问题
I can sign my pdf and verify it by adding my smith.crt to be trusted in adobe reader (i get the green check mark) , my problem is certifying my pdf, i can not get the blue ribbon in the top left corner of my pdf, is it because i use the self-signed certificate?
I get the message:
The validity of the document certification is UNKNOWN. The author could not be verified.
Can you please help me out, how can I get that blue ribbon?
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import com.itextpdf.text.Document;
import com.itextpdf.text.DocumentException;
import com.itextpdf.text.Paragraph;
import com.itextpdf.text.Rectangle;
import com.itextpdf.text.pdf.PdfReader;
import com.itextpdf.text.pdf.PdfSignatureAppearance;
import com.itextpdf.text.pdf.PdfStamper;
import com.itextpdf.text.pdf.PdfWriter;
import com.itextpdf.text.pdf.security.BouncyCastleDigest;
import com.itextpdf.text.pdf.security.ExternalDigest;
import com.itextpdf.text.pdf.security.ExternalSignature;
import com.itextpdf.text.pdf.security.MakeSignature.CryptoStandard;
import com.itextpdf.text.pdf.security.PrivateKeySignature;
import com.itextpdf.text.pdf.security.MakeSignature;
public class SO {
public static String ORIGINAL = "src/test.pdf";
public static String SIGNED1 = "src/signedtest.pdf";
public void createPdf(String filename) throws IOException, DocumentException {
Document document = new Document();
PdfWriter.getInstance(document, new FileOutputStream(filename));
document.open();
document.add(new Paragraph("Test!"));
document.close();
}
public void signPdf(String src, String dest)
throws IOException, DocumentException, GeneralSecurityException {
String path = "src/keyS";
String keystore_password = "SOSOSO";
String key_password = "SOSOSO";
String alias = "SO";
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream(path), keystore_password.toCharArray());
PrivateKey pk = (PrivateKey) ks.getKey(alias, key_password.toCharArray());
Certificate[] chain = ks.getCertificateChain(alias);
// reader / stamper
PdfReader reader = new PdfReader(src);
FileOutputStream os = new FileOutputStream(dest);
PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0', null, true);
// appearance
PdfSignatureAppearance appearance = stamper
.getSignatureAppearance();
appearance.setReason("Test");
appearance.setLocation("Test st.");
appearance.setVisibleSignature(new Rectangle(350, 750, 500, 800), 1, "first");
appearance.setCertificationLevel(PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED);
// digital signature
ExternalSignature es = new PrivateKeySignature(pk, "SHA-256", "BC");
ExternalDigest digest = new BouncyCastleDigest();
MakeSignature.signDetached(appearance, digest, es, chain, null, null, null, 0, CryptoStandard.CMS);
}
public static void main(String[] args)
throws IOException, DocumentException, GeneralSecurityException {
Security.addProvider(new BouncyCastleProvider());
SO potpis = new SO();
potpis.createPdf(ORIGINAL);
potpis.signPdf(ORIGINAL, SIGNED1);
}
}
回答1:
Verification requires a CA (Certification Authority). When you copy the document to a new site (customer's computer), it will perform verification by going through the trusted CA store. There, it cannot find you and verification fails.
You may try and register yourself as a Trusted CA, but it is for the only purpose to test your code in a development environment.
To have the real thing, you must use a Trusted CA that is already registered at the new site (customer's computer). Generally, on the Internet at large this means you need a REAL CA (VeriSign or similar).
More about installing a Trusted CA on your computer: How to install a Trusted Root CA Certificates
Again, this latter option will give you the blue ribbon on your site (development machine) but not on any other site (customer's computer).
来源:https://stackoverflow.com/questions/24990757/certifying-pdf-document-with-itext