Digital signatures - chapter 3

This is a code example of iText PDF, discover more.

1st November 2015
admin-marketing

Switch code for this example

C3_01_SignWithCAcert.java
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8. package signatures.chapter3;
  9.  
  10. import java.io.FileInputStream;
  11. import java.io.FileOutputStream;
  12. import java.io.IOException;
  13. import java.security.GeneralSecurityException;
  14. import java.security.KeyStore;
  15. import java.security.PrivateKey;
  16. import java.security.Security;
  17. import java.security.cert.Certificate;
  18. import java.util.Collection;
  19. import java.util.Properties;
  20.  
  21. import org.bouncycastle.jce.provider.BouncyCastleProvider;
  22.  
  23. import com.itextpdf.text.DocumentException;
  24. import com.itextpdf.text.Rectangle;
  25. import com.itextpdf.text.pdf.PdfReader;
  26. import com.itextpdf.text.pdf.PdfSignatureAppearance;
  27. import com.itextpdf.text.pdf.PdfStamper;
  28. import com.itextpdf.text.pdf.security.BouncyCastleDigest;
  29. import com.itextpdf.text.pdf.security.CrlClient;
  30. import com.itextpdf.text.pdf.security.DigestAlgorithms;
  31. import com.itextpdf.text.pdf.security.ExternalDigest;
  32. import com.itextpdf.text.pdf.security.ExternalSignature;
  33. import com.itextpdf.text.pdf.security.MakeSignature;
  34. import com.itextpdf.text.pdf.security.MakeSignature.CryptoStandard;
  35. import com.itextpdf.text.pdf.security.OcspClient;
  36. import com.itextpdf.text.pdf.security.PrivateKeySignature;
  37. import com.itextpdf.text.pdf.security.TSAClient;
  38.  
  39. public class C3_01_SignWithCAcert {
  40.     public static final String SRC = "src/main/resources/hello.pdf";
  41.     public static final String DEST = "results/chapter3/hello_cacert.pdf";
  42.  
  43.     public void sign(String src, String dest,
  44.             Certificate[] chain, PrivateKey pk,
  45.             String digestAlgorithm, String provider, CryptoStandard subfilter,
  46.             String reason, String location,
  47.             Collection crlList,
  48.             OcspClient ocspClient,
  49.             TSAClient tsaClient,
  50.             int estimatedSize)
  51.                     throws GeneralSecurityException, IOException, DocumentException {
  52.         // Creating the reader and the stamper
  53.         PdfReader reader = new PdfReader(src);
  54.         FileOutputStream os = new FileOutputStream(dest);
  55.         PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0');
  56.         // Creating the appearance
  57.         PdfSignatureAppearance appearance = stamper.getSignatureAppearance();
  58.         appearance.setReason(reason);
  59.         appearance.setLocation(location);
  60.         appearance.setVisibleSignature(new Rectangle(36, 748, 144, 780), 1, "sig");
  61.         // Creating the signature
  62.         ExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm, provider);
  63.         ExternalDigest digest = new BouncyCastleDigest();
  64.         MakeSignature.signDetached(appearance, digest, pks, chain, crlList, ocspClient, tsaClient, estimatedSize, subfilter);
  65.     }
  66.    
  67.     public static void main(String[] args) throws IOException, GeneralSecurityException, DocumentException {
  68.         Properties properties = new Properties();
  69.         properties.load(new FileInputStream("c:/home/blowagie/key.properties"));
  70.         String path = properties.getProperty("PRIVATE");
  71.         char[] pass = properties.getProperty("PASSWORD").toCharArray();
  72.  
  73.         BouncyCastleProvider provider = new BouncyCastleProvider();
  74.         Security.addProvider(provider);
  75.         KeyStore ks = KeyStore.getInstance("pkcs12", provider.getName());
  76.         ks.load(new FileInputStream(path), pass);
  77.         String alias = (String)ks.aliases().nextElement();
  78.         PrivateKey pk = (PrivateKey) ks.getKey(alias, pass);
  79.         Certificate[] chain = ks.getCertificateChain(alias);
  80.         C3_01_SignWithCAcert app = new C3_01_SignWithCAcert();
  81.         app.sign(SRC, DEST, chain, pk, DigestAlgorithms.SHA256, provider.getName(), CryptoStandard.CMS, "Test", "Ghent", null, null, null, 0);
  82.     }
  83. }
C3_02_GetCrlUrl.java
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8. package signatures.chapter3;
  9.  
  10. import java.io.FileInputStream;
  11. import java.io.IOException;
  12. import java.security.GeneralSecurityException;
  13. import java.security.KeyStore;
  14. import java.security.Security;
  15. import java.security.cert.Certificate;
  16. import java.security.cert.X509Certificate;
  17. import java.util.Properties;
  18.  
  19. import org.bouncycastle.jce.provider.BouncyCastleProvider;
  20.  
  21. import com.itextpdf.text.pdf.security.CertificateUtil;
  22.  
  23. public class C3_02_GetCrlUrl {
  24.  
  25.     public static void main(String[] args) throws IOException, GeneralSecurityException {
  26.         Properties properties = new Properties();
  27.         properties.load(new FileInputStream("c:/home/blowagie/key.properties"));
  28.         String path = properties.getProperty("PRIVATE");
  29.         char[] pass = properties.getProperty("PASSWORD").toCharArray();
  30.        
  31.         BouncyCastleProvider provider = new BouncyCastleProvider();
  32.         Security.addProvider(provider);
  33.         KeyStore ks = KeyStore.getInstance("pkcs12", provider.getName());
  34.         ks.load(new FileInputStream(path), pass);
  35.         String alias = (String)ks.aliases().nextElement();
  36.         Certificate[] chain = ks.getCertificateChain(alias);       
  37.         for (int i = 0; i < chain.length; i++) {
  38.             X509Certificate cert = (X509Certificate)chain[i];
  39.             System.out.println(String.format("[%s] %s", i, cert.getSubjectDN()));
  40.             System.out.println(CertificateUtil.getCRLURL(cert));
  41.         }
  42.     }
  43. }
C3_03_SignWithCRLDefaultImp.java
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8. package signatures.chapter3;
  9.  
  10. import java.io.FileInputStream;
  11. import java.io.IOException;
  12. import java.security.GeneralSecurityException;
  13. import java.security.KeyStore;
  14. import java.security.PrivateKey;
  15. import java.security.Security;
  16. import java.security.cert.Certificate;
  17. import java.util.ArrayList;
  18. import java.util.List;
  19. import java.util.Properties;
  20.  
  21. import org.bouncycastle.jce.provider.BouncyCastleProvider;
  22.  
  23. import com.itextpdf.text.DocumentException;
  24. import com.itextpdf.text.log.LoggerFactory;
  25. import com.itextpdf.text.log.SysoLogger;
  26. import com.itextpdf.text.pdf.security.CrlClient;
  27. import com.itextpdf.text.pdf.security.CrlClientOnline;
  28. import com.itextpdf.text.pdf.security.DigestAlgorithms;
  29. import com.itextpdf.text.pdf.security.MakeSignature.CryptoStandard;
  30.  
  31. public class C3_03_SignWithCRLDefaultImp extends C3_01_SignWithCAcert {
  32.     public static final String SRC = "src/main/resources/hello.pdf";
  33.     public static final String DEST = "results/chapter3/hello_cacert_crl_imp.pdf";
  34.    
  35.     public static void main(String[] args) throws IOException, GeneralSecurityException, DocumentException {
  36.         Properties properties = new Properties();
  37.         properties.load(new FileInputStream("c:/home/blowagie/key.properties"));
  38.         String path = properties.getProperty("PRIVATE");
  39.         char[] pass = properties.getProperty("PASSWORD").toCharArray();
  40.  
  41.         BouncyCastleProvider provider = new BouncyCastleProvider();
  42.         Security.addProvider(provider);
  43.         KeyStore ks = KeyStore.getInstance("pkcs12", provider.getName());
  44.         ks.load(new FileInputStream(path), pass);
  45.         String alias = (String)ks.aliases().nextElement();
  46.         PrivateKey pk = (PrivateKey) ks.getKey(alias, pass);
  47.         Certificate[] chain = ks.getCertificateChain(alias);
  48.         LoggerFactory.getInstance().setLogger(new SysoLogger());
  49.         List crlList = new ArrayList();
  50.         crlList.add(new CrlClientOnline());
  51.         C3_03_SignWithCRLDefaultImp app = new C3_03_SignWithCRLDefaultImp();
  52.         app.sign(SRC, DEST, chain, pk, DigestAlgorithms.SHA256, provider.getName(), CryptoStandard.CMS, "Test", "Ghent",
  53.                 crlList, null, null, 0);
  54.     }
  55.  
  56. }
C3_04_SignWithCRLOnline.java
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8. package signatures.chapter3;
  9.  
  10. import java.io.FileInputStream;
  11. import java.io.IOException;
  12. import java.security.GeneralSecurityException;
  13. import java.security.KeyStore;
  14. import java.security.PrivateKey;
  15. import java.security.Security;
  16. import java.security.cert.Certificate;
  17. import java.util.ArrayList;
  18. import java.util.List;
  19. import java.util.Properties;
  20.  
  21. import org.bouncycastle.jce.provider.BouncyCastleProvider;
  22.  
  23. import com.itextpdf.text.DocumentException;
  24. import com.itextpdf.text.log.LoggerFactory;
  25. import com.itextpdf.text.log.SysoLogger;
  26. import com.itextpdf.text.pdf.security.CrlClient;
  27. import com.itextpdf.text.pdf.security.CrlClientOnline;
  28. import com.itextpdf.text.pdf.security.DigestAlgorithms;
  29. import com.itextpdf.text.pdf.security.MakeSignature.CryptoStandard;
  30.  
  31. public class C3_04_SignWithCRLOnline extends C3_01_SignWithCAcert {
  32.     public static final String SRC = "src/main/resources/hello.pdf";
  33.     public static final String DEST = "results/chapter3/hello_cacert_crl.pdf";
  34.    
  35.     public static void main(String[] args) throws IOException, GeneralSecurityException, DocumentException {
  36.         LoggerFactory.getInstance().setLogger(new SysoLogger());
  37.         Properties properties = new Properties();
  38.         properties.load(new FileInputStream("c:/home/blowagie/key.properties"));
  39.         String path = properties.getProperty("PRIVATE");
  40.         char[] pass = properties.getProperty("PASSWORD").toCharArray();
  41.  
  42.         BouncyCastleProvider provider = new BouncyCastleProvider();
  43.         Security.addProvider(provider);
  44.         KeyStore ks = KeyStore.getInstance("pkcs12", provider.getName());
  45.         ks.load(new FileInputStream(path), pass);
  46.         String alias = (String)ks.aliases().nextElement();
  47.         PrivateKey pk = (PrivateKey) ks.getKey(alias, pass);
  48.         Certificate[] chain = ks.getCertificateChain(alias);
  49.         CrlClient crlClient = new CrlClientOnline("https://crl.cacert.org/revoke.crl");
  50.         List crlList = new ArrayList();
  51.         crlList.add(crlClient);
  52.         C3_04_SignWithCRLOnline app = new C3_04_SignWithCRLOnline();
  53.         app.sign(SRC, DEST, chain, pk, DigestAlgorithms.SHA256, provider.getName(), CryptoStandard.CMS, "Test", "Ghent",
  54.                 crlList, null, null, 0);
  55.     }
  56.  
  57. }
C3_05_SignWithCRLOffline.java
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8. package signatures.chapter3;
  9.  
  10. import java.io.ByteArrayOutputStream;
  11. import java.io.FileInputStream;
  12. import java.io.IOException;
  13. import java.security.GeneralSecurityException;
  14. import java.security.KeyStore;
  15. import java.security.PrivateKey;
  16. import java.security.Security;
  17. import java.security.cert.Certificate;
  18. import java.security.cert.CertificateFactory;
  19. import java.security.cert.X509CRL;
  20. import java.util.ArrayList;
  21. import java.util.List;
  22. import java.util.Properties;
  23.  
  24. import org.bouncycastle.jce.provider.BouncyCastleProvider;
  25.  
  26. import com.itextpdf.text.DocumentException;
  27. import com.itextpdf.text.log.LoggerFactory;
  28. import com.itextpdf.text.log.SysoLogger;
  29. import com.itextpdf.text.pdf.security.CrlClient;
  30. import com.itextpdf.text.pdf.security.CrlClientOffline;
  31. import com.itextpdf.text.pdf.security.DigestAlgorithms;
  32. import com.itextpdf.text.pdf.security.MakeSignature.CryptoStandard;
  33.  
  34. public class C3_05_SignWithCRLOffline extends C3_01_SignWithCAcert {
  35.     public static final String SRC = "src/main/resources/hello.pdf";
  36.     public static final String CRLURL = "src/main/resources/revoke.crl";
  37.     public static final String DEST = "results/chapter3/hello_cacert_crl_offline.pdf";
  38.    
  39.     public static void main(String[] args) throws IOException, GeneralSecurityException, DocumentException {
  40.         LoggerFactory.getInstance().setLogger(new SysoLogger());
  41.         Properties properties = new Properties();
  42.         properties.load(new FileInputStream("c:/home/blowagie/key.properties"));
  43.         String path = properties.getProperty("PRIVATE");
  44.         char[] pass = properties.getProperty("PASSWORD").toCharArray();
  45.  
  46.         BouncyCastleProvider provider = new BouncyCastleProvider();
  47.         Security.addProvider(provider);
  48.         KeyStore ks = KeyStore.getInstance("pkcs12", provider.getName());
  49.         ks.load(new FileInputStream(path), pass);
  50.         String alias = (String)ks.aliases().nextElement();
  51.         PrivateKey pk = (PrivateKey) ks.getKey(alias, pass);
  52.         Certificate[] chain = ks.getCertificateChain(alias);
  53.         FileInputStream is = new FileInputStream(CRLURL);
  54.         ByteArrayOutputStream baos = new ByteArrayOutputStream();
  55.         byte[] buf = new byte[1024];
  56.         while (is.read(buf) != -1) baos.write(buf);
  57.         CrlClient crlClient = new CrlClientOffline(baos.toByteArray());
  58.        
  59.         CertificateFactory cf = CertificateFactory.getInstance("X.509");
  60.         X509CRL crl = (X509CRL)cf.generateCRL(new FileInputStream(CRLURL));
  61.         System.out.println("CRL valid until: " + crl.getNextUpdate());
  62.         System.out.println("Certificate revoked: " + crl.isRevoked(chain[0]));
  63.        
  64.         List crlList = new ArrayList();
  65.         crlList.add(crlClient);
  66.         C3_05_SignWithCRLOffline app = new C3_05_SignWithCRLOffline();
  67.         app.sign(SRC, DEST, chain, pk, DigestAlgorithms.SHA256, provider.getName(), CryptoStandard.CMS, "Test", "Ghent",
  68.                 crlList, null, null, 0);
  69.     }
  70.  
  71. }
C3_06_GetOcspUrl.java
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8. package signatures.chapter3;
  9.  
  10. import java.io.FileInputStream;
  11. import java.io.IOException;
  12. import java.security.GeneralSecurityException;
  13. import java.security.KeyStore;
  14. import java.security.Security;
  15. import java.security.cert.Certificate;
  16. import java.security.cert.X509Certificate;
  17. import java.util.Properties;
  18.  
  19. import org.bouncycastle.jce.provider.BouncyCastleProvider;
  20.  
  21. import com.itextpdf.text.pdf.security.CertificateUtil;
  22.  
  23. public class C3_06_GetOcspUrl {
  24.     public static void main(String[] args) throws IOException, GeneralSecurityException {
  25.         Properties properties = new Properties();
  26.         properties.load(new FileInputStream("c:/home/blowagie/key.properties"));
  27.         String path = properties.getProperty("PRIVATE");
  28.         char[] pass = properties.getProperty("PASSWORD").toCharArray();
  29.        
  30.         BouncyCastleProvider provider = new BouncyCastleProvider();
  31.         Security.addProvider(provider);
  32.         KeyStore ks = KeyStore.getInstance("pkcs12", provider.getName());
  33.         ks.load(new FileInputStream(path), pass);
  34.         String alias = (String)ks.aliases().nextElement();
  35.         Certificate[] chain = ks.getCertificateChain(alias);       
  36.         for (int i = 0; i < chain.length; i++) {
  37.             X509Certificate cert = (X509Certificate)chain[i];
  38.             System.out.println(String.format("[%s] %s", i, cert.getSubjectDN()));
  39.             System.out.println(CertificateUtil.getOCSPURL(cert));
  40.         }
  41.     }
  42. }
C3_07_SignWithOCSP.java
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8. package signatures.chapter3;
  9.  
  10. import java.io.FileInputStream;
  11. import java.io.IOException;
  12. import java.security.GeneralSecurityException;
  13. import java.security.KeyStore;
  14. import java.security.PrivateKey;
  15. import java.security.Security;
  16. import java.security.cert.Certificate;
  17. import java.util.Properties;
  18.  
  19. import org.bouncycastle.jce.provider.BouncyCastleProvider;
  20.  
  21. import com.itextpdf.text.DocumentException;
  22. import com.itextpdf.text.pdf.security.DigestAlgorithms;
  23. import com.itextpdf.text.pdf.security.MakeSignature.CryptoStandard;
  24. import com.itextpdf.text.pdf.security.OcspClient;
  25. import com.itextpdf.text.pdf.security.OcspClientBouncyCastle;
  26.  
  27. public class C3_07_SignWithOCSP extends C3_01_SignWithCAcert {
  28.     public static final String SRC = "src/main/resources/hello.pdf";
  29.     public static final String DEST = "results/chapter3/hello_cacert_ocsp.pdf";
  30.    
  31.     public static void main(String[] args) throws IOException, GeneralSecurityException, DocumentException {
  32.         Properties properties = new Properties();
  33.         properties.load(new FileInputStream("c:/home/blowagie/key.properties"));
  34.         String path = properties.getProperty("PRIVATE");
  35.         char[] pass = properties.getProperty("PASSWORD").toCharArray();
  36.  
  37.         BouncyCastleProvider provider = new BouncyCastleProvider();
  38.         Security.addProvider(provider);
  39.         KeyStore ks = KeyStore.getInstance("pkcs12", provider.getName());
  40.         ks.load(new FileInputStream(path), pass);
  41.         String alias = (String)ks.aliases().nextElement();
  42.         PrivateKey pk = (PrivateKey) ks.getKey(alias, pass);
  43.         Certificate[] chain = ks.getCertificateChain(alias);
  44.         OcspClient ocspClient = new OcspClientBouncyCastle();
  45.         C3_07_SignWithOCSP app = new C3_07_SignWithOCSP();
  46.         app.sign(SRC, DEST, chain, pk, DigestAlgorithms.SHA256, provider.getName(), CryptoStandard.CMS, "Test", "Ghent",
  47.                 null, ocspClient, null, 0);
  48.     }
  49.  
  50. }
C3_08_GetTsaUrl.java
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8. package signatures.chapter3;
  9.  
  10. import java.io.FileInputStream;
  11. import java.io.IOException;
  12. import java.security.GeneralSecurityException;
  13. import java.security.KeyStore;
  14. import java.security.Security;
  15. import java.security.cert.Certificate;
  16. import java.security.cert.X509Certificate;
  17. import java.util.Properties;
  18.  
  19. import org.bouncycastle.jce.provider.BouncyCastleProvider;
  20.  
  21. import com.itextpdf.text.pdf.security.CertificateUtil;
  22.  
  23. public class C3_08_GetTsaUrl {
  24.     public static void main(String[] args) throws IOException, GeneralSecurityException {
  25.         Properties properties = new Properties();
  26.         properties.load(new FileInputStream("c:/home/blowagie/key.properties"));
  27.         String path = properties.getProperty("PRIVATE");
  28.         char[] pass = properties.getProperty("PASSWORD").toCharArray();
  29.        
  30.         BouncyCastleProvider provider = new BouncyCastleProvider();
  31.         Security.addProvider(provider);
  32.         KeyStore ks = KeyStore.getInstance("pkcs12", provider.getName());
  33.         ks.load(new FileInputStream(path), pass);
  34.         String alias = (String)ks.aliases().nextElement();
  35.         Certificate[] chain = ks.getCertificateChain(alias);       
  36.         for (int i = 0; i < chain.length; i++) {
  37.             X509Certificate cert = (X509Certificate)chain[i];
  38.             System.out.println(String.format("[%s] %s", i, cert.getSubjectDN()));
  39.             System.out.println(CertificateUtil.getTSAURL(cert));
  40.         }
  41.     }
  42. }
C3_09_SignWithTSA.java
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8. package signatures.chapter3;
  9.  
  10. import java.io.FileInputStream;
  11. import java.io.IOException;
  12. import java.security.GeneralSecurityException;
  13. import java.security.KeyStore;
  14. import java.security.PrivateKey;
  15. import java.security.Security;
  16. import java.security.cert.Certificate;
  17. import java.util.Properties;
  18.  
  19. import org.bouncycastle.jce.provider.BouncyCastleProvider;
  20.  
  21. import com.itextpdf.text.DocumentException;
  22. import com.itextpdf.text.pdf.security.DigestAlgorithms;
  23. import com.itextpdf.text.pdf.security.MakeSignature.CryptoStandard;
  24. import com.itextpdf.text.pdf.security.OcspClient;
  25. import com.itextpdf.text.pdf.security.OcspClientBouncyCastle;
  26. import com.itextpdf.text.pdf.security.TSAClient;
  27. import com.itextpdf.text.pdf.security.TSAClientBouncyCastle;
  28.  
  29. public class C3_09_SignWithTSA extends C3_01_SignWithCAcert {
  30.     public static final String SRC = "src/main/resources/hello.pdf";
  31.     public static final String DEST = "results/chapter3/hello_cacert_ocsp_ts.pdf";
  32.    
  33.     public static void main(String[] args) throws IOException, GeneralSecurityException, DocumentException {
  34.         Properties properties = new Properties();
  35.         properties.load(new FileInputStream("c:/home/blowagie/key.properties"));
  36.         String path = properties.getProperty("PRIVATE");
  37.         char[] pass = properties.getProperty("PASSWORD").toCharArray();
  38.         String tsaUrl = properties.getProperty("TSAURL");
  39.         String tsaUser = properties.getProperty("TSAUSERNAME");
  40.         String tsaPass = properties.getProperty("TSAPASSWORD");
  41.  
  42.         BouncyCastleProvider provider = new BouncyCastleProvider();
  43.         Security.addProvider(provider);
  44.         KeyStore ks = KeyStore.getInstance("pkcs12", provider.getName());
  45.         ks.load(new FileInputStream(path), pass);
  46.         String alias = (String)ks.aliases().nextElement();
  47.         PrivateKey pk = (PrivateKey) ks.getKey(alias, pass);
  48.         Certificate[] chain = ks.getCertificateChain(alias);
  49.         OcspClient ocspClient = new OcspClientBouncyCastle();
  50.         TSAClient tsaClient = new TSAClientBouncyCastle(tsaUrl, tsaUser, tsaPass);
  51.         C3_09_SignWithTSA app = new C3_09_SignWithTSA();
  52.         app.sign(SRC, DEST, chain, pk, DigestAlgorithms.SHA256, provider.getName(), CryptoStandard.CMS, "Test", "Ghent",
  53.                 null, ocspClient, tsaClient, 0);
  54.     }
  55.  
  56. }
C3_10_SignWithTSAEvent.java
  1. package signatures.chapter3;
  2.  
  3. import java.io.FileInputStream;
  4. import java.io.IOException;
  5. import java.security.GeneralSecurityException;
  6. import java.security.KeyStore;
  7. import java.security.PrivateKey;
  8. import java.security.Security;
  9. import java.security.cert.Certificate;
  10. import java.util.Properties;
  11.  
  12. import org.bouncycastle.jce.provider.BouncyCastleProvider;
  13. import org.bouncycastle.tsp.TimeStampTokenInfo;
  14.  
  15. import com.itextpdf.text.DocumentException;
  16. import com.itextpdf.text.pdf.security.DigestAlgorithms;
  17. import com.itextpdf.text.pdf.security.OcspClient;
  18. import com.itextpdf.text.pdf.security.OcspClientBouncyCastle;
  19. import com.itextpdf.text.pdf.security.TSAClientBouncyCastle;
  20. import com.itextpdf.text.pdf.security.MakeSignature.CryptoStandard;
  21. import com.itextpdf.text.pdf.security.TSAInfoBouncyCastle;
  22.  
  23. public class C3_10_SignWithTSAEvent extends C3_01_SignWithCAcert {
  24.     public static final String SRC = "src/main/resources/hello.pdf";
  25.     public static final String DEST = "results/chapter3/hello_cacert_ocsp_ts.pdf";
  26.    
  27.     public static void main(String[] args) throws IOException, GeneralSecurityException, DocumentException {
  28.         Properties properties = new Properties();
  29.         properties.load(new FileInputStream("c:/home/blowagie/key.properties"));
  30.         String path = properties.getProperty("PRIVATE");
  31.         char[] pass = properties.getProperty("PASSWORD").toCharArray();
  32.         String tsaUrl = properties.getProperty("TSAURL");
  33.         String tsaUser = properties.getProperty("TSAUSERNAME");
  34.         String tsaPass = properties.getProperty("TSAPASSWORD");
  35.  
  36.         BouncyCastleProvider provider = new BouncyCastleProvider();
  37.         Security.addProvider(provider);
  38.         KeyStore ks = KeyStore.getInstance("pkcs12", provider.getName());
  39.         ks.load(new FileInputStream(path), pass);
  40.         String alias = (String)ks.aliases().nextElement();
  41.         PrivateKey pk = (PrivateKey) ks.getKey(alias, pass);
  42.         Certificate[] chain = ks.getCertificateChain(alias);
  43.         OcspClient ocspClient = new OcspClientBouncyCastle();
  44.         TSAClientBouncyCastle tsaClient = new TSAClientBouncyCastle(tsaUrl, tsaUser, tsaPass);
  45.         tsaClient.setTSAInfo(new TSAInfoBouncyCastle() {
  46.             public void inspectTimeStampTokenInfo(TimeStampTokenInfo info) {
  47.                 System.out.println(info.getGenTime());
  48.             }});
  49.         C3_09_SignWithTSA app = new C3_09_SignWithTSA();
  50.         app.sign(SRC, DEST, chain, pk, DigestAlgorithms.SHA256, provider.getName(), CryptoStandard.CMS, "Test", "Ghent",
  51.                 null, ocspClient, tsaClient, 0);
  52.     }
  53. }
C3_11_SignWithToken.java
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8. package signatures.chapter3;
  9.  
  10. import java.io.IOException;
  11. import java.security.GeneralSecurityException;
  12. import java.security.KeyStore;
  13. import java.security.PrivateKey;
  14. import java.security.Security;
  15. import java.security.cert.Certificate;
  16. import java.security.cert.X509Certificate;
  17. import java.util.ArrayList;
  18. import java.util.List;
  19.  
  20. import org.bouncycastle.jce.provider.BouncyCastleProvider;
  21.  
  22. import sun.security.mscapi.SunMSCAPI;
  23.  
  24. import com.itextpdf.text.DocumentException;
  25. import com.itextpdf.text.log.LoggerFactory;
  26. import com.itextpdf.text.log.SysoLogger;
  27. import com.itextpdf.text.pdf.security.CertificateUtil;
  28. import com.itextpdf.text.pdf.security.CrlClient;
  29. import com.itextpdf.text.pdf.security.CrlClientOnline;
  30. import com.itextpdf.text.pdf.security.DigestAlgorithms;
  31. import com.itextpdf.text.pdf.security.MakeSignature.CryptoStandard;
  32. import com.itextpdf.text.pdf.security.OcspClient;
  33. import com.itextpdf.text.pdf.security.OcspClientBouncyCastle;
  34. import com.itextpdf.text.pdf.security.TSAClient;
  35. import com.itextpdf.text.pdf.security.TSAClientBouncyCastle;
  36.  
  37. public class C3_11_SignWithToken extends C3_01_SignWithCAcert {
  38.     public static final String SRC = "src/main/resources/hello.pdf";
  39.     public static final String DEST = "results/chapter3/hello_token.pdf";
  40.    
  41.     public static void main(String[] args) throws IOException, GeneralSecurityException, DocumentException {
  42.         LoggerFactory.getInstance().setLogger(new SysoLogger());
  43.        
  44.         BouncyCastleProvider providerBC = new BouncyCastleProvider();
  45.         Security.addProvider(providerBC);
  46.         SunMSCAPI providerMSCAPI = new SunMSCAPI();
  47.         Security.addProvider(providerMSCAPI);
  48.         KeyStore ks = KeyStore.getInstance("Windows-MY");
  49.         ks.load(null, null);
  50.         String alias = "Bruno Lowagie";
  51.         PrivateKey pk = (PrivateKey)ks.getKey(alias, null);
  52.         Certificate[] chain = ks.getCertificateChain(alias);
  53.         OcspClient ocspClient = new OcspClientBouncyCastle();
  54.         TSAClient tsaClient = null;
  55.         for (int i = 0; i < chain.length; i++) {
  56.             X509Certificate cert = (X509Certificate)chain[i];
  57.             String tsaUrl = CertificateUtil.getTSAURL(cert);
  58.             if (tsaUrl != null) {
  59.                 tsaClient = new TSAClientBouncyCastle(tsaUrl);
  60.                 break;
  61.             }
  62.         }
  63.         List crlList = new ArrayList();
  64.         crlList.add(new CrlClientOnline(chain));
  65.         C3_11_SignWithToken app = new C3_11_SignWithToken();
  66.         app.sign(SRC, DEST, chain, pk, DigestAlgorithms.SHA384, providerMSCAPI.getName(), CryptoStandard.CMS, "Test", "Ghent",
  67.                 crlList, ocspClient, tsaClient, 0);
  68.     }
  69. }
C3_12_SignWithEstimatedSize.java
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8. package signatures.chapter3;
  9.  
  10. import java.io.FileInputStream;
  11. import java.io.IOException;
  12. import java.security.GeneralSecurityException;
  13. import java.security.KeyStore;
  14. import java.security.PrivateKey;
  15. import java.security.Security;
  16. import java.security.cert.Certificate;
  17. import java.util.Properties;
  18.  
  19. import org.bouncycastle.jce.provider.BouncyCastleProvider;
  20.  
  21. import com.itextpdf.text.DocumentException;
  22. import com.itextpdf.text.pdf.security.DigestAlgorithms;
  23. import com.itextpdf.text.pdf.security.MakeSignature.CryptoStandard;
  24. import com.itextpdf.text.pdf.security.OcspClient;
  25. import com.itextpdf.text.pdf.security.OcspClientBouncyCastle;
  26. import com.itextpdf.text.pdf.security.TSAClient;
  27. import com.itextpdf.text.pdf.security.TSAClientBouncyCastle;
  28.  
  29. public class C3_12_SignWithEstimatedSize extends C3_01_SignWithCAcert {
  30.     public static final String SRC = "src/main/resources/hello.pdf";
  31.     public static final String DEST = "results/chapter3/hello_estimated.pdf";
  32.    
  33.     public static void main(String[] args) throws IOException, GeneralSecurityException, DocumentException {
  34.         Properties properties = new Properties();
  35.         properties.load(new FileInputStream("c:/home/blowagie/key.properties"));
  36.         String path = properties.getProperty("PRIVATE");
  37.         char[] pass = properties.getProperty("PASSWORD").toCharArray();
  38.         String tsaUrl = properties.getProperty("TSAURL");
  39.         String tsaUser = properties.getProperty("TSAUSERNAME");
  40.         String tsaPass = properties.getProperty("TSAPASSWORD");
  41.  
  42.         BouncyCastleProvider provider = new BouncyCastleProvider();
  43.         Security.addProvider(provider);
  44.         KeyStore ks = KeyStore.getInstance("pkcs12", provider.getName());
  45.         ks.load(new FileInputStream(path), pass);
  46.         String alias = (String)ks.aliases().nextElement();
  47.         PrivateKey pk = (PrivateKey) ks.getKey(alias, pass);
  48.         Certificate[] chain = ks.getCertificateChain(alias);
  49.         OcspClient ocspClient = new OcspClientBouncyCastle();
  50.         TSAClient tsaClient = new TSAClientBouncyCastle(tsaUrl, tsaUser, tsaPass);
  51.         C3_12_SignWithEstimatedSize app = new C3_12_SignWithEstimatedSize();
  52.         boolean succeeded = false;
  53.         int estimatedSize = 10300;
  54.         while (!succeeded) {
  55.             try {
  56.                 System.out.println("Attempt: " + estimatedSize + " bytes");
  57.                 app.sign(SRC, DEST, chain, pk, DigestAlgorithms.SHA256, provider.getName(), CryptoStandard.CMS, "Test", "Ghent",
  58.                         null, ocspClient, tsaClient, estimatedSize);
  59.                 succeeded = true;
  60.                 System.out.println("Succeeded!");
  61.             }
  62.             catch(IOException ioe) {
  63.                 System.out.println("Not succeeded: " + ioe.getMessage());
  64.                 estimatedSize += 50;
  65.             }
  66.         }
  67.     }
  68.  
  69. }
C3_01_SignWithCAcert.cs
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8.  
  9. using System;
  10. using System.Collections.Generic;
  11. using System.IO;
  12. using System.util;
  13. using Org.BouncyCastle.Crypto;
  14. using Org.BouncyCastle.Pkcs;
  15. using Org.BouncyCastle.X509;
  16. using iTextSharp.text;
  17. using iTextSharp.text.pdf;
  18. using iTextSharp.text.pdf.security;
  19.  
  20. namespace signatures.chapter3 {
  21.     public class C3_01_SignWithCAcert {
  22.         private static String SRC = "../../../../resources/hello.pdf";
  23.         public static String DEST = "../../../../results/chapter3/hello_cacert.pdf";
  24.  
  25.         static public void Sign(String dest,
  26.                          ICollection chain, ICipherParameters pk,
  27.                          String digestAlgorithm, CryptoStandard subfilter,
  28.                          String reason, String location,
  29.                          ICollection crlList,
  30.                          IOcspClient ocspClient,
  31.                          ITSAClient tsaClient,
  32.                          int estimatedSize) {
  33.             // Creating the reader and the stamper
  34.             PdfReader reader = null;
  35.             PdfStamper stamper = null;
  36.             FileStream os = null;
  37.             try {
  38.                 reader = new PdfReader(SRC);
  39.                 os = new FileStream(dest, FileMode.Create);
  40.                 stamper = PdfStamper.CreateSignature(reader, os, '\0');
  41.                 // Creating the appearance
  42.                 PdfSignatureAppearance appearance = stamper.SignatureAppearance;
  43.                 appearance.Reason = reason;
  44.                 appearance.Location = location;
  45.                 appearance.SetVisibleSignature(new Rectangle(36, 748, 144, 780), 1, "sig");
  46.                 // Creating the signature
  47.                 IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm);
  48.                 MakeSignature.SignDetached(appearance, pks, chain, crlList, ocspClient, tsaClient, estimatedSize,
  49.                                            subfilter);
  50.             } finally {
  51.                 if (reader != null)
  52.                     reader.Close();
  53.                 if (stamper != null)
  54.                     stamper.Close();
  55.                 if (os != null)
  56.                     os.Close();
  57.             }
  58.         }
  59.  
  60.         public static void Main(String[] args) {
  61.             Properties properties = new Properties();
  62.             properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open));
  63.             String path = properties["PRIVATE"];
  64.             char[] pass = properties["PASSWORD"].ToCharArray();
  65.  
  66.             Pkcs12Store ks = new Pkcs12Store();
  67.             ks.Load(new FileStream(path, FileMode.Open), pass);
  68.             String alias = "";
  69.             foreach (string al in ks.Aliases) {
  70.                 if (ks.IsKeyEntry(al) && ks.GetKey(al).Key.IsPrivate) {
  71.                     alias = al;
  72.                     break;
  73.                 }
  74.             }
  75.             AsymmetricKeyParameter pk = ks.GetKey(alias).Key;
  76.             ICollection chain = new List();
  77.             foreach (X509CertificateEntry entry in ks.GetCertificateChain(alias)) {
  78.                 chain.Add(entry.Certificate);    
  79.             }
  80.             Sign(DEST, chain, pk, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Test",
  81.                      "Ghent", null, null, null, 0);
  82.         }
  83.     }
  84. }
C3_02_GetCrlUrl.cs
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8.  
  9. using System;
  10. using System.IO;
  11. using System.util;
  12. using Org.BouncyCastle.Pkcs;
  13. using Org.BouncyCastle.X509;
  14. using iTextSharp.text.pdf.security;
  15.  
  16. namespace signatures.chapter3 {
  17.     public class C3_02_GetCrlUrl {
  18.         public static void Main(String[] args) {
  19.             Properties properties = new Properties();
  20.             properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open));
  21.             String path = properties["PRIVATE"];
  22.             char[] pass = properties["PASSWORD"].ToCharArray();
  23.  
  24.             Pkcs12Store ks = new Pkcs12Store();
  25.             ks.Load(new FileStream(path, FileMode.Open), pass);
  26.             String alias = "";
  27.             foreach (string al in ks.Aliases) {
  28.                 if (ks.IsKeyEntry(al) && ks.GetKey(al).Key.IsPrivate) {
  29.                     alias = al;
  30.                     break;
  31.                 }
  32.             }
  33.  
  34.             X509CertificateEntry[] chain = ks.GetCertificateChain(alias);
  35.             for (int i = 0; i < chain.Length; i++) {
  36.                 X509Certificate cert = chain[i].Certificate;
  37.                 Console.WriteLine("[{0}] {1}", i, cert.SubjectDN);
  38.                 Console.WriteLine(CertificateUtil.GetCRLURL(cert));
  39.             }
  40.             Console.ReadKey();
  41.         }
  42.     }
  43. }
C3_03_SignWithCRLDefaultImp.cs
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8.  
  9. using System;
  10. using System.Collections.Generic;
  11. using System.IO;
  12. using System.util;
  13. using Org.BouncyCastle.Crypto;
  14. using Org.BouncyCastle.Pkcs;
  15. using Org.BouncyCastle.X509;
  16. using iTextSharp.text.log;
  17. using iTextSharp.text.pdf.security;
  18.  
  19. namespace signatures.chapter3 {
  20.  
  21.     public class C3_03_SignWithCRLDefaultImp {
  22.         public static String DEST = "../../../../results/chapter3/hello_cacert_crl_imp.pdf";
  23.  
  24.         public static void Main(String[] args) {
  25.             Properties properties = new Properties();
  26.             properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open));
  27.             String path = properties["PRIVATE"];
  28.             char[] pass = properties["PASSWORD"].ToCharArray();
  29.  
  30.             Pkcs12Store ks = new Pkcs12Store();
  31.             ks.Load(new FileStream(path, FileMode.Open), pass);
  32.             String alias = "";
  33.             foreach (string al in ks.Aliases) {
  34.                 if (ks.IsKeyEntry(al) && ks.GetKey(al).Key.IsPrivate) {
  35.                     alias = al;
  36.                     break;
  37.                 }
  38.             }
  39.             AsymmetricKeyParameter pk = ks.GetKey(alias).Key;
  40.             ICollection chain = new List();
  41.             foreach (X509CertificateEntry entry in ks.GetCertificateChain(alias)) {
  42.                 chain.Add(entry.Certificate);
  43.             }
  44.  
  45.             LoggerFactory.GetInstance().SetLogger(new SysoLogger());
  46.             IList crlList = new List();
  47.             crlList.Add(new CrlClientOnline());
  48.             C3_01_SignWithCAcert.Sign(DEST, chain, pk, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Test",
  49.                      "Ghent",
  50.                      crlList, null, null, 0);
  51.         }
  52.     }
  53. }
C3_04_SignWithCRLOnline.cs
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8.  
  9. using System;
  10. using System.Collections.Generic;
  11. using System.IO;
  12. using System.util;
  13. using Org.BouncyCastle.Crypto;
  14. using Org.BouncyCastle.Pkcs;
  15. using Org.BouncyCastle.X509;
  16. using iTextSharp.text.log;
  17. using iTextSharp.text.pdf.security;
  18.  
  19. namespace signatures.chapter3 {
  20.  
  21.     public class C3_04_SignWithCRLOnline {
  22.         public static String DEST = "../../../../results/chapter3/hello_cacert_crl.pdf";
  23.  
  24.         public static void Main(String[] args) {
  25.             LoggerFactory.GetInstance().SetLogger(new SysoLogger());
  26.             Properties properties = new Properties();
  27.             properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open));
  28.             String path = properties["PRIVATE"];
  29.             char[] pass = properties["PASSWORD"].ToCharArray();
  30.  
  31.             Pkcs12Store ks = new Pkcs12Store();
  32.             ks.Load(new FileStream(path, FileMode.Open), pass);
  33.             String alias = "";
  34.             foreach (string al in ks.Aliases) {
  35.                 if (ks.IsKeyEntry(al) && ks.GetKey(al).Key.IsPrivate) {
  36.                     alias = al;
  37.                     break;
  38.                 }
  39.             }
  40.  
  41.             AsymmetricKeyParameter pk = ks.GetKey(alias).Key;
  42.             ICollection chain = new List();
  43.             foreach (X509CertificateEntry entry in ks.GetCertificateChain(alias)) {
  44.                 chain.Add(entry.Certificate);
  45.             }
  46.             ICrlClient crlClient = new CrlClientOnline("https://crl.cacert.org/revoke.crl");
  47.             IList crlList = new List();
  48.             crlList.Add(crlClient);
  49.             C3_01_SignWithCAcert.Sign(DEST, chain, pk, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Test", "Ghent",
  50.                      crlList, null, null, 0);
  51.         }
  52.     }
  53. }
C3_05_SignWithCRLOffline.cs
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8.  
  9. using System;
  10. using System.Collections.Generic;
  11. using System.IO;
  12. using System.util;
  13. using Org.BouncyCastle.Crypto;
  14. using Org.BouncyCastle.Pkcs;
  15. using Org.BouncyCastle.X509;
  16. using iTextSharp.text.log;
  17. using iTextSharp.text.pdf.security;
  18.  
  19. namespace signatures.chapter3 {
  20.  
  21.     public class C3_05_SignWithCRLOffline {
  22.         public static String CRLURL = "../../../../resources/revoke.crl";
  23.         public static String DEST = "../../../../results/chapter3/hello_cacert_crl_offline.pdf";
  24.  
  25.         public static void Main(String[] args) {
  26.             LoggerFactory.GetInstance().SetLogger(new SysoLogger());
  27.             Properties properties = new Properties();
  28.             properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open));
  29.             String path = properties["PRIVATE"];
  30.             char[] pass = properties["PASSWORD"].ToCharArray();
  31.  
  32.             Pkcs12Store ks = new Pkcs12Store();
  33.             ks.Load(new FileStream(path, FileMode.Open), pass);
  34.             String alias = "";
  35.             foreach (string al in ks.Aliases) {
  36.                 if (ks.IsKeyEntry(al) && ks.GetKey(al).Key.IsPrivate) {
  37.                     alias = al;
  38.                     break;
  39.                 }
  40.             }
  41.             AsymmetricKeyParameter pk = ks.GetKey(alias).Key;
  42.             IList chain = new List();
  43.             foreach (X509CertificateEntry entry in ks.GetCertificateChain(alias)) {
  44.                 chain.Add(entry.Certificate);    
  45.             }
  46.             FileStream ins  = new FileStream(CRLURL, FileMode.Open);
  47.             MemoryStream baos = new MemoryStream();
  48.             byte[] buf = new byte[1024];
  49.             int readedBytes;
  50.             while ((readedBytes = ins.Read(buf, 0, 1024)) > 0) baos.Write(buf, 0, readedBytes);
  51.             ins.Close();
  52.             ICrlClient crlClient = new CrlClientOffline(baos.ToArray());
  53.            
  54.             X509CrlParser crlParser = new X509CrlParser();
  55.             X509Crl crl = crlParser.ReadCrl(new FileStream(CRLURL, FileMode.Open));
  56.             Console.WriteLine("CRL valid until: " + crl.NextUpdate);
  57.             Console.WriteLine("Certificate revoked: " + crl.IsRevoked(chain[0]));
  58.  
  59.             IList crlList = new List();
  60.             crlList.Add(crlClient);
  61.             C3_01_SignWithCAcert.Sign(DEST, chain, pk, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Test",
  62.                      "Ghent",
  63.                      crlList, null, null, 0);
  64.         }
  65.     }
  66. }
C3_06_GetOcspUrl.cs
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8.  
  9. using System;
  10. using System.Collections.Generic;
  11. using System.IO;
  12. using System.util;
  13. using Org.BouncyCastle.Pkcs;
  14. using Org.BouncyCastle.X509;
  15. using iTextSharp.text.pdf.security;
  16.  
  17. namespace signatures.chapter3 {
  18.  
  19.     public class C3_06_GetOcspUrl {
  20.         public static void Main(String[] args) {
  21.             Properties properties = new Properties();
  22.             properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open));
  23.             String path = properties["PRIVATE"];
  24.             char[] pass = properties["PASSWORD"].ToCharArray();
  25.  
  26.             Pkcs12Store ks = new Pkcs12Store();
  27.             ks.Load(new FileStream(path, FileMode.Open), pass);
  28.             String alias = "";
  29.             foreach (string al in ks.Aliases) {
  30.                 if (ks.IsKeyEntry(al) && ks.GetKey(al).Key.IsPrivate) {
  31.                     alias = al;
  32.                     break;
  33.                 }
  34.             }
  35.  
  36.             IList chain = new List();
  37.             foreach (X509CertificateEntry entry in ks.GetCertificateChain(alias)) {
  38.                 chain.Add(entry.Certificate);
  39.             }
  40.  
  41.             for (int i = 0; i < chain.Count; i++) {
  42.                 X509Certificate cert = chain[i];
  43.                 Console.WriteLine("[{0}] {1}", i, cert.SubjectDN);
  44.                 Console.WriteLine(CertificateUtil.GetOCSPURL(cert));
  45.             }
  46.             Console.ReadKey();
  47.         }
  48.     }
  49. }
C3_07_SignWithOCSP.cs
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8.  
  9. using System;
  10. using System.Collections.Generic;
  11. using System.IO;
  12. using System.util;
  13. using Org.BouncyCastle.Crypto;
  14. using Org.BouncyCastle.Pkcs;
  15. using Org.BouncyCastle.X509;
  16. using iTextSharp.text.pdf.security;
  17.  
  18. namespace signatures.chapter3 {
  19.  
  20.     public class C3_07_SignWithOCSP {
  21.         public static String DEST = "../../../../results/chapter3/hello_cacert_ocsp.pdf";
  22.  
  23.         public static void Main(String[] args) {
  24.             Properties properties = new Properties();
  25.             properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open));
  26.             String path = properties["PRIVATE"];
  27.             char[] pass = properties["PASSWORD"].ToCharArray();
  28.  
  29.             Pkcs12Store ks = new Pkcs12Store();
  30.             ks.Load(new FileStream(path, FileMode.Open), pass);
  31.             String alias = "";
  32.             foreach (string al in ks.Aliases) {
  33.                 if (ks.IsKeyEntry(al) && ks.GetKey(al).Key.IsPrivate) {
  34.                     alias = al;
  35.                     break;
  36.                 }
  37.             }
  38.             AsymmetricKeyParameter pk = ks.GetKey(alias).Key;
  39.             ICollection chain = new List();
  40.             foreach (X509CertificateEntry entry in ks.GetCertificateChain(alias)) {
  41.                 chain.Add(entry.Certificate);
  42.             }
  43.             IOcspClient ocspClient = new OcspClientBouncyCastle();
  44.             C3_01_SignWithCAcert.Sign(DEST, chain, pk, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Test", "Ghent",
  45.                      null, ocspClient, null, 0);
  46.         }
  47.     }
  48. }
C3_08_GetTsaUrl.cs
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8.  
  9. using System;
  10. using System.Collections.Generic;
  11. using System.IO;
  12. using System.util;
  13. using Org.BouncyCastle.Pkcs;
  14. using Org.BouncyCastle.X509;
  15. using iTextSharp.text.pdf.security;
  16.  
  17. namespace signatures.chapter3 {
  18.  
  19.     public class C3_08_GetTsaUrl {
  20.         public static void Main(String[] args) {
  21.             Properties properties = new Properties();
  22.             properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open));
  23.             String path = properties["PRIVATE"];
  24.             char[] pass = properties["PASSWORD"].ToCharArray();
  25.  
  26.             Pkcs12Store ks = new Pkcs12Store();
  27.             ks.Load(new FileStream(path, FileMode.Open), pass);
  28.             String alias = "";
  29.             foreach (string al in ks.Aliases) {
  30.                 if (ks.IsKeyEntry(al) && ks.GetKey(al).Key.IsPrivate) {
  31.                     alias = al;
  32.                     break;
  33.                 }
  34.             }
  35.  
  36.             IList chain = new List();
  37.             foreach (X509CertificateEntry entry in ks.GetCertificateChain(alias)) {
  38.                 chain.Add(entry.Certificate);
  39.             }
  40.  
  41.             for (int i = 0; i < chain.Count; i++) {
  42.                 X509Certificate cert = chain[i];
  43.                 Console.WriteLine("[{0}] {1}", i, cert.SubjectDN);
  44.                 Console.WriteLine(CertificateUtil.GetTSAURL(cert));
  45.             }
  46.             Console.ReadKey();
  47.         }
  48.     }
  49. }
C3_09_SignWithTSA.cs
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8.  
  9. using System;
  10. using System.Collections.Generic;
  11. using System.IO;
  12. using System.util;
  13. using Org.BouncyCastle.Crypto;
  14. using Org.BouncyCastle.Pkcs;
  15. using Org.BouncyCastle.X509;
  16. using iTextSharp.text.pdf.security;
  17.  
  18. namespace signatures.chapter3 {
  19.  
  20.     public class C3_09_SignWithTSA {
  21.         public static String DEST = "../../../../results/chapter3/hello_cacert_ocsp_ts.pdf";
  22.  
  23.         public static void Main(String[] args) {
  24.             Properties properties = new Properties();
  25.             properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open));
  26.             String path = properties["PRIVATE"];
  27.             char[] pass = properties["PASSWORD"].ToCharArray();
  28.             String tsaUrl = properties["TSAURL"];
  29.             String tsaUser = properties["TSAUSERNAME"];
  30.             String tsaPass = properties["TSAPASSWORD"];
  31.  
  32.             Pkcs12Store ks = new Pkcs12Store();
  33.             ks.Load(new FileStream(path, FileMode.Open), pass);
  34.             String alias = "";
  35.             foreach (string al in ks.Aliases) {
  36.                 if (ks.IsKeyEntry(al) && ks.GetKey(al).Key.IsPrivate) {
  37.                     alias = al;
  38.                     break;
  39.                 }
  40.             }
  41.             AsymmetricKeyParameter pk = ks.GetKey(alias).Key;
  42.             IList chain = new List();
  43.             foreach (X509CertificateEntry entry in ks.GetCertificateChain(alias)) {
  44.                 chain.Add(entry.Certificate);
  45.             }
  46.             IOcspClient ocspClient = new OcspClientBouncyCastle();
  47.             ITSAClient tsaClient = new TSAClientBouncyCastle(tsaUrl, tsaUser, tsaPass);
  48.             C3_01_SignWithCAcert.Sign(DEST, chain, pk, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Test", "Ghent",
  49.                      null, ocspClient, tsaClient, 0);
  50.         }
  51.     }
  52. }
C3_10_SignWithTSAEvent.cs
  1. using System;
  2. using System.Collections.Generic;
  3. using System.IO;
  4. using System.util;
  5. using Org.BouncyCastle.Crypto;
  6. using Org.BouncyCastle.Pkcs;
  7. using Org.BouncyCastle.Tsp;
  8. using Org.BouncyCastle.X509;
  9. using iTextSharp.text.pdf.security;
  10.  
  11. namespace signatures.chapter3 {
  12.  
  13.     public class TSAInfoTimeStampLogger : ITSAInfoBouncyCastle {
  14.         public void InspectTimeStampTokenInfo(TimeStampTokenInfo info) {
  15.             Console.WriteLine(info.GenTime);
  16.         }    
  17.     }
  18.  
  19.     public class C3_10_SignWithTSAEvent {
  20.         public static String DEST = "../../../../results/chapter3/hello_cacert_ocsp_ts.pdf";
  21.  
  22.         public static void Main(String[] args) {
  23.             Properties properties = new Properties();
  24.             properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open));
  25.             String path = properties["PRIVATE"];
  26.             char[] pass = properties["PASSWORD"].ToCharArray();
  27.             String tsaUrl = properties["TSAURL"];
  28.             String tsaUser = properties["TSAUSERNAME"];
  29.             String tsaPass = properties["TSAPASSWORD"];
  30.  
  31.             Pkcs12Store ks = new Pkcs12Store();
  32.             ks.Load(new FileStream(path, FileMode.Open), pass);
  33.             String alias = "";
  34.             foreach (string al in ks.Aliases) {
  35.                 if (ks.IsKeyEntry(al) && ks.GetKey(al).Key.IsPrivate) {
  36.                     alias = al;
  37.                     break;
  38.                 }
  39.             }
  40.             AsymmetricKeyParameter pk = ks.GetKey(alias).Key;
  41.             IList chain = new List();
  42.             foreach (X509CertificateEntry entry in ks.GetCertificateChain(alias)) {
  43.                 chain.Add(entry.Certificate);
  44.             }
  45.             IOcspClient ocspClient = new OcspClientBouncyCastle();
  46.             TSAClientBouncyCastle tsaClient = new TSAClientBouncyCastle(tsaUrl, tsaUser, tsaPass);
  47.  
  48.             tsaClient.SetTSAInfo(new TSAInfoTimeStampLogger());
  49.             C3_01_SignWithCAcert.Sign(DEST, chain, pk, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Test",
  50.                      "Ghent",
  51.                      null, ocspClient, tsaClient, 0);
  52.             Console.ReadKey();
  53.         }
  54.     }
  55. }
C3_11_SignWithToken.cs
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8.  
  9. using System;
  10. using System.Collections.Generic;
  11. using System.IO;
  12. using System.Security.Cryptography.X509Certificates;
  13. using Org.BouncyCastle.Security;
  14. using iTextSharp.text;
  15. using iTextSharp.text.log;
  16. using iTextSharp.text.pdf;
  17. using iTextSharp.text.pdf.security;
  18. using X509Certificate = Org.BouncyCastle.X509.X509Certificate;
  19.  
  20. namespace signatures.chapter3 {
  21.  
  22.     public class C3_11_SignWithToken {
  23.         public static String SRC = "../../../../resources/hello.pdf";
  24.         public static String DEST = "../../../../results/chapter3/hello_token.pdf";
  25.  
  26.         public void Sign(String src, String dest,
  27.                          ICollection chain, X509Certificate2 pk,
  28.                          String digestAlgorithm, CryptoStandard subfilter,
  29.                          String reason, String location,
  30.                          ICollection crlList,
  31.                          IOcspClient ocspClient,
  32.                          ITSAClient tsaClient,
  33.                          int estimatedSize) {
  34.             // Creating the reader and the stamper
  35.             PdfReader reader = null;
  36.             PdfStamper stamper = null;
  37.             FileStream os = null;
  38.             try {
  39.                 reader = new PdfReader(src);
  40.                 os = new FileStream(dest, FileMode.Create);
  41.                 stamper = PdfStamper.CreateSignature(reader, os, '\0');
  42.                 // Creating the appearance
  43.                 PdfSignatureAppearance appearance = stamper.SignatureAppearance;
  44.                 appearance.Reason = reason;
  45.                 appearance.Location = location;
  46.                 appearance.SetVisibleSignature(new Rectangle(36, 748, 144, 780), 1, "sig");
  47.                 // Creating the signature
  48.                 IExternalSignature pks = new X509Certificate2Signature(pk, digestAlgorithm);
  49.                 MakeSignature.SignDetached(appearance, pks, chain, crlList, ocspClient, tsaClient, estimatedSize,
  50.                                            subfilter);
  51.             }
  52.             finally {
  53.                 if (reader != null)
  54.                     reader.Close();
  55.                 if (stamper != null)
  56.                     stamper.Close();
  57.                 if (os != null)
  58.                     os.Close();
  59.             }
  60.         }
  61.  
  62.         public static void Main(String[] args) {
  63.             LoggerFactory.GetInstance().SetLogger(new SysoLogger());
  64.  
  65.  
  66.             X509Store x509Store = new X509Store("My");
  67.             x509Store.Open(OpenFlags.ReadOnly);
  68.             X509Certificate2Collection certificates = x509Store.Certificates;
  69.             IList chain = new List();
  70.             X509Certificate2 pk = null;
  71.             if (certificates.Count > 0) {
  72.                 X509Certificate2Enumerator certificatesEn = certificates.GetEnumerator();
  73.                 certificatesEn.MoveNext();
  74.                 pk = certificatesEn.Current;
  75.  
  76.                 X509Chain x509chain = new X509Chain();
  77.                 x509chain.Build(pk);
  78.  
  79.                 foreach (X509ChainElement x509ChainElement in x509chain.ChainElements) {
  80.                     chain.Add(DotNetUtilities.FromX509Certificate(x509ChainElement.Certificate));
  81.                 }
  82.             }
  83.             x509Store.Close();
  84.  
  85.  
  86.             IOcspClient ocspClient = new OcspClientBouncyCastle();
  87.             ITSAClient tsaClient = null;
  88.             for (int i = 0; i < chain.Count; i++) {
  89.                 X509Certificate cert = chain[i];
  90.                 String tsaUrl = CertificateUtil.GetTSAURL(cert);
  91.                 if (tsaUrl != null) {
  92.                     tsaClient = new TSAClientBouncyCastle(tsaUrl);
  93.                     break;
  94.                 }
  95.             }
  96.             IList crlList = new List();
  97.             crlList.Add(new CrlClientOnline(chain));
  98.             C3_11_SignWithToken app = new C3_11_SignWithToken();
  99.             app.Sign(SRC, DEST, chain, pk, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Test",
  100.                      "Ghent",
  101.                      crlList, ocspClient, tsaClient, 0);
  102.         }
  103.     }
  104. }
C3_12_SignWithEstimatedSize.cs
  1. /*
  2.  * This class is part of the white paper entitled
  3.  * "Digital Signatures for PDF documents"
  4.  * written by Bruno Lowagie
  5.  *
  6.  * For more info, go to: http://itextpdf.com/learn
  7.  */
  8.  
  9. using System;
  10. using System.Collections.Generic;
  11. using System.IO;
  12. using System.util;
  13. using Org.BouncyCastle.Crypto;
  14. using Org.BouncyCastle.Pkcs;
  15. using Org.BouncyCastle.X509;
  16. using iTextSharp.text.pdf.security;
  17.  
  18. namespace signatures.chapter3 {
  19.  
  20.     public class C3_12_SignWithEstimatedSize {
  21.         public static String DEST = "../../../../results/chapter3/hello_estimated.pdf";
  22.  
  23.         public static void Main(String[] args) {
  24.             Properties properties = new Properties();
  25.             properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open));
  26.             String path = properties["PRIVATE"];
  27.             char[] pass = properties["PASSWORD"].ToCharArray();
  28.             String tsaUrl = properties["TSAURL"];
  29.             String tsaUser = properties["TSAUSERNAME"];
  30.             String tsaPass = properties["TSAPASSWORD"];
  31.  
  32.             Pkcs12Store ks = new Pkcs12Store();
  33.             ks.Load(new FileStream(path, FileMode.Open), pass);
  34.             String alias = "";
  35.             foreach (string al in ks.Aliases) {
  36.                 if (ks.IsKeyEntry(al) && ks.GetKey(al).Key.IsPrivate) {
  37.                     alias = al;
  38.                     break;
  39.                 }
  40.             }
  41.             AsymmetricKeyParameter pk = ks.GetKey(alias).Key;
  42.             IList chain = new List();
  43.             foreach (X509CertificateEntry entry in ks.GetCertificateChain(alias)) {
  44.                 chain.Add(entry.Certificate);
  45.             }
  46.             IOcspClient ocspClient = new OcspClientBouncyCastle();
  47.             TSAClientBouncyCastle tsaClient = new TSAClientBouncyCastle(tsaUrl, tsaUser, tsaPass);
  48.  
  49.             C3_12_SignWithEstimatedSize app = new C3_12_SignWithEstimatedSize();
  50.             bool succeeded = false;
  51.             int estimatedSize = 10300;
  52.             while (!succeeded) {
  53.                 try {
  54.                     Console.WriteLine("Attempt: " + estimatedSize + " bytes");
  55.                     C3_01_SignWithCAcert.Sign(DEST, chain, pk, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Test", "Ghent",
  56.                              null, ocspClient, tsaClient, estimatedSize);
  57.                     succeeded = true;
  58.                     Console.WriteLine("Succeeded!");
  59.                 }
  60.                 catch (IOException ioe) {
  61.                     Console.WriteLine("Not succeeded: " + ioe.Message);
  62.                     estimatedSize += 50;
  63.                 }
  64.             }
  65.             Console.ReadKey();
  66.         }
  67.     }
  68. }
Contact

Still have questions? 

We're happy to answer your questions. Reach out to us and we'll get back to you shortly.

Contact us
Stay updated

Join 11,000+ subscribers and become an iText PDF expert by staying up to date with our new products, updates, tips, technical solutions and happenings.

Subscribe Now