我可以签署我的pdf并通过添加我的smith.crt验证它在adobe reader中受信任(我得到绿色复选标记),我的问题是证明我的pdf,我无法在左上角看到蓝丝带我的pdf的一角,是因为我使用自签名证书吗? 我收到了消息:
文件认证的有效性是未知的。作者 无法验证。
你能帮帮我吗,我怎么能得到那个蓝带?
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import com.itextpdf.text.Document;
import com.itextpdf.text.DocumentException;
import com.itextpdf.text.Paragraph;
import com.itextpdf.text.Rectangle;
import com.itextpdf.text.pdf.PdfReader;
import com.itextpdf.text.pdf.PdfSignatureAppearance;
import com.itextpdf.text.pdf.PdfStamper;
import com.itextpdf.text.pdf.PdfWriter;
import com.itextpdf.text.pdf.security.BouncyCastleDigest;
import com.itextpdf.text.pdf.security.ExternalDigest;
import com.itextpdf.text.pdf.security.ExternalSignature;
import com.itextpdf.text.pdf.security.MakeSignature.CryptoStandard;
import com.itextpdf.text.pdf.security.PrivateKeySignature;
import com.itextpdf.text.pdf.security.MakeSignature;
public class SO {
public static String ORIGINAL = "src/test.pdf";
public static String SIGNED1 = "src/signedtest.pdf";
public void createPdf(String filename) throws IOException, DocumentException {
Document document = new Document();
PdfWriter.getInstance(document, new FileOutputStream(filename));
document.open();
document.add(new Paragraph("Test!"));
document.close();
}
public void signPdf(String src, String dest)
throws IOException, DocumentException, GeneralSecurityException {
String path = "src/keyS";
String keystore_password = "SOSOSO";
String key_password = "SOSOSO";
String alias = "SO";
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream(path), keystore_password.toCharArray());
PrivateKey pk = (PrivateKey) ks.getKey(alias, key_password.toCharArray());
Certificate[] chain = ks.getCertificateChain(alias);
// reader / stamper
PdfReader reader = new PdfReader(src);
FileOutputStream os = new FileOutputStream(dest);
PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0', null, true);
// appearance
PdfSignatureAppearance appearance = stamper
.getSignatureAppearance();
appearance.setReason("Test");
appearance.setLocation("Test st.");
appearance.setVisibleSignature(new Rectangle(350, 750, 500, 800), 1, "first");
appearance.setCertificationLevel(PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED);
// digital signature
ExternalSignature es = new PrivateKeySignature(pk, "SHA-256", "BC");
ExternalDigest digest = new BouncyCastleDigest();
MakeSignature.signDetached(appearance, digest, es, chain, null, null, null, 0, CryptoStandard.CMS);
}
public static void main(String[] args)
throws IOException, DocumentException, GeneralSecurityException {
Security.addProvider(new BouncyCastleProvider());
SO potpis = new SO();
potpis.createPdf(ORIGINAL);
potpis.signPdf(ORIGINAL, SIGNED1);
}
}
答案 0 :(得分:0)
验证需要CA(证书颁发机构)。将文档复制到新站点(客户的计算机)时,它将通过可信CA存储执行验证。在那里,它找不到你,验证失败。
您可以尝试并将自己注册为受信任的CA,但它仅用于在开发环境中测试您的代码。
要拥有真实的东西,您必须使用已在新站点(客户的计算机)注册的可信CA.通常,在互联网上,这意味着您需要 REAL CA(VeriSign或类似)。
有关在计算机上安装可信CA的详情:How to install a Trusted Root CA Certificates
同样,后一个选项会为您的网站(开发机器)提供蓝丝带,但不会在任何其他网站(客户的计算机)上为您提供蓝丝带。