Last active
February 24, 2024 13:53
-
-
Save simonesestito/a9b4e03d3110109f04054af4b6e7b43f to your computer and use it in GitHub Desktop.
Electronically sign and timestamp PDF files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Script to quickly electronically sign | |
| # and apply a qualified eIDAS timestamp | |
| # on a PDF document of your choice. | |
| # | |
| # Java is required. | |
| # open-pdf-sign software will be used. | |
| # | |
| # You MUST have a certificate before using this script. | |
| # A suggestion may be to request a free s/mime certificate | |
| # for your email address from https://www.actalis.com/s-mime-certificates.aspx | |
| # (this link is NOT affiliated in any way, I simply used this service and I liked it). | |
| # | |
| # This script will use Sectigo eIDAS qualified timestamp authority. | |
| # In case you don't like that, change TSA_URL, for example | |
| # using FreeTSA or any other TSA you like. | |
| # | |
| # In case you are not Italian, please change the strings | |
| # in the Localization section. | |
| # Also, adapt the signature positioning variables to your document. | |
| # | |
| # Usage: ./sign_pdf.sh <input_unsigned_pdf> | |
| # | |
| set -e | |
| # Constants | |
| JAR_FILE="open-pdf-sign.jar" | |
| JAR_DOWNLOAD_URL="https://github.com/open-pdf-sign/open-pdf-sign/releases/latest/download/open-pdf-sign.jar" | |
| TSA_URL="http://timestamp.sectigo.com/qualified" | |
| SMIME_CERT="smime_cert.pem" | |
| SMIME_KEY="smime_key.pem" | |
| # Localization | |
| TIMEZONE="Europe/Rome" | |
| LABEL_HINT="Informazioni" | |
| LABEL_SIGNEE="Rilasciato da" | |
| LABEL_TIMESTAMP="Data e ora" | |
| HINT_TEXT="Digitalizzazione con firma elettronica e marca temporale. Verificabile su https://vol.ca.notariato.it/it" | |
| # Signature positioning | |
| SIGNATURE_WIDTH=19 | |
| SIGNATURE_MARGIN_TOP=1 | |
| SIGNATURE_BOX_PAGE=-1 | |
| SIGNATURE_PARAMS=--add-page | |
| # Uncomment the following lines to make the signature box | |
| # at the bottom of the last page (without adding one) | |
| # SIGNATURE_MARGIN_TOP=26.5 | |
| # SIGNATURE_PARAMS= | |
| # Function to check if Java is installed | |
| check_java() { | |
| if ! command -v java &> /dev/null; then | |
| echo -e "\033[0;31mError: Java is not installed or not in the PATH.\033[0m" | |
| exit 1 | |
| fi | |
| } | |
| check_java | |
| # Function to check if a file exists | |
| check_file_exists() { | |
| if [ -f "$1" ]; then | |
| echo -e "\033[0;36m$1 found\033[0m" | |
| else | |
| echo -e "\033[0;31mError: \033[1;31m$1\033[0;31m not found.\033[0m" | |
| return 1 | |
| fi | |
| } | |
| # Function to download open-pdf-sign.jar | |
| download_open_pdf_sign() { | |
| if ! check_file_exists "$JAR_FILE"; then | |
| read -p "Do you want to download Open PDF Sign? [y/N]: " choice | |
| case "$choice" in | |
| y|Y|yes|YES ) curl \ | |
| --location \ | |
| --output "$JAR_FILE" \ | |
| "$JAR_DOWNLOAD_URL" ;; | |
| * ) return 1 ;; | |
| esac | |
| fi | |
| } | |
| # Function to print help | |
| print_help() { | |
| echo "Usage: $0 <input_pdf>" | |
| echo "Example: $0 input.pdf" | |
| } | |
| # Check if the input file argument is provided | |
| if [ -z "$1" ]; then | |
| print_help | |
| exit 1 | |
| fi | |
| # Store input file in variable | |
| INPUT_FILE="$1" | |
| # Check if the input file exists | |
| check_file_exists "$INPUT_FILE" | |
| # Check if the input file is a PDF | |
| if [[ ! "$INPUT_FILE" =~ \.pdf$ ]]; then | |
| echo -e "\033[0;31mError: \033[1;31m$INPUT_FILE\033[0;31m is not a PDF file.\033[0m" | |
| exit 1 | |
| fi | |
| # Check if JAR file exists | |
| download_open_pdf_sign | |
| # Check if S/MIME certificate exists | |
| check_file_exists "$SMIME_CERT" | |
| # Check if S/MIME private key exists | |
| check_file_exists "$SMIME_KEY" | |
| # Define output file name with _signed suffix | |
| OUTPUT_FILE="${INPUT_FILE%.pdf}_signed.pdf" | |
| # Execute Open PDF Sign | |
| set +e | |
| java -jar "$JAR_FILE" \ | |
| -i "$INPUT_FILE" \ | |
| -o "$OUTPUT_FILE" \ | |
| -c "$SMIME_CERT" \ | |
| -k "$SMIME_KEY" \ | |
| --timestamp \ | |
| --tsa "$TSA_URL" \ | |
| --timezone "$TIMEZONE" \ | |
| --page "$SIGNATURE_BOX_PAGE" \ | |
| --label-hint "$LABEL_HINT" \ | |
| --label-signee "$LABEL_SIGNEE" \ | |
| --label-timestamp "$LABEL_TIMESTAMP" \ | |
| --hint "$HINT_TEXT" \ | |
| --width "$SIGNATURE_WIDTH" \ | |
| --top "$SIGNATURE_MARGIN_TOP" \ | |
| $SIGNATURE_PARAMS | |
| # Check if the Java command executed successfully | |
| if [ $? -eq 0 ]; then | |
| echo -e "\033[0;32mPDF signed successfully: \033[1m$OUTPUT_FILE\033[0m" | |
| else | |
| echo -e "\033[0;31mError: An error occurred during PDF signing. Exit code: \033[1m$?\033[0m" | |
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Script to quickly electronically sign | |
| # and apply a qualified eIDAS timestamp | |
| # on a PDF document of your choice. | |
| # | |
| # [ THIS VERSION WILL BE INVISIBLE ] | |
| # | |
| # Java is required. | |
| # open-pdf-sign software will be used. | |
| # | |
| # You MUST have a certificate before using this script. | |
| # A suggestion may be to request a free s/mime certificate | |
| # for your email address from https://www.actalis.com/s-mime-certificates.aspx | |
| # (this link is NOT affiliated in any way, I simply used this service and I liked it). | |
| # | |
| # This script will use Sectigo eIDAS qualified timestamp authority. | |
| # In case you don't like that, change TSA_URL, for example | |
| # using FreeTSA or any other TSA you like. | |
| # | |
| # Usage: ./sign_pdf.sh <input_unsigned_pdf> | |
| # | |
| set -e | |
| # Constants | |
| JAR_FILE="open-pdf-sign.jar" | |
| JAR_DOWNLOAD_URL="https://github.com/open-pdf-sign/open-pdf-sign/releases/latest/download/open-pdf-sign.jar" | |
| TSA_URL="http://timestamp.sectigo.com/qualified" | |
| SMIME_CERT="smime_cert.pem" | |
| SMIME_KEY="smime_key.pem" | |
| TIMEZONE="Europe/Rome" #! Change it if necessary | |
| # Function to check if Java is installed | |
| check_java() { | |
| if ! command -v java &> /dev/null; then | |
| echo -e "\033[0;31mError: Java is not installed or not in the PATH.\033[0m" | |
| exit 1 | |
| fi | |
| } | |
| check_java | |
| # Function to check if a file exists | |
| check_file_exists() { | |
| if [ -f "$1" ]; then | |
| echo -e "\033[0;36m$1 found\033[0m" | |
| else | |
| echo -e "\033[0;31mError: \033[1;31m$1\033[0;31m not found.\033[0m" | |
| return 1 | |
| fi | |
| } | |
| # Function to download open-pdf-sign.jar | |
| download_open_pdf_sign() { | |
| if ! check_file_exists "$JAR_FILE"; then | |
| read -p "Do you want to download Open PDF Sign? [y/N]: " choice | |
| case "$choice" in | |
| y|Y|yes|YES ) curl \ | |
| --location \ | |
| --output "$JAR_FILE" \ | |
| "$JAR_DOWNLOAD_URL" ;; | |
| * ) return 1 ;; | |
| esac | |
| fi | |
| } | |
| # Function to print help | |
| print_help() { | |
| echo "Usage: $0 <input_pdf>" | |
| echo "Example: $0 input.pdf" | |
| } | |
| # Check if the input file argument is provided | |
| if [ -z "$1" ]; then | |
| print_help | |
| exit 1 | |
| fi | |
| # Store input file in variable | |
| INPUT_FILE="$1" | |
| # Check if the input file exists | |
| check_file_exists "$INPUT_FILE" | |
| # Check if the input file is a PDF | |
| if [[ ! "$INPUT_FILE" =~ \.pdf$ ]]; then | |
| echo -e "\033[0;31mError: \033[1;31m$INPUT_FILE\033[0;31m is not a PDF file.\033[0m" | |
| exit 1 | |
| fi | |
| # Check if JAR file exists | |
| download_open_pdf_sign | |
| # Check if S/MIME certificate exists | |
| check_file_exists "$SMIME_CERT" | |
| # Check if S/MIME private key exists | |
| check_file_exists "$SMIME_KEY" | |
| # Define output file name with _signed suffix | |
| OUTPUT_FILE="${INPUT_FILE%.pdf}_signed.pdf" | |
| # Execute Open PDF Sign | |
| set +e | |
| java -jar "$JAR_FILE" \ | |
| -i "$INPUT_FILE" \ | |
| -o "$OUTPUT_FILE" \ | |
| -c "$SMIME_CERT" \ | |
| -k "$SMIME_KEY" \ | |
| --timestamp \ | |
| --tsa "$TSA_URL" \ | |
| --timezone "$TIMEZONE" | |
| # Check if the Java command executed successfully | |
| if [ $? -eq 0 ]; then | |
| echo -e "\033[0;32mPDF signed successfully: \033[1m$OUTPUT_FILE\033[0m" | |
| else | |
| echo -e "\033[0;31mError: An error occurred during PDF signing. Exit code: \033[1m$?\033[0m" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment