File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Other Open Source Projects and the fly likes iText: Digital signature Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Products » Other Open Source Projects
Bookmark "iText: Digital signature" Watch "iText: Digital signature" New topic
Author

iText: Digital signature

rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
I have generared pdf using itext in servlet.Now I want to use digital signature in that pdf.So what should I do to generate digitally signed pdf..
Maneesh Godbole
Saloon Keeper

Joined: Jul 26, 2007
Posts: 9990
    
    7

rakhi sinha wrote:I have generared pdf using itext in servlet.Now I want to use digital signature in that pdf.So what should I do to generate digitally signed pdf..

This might help http://docs.oracle.com/javase/tutorial/security/apisign/gensig.html
http://itextpdf.sourceforge.net/howtosign.html#signtsocspjava


[How to ask questions] [Donate a pint, save a life!] [Onff-turn it on!]
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
I have used itext jar file to sign pdf generated by using simple java program but how to use this on pdf generated by using servlet...
Maneesh Godbole
Saloon Keeper

Joined: Jul 26, 2007
Posts: 9990
    
    7

So servlets are not Java?
What problem did you run into when you tried with servlets?
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147




I am using following java core code for digital signature.I have generated the foobar certificate by using following keytool command .I am getting a.pdf as output with signature having question mark ,how to show the green right mark on this .But i want to use servlet ,i want digitally signed in my web browser.what shoult i do for this?






Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
What does the question mark mean? Possibly the same as in a browser, that it's a self-signed certificate? Haver you tried a proper certificate?
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
Tim Moores wrote:What does the question mark mean? Possibly the same as in a browser, that it's a self-signed certificate? Haver you tried a proper certificate?



I have written servlet also but it is showing exception like

HTTP Status 405 - HTTP method GET is not supported by this URL

--------------------------------------------------------------------------------

type Status report

message HTTP method GET is not supported by this URL

description The specified HTTP method is not allowed for the requested resource (HTTP method GET is not supported by this URL).


--------------------------------------------------------------------------------

Apache Tomcat/6.0.32
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
That's a different issue that has nothing to do with PDFs; let's keep this thread to that particular problem. I would suggest that it's much easier to get this kind of thing working in a desktop app before you embed it into a web app.
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
Tim Moores wrote:That's a different issue that has nothing to do with PDFs; let's keep this thread to that particular problem. I would suggest that it's much easier to get this kind of thing working in a desktop app before you embed it into a web app.


In desktop it is working but when i have changed it into servlet it is giving this exception.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
I thought the problem was this:
I am getting a.pdf as output with signature having question mark ,how to show the green right mark on this .

Are you saying the same code -when running as part of a desktop app- does not have this problem?
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
Tim Moores wrote:I thought the problem was this:
I am getting a.pdf as output with signature having question mark ,how to show the green right mark on this .

Are you saying the same code -when running as part of a desktop app- does not have this problem?



in desktop app it does not have any problem
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
Then it would seem that desktop app and web app do not create byte-for-byte identical PDFs; is that correct?
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
Tim Moores wrote:Then it would seem that desktop app and web app do not create byte-for-byte identical PDFs; is that correct?



actually i am not getting how to use certificate to create digital signature in web application,where to store digital signature to create the different different pdfs digitally signed by different different persons.
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
rakhi sinha wrote:
Tim Moores wrote:Then it would seem that desktop app and web app do not create byte-for-byte identical PDFs; is that correct?



actually i am not getting how to use certificate to create digital signature in web application,where to store digital signature to create the different different pdfs digitally signed by different different persons.


In my project I am developing a web application in which first step is to make a servlet containg several fields ,by clicking submit button all the values are saved in database and clicking on another button (generate pdf )create digitally signed pdf,i have created pdf without signature .But i dont know how to create digitally signed pdf using digital certificate.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
Where do you see the difference between using a certificate in a desktop app (which you said you have done successfully), and using a certificate in a web app?
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
Tim Moores wrote:Where do you see the difference between using a certificate in a desktop app (which you said you have done successfully), and using a certificate in a web app?

In desktop application i have saved keystore in java bin directory .but where we put it when using servlet so that servlet can use it.I am getting this exception

HTTP Status 405 - HTTP method GET is not supported by this URL

--------------------------------------------------------------------------------

type Status report

message HTTP method GET is not supported by this URL

description The specified HTTP method is not allowed for the requested resource (HTTP method GET is not supported by this URL).


--------------------------------------------------------------------------------

Apache Tomcat/6.0.32
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
That's a servlet problem that has nothing to do with the actual issue. Your servlet apparently does not have a doGet method, but you're accessing it using a GET.
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
Tim Moores wrote:That's a servlet problem that has nothing to do with the actual issue. Your servlet apparently does not have a doGet method, but you're accessing it using a GET.
I have removed that error but now it is giving following error. in resources folder i have saved the keystore and pdf(on which i want digital signature)

HTTP Status 500 -

--------------------------------------------------------------------------------

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

java.io.FileNotFoundException: \resources\rrcat.pdf (The system cannot find the path specified)
java.io.FileOutputStream.open(Native Method)
java.io.FileOutputStream.<init>(FileOutputStream.java:179)
java.io.FileOutputStream.<init>(FileOutputStream.java:70)
LoginExample.digital.doGet(digital.java:43)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)


note The full stack trace of the root cause is available in the Apache Tomcat/6.0.32 logs.


--------------------------------------------------------------------------------
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
Looks like you're using a relative path; that won't work in a web app - use an absolute path instead.
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
Tim Moores wrote:Looks like you're using a relative path; that won't work in a web app - use an absolute path instead.


Absolute path means..
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
C:/Program Files/Java/jdk1.6.0/bin/.keystore is an absolute path

bin/.keystore is a relative path (relative to some other directory, that is).

Searching for "absolute path" will find more information.
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
Tim Moores wrote:C:/Program Files/Java/jdk1.6.0/bin/.keystore is an absolute path

bin/.keystore is a relative path (relative to some other directory, that is).

Searching for "absolute path" will find more information.

but in servlet how to use absolute path we cannot give whole bin path , i have made a resources folder in our servlet example (i am using eclipse)so that i can access the content of this resources folders.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
we cannot give whole bin path

Indeed, you shouldn't do that, You should use the path into your web app. ServletContext.getRealPath can help you figure out what that is.
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
Tim Moores wrote:
we cannot give whole bin path

Indeed, you shouldn't do that, You should use the path into your web app. ServletContext.getRealPath can help you figure out what that is.



How to use ServletContext.getRealPath and how to give path of keystore and pdf so that signed pdf can be generated.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
What have you tried? If you haven't tried anything, what have you read, and what ideas have you had?
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
Tim Moores wrote:What have you tried? If you haven't tried anything, what have you read, and what ideas have you had?


I have tried getRealPath but it is not working
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
rakhi sinha wrote:
Tim Moores wrote:What have you tried? If you haven't tried anything, what have you read, and what ideas have you had?


I have tried getRealPath but it is not working

I am using this for keystore


and this for pdf on which i have to sign


but it is showing following exception


HTTP Status 500 -

--------------------------------------------------------------------------------

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

java.io.FileNotFoundException: \resources\a.pdf (The system cannot find the path specified)
java.io.FileOutputStream.open(Native Method)
java.io.FileOutputStream.<init>(FileOutputStream.java:179)
java.io.FileOutputStream.<init>(FileOutputStream.java:70)
LoginExample.digital.doGet(digital.java:43)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)


note The full stack trace of the root cause is available in the Apache Tomcat/6.0.32 logs.


--------------------------------------------------------------------------------

Apache Tomcat/6.0.32
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
You're again using a relative path; two, actually, one in each line of code. The difference is that an absolute path that's used in conjunction with a servlet context is anchored to that context's root - it starts with "/".
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
Tim Moores wrote:You're again using a relative path; two, actually, one in each line of code. The difference is that an absolute path that's used in conjunction with a servlet context is anchored to that context's root - it starts with "/".


I have used this "/" but again showing same error.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
With all due respect - I sincerely doubt that. Is "LoginExample" the name of the servlet context? If so, it should not be part of the path. And the file path needs to be absolute, as I mentioned several times by now.
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
Tim Moores wrote:With all due respect - I sincerely doubt that. Is "LoginExample" the name of the servlet context? If so, it should not be part of the path. And the file path needs to be absolute, as I mentioned several times by now.

yes LoginExample is the name of servlet context .I have removed that from the path but it is showing same error.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
Post the code you're now using and the text of the exception. Also describe the layout of the files and directories that are involved.
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
Tim Moores wrote:Post the code you're now using and the text of the exception. Also describe the layout of the files and directories that are involved.






Exception
HTTP Status 500 -

--------------------------------------------------------------------------------

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

java.io.FileNotFoundException: \resources\rrcat.pdf (The system cannot find the path specified)
java.io.FileOutputStream.open(Native Method)
java.io.FileOutputStream.<init>(FileOutputStream.java:179)
java.io.FileOutputStream.<init>(FileOutputStream.java:70)
LoginExample.digital.doGet(digital.java:43)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)


note The full stack trace of the root cause is available in the Apache Tomcat/6.0.32 logs.


--------------------------------------------------------------------------------

Apache Tomcat/6.0.32


I am using eclipse .in eclipse i am using thie heirarchy Loginexample->WebContent->Resources.In resources folder I have saved a.pdf and keystore
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
It looks like you still don't understand the concept of paths, neither of file systems paths, nor of paths within a web app. I suggest you get more familiar with those before applying them to this problem.

Or do you really have a root directory called "resources" on your disk?

Or a directory called "resources" at the top level of your web app?
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
Tim Moores wrote:It looks like you still don't understand the concept of paths, neither of file systems paths, nor of paths within a web app. I suggest you get more familiar with those before applying them to this problem.

Or do you really have a root directory called "resources" on your disk?

Or a directory called "resources" at the top level of your web app?


resources is at the top level of web app
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
rakhi sinha wrote:
Tim Moores wrote:It looks like you still don't understand the concept of paths, neither of file systems paths, nor of paths within a web app. I suggest you get more familiar with those before applying them to this problem.

Or do you really have a root directory called "resources" on your disk?

Or a directory called "resources" at the top level of your web app?


resources is at the top level of web app


i also have one confusion related to the certificate that how to use it.I mean that in my application there will be many members to use this application.where to store the certificate and digital signature so that when they fill the forms for registartion and after submit the resgistration form i have to upload the digital signature and then use this uploaded digital signature into the pdf using servlet and itext.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
This part of the question still stands:
Or do you really have a root directory called "resources" on your disk?

It's the FileOutputStream handling where the exception occurs, after all.
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
Tim Moores wrote:This part of the question still stands:
Or do you really have a root directory called "resources" on your disk?

It's the FileOutputStream handling where the exception occurs, after all.

i am still confused that how to create keystore and create digital signature in pdfs using java servlet in tomcat server
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
As I said, there's no difference to using certificates in a desktop app. You just need to fix the exceptions resulting from files not being where they should be, or the paths you're using being incorrect.

If you're still getting exceptions, post the relevant code excerpts along with the full exception stack trace, and describe to us fully the layout of your files and directories.
rakhi sinha
Ranch Hand

Joined: Mar 26, 2012
Posts: 147
Tim Moores wrote:As I said, there's no difference to using certificates in a desktop app. You just need to fix the exceptions resulting from files not being where they should be, or the paths you're using being incorrect.

If you're still getting exceptions, post the relevant code excerpts along with the full exception stack trace, and describe to us fully the layout of your files and directories.


I am doing from starting by creating keystore and using this to import root certificate in keystore but it is giving input not an X.509 certificate....
Generating a Private Key and a Keystore
From Eclipsepedia
Jump to: navigation, search
1. To generate a keystore, you need a JDK installed with its /bin directory in your path

2. Create a keystore using this command:

keytool -genkey -alias tomcat -keyalg RSA -keystore keystore.jks
keytool will ask you to enter the values for Common Name (CN), Organizational Unit (OU), Oranization(O), Locality (L), State (S) and Country (C). CN should match the domain name of your webapp if you are planning to use this keystore for your servlet container

You can verify keystore contents using this command:

keytool -list -v -keystore keystore.jks
3. Generate the Certificate Signing Request (CSR) using this command:

keytool -certreq -v -alias tomcat -file csr-for-myserver.pem -keystore keystore.jks
Submit contents of csr-for-myserver.pem file to your CA for signing

You can get a trial certificate from Thawte at https://www.thawte.com/cgi/server/try.exe

4. Save the signed certificate from CA to a file signed-cert.pem

You can see the contents of the signed certificate using this command:

keytool -printcert -v -file signed-cert.pem
5. Download Root certificate from CA. You can download Thawte Test Root Certificate from http://www.thawte.com/roots/.

6. Import Root Certificate to keystore using this command:

keytool -import -v -noprompt -trustcacerts -alias cacert -file root-cert.pem -keystore keystore.jks
where root-cert.pem is the Root Certificate from CA

7. Verify contents of keystore using this command:

keytool -list -v -keystore keystore.jks
8. Import CA signed certificate to keystore

keytool -import -v -alias tomcat -file signed-cert.pem -keystore keystore.jks
9. Verify contents of keystore using this command:

keytool -list -v -keystore keystore.jks
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: iText: Digital signature
 
Similar Threads
SOAP Security?
Digitial Signature in E-mail
java program to encrypt the mail in outlook
java program to add digital signature into a pdf file
java program to add digital signature into a pdf file and also encrypt and decrypt it