Maher
2012-02-25 10:15:40 UTC
Hi all,
I am using iText 5.3.1
I got this exception when I try to verify signature of a pdf with SUBfilter
ADBE_PKCS7_SHA1
exception :
java.lang.IllegalArgumentException: Not a valid PKCS#7 object - not a
sequence
at com.itextpdf.text.pdf.PdfPKCS7.<init>(PdfPKCS7.java:469)
at com.itextpdf.text.pdf.AcroFields.verifySignature(AcroFields.java:2324)
at com.itextpdf.text.pdf.AcroFields.verifySignature(AcroFields.java:2259)
at com.CertificateCheck3.goShow(CertificateCheck3.java:46)
the code I am using is:
=================
public void goShow(){
Security.addProvider(new
org.bouncycastle.jce.provider.BouncyCastleProvider());
KeyStore kall = PdfPKCS7.loadCacertsKeyStore();
PdfReader reader;
try{
reader = new PdfReader("certt/FFF.pdf");
AcroFields af = reader.getAcroFields();
ArrayList names = af.getSignatureNames();
for (int k = 0; k < names.size(); ++k) {
String name = (String)names.get(k);
System.out.println("Signature name: " + name);
System.out.println("Signature covers whole document: " +
af.signatureCoversWholeDocument(name));
System.out.println("Document revision: " + af.getRevision(name) + " of
" + af.getTotalRevisions());
// Start revision extraction
FileOutputStream out = new FileOutputStream("revision_" +
af.getRevision(name) + ".pdf");
byte bb[] = new byte[8192];
InputStream ip = af.extractRevision(name);
int n = 0;
while ((n = ip.read(bb)) > 0)
out.write(bb, 0, n);
out.close();
ip.close();
// End revision extraction
PdfPKCS7 pk = af.verifySignature(name);
Calendar cal = pk.getSignDate();
X509Certificate pkc[] =
(X509Certificate[])pk.getSignCertificateChain();
TimeStampToken ts = pk.getTimeStampToken();
if (ts != null) {
boolean impr = pk.verifyTimestampImprint();
System.out.println("Timestamp imprint verifies: " + impr);
cal = pk.getTimeStampDate();
System.out.println("Timestamp date: " + cal);
}
System.out.println("Subject: " +
PdfPKCS7.getSubjectFields(pk.getSigningCertificate()));
System.out.println("Document modified: " + !pk.verify());
Object fails[] = PdfPKCS7.verifyCertificates(pkc, kall, null, cal);
if (fails == null)
System.out.println("Certificates verified against the KeyStore");
else
System.out.println("Certificate failed: " + fails[1]);
BasicOCSPResp ocsp = pk.getOcsp();
if (ocsp != null) {
// Get a trusted certificate (could have come from a certificate
store)
InputStream inStream = new FileInputStream("responder.cer");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert =
(X509Certificate)cf.generateCertificate(inStream);
inStream.close();
System.out.println("OCSP signature verifies: " +
ocsp.verify(cert.getPublicKey(), "BC"));
System.out.println("OCSP revocation refers to this certificate: " +
pk.isRevocationValid());
}
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
=================
strange thing that I checked the subfilter .. it returns its
PdfName.ADBE_PKCS7_DETACHED but I know its PdfName.ADBE_PKCS7_SHA1
I could successfully verify other PDF with subfilter
PdfName.ADBE_PKCS7_DETACHED
what wrong I am doing ?
thanks in advance for any help ..
M.
--
View this message in context: http://itext-general.2136553.n4.nabble.com/how-to-verify-signature-with-PdfName-ADBE-PKCS7-SHA1-sub-filter-tp4419822p4419822.html
Sent from the iText - General mailing list archive at Nabble.com.
I am using iText 5.3.1
I got this exception when I try to verify signature of a pdf with SUBfilter
ADBE_PKCS7_SHA1
exception :
java.lang.IllegalArgumentException: Not a valid PKCS#7 object - not a
sequence
at com.itextpdf.text.pdf.PdfPKCS7.<init>(PdfPKCS7.java:469)
at com.itextpdf.text.pdf.AcroFields.verifySignature(AcroFields.java:2324)
at com.itextpdf.text.pdf.AcroFields.verifySignature(AcroFields.java:2259)
at com.CertificateCheck3.goShow(CertificateCheck3.java:46)
the code I am using is:
=================
public void goShow(){
Security.addProvider(new
org.bouncycastle.jce.provider.BouncyCastleProvider());
KeyStore kall = PdfPKCS7.loadCacertsKeyStore();
PdfReader reader;
try{
reader = new PdfReader("certt/FFF.pdf");
AcroFields af = reader.getAcroFields();
ArrayList names = af.getSignatureNames();
for (int k = 0; k < names.size(); ++k) {
String name = (String)names.get(k);
System.out.println("Signature name: " + name);
System.out.println("Signature covers whole document: " +
af.signatureCoversWholeDocument(name));
System.out.println("Document revision: " + af.getRevision(name) + " of
" + af.getTotalRevisions());
// Start revision extraction
FileOutputStream out = new FileOutputStream("revision_" +
af.getRevision(name) + ".pdf");
byte bb[] = new byte[8192];
InputStream ip = af.extractRevision(name);
int n = 0;
while ((n = ip.read(bb)) > 0)
out.write(bb, 0, n);
out.close();
ip.close();
// End revision extraction
PdfPKCS7 pk = af.verifySignature(name);
Calendar cal = pk.getSignDate();
X509Certificate pkc[] =
(X509Certificate[])pk.getSignCertificateChain();
TimeStampToken ts = pk.getTimeStampToken();
if (ts != null) {
boolean impr = pk.verifyTimestampImprint();
System.out.println("Timestamp imprint verifies: " + impr);
cal = pk.getTimeStampDate();
System.out.println("Timestamp date: " + cal);
}
System.out.println("Subject: " +
PdfPKCS7.getSubjectFields(pk.getSigningCertificate()));
System.out.println("Document modified: " + !pk.verify());
Object fails[] = PdfPKCS7.verifyCertificates(pkc, kall, null, cal);
if (fails == null)
System.out.println("Certificates verified against the KeyStore");
else
System.out.println("Certificate failed: " + fails[1]);
BasicOCSPResp ocsp = pk.getOcsp();
if (ocsp != null) {
// Get a trusted certificate (could have come from a certificate
store)
InputStream inStream = new FileInputStream("responder.cer");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert =
(X509Certificate)cf.generateCertificate(inStream);
inStream.close();
System.out.println("OCSP signature verifies: " +
ocsp.verify(cert.getPublicKey(), "BC"));
System.out.println("OCSP revocation refers to this certificate: " +
pk.isRevocationValid());
}
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
=================
strange thing that I checked the subfilter .. it returns its
PdfName.ADBE_PKCS7_DETACHED but I know its PdfName.ADBE_PKCS7_SHA1
I could successfully verify other PDF with subfilter
PdfName.ADBE_PKCS7_DETACHED
what wrong I am doing ?
thanks in advance for any help ..
M.
--
View this message in context: http://itext-general.2136553.n4.nabble.com/how-to-verify-signature-with-PdfName-ADBE-PKCS7-SHA1-sub-filter-tp4419822p4419822.html
Sent from the iText - General mailing list archive at Nabble.com.