如何使用 pdfbox 启用长期验证 (LTV)
How to enable Long Term Validation (LTV) with pdfbox
我使用 pdfbox 进行签名,但是当在 acrobat 中检查签名时 reader 结果:长期验证 (LTV) 未启用
这是我的源代码
@Override
public byte[] sign(InputStream content) throws IOException {
try {
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
X509Certificate cert = (X509Certificate) this.certificateChain[0];
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256WithRSA").build(this.privateKey);
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).build(sha1Signer, cert));
gen.addCertificates(new JcaCertStore(Arrays.asList(this.certificateChain)));
CMSProcessableInputStream msg = new CMSProcessableInputStream(content);
CMSSignedData signedData = gen.generate(msg, false);
//add timestamp if TSA is available
TimeStampManager timeStampManager = new TimeStampManager();
signedData = timeStampManager.addSignedTimeStamp(signedData, timeStampToken);
return signedData.getEncoded();
} catch (Exception e) {
// Write log error sign to table Log in DB
// TODO: 10/19/20
//throw new IOException cause a SignatureInterface
throw new IOException(e);
}
}
TimestampManager.addSignedTimeStamp
/**
* Extend cms signed data with TimeStamp first or to all signers
*
* @param signedData Generated CMS signed data
* @param timeStampToken TimeStampToken
* @return CMSSignedData Extended CMS signed data
* @throws IOException, TSPException
*/
public CMSSignedData addSignedTimeStamp(CMSSignedData signedData, TimeStampToken timeStampToken) throws IOException, TSPException {
SignerInformationStore signerStore = signedData.getSignerInfos();
List<SignerInformation> signersWithTimeStamp = new ArrayList<>();
for (SignerInformation signer : signerStore.getSigners()) {
// This adds a timestamp to every signer (into his unsigned attributes) in the signature.
signersWithTimeStamp.add(signTimeStamp(signer, timeStampToken));
}
// new SignerInformationStore have to be created cause new SignerInformation instance
// also SignerInformationStore have to be replaced in a signedData
return CMSSignedData.replaceSigners(signedData, new SignerInformationStore(signersWithTimeStamp));
}
/**
* Extend CMS Signer Information with the TimeStampToken into the unsigned Attributes.
*
* @param signer information about signer
* @return information about SignerInformation
* @throws IOException
*/
private SignerInformation signTimeStamp(SignerInformation signer, TimeStampToken timeStampToken) throws IOException, TSPException {
AttributeTable unsignedAttributes = signer.getUnsignedAttributes();
ASN1EncodableVector vector = new ASN1EncodableVector();
if (unsignedAttributes != null) {
vector = unsignedAttributes.toASN1EncodableVector();
}
byte[] token = timeStampToken.getEncoded();
ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken;
ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token)));
vector.add(signatureTimeStamp);
Attributes signedAttributes = new Attributes(vector);
// replace unsignedAttributes with the signed once
return SignerInformation.replaceUnsignedAttributes(signer, new AttributeTable(signedAttributes));
}
我希望签名自动启用 LTV 与此相同
请帮助在我的源代码中使用 pdfbox 自动启用 LTV 签名!
谢谢!
更新:
我使用 pdf-example 版本 2.0.21 时的问题
然后我将 pdf-example 版本更新为 2.0.23 然后我的问题就解决了
我使用 pdfbox 进行签名,但是当在 acrobat 中检查签名时 reader 结果:长期验证 (LTV) 未启用
这是我的源代码
@Override
public byte[] sign(InputStream content) throws IOException {
try {
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
X509Certificate cert = (X509Certificate) this.certificateChain[0];
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256WithRSA").build(this.privateKey);
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).build(sha1Signer, cert));
gen.addCertificates(new JcaCertStore(Arrays.asList(this.certificateChain)));
CMSProcessableInputStream msg = new CMSProcessableInputStream(content);
CMSSignedData signedData = gen.generate(msg, false);
//add timestamp if TSA is available
TimeStampManager timeStampManager = new TimeStampManager();
signedData = timeStampManager.addSignedTimeStamp(signedData, timeStampToken);
return signedData.getEncoded();
} catch (Exception e) {
// Write log error sign to table Log in DB
// TODO: 10/19/20
//throw new IOException cause a SignatureInterface
throw new IOException(e);
}
}
TimestampManager.addSignedTimeStamp
/**
* Extend cms signed data with TimeStamp first or to all signers
*
* @param signedData Generated CMS signed data
* @param timeStampToken TimeStampToken
* @return CMSSignedData Extended CMS signed data
* @throws IOException, TSPException
*/
public CMSSignedData addSignedTimeStamp(CMSSignedData signedData, TimeStampToken timeStampToken) throws IOException, TSPException {
SignerInformationStore signerStore = signedData.getSignerInfos();
List<SignerInformation> signersWithTimeStamp = new ArrayList<>();
for (SignerInformation signer : signerStore.getSigners()) {
// This adds a timestamp to every signer (into his unsigned attributes) in the signature.
signersWithTimeStamp.add(signTimeStamp(signer, timeStampToken));
}
// new SignerInformationStore have to be created cause new SignerInformation instance
// also SignerInformationStore have to be replaced in a signedData
return CMSSignedData.replaceSigners(signedData, new SignerInformationStore(signersWithTimeStamp));
}
/**
* Extend CMS Signer Information with the TimeStampToken into the unsigned Attributes.
*
* @param signer information about signer
* @return information about SignerInformation
* @throws IOException
*/
private SignerInformation signTimeStamp(SignerInformation signer, TimeStampToken timeStampToken) throws IOException, TSPException {
AttributeTable unsignedAttributes = signer.getUnsignedAttributes();
ASN1EncodableVector vector = new ASN1EncodableVector();
if (unsignedAttributes != null) {
vector = unsignedAttributes.toASN1EncodableVector();
}
byte[] token = timeStampToken.getEncoded();
ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken;
ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token)));
vector.add(signatureTimeStamp);
Attributes signedAttributes = new Attributes(vector);
// replace unsignedAttributes with the signed once
return SignerInformation.replaceUnsignedAttributes(signer, new AttributeTable(signedAttributes));
}
我希望签名自动启用 LTV 与此相同
请帮助在我的源代码中使用 pdfbox 自动启用 LTV 签名! 谢谢!
更新: 我使用 pdf-example 版本 2.0.21 时的问题 然后我将 pdf-example 版本更新为 2.0.23 然后我的问题就解决了