我已经签署了文件。我想将 DSS 添加到我的文档中。
Security.addProvider(new BouncyCastleProvider());
File signedDocument = new File("/signed.pdf");
File out = new File("/signed_plus_dss");
byte[] buffer = new byte[8 * 1024];
FileInputStream fis = new FileInputStream(signedDocument);
FileOutputStream fos = new FileOutputStream(out);
int c;
while ((c = fis.read(buffer)) != -1) {
fos.write(buffer, 0, c);
}
fis.close();
fis = new FileInputStream(out);
// load document
PDDocument doc = PDDocument.load(signedDocument);
PDDocumentCatalog catalog = doc.getDocumentCatalog();
COSDictionary catalogDictionary = catalog.getCOSDictionary();
COSDictionary dssDictionary = new COSDictionary();
/* ... I can add OCSP responses, and CRLS, and Certs here
in order to create document LTV, but now I don't need that.
I have another problem, not this... */
/* if that's false, nothing happens */
catalogDictionary.setNeedToBeUpdate(true);
catalogDictionary.setItem(COSName.getPDFName("DSS"), dssDictionary);
/* ... if we add here Document level time stamp, everything is fine.
signature will not be invalid with TSA. but it's invalid without TSA ... */
doc.saveIncremental(fis, fos);
而已。一切都很好。当我看到 PDF 结构时,就会出现 Document Security Store。但是当我用 adobe reader 打开 PDF 时,我的签名无效,因为 - “文档自签名后已被更改或损坏。” 和“1 项杂项更改”
但是,这里发生了一些有趣的事情——如果我添加 Pades-LTV (DSS + TSA),一切正常:
例如,如果我们添加该代码:
URL tsaURL = new URL(TSAUrl);
PDSignature signature = new PDSignature();
signature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
signature.setSubFilter(COSName.getPDFName("ETSI.RFC3161"));
signature.setSignDate(Calendar.getInstance());
TimestampeInt signatureInt = new TimestampeInt(tsaURL, null, null);
doc.addSignature(signature, signatureInterface);
doc.saveIncremental(fis, fos);
结果,文档级时间树桩工作正常。但是我也需要在没有 TSA 的情况下只添加 DSS 。我该如何解决这个问题,你怎么看?
