0

I generate and digitally sign correctly a pdf using iText.

When I try to sign it again (two or three times) the pdf says that the previuos revision is been modified and the first signature is not valid, but I've just signed it on another time without touching nothing else.

This is my code:

public void signPdf(String SRC, String DEST, String SIGN_IMAGE)
        throws IOException, DocumentException, GeneralSecurityException {

    // Gets the informations stored in the properties file
    String path = properties.getProperty("PRIVATE");
    String keystore_password = properties.getProperty("PASSWORD");
    String key_password = properties.getProperty("PASSWORD");

    // Create the keystore
    KeyStore ks = KeyStore.getInstance("pkcs12", "BC");
    ks.load(new FileInputStream(path), keystore_password.toCharArray());
    String alias = (String) ks.aliases().nextElement();
    PrivateKey pk = (PrivateKey) ks.getKey(alias,
            key_password.toCharArray());
    Certificate[] chain = ks.getCertificateChain(alias);

    // reader and stamper
    PdfReader reader = new PdfReader(SRC);
    FileOutputStream os = new FileOutputStream(DEST);

    // Get all the signatures if existing
    AcroFields acroFields = reader.getAcroFields();
    List<String> signatureNames = acroFields.getSignatureNames();
    PdfStamper stamper;

    // Choose to append or not the signature        
    if(signatureNames.isEmpty()){
        stamper = PdfStamper.createSignature(reader, os, '\0');
    } else{
        stamper = PdfStamper.createSignature(reader, os, '\0', null,
                true);
    }

    String sName = "sign_" + (signatureNames.size());

    // appearance
    PdfSignatureAppearance appearance = stamper.getSignatureAppearance();
    appearance.setVisibleSignature(new Rectangle(x_bl, y_bl, x_tr, y_tr),
            page, sName);
    appearance
            .setRenderingMode(PdfSignatureAppearance.RenderingMode.GRAPHIC);
    appearance.setSignatureGraphic(Image.getInstance(SIGN_IMAGE));
    // digital signature
    ExternalSignature es = new PrivateKeySignature(pk, "SHA-256", "BC");
    ExternalDigest digest = new BouncyCastleDigest();
    MakeSignature.signDetached(appearance, digest, es, chain, null, null,
            null, 0, CryptoStandard.CMS);
}

I'm not getting what's really wrong because when I used to sign it just twice separately like in this example it used to work. What am I doing wrong?

tshepang
  • 12,111
  • 21
  • 91
  • 136
Igr
  • 965
  • 4
  • 13
  • 26
  • Please supply sample pdfs illustrating the issue. – mkl Jul 03 '13 at 15:35
  • Is it possible to set the signature to allow only document level file attachments and cover all the other modifications? (I got what the issue is, I used to attach something after the first signature and this was seen as a document modification) – Igr Jul 04 '13 at 07:02
  • 2
    File attachments are not allowed after signing. For details have a look at *Allowed and disallowed changes* in [Adobe Acrobat 9 Digital Signatures, Changes and Improvements](http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/reader/pdfs/readercomp_digitalsignatures.pdf). – mkl Jul 04 '13 at 07:08
  • 1
    Also look at [this answer](http://stackoverflow.com/a/16711745/1729265). – mkl Jul 04 '13 at 07:15

0 Answers0