0

I used the following code that I found on this page to sign PDFs with a *.p12 file.

public static final boolean signPdf()
        throws IOException, DocumentException, Exception
{
    // Vous devez preciser ici le chemin d'acces a votre clef pkcs12
    String fileKey          = "C:\\MonRep\\MaClef.p12" ;
    // et ici sa "passPhrase"
    String fileKeyPassword  = "MonPassword" ;

    try {
        // Creation d'un KeyStore
        KeyStore ks = KeyStore.getInstance("pkcs12");
        // Chargement du certificat p12 dans el magasin
        ks.load(new FileInputStream(fileKey), fileKeyPassword.toCharArray());
        String alias = (String)ks.aliases().nextElement();
        // Recupération de la clef privée
        PrivateKey key = (PrivateKey)ks.getKey(alias, fileKeyPassword.toCharArray());
        // et de la chaine de certificats
        Certificate[] chain = ks.getCertificateChain(alias);

        // Lecture du document source
        PdfReader pdfReader = new PdfReader((new File(fname)).getAbsolutePath());
        File outputFile = new File(fnameS);
        // Creation du tampon de signature
        PdfStamper pdfStamper;
        pdfStamper = PdfStamper.createSignature(pdfReader, null, '\0', outputFile);
        PdfSignatureAppearance sap = pdfStamper.getSignatureAppearance();
        sap.setCrypto(key, chain, null, PdfSignatureAppearance.SELF_SIGNED);
        sap.setReason("Test SignPDF berthou.mc");
        sap.setLocation("");
        // Position du tampon sur la page (ici en bas a gauche page 1)
        sap.setVisibleSignature(new Rectangle(10, 10, 50, 30), 1, "sign_rbl");

        pdfStamper.setFormFlattening(true);
        pdfStamper.close();

        return true;
    }
    catch (Exception key) {
        throw new Exception(key);
    }
}

The code works fine on my computer. But if I create a .war file with eclipse and deploy it on the server, the server throws a javax.crypto.BadPaddingException:

java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1317)
at java.security.KeyStore.load(KeyStore.java:1214)
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
at com.sun.crypto.provider.PKCS12PBECipherCore.implDoFinal(PKCS12PBECipherCore.java:355)
at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFinal(PKCS12PBECipherCore.java:462)
at javax.crypto.Cipher.doFinal(Cipher.java:1922)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1308)
... 27 more

All information I found in other threads indicate that the password I use to load the KeyStore is wrong, but I am certain that it is not wrong.

Any ideas about this? Thank you very much!

mambo
  • 1
  • Are you creating WAR with all dependencies? You have to append all of the libraries to the WAR file to make it work independent. – Serafins Jan 15 '16 at 09:50
  • 1
    Do you have a proof that the password is correct? And is it really a PKCS#12 KeyStore? – user207421 Jan 15 '16 at 09:53
  • Yes the eclipse war export includes all dependencies. I am sure, that the password is correct because I tested the code with the same .p12 file and password on my computer and the signing worked just fine – mambo Jan 15 '16 at 09:55

0 Answers0