package com.example.pdfsigner.service; import org.apache.pdfbox.pdmodel.interactive.digitalsignature.SignatureInterface; import org.bouncycastle.cms.CMSSignedDataGenerator; import org.bouncycastle.cms.CMSSignedData; import org.bouncycastle.cms.CMSTypedData; import org.bouncycastle.cms.CMSProcessableByteArray; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.cert.jcajce.JcaCertStore; import org.bouncycastle.operator.ContentSigner; import java.io.InputStream; import java.security.PrivateKey; import java.security.cert.Certificate; import java.util.Arrays; import java.util.List; public class CreateSignature implements SignatureInterface { private PrivateKey privateKey; private Certificate[] certificateChain; public CreateSignature(PrivateKey privateKey, Certificate[] certificateChain) { this.privateKey = privateKey; this.certificateChain = certificateChain; } @Override public byte[] sign(InputStream content) { try { byte[] contentBytes = content.readAllBytes(); List certList = Arrays.asList(certificateChain); JcaCertStore certStore = new JcaCertStore(certList); ContentSigner sha256Signer = new JcaContentSignerBuilder("SHA256withRSA").build(privateKey); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); gen.addSignerInfoGenerator( new org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder( new org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder().build()) .build(sha256Signer, (java.security.cert.X509Certificate) certificateChain[0]) ); gen.addCertificates(certStore); CMSTypedData cmsData = new CMSProcessableByteArray(contentBytes); CMSSignedData signedData = gen.generate(cmsData, false); return signedData.getEncoded(); } catch (Exception e) { throw new RuntimeException("Error al firmar el PDF", e); } } }