PDF签名itext pkcs7多符号 [英] PDF signature itext pkcs7 multi sign
问题描述
我想对pdf文档进行多重签名,就像在工作流程中一样. 我正在使用以下代码对我编写的pdf进行签名,效果很好.
I would like to do multiple signature on pdf document, like in a workflow. I am using following code to sign pdf which I wrote, which works fine.
获取哈希
public String getHash() {
LOGGER.debug("PDFSigner.getHash : method invoked");
String pdfHashValue = null;
try {
int contentEstimated = PDFSigner.CONTENT_ESTIMATED;//8192
HashMap<PdfName, Integer> exc = new HashMap<>();
exc.put(PdfName.CONTENTS, contentEstimated * 2 + 2);
PdfSignature pdfSignature = new PdfSignature(PdfName.ADOBE_PPKLITE,
PdfName.ADBE_PKCS7_DETACHED);
pdfSignature.setReason(appearance.getReason());
pdfSignature.setLocation(appearance.getLocation());
pdfSignature.setContact(appearance.getContact());
pdfSignature.setDate(new PdfDate(appearance.getSignDate()));
appearance.setCryptoDictionary(pdfSignature);
appearance.preClose(exc);
InputStream data = appearance.getRangeStream();
MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
byte buf[] = new byte[contentEstimated];
int n = 0;
while ((n = data.read(buf, 0, contentEstimated)) > 0) {
messageDigest.update(buf, 0, n);
}
byte hash[] = messageDigest.digest();
byte[] reqBytesdata = Hex.encode(hash);
pdfHashValue = new String(reqBytesdata, "UTF8");
} catch (Exception exp) {
LOGGER.error("PDFSigner error occured getHash", exp);
}
return pdfHashValue;
}
签署文档
//dSignature is the received encoded signature pkcs7 (SHA256).
//starts with MIIOWQYJKoZIhvcNAQcCo.....
public boolean doSign(String dSignature) throws IOException, DocumentException {
boolean pdfGenerationStatus = false;
try {
byte[] PKCS7Response = Base64.decode(dSignature
.getBytes("UTF8"));
byte[] paddedSig = new byte[PDFSigner.CONTENT_ESTIMATED];
System.arraycopy(PKCS7Response, 0, paddedSig, 0,
PKCS7Response.length);
PdfDictionary pdfDictionary = new PdfDictionary();
pdfDictionary.put(PdfName.CONTENTS,
new PdfString(paddedSig).setHexWriting(true));
appearance.close(pdfDictionary);
pdfGenerationStatus = true;
} catch (Exception exp) {
LOGGER.error("doSign ", exp);
}
return pdfGenerationStatus;
}
上面的代码工作正常. 我的新要求是添加多个签名.是否有任何方法可以重用此代码段. 我已经通过此,这但没有运气.
And the above code works fine. My new requirement is to add multiple signature. Is there any way to reuse this code snippet for the same. I have gone through this, this and this but no luck.
除此以外,我尝试的是创建多个空白空白签名并尝试附加签名.但是,这导致创建损坏的文件.我还尝试使用此链接中提到的方法创建文件. MakeSignature.signExternalContainer
还经历了很棒的文档PDF文档的数字签名
Other than this what I tried is, Created blank multiple blank signature and tried to attach the signature. But It resulted in creating corrupted files. I also tried creating file using method mentioned in this link. MakeSignature.signExternalContainer
Also gone through a great document Digital Signatures for PDF documents
用例就像
- 创建pdf
- 生成文档哈希
- 发送到外部服务器
- 外部服务器将返回pkcs7 base64编码的字符串
- 将签名附加到pdf
更新
由于@Paulo Soares,@ mlk,代码更改使我的代码支持多符号,因此更改了追加模式"
code change made was for 'append mode', following code change made my code to support multisign, thanks to @Paulo Soares, @mlk
private void initAppearanceAppend(String customerName) throws IOException, DocumentException {
System.out.println("PDFSigner.initAppearanceAppend");
PdfReader readerpdf = new PdfReader(this.getInputPdfFilePath());
int lastPageNumber = readerpdf.getNumberOfPages();
this.pdfSignatureMetaData.setPageNumber(lastPageNumber);
this.pdfSignatureMetaData.setSignerName(customerName);
//this.pdfSignatureMetaData.setPageNumber(PDFSigner.SIGNATURE_PAGE_NUMBER);
OutputStream fout = new FileOutputStream(this.outputPdfFilePath);
//PdfStamper stamperpdf = PdfStamper.createSignature(readerpdf, fout, '\0'); OLD CODE WITHOUT APPEND MODE
PdfStamper stamperpdf = PdfStamper.createSignature(readerpdf, fout, '\0', new File("E://temp"), true);
this.appearance = stamperpdf.getSignatureAppearance();
LOGGER.debug("PDFSigner.initAppearanceAppend : default configurations are made");
}
推荐答案
(您使用的是iText 2.1.7,不是吗?那已经很老了,很多问题在5中得到了解决,在7中得到了很多解决. )
(You're using iText 2.1.7, aren't you? That's old and a lot of issues were solved in 5 and a lot more in 7.)
添加更多签名与添加第一个签名相同,只是使用附加模式.除非第一个签名是具有适当权限的经过认证的签名,否则只有最后一个签名将显示为有效,但它们都是有效的,只需提取修订以进行检查.
Adding more signatures is the same as adding the first signature, just use append mode. Unless the first signature is a certified one with the appropriate permissions, only the last one will show as valid but they are all valid, just extract a revision to check.
这篇关于PDF签名itext pkcs7多符号的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!