我使用sign jar applet签署pdf但签名时有错误
java.security.AccessControlException:拒绝访问(“java.lang.RuntimePermission”“accessClassInPackage.sun.security.mscapi”)
at java.security.AccessControlContext.checkPermission(Unknown Source)
在java.security.AccessController.checkPermission(未知来源)
在java.lang.SecurityManager.checkPermission(未知来源)
在java.lang.SecurityManager.checkPackageAccess(未知来源)
at sun.plugin2.applet.SecurityManagerHelper.checkPackageAccessHelper(Unknown Source)
at sun.plugin2.applet.AWTAppletSecurityManager.checkPackageAccess(Unknown Source)
at sun.misc.Launcher $ AppClassLoader.loadClass(Unknown Source)
在java.lang.ClassLoader.loadClass(未知来源)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
...
在java.lang.Thread.run(未知来源)
我的罐子签了
jarsigner -verify -verbose -certs .\target\SignApplet40-1.0-SNAPSHOT.jar
s 599534 Wed Feb 21 08:43:46 ICT 2018 META-INF/MANIFEST.MF
[entry was signed on 2/21/18 8:43 AM]
X.509, CN=xxx
[certificate is valid from 1/19/18 7:00 AM to 1/20/19 6:59 AM]
X.509, CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
[certificate is valid from 5/9/13 7:00 AM to 5/9/28 6:59 AM]
X.509, CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
[certificate is valid from 1/19/10 7:00 AM to 1/19/38 6:59 AM]
[CertPath not validated: Path does not chain with any of the trust anchors]
...
sm 40426 Wed Feb 21 08:43:36 ICT 2018 com/itextpdf/testutils/CompareTool.class
[entry was signed on 2/21/18 8:43 AM]
X.509, CN=xxx
[certificate is valid from 1/19/18 7:00 AM to 1/20/19 6:59 AM]
X.509, CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
[certificate is valid from 5/9/13 7:00 AM to 5/9/28 6:59 AM]
X.509, CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
[certificate is valid from 1/19/10 7:00 AM to 1/19/38 6:59 AM]
[CertPath not validated: Path does not chain with any of the trust anchors]
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
Warning:
This jar contains entries whose certificate chain is not validated.
这是我的代码来自usb令牌的cer
public String signByToken(TokenInfor tokenInfo)
throws Exception, IOException, GeneralSecurityException, DocumentException
{
byte[] pdfByteArray = Base64.decodeBase64(tokenInfo.getContentToSign());
;
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
// privileged code goes here, for example:
Security.addProvider(new BouncyCastleProvider());
return null; // nothing to return
}
});
SunMSCAPI providerMSCAPI = (SunMSCAPI) AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
// privileged code goes here, for example:
SunMSCAPI provider = new SunMSCAPI();
Security.addProvider(provider);
return provider; // nothing to return
}
});
KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null);
String alias = "";
Enumeration oEnum = ks.aliases();
while(oEnum.hasMoreElements()) {
String _alias = (String)oEnum.nextElement();
x509Cert = (X509Certificate)ks.getCertificate(_alias);
if(x509Cert.getSerialNumber().toString(16).equalsIgnoreCase(tokenInfo.getSelectedCertificate())) {
alias = _alias;
break;
}
}
if (alias == "")
throw new Exception("Can not found token. \n \n Please insert token with serial number : " + tokenInfo.getSelectedCertificate());
PrivateKey pk = (PrivateKey)ks.getKey(alias, null);
Certificate[] chain = ks.getCertificateChain(alias);
byte[] outPdfByteArray = sign(pdfByteArray, chain, pk, DigestAlgorithms.SHA1,
providerMSCAPI.getName(), MakeSignature.CryptoStandard.CMS);
return Base64.encodeBase64String(outPdfByteArray);
}