public void sign( char[] cardPassword, SignatureProcessSettings settings, List<PdfDocument> pdfDocumentsList ) throws IOException, GeneralSecurityException, DocumentException, HttpException, CertificateException { notifyListeners("Lendo SmartCard."); certificateProcessor.loadKeystore(cardPassword); notifyListeners("Obtendo Alias do Certificado."); String firstAlias = certificateProcessor.getFirstAlias(); if(settings.isValidateSignerCertificateAlias()){ String validSignerCertificateAlias = settings.getValidSignerCertificateAlias(); if(!StringValidator.validateString(validSignerCertificateAlias) || !validSignerCertificateAlias.equalsIgnoreCase(firstAlias)){ notifyListeners("Certificado N�o Autorizado."); throw new CertificateException( "USU\u00C1RIO N\u00C3O AUTORIZADO A ASSINAR." + "\nCERTIFICADO ESPERADO: " + validSignerCertificateAlias + "\nCERTIFICADO NO CARTAO: " + firstAlias ); } } notifyListeners("Lendo Cadeia de Certificados."); Certificate[] certificateChain = certificateProcessor.getCertificateChain(); if(settings.isCheckCertificateValidity()){ notifyListeners("Checando Validade Do Certificado."); boolean isCertificateChainValid = certificateProcessor.isFirstCertificateChainValid(); if(isCertificateChainValid == false){ notifyListeners("Certificado Inv�lido."); throw new CertificateException("CERTIFICADO EXPIRADO"); } } if(settings.isCheckCertificateRevocation()){ notifyListeners("Checando Revoga��o do Certificado."); boolean isCertificateChainRevoked = certificateProcessor.isFirstCertificateRevoked(); if(isCertificateChainRevoked == true){ notifyListeners("Certificado Revogado"); throw new CertificateException("CERTIFICADO REVOGADO"); } } notifyListeners("Obtendo Chave Privada."); PrivateKey certificatePrivateKey = certificateProcessor.getFirstCertificatePrivateKey(cardPassword); notifyListeners("Gerando Carimbo de Tempo."); TSAClientBouncyCastle tsaClient = generateTSAClientBouncyCastleInstance(certificateChain); List<CrlClient> crlList = null; if(settings.isEmbedCRLZip()){ notifyListeners("Gerando Lista de CRL."); crlList = generateCRLClientList(certificateChain); } sign( pdfDocumentsList, settings, firstAlias, certificateChain, certificatePrivateKey, digestAlgorithm, certificateProcessor.getProviderName(), cryptographySpecification, crlList, tsaClient, 0 ); }
private List<CrlClient> generateCRLClientList(Certificate[] chain){ List<CrlClient> crlList = new ArrayList<CrlClient>(); crlList.add(new CrlClientOnline(chain)); return crlList; }
/** * <a href="http://stackoverflow.com/questions/35134568/itext-ltv-enabled-how-to-add-more-crls"> * iText LTV enabled - how to add more CRLs? * </a> * <p> * The original addLtv method of the OP modified merely to allow the * source PDF to be given as {@link InputStream} instead of {@link String}. * </p> */ public void addLtvJanPokorny(InputStream src, String dest) throws IOException, DocumentException, GeneralSecurityException { PdfReader r = new PdfReader(src); FileOutputStream fos = new FileOutputStream(dest); PdfStamper stp = new PdfStamper(r, fos, '\0', true); LtvVerification v = stp.getLtvVerification(); AcroFields fields = stp.getAcroFields(); ArrayList<String> names = fields.getSignatureNames(); String sigName = names.get(names.size() - 1); System.out.println("found signature: " + sigName); PdfPKCS7 pkcs7 = fields.verifySignature(sigName); //add LTV OcspClient ocsp = new OcspClientBouncyCastle(); CrlClient crlClient1 = new CrlClientOnline("http://www.postsignum.cz/crl/psrootqca2.crl"); ArrayList<CrlClient> crllist = new ArrayList<CrlClient>(); crllist.add(crlClient1); CrlClient crlClient2 = new CrlClientOnline("http://www.postsignum.cz/crl/pspublicca2.crl"); crllist.add(crlClient2); System.out.println("crllist.size=" + crllist.size()); if (pkcs7.isTsp()) { for (CrlClient crlclient : crllist) { if (v.addVerification(sigName, new OcspClientBouncyCastle(), crlclient, LtvVerification.CertificateOption.SIGNING_CERTIFICATE, LtvVerification.Level.CRL, LtvVerification.CertificateInclusion.NO)) { System.out.println("crl " + crlclient.toString() + " added to timestamp"); } } } else { for (String name : names) { for (int i = 0; i < crllist.size(); i++) { if (v.addVerification(name, ocsp, crllist.get(i), LtvVerification.CertificateOption.WHOLE_CHAIN, LtvVerification.Level.CRL, LtvVerification.CertificateInclusion.NO)) { System.out.println("crl " + crllist.get(i).toString() + " added to " + name); } if (i > 0) { System.out.println("found verification, merge"); v.merge(); } } } } stp.close(); }
/** * <a href="http://stackoverflow.com/questions/35134568/itext-ltv-enabled-how-to-add-more-crls"> * iText LTV enabled - how to add more CRLs? * </a> * <p> * The original addLtv method of the OP modified to allow the source PDF * to be given as {@link InputStream} instead of {@link String} and fixed * to properly use multiple CRLs. * </p> */ public void addLtvFixed(InputStream src, String dest) throws IOException, DocumentException, GeneralSecurityException { PdfReader r = new PdfReader(src); FileOutputStream fos = new FileOutputStream(dest); PdfStamper stp = new PdfStamper(r, fos, '\0', true); LtvVerification v = stp.getLtvVerification(); AcroFields fields = stp.getAcroFields(); ArrayList<String> names = fields.getSignatureNames(); String sigName = names.get(names.size() - 1); System.out.println("found signature: " + sigName); PdfPKCS7 pkcs7 = fields.verifySignature(sigName); //add LTV OcspClient ocsp = new OcspClientBouncyCastle(); CrlClient crlClient = new CrlClientOnline("http://www.postsignum.cz/crl/psrootqca2.crl", "http://www.postsignum.cz/crl/pspublicca2.crl"); if (pkcs7.isTsp()) { if (v.addVerification(sigName, new OcspClientBouncyCastle(), crlClient, LtvVerification.CertificateOption.SIGNING_CERTIFICATE, LtvVerification.Level.CRL, LtvVerification.CertificateInclusion.NO)) { System.out.println("crl " + crlClient.toString() + " added to timestamp"); } } else { for (String name : names) { if (v.addVerification(name, ocsp, crlClient, LtvVerification.CertificateOption.WHOLE_CHAIN, LtvVerification.Level.CRL, LtvVerification.CertificateInclusion.NO)) { System.out.println("crl " + crlClient.toString() + " added to " + name); } } } stp.close(); }