Verify Digital Signature in PDF using Java(iText) and cacerts
Jars Files:
itext-2.1.7.jar
itextpdf-5.4.2.jar
bcprov-ext-jdk14-1.47.jar
bcprov-1.39.jar
----------------------------------------------------------------
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Enumeration;
import com.lowagie.text.pdf.AcroFields;
import com.lowagie.text.pdf.PdfPKCS7;
import com.lowagie.text.pdf.PdfReader;
public class VerifySignature {
public static void main(String[] args) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, SignatureException {
//loads all the keystore imported in cacerts. To load your certificate from cacerts, first it needs to be imported using keytool commands
//Please see how to import certificate to cacerts Generate Keystore using Keytool commands
KeyStore kall = PdfPKCS7.loadCacertsKeyStore();
Enumeration aliases = kall.aliases();
//loop to display all the certificate aliases imported to cacerts.
while (aliases.hasMoreElements()) {
System.out.println(aliases.nextElement());
}
PdfReader reader = null;
reader = new PdfReader("C:\\signed.pdf");
AcroFields af = reader.getAcroFields();
// Search of the whole signature
ArrayList names = af.getSignatureNames();
// For every signature :
for (int k = 0; k < names.size(); ++k) {
String name = (String) names.get(k);
System.out.println("Signature name: " + name);
System.out.println("Signature covers whole document: "+ af.signatureCoversWholeDocument(name));
System.out.println("Document revision: " + af.getRevision(name) + " of " + af.getTotalRevisions());
PdfPKCS7 pk = af.verifySignature(name);
Calendar cal = pk.getSignDate();
java.security.cert.Certificate[] pkc = pk.getCertificates();
System.out.println("Certificate" + pkc.toString());
// Information about the certificate
System.out.println("Subject: " + PdfPKCS7.getSubjectFields(pk.getSigningCertificate()));
System.out.println("Document modified: " + !pk.verify());
Object fails[] = PdfPKCS7.verifyCertificates(pkc, kall, null, cal);
if (fails == null) {
System.out .println("Certificates verified against the KeyStore");
} else {
System.out.println("Certificate failed: " + fails[1]);
}
}
}
}
itext-2.1.7.jar
itextpdf-5.4.2.jar
bcprov-ext-jdk14-1.47.jar
bcprov-1.39.jar
----------------------------------------------------------------
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Enumeration;
import com.lowagie.text.pdf.AcroFields;
import com.lowagie.text.pdf.PdfPKCS7;
import com.lowagie.text.pdf.PdfReader;
public class VerifySignature {
public static void main(String[] args) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, SignatureException {
//loads all the keystore imported in cacerts. To load your certificate from cacerts, first it needs to be imported using keytool commands
//Please see how to import certificate to cacerts Generate Keystore using Keytool commands
KeyStore kall = PdfPKCS7.loadCacertsKeyStore();
Enumeration
//loop to display all the certificate aliases imported to cacerts.
while (aliases.hasMoreElements()) {
System.out.println(aliases.nextElement());
}
PdfReader reader = null;
reader = new PdfReader("C:\\signed.pdf");
AcroFields af = reader.getAcroFields();
// Search of the whole signature
ArrayList names = af.getSignatureNames();
// For every signature :
for (int k = 0; k < names.size(); ++k) {
String name = (String) names.get(k);
System.out.println("Signature name: " + name);
System.out.println("Signature covers whole document: "+ af.signatureCoversWholeDocument(name));
System.out.println("Document revision: " + af.getRevision(name) + " of " + af.getTotalRevisions());
PdfPKCS7 pk = af.verifySignature(name);
Calendar cal = pk.getSignDate();
java.security.cert.Certificate[] pkc = pk.getCertificates();
System.out.println("Certificate" + pkc.toString());
// Information about the certificate
System.out.println("Subject: " + PdfPKCS7.getSubjectFields(pk.getSigningCertificate()));
System.out.println("Document modified: " + !pk.verify());
Object fails[] = PdfPKCS7.verifyCertificates(pkc, kall, null, cal);
if (fails == null) {
System.out .println("Certificates verified against the KeyStore");
} else {
System.out.println("Certificate failed: " + fails[1]);
}
}
}
}
Comments
Post a Comment