PDF签名itext pkcs7多符号 [英] PDF signature itext pkcs7 multi sign

问题描述

我想对pdf文档进行多重签名，就像在工作流程中一样. 我正在使用以下代码对我编写的pdf进行签名，效果很好.

I would like to do multiple signature on pdf document, like in a workflow. I am using following code to sign pdf which I wrote, which works fine.

获取哈希

public String getHash() {
    LOGGER.debug("PDFSigner.getHash : method invoked");
    String pdfHashValue = null;
    try {
        int contentEstimated = PDFSigner.CONTENT_ESTIMATED;//8192
        HashMap<PdfName, Integer> exc = new HashMap<>();
        exc.put(PdfName.CONTENTS, contentEstimated * 2 + 2);
        PdfSignature pdfSignature = new PdfSignature(PdfName.ADOBE_PPKLITE,
                PdfName.ADBE_PKCS7_DETACHED);
        pdfSignature.setReason(appearance.getReason());
        pdfSignature.setLocation(appearance.getLocation());
        pdfSignature.setContact(appearance.getContact());
        pdfSignature.setDate(new PdfDate(appearance.getSignDate()));
        appearance.setCryptoDictionary(pdfSignature);
        appearance.preClose(exc);
        InputStream data = appearance.getRangeStream();
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        byte buf[] = new byte[contentEstimated];
        int n = 0;
        while ((n = data.read(buf, 0, contentEstimated)) > 0) {
            messageDigest.update(buf, 0, n);
        }
        byte hash[] = messageDigest.digest();
        byte[] reqBytesdata = Hex.encode(hash);
        pdfHashValue = new String(reqBytesdata, "UTF8"); 
    } catch (Exception exp) {
        LOGGER.error("PDFSigner error occured getHash", exp);
    }
    return pdfHashValue;
}

签署文档

//dSignature is the received encoded signature pkcs7 (SHA256).
//starts with MIIOWQYJKoZIhvcNAQcCo.....
    public boolean doSign(String dSignature) throws IOException, DocumentException {

        boolean pdfGenerationStatus = false;
        try {
            byte[] PKCS7Response = Base64.decode(dSignature
                    .getBytes("UTF8"));
            byte[] paddedSig = new byte[PDFSigner.CONTENT_ESTIMATED];
            System.arraycopy(PKCS7Response, 0, paddedSig, 0,
                    PKCS7Response.length);
            PdfDictionary pdfDictionary = new PdfDictionary();
            pdfDictionary.put(PdfName.CONTENTS,
                    new PdfString(paddedSig).setHexWriting(true));  
            appearance.close(pdfDictionary);
            pdfGenerationStatus = true;

        } catch (Exception exp) {
            LOGGER.error("doSign ", exp);
        }
        return pdfGenerationStatus; 

    }

上面的代码工作正常. 我的新要求是添加多个签名.是否有任何方法可以重用此代码段. 我已经通过此，

And the above code works fine. My new requirement is to add multiple signature. Is there any way to reuse this code snippet for the same. I have gone through this, this and this but no luck.

除此以外，我尝试的是创建多个空白空白签名并尝试附加签名.但是，这导致创建损坏的文件.我还尝试使用此链接中提到的方法创建文件. MakeSignature.signExternalContainer 还经历了很棒的文档PDF文档的数字签名

Other than this what I tried is, Created blank multiple blank signature and tried to attach the signature. But It resulted in creating corrupted files. I also tried creating file using method mentioned in this link. MakeSignature.signExternalContainer Also gone through a great document Digital Signatures for PDF documents

用例就像

1. 创建pdf
2. 生成文档哈希
3. 发送到外部服务器
4. 外部服务器将返回pkcs7 base64编码的字符串
5. 将签名附加到pdf

更新

由于@Paulo Soares，@ mlk，代码更改使我的代码支持多符号，因此更改了追加模式"

code change made was for 'append mode', following code change made my code to support multisign, thanks to @Paulo Soares, @mlk

private void initAppearanceAppend(String customerName) throws IOException, DocumentException {
    System.out.println("PDFSigner.initAppearanceAppend");
    PdfReader readerpdf = new PdfReader(this.getInputPdfFilePath());
    int lastPageNumber = readerpdf.getNumberOfPages();
    this.pdfSignatureMetaData.setPageNumber(lastPageNumber);
    this.pdfSignatureMetaData.setSignerName(customerName);
    //this.pdfSignatureMetaData.setPageNumber(PDFSigner.SIGNATURE_PAGE_NUMBER);
    OutputStream fout = new FileOutputStream(this.outputPdfFilePath);
    //PdfStamper stamperpdf = PdfStamper.createSignature(readerpdf, fout, '\0'); OLD CODE WITHOUT APPEND MODE
    PdfStamper stamperpdf = PdfStamper.createSignature(readerpdf, fout, '\0', new File("E://temp"), true);

    this.appearance = stamperpdf.getSignatureAppearance();
    LOGGER.debug("PDFSigner.initAppearanceAppend : default configurations are made");
}

推荐答案

(您使用的是iText 2.1.7，不是吗?那已经很老了，很多问题在5中得到了解决，在7中得到了很多解决. )

(You're using iText 2.1.7, aren't you? That's old and a lot of issues were solved in 5 and a lot more in 7.)

添加更多签名与添加第一个签名相同，只是使用附加模式.除非第一个签名是具有适当权限的经过认证的签名，否则只有最后一个签名将显示为有效，但它们都是有效的，只需提取修订以进行检查.

Adding more signatures is the same as adding the first signature, just use append mode. Unless the first signature is a certified one with the appropriate permissions, only the last one will show as valid but they are all valid, just extract a revision to check.

这篇关于PDF签名itext pkcs7多符号的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！