我正在将代码从iText5迁移到iText7,目前我正在努力将一个签名附加到已包含其他签名的PDF。 这些签名是使用我们的国民身份证(Citizen Card)制作的。
在iText5中,我使用了PdfStamper,但iText7中缺少它......
这是我到目前为止所做的:
package cartaocidadao;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import javax.swing.JOptionPane;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.poreid.config.POReIDConfig;
import org.poreid.crypto.POReIDProvider;
import com.itextpdf.signatures.OcspClientBouncyCastle;
import com.itextpdf.signatures.TSAClientBouncyCastle;
import java.io.IOException;
import java.util.Collection;
import com.itextpdf.kernel.geom.Rectangle;
import com.itextpdf.kernel.pdf.PdfReader;
import com.itextpdf.signatures.BouncyCastleDigest;
import com.itextpdf.signatures.ICrlClient;
import com.itextpdf.signatures.DigestAlgorithms;
import com.itextpdf.signatures.IExternalDigest;
import com.itextpdf.signatures.IExternalSignature;
import com.itextpdf.signatures.IOcspClient;
import com.itextpdf.signatures.PdfSignatureAppearance;
import com.itextpdf.signatures.PdfSigner;
import com.itextpdf.signatures.PrivateKeySignature;
import com.itextpdf.signatures.ITSAClient;
import com.itextpdf.signatures.OCSPVerifier;
import java.security.GeneralSecurityException;
import static javax.swing.JOptionPane.ERROR_MESSAGE;
/**
*
* @author i.lourenco
*/
public class Signature {
/**
* Signs the PDF with the Citizen Card Certificate
* @param src Source file
* @param dest Destination file
* @return TRUE if the PDF was signed successfully
*/
protected static boolean signPDF(String src, String dest) {
try {
Security.addProvider(new POReIDProvider());
BouncyCastleProvider provider = new BouncyCastleProvider();
Security.addProvider(provider);
KeyStore ks = KeyStore.getInstance(POReIDConfig.POREID);
ks.load(null);
PrivateKey pk = (PrivateKey) ks.getKey(POReIDConfig.ASSINATURA, null);
Certificate[] chain = ks.getCertificateChain(POReIDConfig.ASSINATURA);
OCSPVerifier ocspVerifier = new OCSPVerifier(null, null);
IOcspClient ocspClient = new OcspClientBouncyCastle(ocspVerifier);
ITSAClient tsaClient = new TSAClientBouncyCastle("http://ts.cartaodecidadao.pt/tsa/server", "", "");
sign(src, dest, chain, pk, DigestAlgorithms.SHA256, POReIDConfig.POREID, PdfSigner.CryptoStandard.CMS, "", "", null, ocspClient, tsaClient, 0);
} catch (Exception e) {
JOptionPane.showMessageDialog(null, e.getMessage(), "Erro", ERROR_MESSAGE);
}
return true;
}
/**
* Applies the certificate, timestamp and revocation list to a PDF
* @param src Original PDF document
* @param dest Signed PDF document
* @param chain List of certificates
* @param pk Private key
* @param digestAlgorithm Encryption algorithm
* @param provider Citizen Card provider
* @param subfilter CMS
* @param reason Reason for signature
* @param location Location
* @param crlList Revocation list
* @param ocspClient Online Certification Status
* @param tsaClient Timestamp server
* @param estimatedSize
* @throws IOException
* @throws GeneralSecurityException
*/
private static void sign(String src, String dest, Certificate[] chain, PrivateKey pk, String digestAlgorithm,
String provider, PdfSigner.CryptoStandard subfilter, String reason, String location, Collection<ICrlClient> crlList,
IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize) throws IOException, GeneralSecurityException {
PdfReader reader = new PdfReader(src);
PdfSigner signer = new PdfSigner(reader, new FileOutputStream(dest), false);
PdfSignatureAppearance appearance = signer.getSignatureAppearance()
.setReason(reason)
.setLocation(location)
.setReuseAppearance(false);
Rectangle rect = new Rectangle(36, 648, 200, 100);
appearance.setPageRect(rect).setPageNumber(1);
signer.getNewSigFieldName();
IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm, provider);
IExternalDigest digest = new BouncyCastleDigest();
signer.signDetached(digest, pks, chain, crlList, ocspClient, tsaClient, estimatedSize, subfilter);
}
}
POReID(https://github.com/poreid/poreid)是用于与智能卡交互的库。
第一次签署文档时,它可以正常工作。再次签署文档时,它会使第一个签名无效,只有最后一个签名有效。
PDF:
答案 0 :(得分:3)
您的签名代码未在附加模式下打开PDF,因此会在第二次签名时更改内容,从而破坏第一个签名。
要登录追加模式,只需更改以下行
即可PdfSigner signer = new PdfSigner(reader, new FileOutputStream(dest), false);
到
PdfSigner signer = new PdfSigner(reader, new FileOutputStream(dest), true);
构造函数中的第三个参数确定签名者是否以追加模式使用。