0

我可以签署我的 pdf 并通过添加我的 smith.crt 以在 adobe 阅读器中进行验证(我得到绿色复选标记),我的问题是验证我的 pdf,我无法获得左上角的蓝丝带pdf,是因为我使用自签名证书吗?
我收到消息:

文件认证的有效性是未知的。无法验证作者。

请你帮帮我,我怎样才能得到那条蓝丝带?

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;



import org.bouncycastle.jce.provider.BouncyCastleProvider;



import com.itextpdf.text.Document;
import com.itextpdf.text.DocumentException;
import com.itextpdf.text.Paragraph;
import com.itextpdf.text.Rectangle;
import com.itextpdf.text.pdf.PdfReader;
import com.itextpdf.text.pdf.PdfSignatureAppearance;
import com.itextpdf.text.pdf.PdfStamper;
import com.itextpdf.text.pdf.PdfWriter;
import com.itextpdf.text.pdf.security.BouncyCastleDigest;
import com.itextpdf.text.pdf.security.ExternalDigest;
import com.itextpdf.text.pdf.security.ExternalSignature;
import com.itextpdf.text.pdf.security.MakeSignature.CryptoStandard;
import com.itextpdf.text.pdf.security.PrivateKeySignature;
import com.itextpdf.text.pdf.security.MakeSignature;


public class SO  {

    public static String ORIGINAL = "src/test.pdf";
    public static String SIGNED1 = "src/signedtest.pdf";

    public void createPdf(String filename) throws IOException, DocumentException {
        Document document = new Document();
        PdfWriter.getInstance(document, new FileOutputStream(filename));
        document.open();
        document.add(new Paragraph("Test!"));
        document.close();
    }


    public void signPdf(String src, String dest)
        throws IOException, DocumentException, GeneralSecurityException {
        String path = "src/keyS";
        String keystore_password = "SOSOSO";
        String key_password = "SOSOSO";
        String alias = "SO";
        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(new FileInputStream(path), keystore_password.toCharArray());
        PrivateKey pk = (PrivateKey) ks.getKey(alias, key_password.toCharArray());
        Certificate[] chain = ks.getCertificateChain(alias);
        // reader / stamper
        PdfReader reader = new PdfReader(src);
        FileOutputStream os = new FileOutputStream(dest);
        PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0', null, true);
        // appearance
        PdfSignatureAppearance appearance = stamper
                .getSignatureAppearance();


        appearance.setReason("Test");
        appearance.setLocation("Test st.");
        appearance.setVisibleSignature(new Rectangle(350, 750, 500, 800), 1, "first");
        appearance.setCertificationLevel(PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED);

        // digital signature
        ExternalSignature es = new PrivateKeySignature(pk, "SHA-256", "BC");
        ExternalDigest digest = new BouncyCastleDigest();
        MakeSignature.signDetached(appearance, digest, es, chain, null, null, null, 0, CryptoStandard.CMS);

    }

    public static void main(String[] args)
        throws IOException, DocumentException, GeneralSecurityException {
        Security.addProvider(new BouncyCastleProvider());
        SO potpis = new SO();
        potpis.createPdf(ORIGINAL);
        potpis.signPdf(ORIGINAL, SIGNED1);

    }
}
4

1 回答 1

0

验证需要 CA(认证机构)。当您将文档复制到新站点(客户的计算机)时,它将通过受信任的 CA 存储执行验证。在那里,它找不到您并且验证失败。

您可以尝试将自己注册为受信任的 CA,但其唯一目的是在开发环境中测试您的代码。

要拥有真实的东西,您必须使用已在新站点(客户计算机)注册的受信任 CA。通常,在整个 Internet 上,这意味着您需要一个真正的CA(VeriSign 或类似的)。

有关在您的计算机上安装受信任 CA 的更多信息:如何安装受信任的根 CA 证书

同样,后一个选项会在您的站点(开发机器)上为您提供蓝丝带,但不会在任何其他站点(客户的计算机)上为您提供。

于 2014-07-28T13:24:12.560 回答