Merge pull request #291 from 3ace/us-1146-custom-client

sampila · web-flow · commit c415379b87ba · 2025-10-15T17:48:19.000+07:00
[US-1146] Using custom `http.Client` in digital signature timestamp service
diff --git a/signatures/pdf_sign_custom_client.go b/signatures/pdf_sign_custom_client.go
@@ -0,0 +1,173 @@
+/*
+ * This example showcases how to create a digital signature for a PDF file using a custom timestamp client.
+ *
+ * $ ./pdf_sign_custom_client <FILE.PFX> <PASSWORD> <FILE.PEM> <INPUT_PDF_PATH> <OUTPUT_PDF_PATH>
+ */
+package main
+
+import (
+	"bytes"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"time"
+
+	"github.com/unidoc/unipdf/v4/annotator"
+	"github.com/unidoc/unipdf/v4/common/license"
+	"github.com/unidoc/unipdf/v4/core"
+	"github.com/unidoc/unipdf/v4/model"
+	"github.com/unidoc/unipdf/v4/model/sighandler"
+	"github.com/unidoc/unipdf/v4/model/sigutil"
+	"golang.org/x/crypto/pkcs12"
+)
+
+func init() {
+	// Make sure to load your metered License API key prior to using the library.
+	// If you need a key, you can sign up and create a free one at https://cloud.unidoc.io
+	err := license.SetMeteredKey(os.Getenv(`UNIDOC_LICENSE_API_KEY`))
+	if err != nil {
+		panic(err)
+	}
+}
+
+const usagef = "Usage: %s PFX_FILE PASSWORD PEM_FILE INPUT_PDF_PATH OUTPUT_PDF_PATH\n"
+
+func main() {
+	args := os.Args
+	if len(args) < 6 {
+		fmt.Printf(usagef, os.Args[0])
+		return
+	}
+	pfxPath := args[1]
+	password := args[2]
+	pemPath := args[3]
+	inputPath := args[4]
+	outputPath := args[5]
+
+	// Get private key and X509 certificate from the PFX file.
+	pfxData, err := os.ReadFile(pfxPath)
+	if err != nil {
+		log.Fatal("Fail: %v\n", err)
+	}
+
+	priv, cert, err := pkcs12.Decode(pfxData, password)
+	if err != nil {
+		log.Fatal("Fail: %v\n", err)
+	}
+
+	// Get CA Certificate from the PEM file.
+	caCertF, err := os.ReadFile(pemPath)
+	if err != nil {
+		log.Fatal("Fail: %v\n", err)
+	}
+
+	certDERBlock, _ := pem.Decode(caCertF)
+
+	cacert, err := x509.ParseCertificate(certDERBlock.Bytes)
+
+	if err != nil {
+		log.Fatal("Fail: %v\n", err)
+	}
+
+	// Create reader.
+	file, err := os.Open(inputPath)
+	if err != nil {
+		log.Fatal("Fail: %v\n", err)
+	}
+	defer file.Close()
+
+	reader, err := model.NewPdfReader(file)
+	if err != nil {
+		log.Fatal("Fail: %v\n", err)
+	}
+
+	// Create appender.
+	appender, err := model.NewPdfAppender(reader)
+	if err != nil {
+		log.Fatal("Fail: %v\n", err)
+	}
+
+	// Set timestamp server.
+	timestampServerURL := "https://freetsa.org/tsr"
+
+	// Create PAdES signature handler.
+	padEs := sighandler.NewEtsiPAdES(sighandler.LevelLT)
+	padEs.SetCertificate(cert)
+	padEs.SetPrivateKey(priv)
+	padEs.SetCA(cacert)
+	padEs.SetTimestampServerURL(timestampServerURL)
+	padEs.SetAppender(appender)
+
+	// Set a custom timestamp client with a custom HTTP client (with timeout).
+	// This is optional. If not set, a default client will be used.
+	// Here we set a timeout of 30 seconds for the HTTP client (the default is 5 seconds).
+	padEs.SetTimestampClient(&sigutil.TimestampClient{
+		HTTPClient: &http.Client{
+			Timeout: 30 * time.Second,
+		},
+	})
+
+	var handler model.SignatureHandler
+	handler = padEs
+
+	// Create signature.
+	signature := model.NewPdfSignature(handler)
+	signature.SetName("PAdES B-LT Signature PDF")
+	signature.SetReason("TestPAdESPDF")
+	signature.SetDate(time.Now(), "")
+
+	if err := signature.Initialize(); err != nil {
+		log.Fatal("Fail: %v\n", err)
+	}
+
+	// Create signature field and appearance.
+	opts := annotator.NewSignatureFieldOpts()
+	opts.FontSize = 10
+	opts.Rect = []float64{10, 25, 75, 60}
+
+	field, err := annotator.NewSignatureField(
+		signature,
+		[]*annotator.SignatureLine{
+			annotator.NewSignatureLine("Name", "John Doe"),
+			annotator.NewSignatureLine("Date", "2025.10.15"),
+			annotator.NewSignatureLine("Reason", "PAdES signature with custom client"),
+		},
+		opts,
+	)
+	field.T = core.MakeString("Self signed PDF")
+
+	if err = appender.Sign(1, field); err != nil {
+		log.Fatal("Fail: %v\n", err)
+	}
+
+	// Write output to buffer.
+	buffer := bytes.NewBuffer(nil)
+	err = appender.Write(buffer)
+	if err != nil {
+		log.Fatal("Fail: %v\n", err)
+	}
+
+	// We need the second pass to correctly save DSS/VRI information.
+	pdf2, err := model.NewPdfReader(bytes.NewReader(buffer.Bytes()))
+	if err != nil {
+		log.Fatal("Fail: %v\n", err)
+	}
+
+	appender2, err := model.NewPdfAppender(pdf2)
+	if err != nil {
+		log.Fatal("Fail: %v\n", err)
+	}
+
+	appender2.SetDSS(appender.GetDSS())
+
+	// Write output to the PDF file.
+	err = appender2.WriteToFile(outputPath)
+	if err != nil {
+		log.Fatal("Fail: %v\n", err)
+	}
+
+	log.Printf("PDF file successfully signed. Output path: %s\n", outputPath)
+}
diff --git a/signatures/pdf_sign_external_google_cloud_kms.go b/signatures/pdf_sign_external_google_cloud_kms.go
@@ -21,15 +21,14 @@ import (
 	"fmt"
 	"hash/crc32"
 	"io"
-	"io/ioutil"
 	"log"
 	"math/big"
 	"os"
 	"time"
 
 	kms "cloud.google.com/go/kms/apiv1"
+	kmspb "cloud.google.com/go/kms/apiv1/kmspb"
 	gcOption "google.golang.org/api/option"
-	kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1"
 	"google.golang.org/protobuf/types/known/wrapperspb"
 
 	"github.com/unidoc/pkcs7"
@@ -104,7 +103,7 @@ func main() {
 	copy(pdfData[byteRange[1]:byteRange[2]], sig)
 
 	// Write output file.
-	if err := ioutil.WriteFile(outputPath, pdfData, os.ModePerm); err != nil {
+	if err := os.WriteFile(outputPath, pdfData, os.ModePerm); err != nil {
 		log.Fatalf("Fail: %v\n", err)
 	}
 
@@ -119,7 +118,7 @@ func generateSignedFile(inputPath string, handler model.SignatureHandler) ([]byt
 	if err != nil {
 		return nil, nil, err
 	}
-	defer file.Close()
+	defer func() { _ = file.Close() }()
 
 	reader, err := model.NewPdfReader(file)
 	if err != nil {
@@ -182,7 +181,7 @@ func getExternalSignatureAndSign(inputPath, credPath, keyName string) ([]byte, [
 	if err != nil {
 		return nil, nil, err
 	}
-	defer gcKmsSign.client.Close()
+	defer func() { _ = gcKmsSign.client.Close() }()
 
 	now := time.Now()
 
diff --git a/signatures/pdf_sign_pades_b_b.go b/signatures/pdf_sign_pades_b_b.go
@@ -10,7 +10,6 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"os"
 	"time"
@@ -48,7 +47,7 @@ func main() {
 	outputPath := args[5]
 
 	// Get private key and X509 certificate from the PFX file.
-	pfxData, err := ioutil.ReadFile(pfxPath)
+	pfxData, err := os.ReadFile(pfxPath)
 	if err != nil {
 		log.Fatal("Fail: %v\n", err)
 	}
@@ -59,7 +58,7 @@ func main() {
 	}
 
 	// Get cacert certificate from the PEM file.
-	caCertF, err := ioutil.ReadFile(pemPath)
+	caCertF, err := os.ReadFile(pemPath)
 	if err != nil {
 		log.Fatal("Fail: %v\n", err)
 	}
diff --git a/signatures/pdf_sign_pades_b_lt.go b/signatures/pdf_sign_pades_b_lt.go
@@ -11,7 +11,6 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"os"
 	"time"
@@ -49,7 +48,7 @@ func main() {
 	outputPath := args[5]
 
 	// Get private key and X509 certificate from the PFX file.
-	pfxData, err := ioutil.ReadFile(pfxPath)
+	pfxData, err := os.ReadFile(pfxPath)
 	if err != nil {
 		log.Fatal("Fail: %v\n", err)
 	}
@@ -60,7 +59,7 @@ func main() {
 	}
 
 	// Get CA Certificate from the PEM file.
-	caCertF, err := ioutil.ReadFile(pemPath)
+	caCertF, err := os.ReadFile(pemPath)
 	if err != nil {
 		log.Fatal("Fail: %v\n", err)
 	}
diff --git a/signatures/pdf_sign_pades_b_lta.go b/signatures/pdf_sign_pades_b_lta.go
@@ -12,7 +12,6 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"os"
 	"time"
@@ -50,7 +49,7 @@ func main() {
 	outputPath := args[5]
 
 	// Get private key and X509 certificate from the PFX file.
-	pfxData, err := ioutil.ReadFile(pfxPath)
+	pfxData, err := os.ReadFile(pfxPath)
 	if err != nil {
 		log.Fatal("Fail: %v\n", err)
 	}
@@ -61,7 +60,7 @@ func main() {
 	}
 
 	// Get CA Certificate from the PEM file.
-	caCertF, err := ioutil.ReadFile(pemPath)
+	caCertF, err := os.ReadFile(pemPath)
 	if err != nil {
 		log.Fatal("Fail: %v\n", err)
 	}
diff --git a/signatures/pdf_sign_pades_b_t.go b/signatures/pdf_sign_pades_b_t.go
@@ -10,7 +10,6 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"os"
 	"time"
@@ -48,7 +47,7 @@ func main() {
 	outputPath := args[5]
 
 	// Get private key and X509 certificate from the PFX file.
-	pfxData, err := ioutil.ReadFile(pfxPath)
+	pfxData, err := os.ReadFile(pfxPath)
 	if err != nil {
 		log.Fatal("Fail: %v\n", err)
 	}
@@ -59,7 +58,7 @@ func main() {
 	}
 
 	// Get cacert certificate from the PEM file.
-	caCertF, err := ioutil.ReadFile(pemPath)
+	caCertF, err := os.ReadFile(pemPath)
 	if err != nil {
 		log.Fatal("Fail: %v\n", err)
 	}
diff --git a/signatures/pdf_sign_pem_multicert.go b/signatures/pdf_sign_pem_multicert.go
@@ -22,7 +22,6 @@ import (
 	"errors"
 	"fmt"
 	"hash"
-	"io/ioutil"
 	"log"
 	"os"
 	"time"
@@ -82,7 +81,7 @@ func main() {
 
 func loadPrivateKey(privateKeyPath string) (*rsa.PrivateKey, error) {
 	// Read private key file contents.
-	privateKeyData, err := ioutil.ReadFile(privateKeyPath)
+	privateKeyData, err := os.ReadFile(privateKeyPath)
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -101,7 +100,7 @@ func loadPrivateKey(privateKeyPath string) (*rsa.PrivateKey, error) {
 
 func loadCertificates(certPath string) (*x509.Certificate, *core.PdfObjectArray, error) {
 	// Read certificate file contents.
-	certData, err := ioutil.ReadFile(certPath)
+	certData, err := os.ReadFile(certPath)
 	if err != nil {
 		return nil, nil, err
 	}
diff --git a/signatures/pdf_sign_pkcs12.go b/signatures/pdf_sign_pkcs12.go
@@ -9,7 +9,6 @@ package main
 import (
 	"crypto/rsa"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"os"
 	"time"
@@ -46,7 +45,7 @@ func main() {
 	outputPath := args[4]
 
 	// Get private key and X509 certificate from the P12 file.
-	pfxData, err := ioutil.ReadFile(p12Path)
+	pfxData, err := os.ReadFile(p12Path)
 	if err != nil {
 		log.Fatal("Fail: %v\n", err)
 	}
diff --git a/signatures/pdf_sign_timestamp.go b/signatures/pdf_sign_timestamp.go
@@ -11,7 +11,6 @@ import (
 	"crypto"
 	"crypto/rsa"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"os"
 	"time"
@@ -48,7 +47,7 @@ func main() {
 	outputPath := args[4]
 
 	// Get private key and X509 certificate from the P12 file.
-	pfxData, err := ioutil.ReadFile(p12Path)
+	pfxData, err := os.ReadFile(p12Path)
 	if err != nil {
 		log.Fatal("Fail: %v\n", err)
 	}
diff --git a/signatures/pdf_sign_twice_visible_annotation.go b/signatures/pdf_sign_twice_visible_annotation.go
@@ -13,7 +13,6 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"math/big"
 	"os"
@@ -76,7 +75,7 @@ func main() {
 	}
 
 	// Write the resulting file to output.pdf file.
-	err = ioutil.WriteFile(outputPath, buf, 0666)
+	err = os.WriteFile(outputPath, buf, 0666)
 	if err != nil {
 		log.Fatalf("Fail: %v\n", err)
 	}
