0

I use PdfStamper in Java applet to sign pdf files. The problem is that applet every time suspends when reach line with pdfStamper.close(); I think that my problem is related to some java applet policy but I have granted permissions to all like:

grant {
  permission java.security.AllPermission;
};

My code is:

import com.lowagie.text.DocumentException;
import com.lowagie.text.Rectangle;
import com.lowagie.text.pdf.PdfReader;
import com.lowagie.text.pdf.PdfSignatureAppearance;
import com.lowagie.text.pdf.PdfStamper;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import javax.swing.JApplet;

public class SignApplet extends JApplet {

    public void test() {
        AccessController.doPrivileged( new PrivilegedAction() {
            @Override
            public Object run() {
                try {
                    KeyStore keyStore = KeyStore.getInstance( "PKCS11-custom_name" );

                    String pin = "custom_pin";
                    keyStore.load( null, pin.toCharArray() );
                    Enumeration<String> aliases = keyStore.aliases();

                    String alias = aliases.nextElement();
                    PrivateKey key = ( PrivateKey ) keyStore.getKey( alias, pin.toCharArray() );
                    Certificate[] chain = keyStore.getCertificateChain( alias );

                    String unsigned_pdf = "C:\\Users\\user_name\\unsigned.pdf";
                    String signed_pdf = "C:\\Users\\user_name\\signed.pdf";

                    PdfReader pdfReader = new PdfReader( (new File( unsigned_pdf )).getAbsolutePath() );
                    File outputFile = new File( signed_pdf );
                    PdfStamper pdfStamper;
                    pdfStamper = PdfStamper.createSignature( pdfReader, null, '\0', outputFile );
                    PdfSignatureAppearance sap = pdfStamper.getSignatureAppearance();
                    sap.setCrypto( key, chain, null, PdfSignatureAppearance.SELF_SIGNED );
                    sap.setReason( "reason" );
                    sap.setLocation( "" );
                    sap.setVisibleSignature( new Rectangle( 10, 10, 50, 30 ), 1, null );

                    pdfStamper.setFormFlattening( true );
                    pdfStamper.close(); // -- applet suspends right there

                } catch ( Exception ex ) {
                    ex.printStackTrace();
                }
                return null;
            }
        } );
    }
}

I run it from html like that:

<APPLET CODE="SignApplet.class" NAME="SIGNAPPLET" ARCHIVE="SignApplet-1.0.jar, itext-2.1.7.jar" WIDTH="0" HEIGHT="0"></APPLET> 
<h:form>
    <h:button onclick="document.SIGNAPPLET.test();" value="--- TEST ---" />
</h:form>

Keystore comes from USB token.

In java debug console I don't see any exception. When I run the same source code from main method (with little modification for passing arguments) it works very well.

Any idea what is the problem?

MadukaJ
  • 722
  • 6
  • 22
ryan
  • 31
  • 1
  • 4
  • For better help sooner, post an [SSCCE](http://sscce.org/). – Andrew Thompson May 14 '13 at 14:18
  • Is the applet signed? If it is not, it uses the standard security model http://docs.oracle.com/javase/6/docs/technotes/guides/plugin/developer_guide/security.html – SJuan76 May 14 '13 at 14:34
  • Addionally: you're creating an obsolete type of signature. Please read http://itextpdf.com/book/digitalsignatures – Bruno Lowagie May 14 '13 at 14:41
  • SJuan76: Yes, my applet is self-signed. – ryan May 15 '13 at 13:22
  • *"my applet is self-signed."* If it is, the entire policy file is not only dangerous, but unnecessary. Were you going to post that SSCCE or make comment on the suggestion, or are you just ignoring me? Tips 1) Add @SJuan76 (the `@` is important) to make sure they are notified of the new comment. 2) Don't ignore *anyone* that comments or replies. It is possible other people looked at the thread, saw that comment & thought "OK - I'll delve into it when that matter is fixed.." & they are ..still waiting. – Andrew Thompson May 15 '13 at 15:27
  • @AndrewThompson Thank you for you help and tips. I've edited my post to update source code. – ryan May 16 '13 at 08:16
  • @BrunoLowagie I have problem with example on page 95 in pdf documentation. I cannot find jar containing SignWithPKCS11HSM or SignWithPKCS11SC class. – ryan May 23 '13 at 13:41
  • It's an example. Examples aren't put in jars! You can find all the examples in a repository on SourceForge. For instance: http://sourceforge.net/p/itext/code/HEAD/tree/tutorial/signatures/src/main/java/signatures/chapter4/ – Bruno Lowagie May 23 '13 at 14:30

1 Answers1

0

Solution: pdfStamper.close(); // -- applet suspends right there

iText PdfStamper is calling another API of a jar bcprov*.jar. This jar file was already signed by another e-certificate. You need to unzip a jar and remove all .DSA and .SF files in META-INF. Then you re-jar it again and use your e-certificate resign a jar file. It will solve a problem.

user4222009
  • 1