我最近尝试迁移到 iText7,但遇到了一些问题。我已经有一个 PDF,我正在尝试锁定和限制此 PDF 的权限。我对 itext5 使用了相同的方法,但结果不一样。更准确地说:
我用过
PdfWriter writer = new PdfWriter(fos, new WriterProperties() .setPublicKeyEncryption(chain, new int[EncryptionConstants.ALLOW_DEGRADED_PRINTING], EncryptionConstants.ENCRYPTION_AES_256));
但是什么也没发生,然后我尝试了
2.
PdfWriter writer = new PdfWriter(fos, new WriterProperties()
.setStandardEncryption("lala".getBytes(), "lala".getBytes(),
EncryptionConstants.ALLOW_PRINTING | EncryptionConstants.ENCRYPTION_AES_256,
EncryptionConstants.ENCRYPTION_AES_256));
什么也没发生。你碰巧知道一些事情吗?
该方法的完整代码:
public void signPDF(InputStream inputStream, HttpServletResponse response) {
LOG.debug("Inside signPDF...");
Security.addProvider(new BouncyCastleProvider());
try(OutputStream os = response.getOutputStream();
PdfReader reader = new PdfReader(inputStream);
PdfWriter writer = new PdfWriter(os, new WriterProperties().setStandardEncryption(null, "test".getBytes(), EncryptionConstants.ALLOW_PRINTING,
EncryptionConstants.ENCRYPTION_AES_128 | EncryptionConstants.DO_NOT_ENCRYPT_METADATA))) {
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(new FileInputStream(p12Path), keystorePassword.toCharArray());
String alias = ks.aliases().nextElement();
PrivateKey pk = (PrivateKey) ks.getKey(alias, keystorePassword.toCharArray());
Certificate[] chain = ks.getCertificateChain(alias);
BouncyCastleProvider provider = new BouncyCastleProvider();
ITSAClient tsc = new TSAClientBouncyCastle(tsaClient, "", "");
PdfSigner signer = new PdfSigner(reader, writer.getOutputStream(), true);
PdfSignatureAppearance appearance = signer.getSignatureAppearance()
.setReason("Sign")
.setLocation("Test")
.setReuseAppearance(false);
signer.setFieldName("sig");
IExternalSignature pks = new PrivateKeySignature(pk, DigestAlgorithms.SHA256, provider.getName());
IExternalDigest digest = new BouncyCastleDigest();
System.out.println(signer.getDocument().getNumberOfPages());
addWatermark(appearance,signer);
signer.signDetached(digest, pks, chain, null, null, tsc, 0, PdfSigner.CryptoStandard.CMS);
} catch (Exception e) {
LOG.error("Error while writing to outputstream",e);
}
}
现在已签名,有水印,但未锁定(即复制内容)
最佳答案
iText 7 中的签名和加密目前分两个单独的步骤完成,第一步对文件进行加密,第二步对该加密文件进行签名,保持加密完好无损。
在您的尝试中,您创建了一个包含加密信息的 PdfWriter
和一个包含签名信息的 PdfSigner
。不过,由于您的 PdfWriter
未被任何 PdfDocument
使用,因此加密信息会丢失,只进行签名。
要加密和签名,只需首先加密 PDF,例如使用类似的东西
void encrypt(InputStream source, OutputStream target, byte[] password) throws IOException {
PdfReader reader = new PdfReader(source);
PdfWriter writer = new PdfWriter(target, new WriterProperties().setStandardEncryption(null, password,
EncryptionConstants.ALLOW_PRINTING, EncryptionConstants.ENCRYPTION_AES_128 | EncryptionConstants.DO_NOT_ENCRYPT_METADATA));
new PdfDocument(reader, writer).close();
}
(EncryptAndSign 方法)
然后签署此加密的 PDF,例如使用类似的东西
void sign(InputStream original, OutputStream result, String name, CryptoStandard subfilter,
int certificationLevel, boolean isAppendMode, byte[] password) throws IOException, GeneralSecurityException {
String reason = "Just another illusionary reason";
String location = "Right around the corner";
boolean setReuseAppearance = false;
String digestAlgorithm = "SHA512";
ITSAClient tsc = null;
PdfReader reader = new PdfReader(original, new ReaderProperties().setPassword(password));
PdfSigner signer = new PdfSigner(reader, result, isAppendMode);
signer.setCertificationLevel(certificationLevel);
// Creating the appearance
signer.getSignatureAppearance()
.setReason(reason)
.setLocation(location)
.setReuseAppearance(setReuseAppearance);
signer.setFieldName(name);
// Creating the signature
IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm, BouncyCastleProvider.PROVIDER_NAME);
signer.signDetached(new BouncyCastleDigest(), pks, chain, null, null, tsc, 0, subfilter);
}
(EncryptAndSign 方法)
使用 pk
和 chain
确定,就像在您的代码中一样。
然后结合这些方法,例如像这样
try ( InputStream resourceStream = ...;
OutputStream encryptedResult = new FileOutputStream(encryptedFile) ) {
encrypt(resourceStream, encryptedResult, password);
}
try ( InputStream encryptedSource = new FileInputStream(encryptedFile);
OutputStream signedResult = new FileOutputStream(signedFile)) {
sign(encryptedSource, signedResult, "Signature", CryptoStandard.CADES, 0, false, password);
}
( EncryptAndSign 测试 testEncryptAndSignLefterisBab
)
或者如果您想写入响应并且不希望文件系统中存在中间文件:
byte[] encrypted = null;
try ( InputStream resourceStream = ...;
OutputStream encryptedResult = new ByteArrayOutputStream() ) {
encrypt(resourceStream, encryptedResult, password);
encrypted = encryptedResult.toByteArray();
}
try ( InputStream encryptedSource = new ByteArrayInputStream(encrypted);
OutputStream signedResult = response.getOutputStream() ) {
sign(encryptedSource, signedResult, "Signature", CryptoStandard.CADES, 0, false, password);
}
关于java - 使用 iText 锁定 pdf,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49790146/