
signature.setSubFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED);
signature.setName("Test Name");
signature.setSignDate(Calendar.getInstance());

SignatureOptions signatureOptions = new SignatureOptions();
signatureOptions.setPage(0);

document.addSignature(signature, signatureOptions);
ExternalSigningSupport externalSigning = document.saveIncrementalForExternalSigning(output);

// retrieve signer certificate and its chain
//X509Certificate cert = (X509Certificate) certificateChain[0];

// build signed attribute table generator and SignerInfo generator builder
ESSCertIDv2 certid = new ESSCertIDv2(
new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256),
MessageDigest.getInstance("SHA-256").digest(cert.getEncoded())
);
SigningCertificateV2 sigcert = new SigningCertificateV2(certid);
Attribute attr = new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2,  new DERSet(sigcert));

ASN1EncodableVector v = new ASN1EncodableVector();
v.add(attr);
AttributeTable atttributeTable = new AttributeTable(v);
CMSAttributeTableGenerator attrGen = new DefaultSignedAttributeTableGenerator(atttributeTable);

org.bouncycastle.asn1.x509.Certificate cert2 = org.bouncycastle.asn1.x509.Certificate.getInstance(ASN1Primitive.fromByteArray(cert.getEncoded()));
JcaSignerInfoGeneratorBuilder sigb = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build());
sigb.setSignedAttributeGenerator(attrGen);

// create ContentSigner that signs by calling the external endpoint
ContentSigner contentSigner = new ContentSigner() {
private MessageDigest digest = MessageDigest.getInstance("SHA-256");
private OutputStream stream = OutputStreamFactory.createStream(digest);

@Override
public byte[] getSignature() {
try {
byte[] hash = digest.digest();
//byte[] signedHash = serverSignature.sign(Base64.getEncoder().encodeToString(hash));

List hashes = Arrays.asList(hash);

List signedHash = signer.sign(hashes);

return signedHash.get(0);
} catch (Exception e) {
throw new RuntimeException("Exception while signing", e);
}
}

@Override
public OutputStream getOutputStream() {
return stream;
}

@Override
public AlgorithmIdentifier getAlgorithmIdentifier() {
return new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.1.1.11"));
}
};

// create the SignedData generator and execute
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addCertificates(new JcaCertStore(Arrays.asList(certificateChain)));
gen.addSignerInfoGenerator(sigb.build(contentSigner, new X509CertificateHolder(cert2)));

CMSTypedData msg = new CMSProcessableInputStream(externalSigning.getContent());
CMSSignedData signedData = gen.generate(msg, false);

byte[] cmsSignature = signedData.getEncoded();
externalSigning.setSignature(cmsSignature);
}
}
}
Image
Top
Post Reply Previous topicNext topic

Quick Reply

Change Text Case: 
   
  • Similar Topics
    Replies
    Views
    Last post

Return to “Java”