Mobile versionDas signierte PDF ist https://drive.google.com/file/d/1cyMetO ... sp=sharing
Code: Select all
public class CreateSignature1 {
final DataSigner signer;
private Certificate cert;
private Certificate[] certificateChain;
public CreateSignature1(DataSigner signer) {
this.signer = signer;
}
/**
* Signs the given PDF file.
*
* @param inFile the original PDF file
*/
public void signDocument(File inFile, Certificate cert, Certificate[] certChain) throws
IOException,
CertificateEncodingException,
NoSuchAlgorithmException,
OperatorCreationException,
CMSException {
this.cert = cert;
// we're being given the certificate chain with public key
setCertificateChain(certChain);
String name = inFile.getName();
String substring = name.substring(0, name.lastIndexOf('.'));
File outFile = new File(inFile.getParent(), substring + "_signed_pdfbox.pdf");
signDocument(inFile, outFile);
}
private void setCertificateChain(final Certificate[] certificateChain) {
this.certificateChain = certificateChain;
}
private void signDocument(File inFile, File outFile) throws
IOException,
NoSuchAlgorithmException,
OperatorCreationException,
CertificateEncodingException,
CMSException {
try (
FileOutputStream output = new FileOutputStream(outFile);
PDDocument document = Loader.loadPDF(inFile)
) {
PDSignature signature = new PDSignature();
signature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
//signature.setSubFilter(PDSignature.SUBFILTER_ETSI_CADES_DETACHED);
signature.setSubFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED);
signature.setName("Test Name");
signature.setSignDate(Calendar.getInstance());
SignatureOptions signatureOptions = new SignatureOptions();
signatureOptions.setPage(0);
document.addSignature(signature, signatureOptions);
ExternalSigningSupport externalSigning = document.saveIncrementalForExternalSigning(output);
// retrieve signer certificate and its chain
//X509Certificate cert = (X509Certificate) certificateChain[0];
// build signed attribute table generator and SignerInfo generator builder
ESSCertIDv2 certid = new ESSCertIDv2(
new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256),
MessageDigest.getInstance("SHA-256").digest(cert.getEncoded())
);
SigningCertificateV2 sigcert = new SigningCertificateV2(certid);
Attribute attr = new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new DERSet(sigcert));
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(attr);
AttributeTable atttributeTable = new AttributeTable(v);
CMSAttributeTableGenerator attrGen = new DefaultSignedAttributeTableGenerator(atttributeTable);
org.bouncycastle.asn1.x509.Certificate cert2 = org.bouncycastle.asn1.x509.Certificate.getInstance(ASN1Primitive.fromByteArray(cert.getEncoded()));
JcaSignerInfoGeneratorBuilder sigb = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build());
sigb.setSignedAttributeGenerator(attrGen);
// create ContentSigner that signs by calling the external endpoint
ContentSigner contentSigner = new ContentSigner() {
private MessageDigest digest = MessageDigest.getInstance("SHA-256");
private OutputStream stream = OutputStreamFactory.createStream(digest);
@Override
public byte[] getSignature() {
try {
byte[] hash = digest.digest();
//byte[] signedHash = serverSignature.sign(Base64.getEncoder().encodeToString(hash));
List hashes = Arrays.asList(hash);
List signedHash = signer.sign(hashes);
return signedHash.get(0);
} catch (Exception e) {
throw new RuntimeException("Exception while signing", e);
}
}
@Override
public OutputStream getOutputStream() {
return stream;
}
@Override
public AlgorithmIdentifier getAlgorithmIdentifier() {
return new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.1.1.11"));
}
};
// create the SignedData generator and execute
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addCertificates(new JcaCertStore(Arrays.asList(certificateChain)));
gen.addSignerInfoGenerator(sigb.build(contentSigner, new X509CertificateHolder(cert2)));
CMSTypedData msg = new CMSProcessableInputStream(externalSigning.getContent());
CMSSignedData signedData = gen.generate(msg, false);
byte[] cmsSignature = signedData.getEncoded();
externalSigning.setSignature(cmsSignature);
}
}
}
