1

我正在使用 Itext 签署文件。我有那个方法:

public static void sign(String src, String dest, Certificate[] chain,PrivateKey pk, String digestAlgorithm, String provider,CryptoStandard subfilter, TSAClient tsa )
{

        // Creating the reader and the stamper
        PdfReader reader = new PdfReader(src);
        FileOutputStream os = new FileOutputStream(dest);
        PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0');

        // Creating the appearance
        PdfSignatureAppearance appearance = stamper.getSignatureAppearance();
        appearance.setVisibleSignature(new Rectangle(10, 20, 100, 200), 1, "sig");

        // Creating the signature
        ExternalDigest digest = new BouncyCastleDigest();
        ExternalSignature signature = new PrivateKeySignature(pk,
        digestAlgorithm, provider);
        MakeSignature.signDetached(appearance, digest, signature, chain, null,null, tsa, 0, subfilter);


        // ALREADY SIGNED. ADD LTB NOW.
        CrlClient crlClient = new CrlClientOnline("http://crl.mycrl.com/mycrl.crl");
        OcspClient  ocspClient=new OcspClientBouncyCastle();              
    addLtv(DEST, DEST2, ocspClient, crlClient, tsa);

    }

我签名:

sign(SRC, String.format(DEST, 1), chain, pk, DigestAlgorithms.SHA256, provider.getName(), CryptoStandard.CMS, "For Testing", " location", tsa);

一切正常。PDF签名良好

但是,我无法添加 ltv。我使用来自 itext 文档的代码:

public static void addLtv(String src, String dest, OcspClient ocsp, CrlClient crl,
        TSAClient tsa) throws IOException, DocumentException,
        GeneralSecurityException {

    PdfReader r = new PdfReader(src);
    FileOutputStream fos = new FileOutputStream(dest);

    PdfStamper stp = PdfStamper.createSignature(r, fos, '\0', null, true);
    LtvVerification v = stp.getLtvVerification();

    AcroFields fields = stp.getAcroFields();

    List<String> names = fields.getSignatureNames();
    String sigName = names.get(names.size() - 1);

    PdfPKCS7 pkcs7 = fields.verifySignature(sigName);

    if (pkcs7.isTsp()) {
            v.addVerification(sigName, ocsp, crl,
                LtvVerification.CertificateOption.SIGNING_CERTIFICATE,
                LtvVerification.Level.OCSP_CRL,
                LtvVerification.CertificateInclusion.NO);
    }

    else {
        for (String name : names) {
            v.addVerification(name, ocsp, crl,
                    LtvVerification.CertificateOption.WHOLE_CHAIN,
                    LtvVerification.Level.OCSP_CRL,
                    LtvVerification.CertificateInclusion.NO);
        }
    }
    PdfSignatureAppearance sap = stp.getSignatureAppearance();
    LtvTimestamp.timestamp(sap, tsa, null);
}

已编辑:一切正常,但在 LtvTimestamp.timestamp(sap, tsa, null); 我有那个错误:线程“main”java.io.IOException中的异常:没有足够的空间

那是我的 pdf: https ://www.dropbox.com/s/o05rw6ubiuslm4j/DOC_SIGNED.pdf

Exception in thread "main" java.io.IOException: Not enough space
at com.itextpdf.text.pdf.security.LtvTimestamp.timestamp(LtvTimestamp.java:103)
at ge.digital.signature.DocumentSigner.DigitalSignature.addLtv(MySignature.java:132)
at ge.digital.signature.DocumentSigner.DigitalSignature.main(MySignature.java:163)
4

2 回答 2

3

IOException当 PDF 中为集成时间戳保留的空间不足时,就会出现这种情况。因此,您必须更改调用方法getTokenSizeEstimateTSAClient实例的方法,以返回更大的时间戳大小估计值。tsasign

例如,在TSAClientBouncyCastle实现的情况下,如果您使用带有四个参数的构造函数,则TSAClient可以使其返回任意估计值而不是默认值:4096

public TSAClientBouncyCastle(String url, String username, String password, int tokSzEstimate)

一些背景知识:将签名或文档时间戳集成到 PDF 中时,您首先准备具有给定大小间隙的 PDF,然后计算除该间隙之外的所有内容的哈希,然后对该哈希签名或时间戳,最后集成生成的签名或时间戳进入该间隙,例如

在此处输入图像描述

(该/ByteRange条目是签名内容的一部分。因此,之后不能扩大差距。)

因此,您必须在生成签名或时间戳之前对其大小进行一些估计。

在文档时间戳的情况下,此估计由TSAClient方法提供getTokenSizeEstimate.

PS:有关更多详细信息,请参阅。这个答案、PDF 中的 Adob​​e 文档数字签名(我从中复制了上图)以及Adob​​e 在此处提供的 PDF 规范 ISO 32000-1:2008 。

于 2013-06-18T06:58:29.583 回答
0

If you are not using TSAClientBouncyCastle and you created your own TSAClient you must set the preferred size of signature, creating a org.apache.pdfbox.pdmodel.interactive.digitalsignature.SignatureOptions class, then set something like signatureOptions.setPreferredSignatureSize(8192*2)

于 2021-05-17T21:56:31.577 回答