使用itextsharp和令牌对PDF签名:错误正确嵌入签名
[英]Signing a PDF using itextsharp and a token:Error Embedding signature correctly
问题描述
Thanks for your help,I have tested the solution suggested, but the problem is that when I call getrangestream(), a NullPointerException is raised.here is the code: 
感谢您的帮助,我已经测试了建议的解决方案,但是问题是当我调用getrangestream()时,会引发NullPointerException。代码如下:
public byte[] presign(string src,string dest){
PdfReader reader=new PdfReader(src);
FileStream os=File.OpenWrite(dest);
PdfStamper stamper =
PdfStamper.CreateSignature(reader, os, '\0');
sap = stamper.SignatureAppearance;
Stream data=sap.GetRangeStream();
hash = DigestAlgorithms.Digest(data, "SHA256");
return hash;
}//returns the hash to signing application on the server
public void postsign(byte[] signed_bytes){
IExternalSignature mysig=new MySignature();
mysig.Sign(signed_bytes);//the signed_hash is returned from the server
MakeSignature.SignDetached(sap,mysig,final_chain,crlList,null,
null,8192,CryptoStandard.CMS)}
//the crllist and final_chain are "crl info" and "cert chain" info accordingly that are produced from reading a pem file // crllist和final_chain分别是通过读取pem文件生成的“ crl信息”和“证书链”信息
1 个解决方案
解决方案1
0 2018-12-18 15:23:01
The straight forward way to implement signing a PDF with iText 5.5.x using an external signing service or device is to use an IExternalSignature or IExternalSignatureContainer implementation in which the respective Sign method calls the external signing service or code to sign with that device for the data from its argument and returns the result signature. 使用外部签名服务或设备使用iText 5.5.x实现对PDF进行签名的直接方法是使用IExternalSignature或IExternalSignatureContainer实现,其中相应的Sign方法调用外部签名服务或代码以对该设备进行签名以获取数据从其参数返回结果签名。
For the sake of simplicity let's assume your signing service / device can be used to return a full-fledged CMS signature container. 为了简单起见,我们假定您的签名服务/设备可用于返回完整的CMS签名容器。 In that case one would use an IExternalSignatureContainer implementation like this: 在这种情况下,将使用IExternalSignatureContainer实现,如下所示:
PdfReader reader = new PdfReader(SRC);
FileStream os = new FileStream(DEST, FileMode.Create);
PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0');
// Creating the appearance
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.Reason = "For a reason surely";
appearance.Location = "Positively somewhere";
appearance.SetVisibleSignature(new Rectangle(36, 748, 144, 780), 1, "sig");
IExternalSignatureContainer externalSignatureContainer = new ExternalServiceContainerSigner();
// Creating the signature
MakeSignature.SignExternalContainer(appearance, externalSignatureContainer, 8192);
with 与
class ExternalServiceContainerSigner : IExternalSignatureContainer
{
public void ModifySigningDictionary(PdfDictionary signDic)
{
signDic.Put(PdfName.FILTER, PdfName.ADOBE_PPKLITE);
signDic.Put(PdfName.SUBFILTER, PdfName.ADBE_PKCS7_DETACHED);
}
public byte[] Sign(Stream data)
{
String hashAlgorithm = "SHA256";
byte[] hash = DigestAlgorithms.Digest(data, hashAlgorithm);
// call your external signature service to create a CMS signature
// container for the given document hash and return the bytes of
// that signature container.
return CALL_YOUR_EXTERNAL_SIGNATURE_SERVICE_TO_CREATE_A_CMS_SIGNATURE_CONTAINER_FOR(hash);
}
}
If your signing service / device does not offer to create a CMS signature container but instead only naked signature bytes or a PKCS#1 style signature, you can either 如果您的签名服务/设备不提供创建CMS签名容器的功能,而是仅提供裸签名字节或PKCS#1样式的签名,则可以
- replace the
CALL_YOUR_EXTERNAL_SIGNATURE_SERVICE_TO_CREATE_A_CMS_SIGNATURE_CONTAINER_FORcall above by your own code preparing and signing a signature container for the given document hash using the external service / device or使用您自己的代码替换上述CALL_YOUR_EXTERNAL_SIGNATURE_SERVICE_TO_CREATE_A_CMS_SIGNATURE_CONTAINER_FOR调用,并使用外部服务/设备为给定文档哈希准备并签名签名容器,或者 - use an
IExternalSignatureimplementation calling your service andMakeSignature.SignDetachedto use that implementation.使用IExternalSignature实现调用您的服务,并使用MakeSignature.SignDetached使用该实现。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.