PdfSignatureAppearance appearance = setAppearance(stamper, credentials, reason, location) Map credentials = keyStoreService.credentials These aren't digital signature fields, they're just text fields. Write the 'signatures' entered by applicants to the appropriate fields in the document. PdfStamper stamper = PdfStamper.createSignature(reader, fout, '\0'.toCharacter().charValue(), null, true) Groovy thinks '\0' is a GString, so we have to be explicit and force it to char. PdfReader reader = new PdfReader(documentPath, )įile signed = new File(signedDocumentPath)įileOutputStream fout = new FileOutputStream(signed) PdfUtil.encrypt(content, PDF_PERMISSIONS, keyStoreService.pdfOwnerPassword)ĭef applySignatures(String documentPath, String signedDocumentPath, Map signatureMap, PdfUtil.encryptFile(file, PDF_PERMISSIONS, keyStoreService.pdfOwnerPassword) Private static final List PDF_PERMISSIONS = [ If you are serious about using iText for digital signatures, I would definitely recommend that you buy the book. This code is basically just a refactoring of the examples provided in iText in Action, 2nd Edition, Chapter 12, with a few accomodations for Groovy, Grails, and a SafeNet Luna HSM. It works in conjunction with the KeyStoreService posted in the previous article. Here’s the latest iteration of the service and methods that we’re using in our production digital signature process. I’ve posted examples of document signing using iText and Grails previously. (Certificate) keystore.getCertificateChain('ca_chain_label'), (PrivateKey) keystore.getKey('private_key_label'), PrivateKey privateKey = keystore.getKey('private_key_label') KeyStore keystore = KeyStore.getInstance('Luna') IText’s default provider, Bouncy Castle, knows nothing about pointers to keys stored on an HSM, and you are likely to get a “Cannot access sensitive attributes…” error indicating that an attempt to get a key stored on the HSM failed. You must use the Luna security provider when accessing stored credentials. #2: This should have been self-evident, but I made the mistake of simply copying code from the iText examples without completely understanding it. You are likely to encounter problems later, when you try to access that stored object and it’s not really there. More specifically, do not try to assign objects that you get from a keystore to a variable name. You cannot read or use the object, you can only pass the reference back to methods implemented by the HSM security provider. The HSM does not return actual credentials to you it only gives you a reference to an object stored on the HSM. #1: Even though you use the same KeyStore interface for accessing a file-based Java keystore (*.jks) and an HSM, don’t make the mistake of thinking that the objects that you get out of the keystore are the same. I have learned a few lessons about working with the Luna JSP.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |