Search code examples
javapdfboxdigital-signaturepfx

How to digitally sign a PDF document with visible signature and text using Java

I am trying to digitally sign a PDF file using PDFBox Library using Java with visible text to appear on a signature field like the attached image. I tried the following code and I get the following warning,

WARN org.apache.pdfbox.pdmodel.interactive.form.PDSignatureField - Appearance generation for signature fields not yet implemented - you need to generate/update that manually

Following is the code,

PDDocument pDDocument = PDDocument.load(new File("input.pdf"));
PDDocumentCatalog pDDocumentCatalog = pDDocument.getDocumentCatalog();
PDAcroForm pDAcroForm = pDDocumentCatalog.getAcroForm();
PDSignatureField pDSignatureField = (PDSignatureField) pDAcroForm.getField("signatureField");
PDSignature pDSignature = new PDSignature();

KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream("pfxfile.pfx"), "password".toCharArray());
byte[] bytes = IOUtils.toByteArray(new FileInputStream("pfxfile.pfx"));
pDSignature.setContents(bytes);

pDSignatureField.setValue(pDSignature);
FileOutputStream fileOutputStream = new FileOutputStream("output.pdf");
pDDocument.saveIncremental(fileOutputStream);

Digital Signature

So what is I am doing wrong here? Or are there any solution apart from PDFBox?

Solution

  • You can do this easily with iText. This is a working solution using iText 7. You can check more from their examples.

    public static void digitalSignature(String sourceFile, String signatureFieldName, String outputFile, Certificate[] certificateChain, PrivateKey privateKey, String digestAlgorithm,
        String bouncyCastleProvider, PdfSigner.CryptoStandard cryptoStandardSubFilter, String reason, String location)
        throws GeneralSecurityException, IOException {

    PdfReader pdfReader = new PdfReader(sourceFile);
    PdfSigner pdfSigner = new PdfSigner(pdfReader, new FileOutputStream(outputFile), new StampingProperties());

    // Create the signature appearance
    PdfSignatureAppearance pdfSignatureAppearance = pdfSigner.getSignatureAppearance()
            .setReason(reason)
            .setLocation(location);

    // This name corresponds to the name of the field that already exists in the document.
    pdfSigner.setFieldName(signatureFieldName);

    pdfSignatureAppearance.setRenderingMode(PdfSignatureAppearance.RenderingMode.NAME_AND_DESCRIPTION);

    IExternalSignature iExternalSignature = new PrivateKeySignature(privateKey, digestAlgorithm, bouncyCastleProvider);
    IExternalDigest iExternalDigest = new BouncyCastleDigest();

    // Sign the document using the detached mode, CMS, or CAdES equivalent.
    pdfSigner.signDetached(iExternalDigest, iExternalSignature, certificateChain, null, null, null, 0, cryptoStandardSubFilter);
}

public static void main(String[] args) throws IOException, GeneralSecurityException {
    BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
    Security.addProvider(bouncyCastleProvider);

    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(new FileInputStream("path/to/keystore/file"), "password".toCharArray());
    String alias = keyStore.aliases().nextElement();
    PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, "password".toCharArray());
    Certificate[] certificateChain = keyStore.getCertificateChain(alias);

    digitalSignature("path/to/input.pdf", "Signature Field Name", "path/to/output.pdf", certificateChain, privateKey,
            DigestAlgorithms.SHA256, bouncyCastleProvider.getName(), PdfSigner.CryptoStandard.CMS,
            "Reason", "Location");
}