gpt4 book ai didi

pdf - Itext pdf 延迟签名导致 pdf 签名无效

转载 作者:行者123 更新时间:2023-12-02 03:43:48 34 4
gpt4 key购买 nike

作为我对客户端/服务器 pdf 签名研究的一部分,我测试了 itext pdf 延迟签名示例。不幸的是,我生成的 pdf 即合并空签名 pdf 和哈希值的输出显示无效签名。

我的代码片段如下

 class MyExternalSignatureContainer implements ExternalSignatureContainer {
protected byte[] sig;
protected Certificate[] chain;
public MyExternalSignatureContainer(byte[] sig,Certificate[] chain) {
this.sig = sig;
this.chain=chain;
}
public byte[] sign(InputStream is)throws GeneralSecurityException {

return sig;
}


public byte[] emptySignature_hash(String src, String dest, String fieldname, Certificate[] chain) throws IOException, DocumentException, GeneralSecurityException {
PdfReader reader = new PdfReader(src);
FileOutputStream os = new FileOutputStream(dest);
PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0');
PdfSignatureAppearance appearance = stamper.getSignatureAppearance();
appearance.setVisibleSignature(new Rectangle(36, 748, 144, 780), 1, fieldname);
appearance.setCertificate(chain[0]);
ExternalSignatureContainer external = new ExternalBlankSignatureContainer(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_DETACHED);
MakeSignature.signExternalContainer(appearance, external, 8192);
InputStream inp = appearance.getRangeStream();
BouncyCastleDigest digest = new BouncyCastleDigest();
PdfPKCS7 sgn = new PdfPKCS7(null, chain, "SHA256", null, digest, false);
byte[] hash = DigestAlgorithms.digest(inp, digest.getMessageDigest("SHA256"));
Calendar cal = Calendar.getInstance();
cal1=cal;
System.out.println(cal);
byte[] sh = sgn.getAuthenticatedAttributeBytes(hash, cal, null, null, CryptoStandard.CMS);

return(sh);
}

public byte[] signed_hash(byte[] hash, PrivateKey pk, Certificate[] chain)throws GeneralSecurityException{
PrivateKeySignature signature = new PrivateKeySignature(pk, "SHA256", "SunPKCS11-eToken");
byte[] extSignature = signature.sign(hash);
//return extSignature;
BouncyCastleDigest digest = new BouncyCastleDigest();
Calendar cal = Calendar.getInstance();
String hashAlgorithm = signature.getHashAlgorithm();
System.out.println(hashAlgorithm);
PdfPKCS7 sgn = new PdfPKCS7(null, chain, "SHA256", null, digest, false);
sgn.setExternalDigest(extSignature, null, signature.getEncryptionAlgorithm());
return sgn.getEncodedPKCS7(hash, cal1, null, null, null, CryptoStandard.CMS);

}

public void createSignature(String src, String dest, String fieldname,byte[] hash, PrivateKey pk, Certificate[] chain) throws IOException, DocumentException, GeneralSecurityException {

PdfReader reader = new PdfReader(src);
FileOutputStream os = new FileOutputStream(dest);
ExternalSignatureContainer external = new MyExternalSignatureContainer(hash,chain);
MakeSignature.signDeferred(reader, fieldname, os, external);
}

public static void main(String[] args) throws IOException, GeneralSecurityException, DocumentException {

byte[] hh = app.emptySignature_hash(SRC, TEMP, "sig1", chain);
byte[] hh_sign = (app.signed_hash(hh, pk, chain));
app.createSignature(TEMP, DEST1, "sig1",hh_sign, pk, chain);

}

出了点问题。我不明白。搜索了很多相同的教程。

我使用 pkcss11 USB token 进行签名

最佳答案

您的架构是错误的,因为您在运行 MakeSignature.signExternalContainer 后使用 PdfSignatureAppearance 外观MakeSignature 中的 signExternalContainersignDetached 重载都会关闭底层 PdfStamperPdfSignatureAppearance、和 PdfReader 实例。

因此,当您在方法中执行以下操作时 emptySignature_hash

    MakeSignature.signExternalContainer(appearance, external, 8192);
InputStream inp = appearance.getRangeStream();

您的inp可能不一定包含任何有意义的内容。

相反,您应该访问字节范围来登录您的外部对象,它会将其作为其sign方法的参数进行检索。简单地将哈希计算重构为该方法,并将计算出的哈希存储在该容器的成员中,以便在 emptySignature_hash 中检索它。

由于您尚未分享签名代码的示例结果,我无法尝试确定您的签名中是否还存在其他问题。

关于pdf - Itext pdf 延迟签名导致 pdf 签名无效,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47505696/

34 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com