Two Step Signing Example

Sign a document with a private key in two stages allowing for custom byte array encryption.
1
/*
2
 *   Copyright © 2020-2026 PSPDFKit GmbH. All rights reserved.
3
 *
4
 *   The PSPDFKit Sample applications are licensed with a modified BSD license.
5
 *   Please see License for details. This notice may not be removed from this file.
6
 */
7

8
package com.pspdfkit.catalog.examples.kotlin
9

10
import android.content.Context
11
import android.net.Uri
12
import android.util.Log
13
import com.pspdfkit.catalog.R
14
import com.pspdfkit.catalog.SdkExample
15
import com.pspdfkit.catalog.SdkExample.Companion.TAG
16
import com.pspdfkit.configuration.activity.PdfActivityConfiguration
17
import com.pspdfkit.document.DocumentSource
18
import com.pspdfkit.document.PdfDocumentLoader
19
import com.pspdfkit.document.providers.AssetDataProvider
20
import com.pspdfkit.signatures.SignerOptions
21
import com.pspdfkit.signatures.SigningManager
22
import com.pspdfkit.signatures.getPrivateKeyEntryFromP12Stream
23
import com.pspdfkit.signatures.getX509Certificates
24
import com.pspdfkit.ui.PdfActivityIntentBuilder
25
import kotlinx.coroutines.CoroutineScope
26
import kotlinx.coroutines.Dispatchers
27
import kotlinx.coroutines.launch
28
import java.io.File
29
import java.io.IOException
30
import java.security.GeneralSecurityException
31
import java.security.KeyStore
32
import java.security.NoSuchAlgorithmException
33
import java.security.PrivateKey
34
import java.security.Signature
35

36
/**
37
 * An example showing the ability to sign a document using a two-step signing process.
38
 * */
39
class TwoStepSigningExample(context: Context) : SdkExample(context, R.string.twoStepSigningExampleTitle, R.string.twoStepSigningExampleDescription) {
40

41
    override fun launchExample(context: Context, configuration: PdfActivityConfiguration.Builder) {
42
        val assetName = "Form_example.pdf"
43

44
        val unsignedDocument = PdfDocumentLoader.openDocument(context, DocumentSource(AssetDataProvider(assetName)))
45
        val keyEntryWithCertificates = getPrivateKeyEntry(context)
46
        val privateKey = keyEntryWithCertificates.privateKey
47
        val signatureFormFields = unsignedDocument.documentSignatureInfo.signatureFormFields
48
        val outputFile = File(context.filesDir, "signedDocument.pdf")
49
        outputFile.delete() // make sure output is deleted from previous runs.
50

51
        /** [SignerOptions] contains all the required configuration for [SigningManager]*/
52
        val signerOptions = SignerOptions.Builder(signatureFormFields[0], Uri.fromFile(outputFile))
53
            .setPrivateKey(privateKey)
54
            .setCertificates(keyEntryWithCertificates.getX509Certificates())
55
            .setType(digitalSignatureType)
56
        CoroutineScope(Dispatchers.Main).launch {
57
            SigningManager.getDataToSign(context, signerOptions.build()).onSuccess { unsignedData ->
58
                val signedData = unsignedData.first.signData(privateKey, unsignedData.second.name)
59
                SigningManager.embedSignature(context, signerOptions.build(), signedData, unsignedData.first, unsignedData.second).onSuccessEmpty {
60
                    val intent = PdfActivityIntentBuilder.fromUri(context, Uri.fromFile(outputFile))
61
                        .configuration(configuration.build())
62
                        .build()
63
                    context.startActivity(intent)
64
                }.onError { Log.e(TAG, "embedSignature: ${it.localizedMessage}") }
65
            }.onError { Log.e(TAG, "getDataToSign: ${it.localizedMessage}") }
66
        }
67
    }
68

69
    private fun ByteArray.signData(privateKey: PrivateKey, hashAlgorithm: String?): ByteArray = try {
70
        /** We are using the [Signature] class from java.security package, to sign the byte arrays.*/
71

72
        /** The signature algorithm can be, among others, the NIST standard DSA, using DSA and SHA-256.
73
         *  The DSA algorithm using the SHA-256 message digest algorithm can be specified as SHA256withDSA.
74
         *  In the case of RSA the signing algorithm could be specified as, for example, SHA256withRSA.
75
         *  The algorithm name must be specified, as there is no default.
76
         *
77
         *  Here 'hashAlgorithm' is SHA256 and 'key.algorithm' is RSA
78
         *  providing algorithm as SHA256withRSA
79
         *  for more details visit https://docs.oracle.com/javase/8/docs/api/java/security/Signature.html
80
         **/
81
        val algorithm = "${hashAlgorithm}with${privateKey.algorithm}"
82

83
        Signature.getInstance(algorithm).run {
84
            initSign(privateKey) // Initialize this object for signing.
85
            update(this@signData) // Updates the data to be signed or verified, using the specified array of bytes
86
            sign() // Returns the signature bytes of all the data updated
87
        }
88
    } catch (e: NoSuchAlgorithmException) {
89
        throw RuntimeException(e)
90
    }
91

92
    /**
93
     * Loads the [KeyStore.PrivateKeyEntry] that will be used by our [SigningManager].
94
     */
95
    @Throws(IOException::class, GeneralSecurityException::class)
96
    private fun getPrivateKeyEntry(context: Context): KeyStore.PrivateKeyEntry {
97
        // Inside a p12 we have both the certificate (or certificate chain to the root CA) and private key used for signing.
98
        val keystoreFile = context.assets.open("digital-signatures/ExampleSigner.p12")
99
        return getPrivateKeyEntryFromP12Stream(keystoreFile, "test")
100
    }
101
}
This code sample is an example that illustrates how to use our SDK. Please adapt it to your specific use case.
Two Step Signing Example

Was this helpful?

Help us improve

Thank you for your feedback!

Something went wrong. Please try again or let us know.
