Link to home
Start Free TrialLog in
Avatar of jazzIIIlove
jazzIIIloveFlag for Sweden

asked on

web service JAX-WS, a pdf file and integrity and authenticity of the pdf file.

Hi there;

This is a theoretical question and I need some advices.
I am doing a trivial project to practice some concepts in Java.

I wrote a web service, that a client sends a CV via JAX - WS webservice and in the server side, the pdf file is processeed and outputted in the console.

-->I have done successfully until this point.

What I am trying to do further on is that I want to integrate the  integrity of that pdf file is not tampered.

How can I do this? Can you give me some ideas?

Regards.
SOLUTION
Avatar of Dave Howe
Dave Howe
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jazzIIIlove

ASKER

i was actually thinking digital signing.

What do you think?

Regards.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi there;

This is extremely trivial project, nothing real. My JAX-WS is not even uploaded in the system. It is just output the content of pdf in console.


In practice, I want a sign a single pdf and wait server code to process and finds out that the document is not tampered. So do you think that it's meaningful in its triviality context?

Regards.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi there;

I followed your link; http://itextpdf.sourceforge.net/howtosign.html#howtoverify

I tried to sign with the link you provided, but i fail in the following lines:
sap.setCrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED);

There is no static field as WINCER_SIGNED in java but yes, in C#. I also checked API but no such static field.

setVisibleSignature(...) expects string not null and it fails.
sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, null);

What to do?

Full code:
import java.io.FileInputStream;
import java.io.FileOutputStream;

import java.security.KeyStore;
import java.security.PrivateKey;

import java.security.cert.*;

import com.itextpdf.awt.geom.Rectangle;
import com.itextpdf.text.pdf.PdfReader;
import com.itextpdf.text.pdf.PdfSignatureAppearance;
import com.itextpdf.text.pdf.PdfStamper;

public class JazziiiloveSign{

	public void sign()
	{
		KeyStore ks = KeyStore.getInstance("pkcs12");
		ks.load(new FileInputStream("my_private_key.pfx"), "my_password".toCharArray());
		String alias = (String)ks.aliases().nextElement();
		PrivateKey key = (PrivateKey)ks.getKey(alias, "my_password".toCharArray());
		Certificate[] chain = ks.getCertificateChain(alias);
		PdfReader reader = new PdfReader("original.pdf");
		FileOutputStream fout = new FileOutputStream("signed.pdf");
		PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');
		PdfSignatureAppearance sap = stp.getSignatureAppearance();
		sap.setCrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED);
		sap.setReason("I'm jazziiilove");
		sap.setLocation("NewYork");
		// comment next line to have an invisible signature
		sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, null);
		stp.close();
	}
}

Open in new window


Regards.