Search code examples
pdfitextdigital-signature

IText PDF Signature

I want to digitally sign the pdf and the straightforward option is the itext. I am just appending a signature incase there is a first one. But when members view it , it shows unknow with error Error information : Error during signature verification. Signature contains incorrect ,unrecognized, corrupted or suspicious data. Support information SigDict/Contents illegal data. what can I do?

import com.itextpdf.kernel.pdf.StampingProperties;
import com.itextpdf.signatures.*;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import com.itextpdf.kernel.pdf.PdfReader;

public class App {

        public static void digitalSignature(String sourceFile, String signatureFieldName, String outputFile, Certificate[] certificateChain, PrivateKey privateKey, String digestAlgorithm,
                                            String bouncyCastleProvider, PdfSigner.CryptoStandard cryptoStandardSubFilter, String reason, String location)
                throws GeneralSecurityException, IOException {

                PdfReader pdfReader = new PdfReader(sourceFile);
                PdfSigner pdfSigner = new PdfSigner(pdfReader, new FileOutputStream(outputFile), new StampingProperties());

                // Create the signature appearance
                PdfSignatureAppearance pdfSignatureAppearance = pdfSigner.getSignatureAppearance()
                        .setReason(reason)
                        .setLocation(location);

                // This name corresponds to the name of the field that already exists in the document.
                pdfSigner.setFieldName(signatureFieldName);

                pdfSignatureAppearance.setRenderingMode(PdfSignatureAppearance.RenderingMode.NAME_AND_DESCRIPTION);

                IExternalSignature iExternalSignature = new PrivateKeySignature(privateKey, digestAlgorithm, bouncyCastleProvider);
                IExternalDigest iExternalDigest = new BouncyCastleDigest();

                // Sign the document using the detached mode, CMS, or CAdES equivalent.
                pdfSigner.signDetached(iExternalDigest, iExternalSignature, certificateChain, null, null, null, 0, cryptoStandardSubFilter);
        }

        
}

I would appreciate any help. I have used alot of time in this. The purpose is actually to add a second signature to the document for verification purpose. I don't want the option for creating/copy of this document since the first signature might get lost.

Solution

  • As already mentioned in comments, you use plain new StampingProperties() when instantiating the PdfSigner:

    PdfSigner pdfSigner = new PdfSigner(pdfReader,
    new FileOutputStream(outputFile), new StampingProperties());

    Thus, you don't append the signature but add it in a way that mixes up any earlier signatures. Please try new StampingProperties().useAppendMode() instead:

    PdfSigner pdfSigner = new PdfSigner(pdfReader,
    new FileOutputStream(outputFile), new StampingProperties().useAppendMode());

    In response you confirmed that that worked and remarked:

    It just helped remove the error and now the signature is not considered corrupt but only raising the error At least one signature has a problems which I think the reason is Adobe flagging it because it is not in AATL unless there is another thing I can do then I believe until a user turns the trust certificate for my signature.

    Indeed, unless issued by an AATL or EUTL CA, certificates usually are not trusted.

    In case of company internal usage, trust for custom CA certificates may be rolled out to all computers by the IT department. Beyond that, though, go for certificates issued by an AATL or EUTL CA.