private static final String base64 =
"MIIJAgYJKoZIhvcNAQcCoIII8zCCCO8CAQExDjAMBggqhQMHAQECAgUAME8GCSqGSIb3DQEHAaBC" +
"BEAwYjQ1NWIxYTRkODM0MWY1MzYzYjYzZDRiMWNiNWRhOGNiNDRkOWFkYmFlZjYxMGU4YmE3NGI4" +
"ZGFiMmM3NDQxoIIGEDCCAnMwggIioAMCAQICEDdBiIL1OaWSStROPeAC6jwwCAYGKoUDAgIDMH8x" +
"IzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAY3J5cHRvcHJvLnJ1MQswCQYDVQQGEwJSVTEPMA0GA1UE" +
"BxMGTW9zY293MRcwFQYDVQQKEw5DUllQVE8tUFJPIExMQzEhMB8GA1UEAxMYQ1JZUFRPLVBSTyBU" +
"ZXN0IENlbnRlciAyMB4XDTE5MDUyNzA3MjQyNloXDTI0MDUyNjA3MzQwNVowfzEjMCEGCSqGSIb3" +
"DQEJARYUc3VwcG9ydEBjcnlwdG9wcm8ucnUxCzAJBgNVBAYTAlJVMQ8wDQYDVQQHEwZNb3Njb3cx" +
"FzAVBgNVBAoTDkNSWVBUTy1QUk8gTExDMSEwHwYDVQQDExhDUllQVE8tUFJPIFRlc3QgQ2VudGVy" +
"IDIwYzAcBgYqhQMCAhMwEgYHKoUDAgIjAQYHKoUDAgIeAQNDAARAFJ8WBKirdlE7n2I7kcS8vMms" +
"YCxnesNFBe7mqMou1et7wvSJgTNSsyvHyuBtygTWK7PXEf7Dw9SNvBsb83vDkqN4MHYwCwYDVR0P" +
"BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE6DPhRp7+xdepUrXxH+NzIWSVUrMBIG" +
"CSsGAQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFARiVSkLDrHN0Xl9mrjIH2meNofzMAgG" +
"BiqFAwICAwNBAMTFstWxO3+hKCqD7nNz8mrQ9miOHV8RdVp7dRFPA58W5e4+JVghUpw+7fxOBkPx" +
"9UFeKRlnAiS7I93krlhKWkgwggOVMIIDRKADAgECAhMSAECsg2NxzP6oka1xAAEAQKyDMAgGBiqF" +
"AwICAzB/MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGNyeXB0b3Byby5ydTELMAkGA1UEBhMCUlUx" +
"DzANBgNVBAcTBk1vc2NvdzEXMBUGA1UEChMOQ1JZUFRPLVBSTyBMTEMxITAfBgNVBAMTGENSWVBU" +
"Ty1QUk8gVGVzdCBDZW50ZXIgMjAeFw0yMDAyMTAxMTU2NDdaFw0yMDA1MTAxMjA2NDdaMIGZMSIw" +
"IAYJKoZIhvcNAQkBFhN2b3ZhbmVzc2FAbW1tYWlsLnJ1MRswGQYDVQQDDBLQktC+0LLQsNC90LXR" +
"gdGB0LAxDDAKBgNVBAsMA2JpYTEMMAoGA1UECgwDYmlhMRMwEQYDVQQHDApHb3JvZCBHcmV6MRgw" +
"FgYDVQQIDA9SYXNrYSBGZWRlcmFza2ExCzAJBgNVBAYTAlJGMGYwHwYIKoUDBwEBAQEwEwYHKoUD" +
"AgIkAAYIKoUDBwEBAgIDQwAEQIv3jje7b3mlXKsEyjSb6Rt/ovY+Az6NuKZBeeeleOxkGs8FGpwk" +
"ejZ90FWIIfw0Nf7tNPmclTsr1EvF1XZUdjOjggF3MIIBczAPBgNVHQ8BAf8EBQMDB/AAMBMGA1Ud" +
"JQQMMAoGCCsGAQUFBwMCMB0GA1UdDgQWBBTay33ATzz3+nnMle6cC1XxxYXtPjAfBgNVHSMEGDAW" +
"gBROgz4Uae/sXXqVK18R/jcyFklVKzBcBgNVHR8EVTBTMFGgT6BNhktodHRwOi8vdGVzdGNhLmNy" +
"eXB0b3Byby5ydS9DZXJ0RW5yb2xsL0NSWVBUTy1QUk8lMjBUZXN0JTIwQ2VudGVyJTIwMigxKS5j" +
"cmwwgawGCCsGAQUFBwEBBIGfMIGcMGQGCCsGAQUFBzAChlhodHRwOi8vdGVzdGNhLmNyeXB0b3By" +
"by5ydS9DZXJ0RW5yb2xsL3Rlc3QtY2EtMjAxNF9DUllQVE8tUFJPJTIwVGVzdCUyMENlbnRlciUy" +
"MDIoMSkuY3J0MDQGCCsGAQUFBzABhihodHRwOi8vdGVzdGNhLmNyeXB0b3Byby5ydS9vY3NwL29j" +
"c3Auc3JmMAgGBiqFAwICAwNBAGyw1tmCq4aMXLk1dVvruuUDe/ZxhD/rZ1Reabj2HabnvuLVncUV" +
"O+AiBbIZe/cx1v8X6lyAyyN4Ms8IcPOdmWExggJzMIICbwIBATCBljB/MSMwIQYJKoZIhvcNAQkB" +
"FhRzdXBwb3J0QGNyeXB0b3Byby5ydTELMAkGA1UEBhMCUlUxDzANBgNVBAcTBk1vc2NvdzEXMBUG" +
"A1UEChMOQ1JZUFRPLVBSTyBMTEMxITAfBgNVBAMTGENSWVBUTy1QUk8gVGVzdCBDZW50ZXIgMgIT" +
"EgBArINjccz+qJGtcQABAECsgzAMBggqhQMHAQECAgUAoIIBcTAYBgkqhkiG9w0BCQMxCwYJKoZI" +
"hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMDAzMDMwOTU3MzZaMB0GCisGAQQBgjdYAgExDwQNRG9j" +
"dW1lbnQgTmFtZTAvBgkqhkiG9w0BCQQxIgQgOUzu38jfujfOzd+gclbtVpWhnsoUpyBVI9mjbQRU" +
"i3YwgeYGCyqGSIb3DQEJEAIvMYHWMIHTMIHQMIHNMAoGCCqFAwcBAQICBCB4xIE4DsAdaJ7tgD0r" +
"tGfvs5nNu4YlTpH3lkncxb1AeDCBnDCBhKSBgTB/MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGNy" +
"eXB0b3Byby5ydTELMAkGA1UEBhMCUlUxDzANBgNVBAcTBk1vc2NvdzEXMBUGA1UEChMOQ1JZUFRP" +
"LVBSTyBMTEMxITAfBgNVBAMTGENSWVBUTy1QUk8gVGVzdCBDZW50ZXIgMgITEgBArINjccz+qJGt" +
"cQABAECsgzAMBggqhQMHAQEBAQUABEC2Mlm54/dY+H8xBosYFpcGqqvqJy3jSIa3nMGeXccHbE65" +
"ZDoD6htyKbvkA8666iWCFQ3Ozv8UsgQxwqkGbvBX";

import com.itextpdf.text.DocumentException;
import com.itextpdf.text.pdf.AcroFields;
import com.itextpdf.text.pdf.PdfName;
import com.itextpdf.text.pdf.PdfReader;
import com.itextpdf.text.pdf.PdfSignatureAppearance;
import com.itextpdf.text.pdf.PdfStamper;
import com.itextpdf.text.pdf.PdfString;
import com.itextpdf.text.pdf.security.ExternalBlankSignatureContainer;
import com.itextpdf.text.pdf.security.ExternalSignatureContainer;
import com.itextpdf.text.pdf.security.MakeSignature;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Service;
import ru.CryptoPro.CAdES.CAdESSignature;
import ru.CryptoPro.CAdES.exception.CAdESException;
import ru.bia.traffic.exceptons.InternalException;
import ru.bia.traffic.models.BrowserSignatureContainer;
import ru.bia.traffic.models.Subject;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;

public class SignFilePdf {


public byte[] sign(byte[] document, String signature) throws CAdESException {
byte[] result;
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
try {
CAdESSignature cadesSignature = new CAdESSignature(Base64.getDecoder().decode(signature), null, null);
Subject subject = new Subject(cadesSignature
.getCAdESSignerInfo(0)
.getSignerCertificate()
.getSubjectX500Principal()
.getEncoded()
);
X509Certificate certificate = cadesSignature
.getCAdESSignerInfo(0)
.getSignerCertificate();
PdfReader reader = new PdfReader(getDocumentWithEmptySignatureContainer(
document,
subject,
certificate));
ExternalSignatureContainer container = new BrowserSignatureContainer(signature,
PdfName.ADOBE_CryptoProPDF,
PdfName.ADBE_PKCS7_DETACHED);
AcroFields af = reader.getAcroFields();
ArrayList<String> signatureNames = af.getSignatureNames();
if (signatureNames.isEmpty()) {
throw new InternalException("Document dont contains signature field!");
}
MakeSignature.signDeferred(reader, signatureNames.get(signatureNames.size() - 1), outputStream, container);
result = outputStream.toByteArray();
}
catch (IOException e) {
throw new InternalException("IO exception by edd empty signature field : ", e);
}
catch (GeneralSecurityException e) {
throw new InternalException("Security exception by edd empty signature field : ", e);
}
catch (DocumentException e) {
throw new InternalException("Document exception by edd empty signature field : ", e);
}
finally {
try {
outputStream.close();
}
catch (IOException e) {
log.error("Error close stream document {}", e.getMessage());
}
}
return result;
}

public byte[] getDocumentWithEmptySignatureContainer(byte[] document,
Subject subject,
X509Certificate certificate)
throws GeneralSecurityException, IOException, DocumentException {
byte[] data;
ByteArrayOutputStream os = new ByteArrayOutputStream();
PdfReader reader = new PdfReader(document);
try {
PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0');
PdfSignatureAppearance appearance = stamper.getSignatureAppearance();
appearance.setCertificate(certificate);
appearance.setLocation(subject.country());
appearance.setLocationCaption(subject.state().orElse(""));
appearance.setSignatureCreator(subject.commonName());
appearance.setContact(subject.email().orElse(""));
appearance.setReason("Я рецензировал этот документ");
appearance.setSignatureEvent(
sig -> sig.put(PdfName.NAME, new PdfString(subject.commonName()))
);
appearance.setCertificationLevel(PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED);

ExternalSignatureContainer external = new ExternalBlankSignatureContainer(PdfName.ADOBE_CryptoProPDF,
PdfName.ADBE_PKCS7_DETACHED);
MakeSignature.signExternalContainer(appearance, external, 8192);
data = os.toByteArray();
}
finally {
reader.close();
os.close();
}
return data;
}
}

import com.itextpdf.text.pdf.PdfDictionary;
import com.itextpdf.text.pdf.PdfName;
import com.itextpdf.text.pdf.security.ExternalSignatureContainer;

import java.io.InputStream;
import java.util.Base64;

public class BrowserSignatureContainer implements ExternalSignatureContainer {
private byte[] sinedData;
private PdfDictionary sigDic;

public BrowserSignatureContainer(String signature, PdfName filter, PdfName subFilter) {
this.sinedData = Base64.getDecoder().decode(signature);
this.sigDic = new PdfDictionary();
this.sigDic.put(PdfName.FILTER, filter);
this.sigDic.put(PdfName.SUBFILTER, subFilter);
}

public byte[] sign(InputStream is) {
return sinedData;
}

public void modifySigningDictionary(PdfDictionary pdfDictionary) {
sigDic.putAll(this.sigDic);
}
}