Search in sources :

Example 1 with ExternalDigest

use of com.itextpdf.text.pdf.security.ExternalDigest in project commons by mosip.

the class PDFGeneratorImpl method signAndEncryptPDF.

@Override
public OutputStream signAndEncryptPDF(byte[] pdf, io.mosip.kernel.core.pdfgenerator.model.Rectangle rectangle, String reason, int pageNumber, Provider provider, CertificateEntry<X509Certificate, PrivateKey> certificateEntry, String password) throws IOException, GeneralSecurityException {
    OutputStream outputStream = new ByteArrayOutputStream();
    PdfReader pdfReader = null;
    PdfStamper pdfStamper = null;
    try {
        pdfReader = new PdfReader(pdf);
        pdfStamper = PdfStamper.createSignature(pdfReader, outputStream, '\0');
        LOGGER.debug("certificate entry {}", certificateEntry);
        LOGGER.info("provider {}", provider);
        if (password != null && !password.trim().isEmpty()) {
            pdfStamper.setEncryption(password.getBytes(), pdfOwnerPassword.getBytes(), com.itextpdf.text.pdf.PdfWriter.ALLOW_PRINTING, com.itextpdf.text.pdf.PdfWriter.ENCRYPTION_AES_256);
        }
        PdfSignatureAppearance signAppearance = pdfStamper.getSignatureAppearance();
        signAppearance.setReason(reason);
        // comment next line to have an invisible signature
        signAppearance.setVisibleSignature(new Rectangle(rectangle.getLlx(), rectangle.getLly(), rectangle.getUrx(), rectangle.getUry()), pageNumber, null);
        OcspClient ocspClient = new OcspClientBouncyCastle(null);
        TSAClient tsaClient = null;
        for (X509Certificate certificate : certificateEntry.getChain()) {
            String tsaUrl = CertificateUtil.getTSAURL(certificate);
            if (tsaUrl != null) {
                tsaClient = new TSAClientBouncyCastle(tsaUrl);
                break;
            }
            signAppearance.setCertificate(certificate);
        }
        List<CrlClient> crlList = new ArrayList<>();
        crlList.add(new CrlClientOnline(certificateEntry.getChain()));
        ExternalSignature pks = new PrivateKeySignature(certificateEntry.getPrivateKey(), SHA256, provider.getName());
        ExternalDigest digest = new BouncyCastleDigest();
        // Sign the document using the detached mode, CMS or CAdES equivalent.
        MakeSignature.signDetached(signAppearance, digest, pks, certificateEntry.getChain(), crlList, ocspClient, tsaClient, 0, CryptoStandard.CMS);
    } catch (DocumentException e) {
        LOGGER.error("Document Exception occur {}", e.getCause());
        throw new PDFGeneratorException(PDFGeneratorExceptionCodeConstant.PDF_EXCEPTION.getErrorCode(), e.getMessage(), e);
    } finally {
        outputStream.close();
        if (pdfStamper != null) {
            closeQuietly(pdfStamper);
        }
        if (pdfReader != null) {
            pdfReader.close();
        }
    }
    return outputStream;
}
Also used : PrivateKeySignature(com.itextpdf.text.pdf.security.PrivateKeySignature) OcspClient(com.itextpdf.text.pdf.security.OcspClient) ByteArrayOutputStream(java.io.ByteArrayOutputStream) OutputStream(java.io.OutputStream) Rectangle(com.itextpdf.text.Rectangle) ArrayList(java.util.ArrayList) CrlClientOnline(com.itextpdf.text.pdf.security.CrlClientOnline) PdfSignatureAppearance(com.itextpdf.text.pdf.PdfSignatureAppearance) ByteArrayOutputStream(java.io.ByteArrayOutputStream) PdfReader(com.itextpdf.text.pdf.PdfReader) TSAClientBouncyCastle(com.itextpdf.text.pdf.security.TSAClientBouncyCastle) X509Certificate(java.security.cert.X509Certificate) PDFGeneratorException(io.mosip.kernel.core.pdfgenerator.exception.PDFGeneratorException) TSAClient(com.itextpdf.text.pdf.security.TSAClient) CrlClient(com.itextpdf.text.pdf.security.CrlClient) ExternalDigest(com.itextpdf.text.pdf.security.ExternalDigest) PdfStamper(com.itextpdf.text.pdf.PdfStamper) DocumentException(com.itextpdf.text.DocumentException) OcspClientBouncyCastle(com.itextpdf.text.pdf.security.OcspClientBouncyCastle) ExternalSignature(com.itextpdf.text.pdf.security.ExternalSignature) BouncyCastleDigest(com.itextpdf.text.pdf.security.BouncyCastleDigest)

Aggregations

DocumentException (com.itextpdf.text.DocumentException)1 Rectangle (com.itextpdf.text.Rectangle)1 PdfReader (com.itextpdf.text.pdf.PdfReader)1 PdfSignatureAppearance (com.itextpdf.text.pdf.PdfSignatureAppearance)1 PdfStamper (com.itextpdf.text.pdf.PdfStamper)1 BouncyCastleDigest (com.itextpdf.text.pdf.security.BouncyCastleDigest)1 CrlClient (com.itextpdf.text.pdf.security.CrlClient)1 CrlClientOnline (com.itextpdf.text.pdf.security.CrlClientOnline)1 ExternalDigest (com.itextpdf.text.pdf.security.ExternalDigest)1 ExternalSignature (com.itextpdf.text.pdf.security.ExternalSignature)1 OcspClient (com.itextpdf.text.pdf.security.OcspClient)1 OcspClientBouncyCastle (com.itextpdf.text.pdf.security.OcspClientBouncyCastle)1 PrivateKeySignature (com.itextpdf.text.pdf.security.PrivateKeySignature)1 TSAClient (com.itextpdf.text.pdf.security.TSAClient)1 TSAClientBouncyCastle (com.itextpdf.text.pdf.security.TSAClientBouncyCastle)1 PDFGeneratorException (io.mosip.kernel.core.pdfgenerator.exception.PDFGeneratorException)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 OutputStream (java.io.OutputStream)1 X509Certificate (java.security.cert.X509Certificate)1 ArrayList (java.util.ArrayList)1