8

我正在使用 DSS 签署 Pdf 文档。我需要为这些文档添加时间戳并启用 LTV(启用 PAdES LTV)。

我遇到了一些关于撤销数据的问题。

我对这个领域有点陌生,所以请耐心等待。

我正在遵循 DSS 本身提供的说明和演示,但无济于事。

我已经成功地使用 PAdES B 和 PAdES T 签署了 Pdf,所以我的 TSA 服务设置正确。

我遇到的问题是,每次我尝试使用 LTV 签署 Pdf 时,都会收到以下错误: “eu.europa.esig.dss.DSSException : Revocation data is missing”,我不知道为什么.. . 调用“service.signDocument(...)”时抛出此异常,并且在调试后立即抛出

“eu.europa.esig.dss.validation.SignatureValidationContext -未找到证书的吊销数据:(...)”

这是我的主要签名方法:

public void createSignature(KeyStore ks, Properties props, File inFile, File outFile, String extraName, boolean visible) throws GeneralSecurityException, IOException {
        PAdESSignatureParameters params = new PAdESSignatureParameters();

        DSSDocument toSignDocument = new FileDocument(inFile);
        DSSDocument signedDocument;

        try(Pkcs12SignatureToken token = new Pkcs12SignatureToken(
                props.getKeystore(), new KeyStore.PasswordProtection(props.getPassword()))) {

            List<DSSPrivateKeyEntry> keys = token.getKeys();

            params.setDigestAlgorithm(DigestAlgorithm.SHA256);
            params.setSigningCertificate(keys.get(0).getCertificate());
            params.setCertificateChain(keys.get(0).getCertificateChain());
            params.setSignatureLevel(props.signatureProperties().getSignatureLevel());

            CertificateVerifier verifier = new CommonCertificateVerifier();
            PAdESService service = new PAdESService(verifier);
            DataLoader dataLoader = new CommonsDataLoader();
            OnlineTSPSource onlineTSPSource;

            verifier.setTrustedCertSource(new TrustedListsCertificateSource());
            verifier.setCrlSource(onlineCRLSource());
            verifier.setOcspSource(ocspSource());
            verifier.setDataLoader(dataLoader());
            onlineTSPSource = new OnlineTSPSource(TSA_URL);
            onlineTSPSource.setDataLoader(new CommonsDataLoader("application/timestamp-query"));
            onlineTSPSource.setPolicyOid(POLICY_ID);
            service.setTspSource(onlineTSPSource);

            ToBeSigned dataToSign = service.getDataToSign(toSignDocument, params);

            DigestAlgorithm digestAlgorithm = params.getDigestAlgorithm();
            SignatureValue signValue = token.sign(dataToSign, digestAlgorithm, keys.get(0));

            signedDocument = service.signDocument(toSignDocument, params, signValue);
            signedDocument.save(outFile.getCanonicalPath());

        } catch (IOException e) {
            e.printStackTrace();
        }
    }

一些次要的辅助方法:

private OnlineCRLSource onlineCRLSource() {
    OnlineCRLSource onlineCRLSource = new OnlineCRLSource();
    onlineCRLSource.setDataLoader(dataLoader());
    return onlineCRLSource;
}

private OnlineOCSPSource ocspSource() {
    OnlineOCSPSource onlineOCSPSource = new OnlineOCSPSource();
    onlineOCSPSource.setDataLoader(ocspDataLoader());
    return onlineOCSPSource;
}

private OCSPDataLoader ocspDataLoader() {
    OCSPDataLoader ocspDataLoader = new OCSPDataLoader();
    ocspDataLoader.setContentType("application/ocsp-response");
    ocspDataLoader.setProxyConfig(null);
    return ocspDataLoader;
}

private CommonsDataLoader dataLoader() {
    CommonsDataLoader dataLoader = new CommonsDataLoader();
    dataLoader.setProxyConfig(null);
    return dataLoader;
}

相关的Maven依赖:

<dependency>
    <groupId>com.github.librepdf</groupId>
    <artifactId>openpdf</artifactId>
    <version>1.2.21</version>
</dependency>

<dependency>
    <groupId>org.digidoc4j.dss</groupId>
    <artifactId>dss-pades-openpdf</artifactId>
    <version>5.4.d4j.1</version>
</dependency>

<dependency>
    <groupId>org.digidoc4j</groupId>
    <artifactId>digidoc4j</artifactId>
    <version>3.2.0</version>
</dependency>
4

1 回答 1

1

虽然这是一个老问题,但万一有人偶然发现同样的问题:当使用测试 TSA 时,没有撤销数据,您必须添加 verifier.setCheckRevocationForUntrustedChains(true); This is included in the dss example eu.europa.esig.dss.cookbook.example.sign.SignXmlXadesLTTest

于 2021-04-18T11:48:31.097 回答