我正在使用数字签名验证,在写我的问题之前我必须说我发现了很多例子,我相信有些例子与较旧的iText版本有关,因为它似乎不再存在。
我正在使用iText 5.8.8并且我没有任何例外,但是当我检查验证状态时它总是返回false并且我不知道该怎么做,我开始认为在这期间可能有问题。签名过程但仍然不知道是什么。
这是我试图检查它的方式:
public List<VerificationException> verifySignatures(byte[] assinado) throws GeneralSecurityException, IOException {
// Security.addProvider(pkcs11Provider);
List<VerificationException> errors = null;
PdfReader reader = new PdfReader(assinado);
AcroFields af = reader.getAcroFields();
ArrayList<String> names = af.getSignatureNames();
for (String name : names) {
System.out.println("Signature name: " + name);
System.out.println("Signature covers whole document: " + af.signatureCoversWholeDocument(name));
System.out.println("Document revision: " + af.getRevision(name) + " of " + af.getTotalRevisions());
PdfPKCS7 pk = af.verifySignature(name);
if (!pk.verify()) {
throw new GeneralSecurityException("some erros message... ");
}
}
关键是每次检查pk.verify()时都会返回false。用于验证的名称是在签名过程中设置的,它是这样的 JOHN DOE:00000099999证书
以下是它的签名方式:
public byte[] signPdfFirstTime(PrivateKey pk, Certificate[] chain, String providerName, String conteudoBase64, X509Certificate cert, String alias) throws IOException, DocumentException, GeneralSecurityException {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
Document document = new Document();
PdfWriter.getInstance(document, bos);
document.open();
document.addTitle("Dummy PDF");
document.addSubject("Dummy PDF");
document.addKeywords("dummy, test");
document.addAuthor("John Doe ");
document.addCreator("John Doe ");
document.newPage();
document.add(new Paragraph("Title2"));
document.close();
String name = alias;
byte[] bytes = bos.toByteArray();
PdfReader reader = new PdfReader(bytes);
PdfStamper stamper = PdfStamper.createSignature(reader, bos, '\0');
PdfSignatureAppearance appearance = stamper.getSignatureAppearance();
appearance.setReason("REASON");
appearance.setLocation("CITY");
appearance.setCertificate(cert);
Rectangle rectangle = new Rectangle(550, 50, 610, 500);
//here it goes the name
appearance.setVisibleSignature(rectangle, 1, name);
// Creating the signature
ExternalSignature pks = new PrivateKeySignature(pk, DigestAlgorithms.SHA256, providerName);
ExternalDigest digest = new BouncyCastleDigest();
List<CrlClient> crlList = new ArrayList<CrlClient>();
crlList.add(new CrlClientOnline());
LtvVerification v = stamper.getLtvVerification();
OcspClient ocspClient = new OcspClientBouncyCastle();
String url = CertificateUtil.getCRLURL(cert);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL crl = (X509CRL) cf.generateCRL(new URL(url).openStream());
System.out.println("CRL valid until: " + crl.getNextUpdate());
System.out.println("Certificate revoked: " + crl.isRevoked(chain[0]));
if (crl.isRevoked(chain[0])) {
throw new GeneralSecurityException("CERT REVOKED!");
}
else {
MakeSignature.processCrl(cert, crlList);
MakeSignature.signDetached(appearance, digest, pks, chain, null, null, null, 0, CryptoStandard.CMS);
byte[] b = bos.toByteArray();
bos.close();
return b;
}
}
正在针对从上面的方法返回的字节数组验证签名