我正在使用 DSS 签署 Pdf 文档。我需要为这些文档添加时间戳并启用 LTV(启用 PAdES LTV)。
我遇到了一些关于撤销数据的问题。
我对这个领域有点陌生,所以请耐心等待。
我正在遵循 DSS 本身提供的说明和演示,但无济于事。
我已经成功地使用 PAdES B 和 PAdES T 签署了 Pdf,所以我的 TSA 服务设置正确。
我遇到的问题是,每次我尝试使用 LTV 签署 Pdf 时,都会收到以下错误: “eu.europa.esig.dss.DSSException : Revocation data is missing”,我不知道为什么.. . 调用“service.signDocument(...)”时抛出此异常,并且在调试后立即抛出
“eu.europa.esig.dss.validation.SignatureValidationContext -未找到证书的吊销数据:(...)”。
这是我的主要签名方法:
public void createSignature(KeyStore ks, Properties props, File inFile, File outFile, String extraName, boolean visible) throws GeneralSecurityException, IOException {
PAdESSignatureParameters params = new PAdESSignatureParameters();
DSSDocument toSignDocument = new FileDocument(inFile);
DSSDocument signedDocument;
try(Pkcs12SignatureToken token = new Pkcs12SignatureToken(
props.getKeystore(), new KeyStore.PasswordProtection(props.getPassword()))) {
List<DSSPrivateKeyEntry> keys = token.getKeys();
params.setDigestAlgorithm(DigestAlgorithm.SHA256);
params.setSigningCertificate(keys.get(0).getCertificate());
params.setCertificateChain(keys.get(0).getCertificateChain());
params.setSignatureLevel(props.signatureProperties().getSignatureLevel());
CertificateVerifier verifier = new CommonCertificateVerifier();
PAdESService service = new PAdESService(verifier);
DataLoader dataLoader = new CommonsDataLoader();
OnlineTSPSource onlineTSPSource;
verifier.setTrustedCertSource(new TrustedListsCertificateSource());
verifier.setCrlSource(onlineCRLSource());
verifier.setOcspSource(ocspSource());
verifier.setDataLoader(dataLoader());
onlineTSPSource = new OnlineTSPSource(TSA_URL);
onlineTSPSource.setDataLoader(new CommonsDataLoader("application/timestamp-query"));
onlineTSPSource.setPolicyOid(POLICY_ID);
service.setTspSource(onlineTSPSource);
ToBeSigned dataToSign = service.getDataToSign(toSignDocument, params);
DigestAlgorithm digestAlgorithm = params.getDigestAlgorithm();
SignatureValue signValue = token.sign(dataToSign, digestAlgorithm, keys.get(0));
signedDocument = service.signDocument(toSignDocument, params, signValue);
signedDocument.save(outFile.getCanonicalPath());
} catch (IOException e) {
e.printStackTrace();
}
}
一些次要的辅助方法:
private OnlineCRLSource onlineCRLSource() {
OnlineCRLSource onlineCRLSource = new OnlineCRLSource();
onlineCRLSource.setDataLoader(dataLoader());
return onlineCRLSource;
}
private OnlineOCSPSource ocspSource() {
OnlineOCSPSource onlineOCSPSource = new OnlineOCSPSource();
onlineOCSPSource.setDataLoader(ocspDataLoader());
return onlineOCSPSource;
}
private OCSPDataLoader ocspDataLoader() {
OCSPDataLoader ocspDataLoader = new OCSPDataLoader();
ocspDataLoader.setContentType("application/ocsp-response");
ocspDataLoader.setProxyConfig(null);
return ocspDataLoader;
}
private CommonsDataLoader dataLoader() {
CommonsDataLoader dataLoader = new CommonsDataLoader();
dataLoader.setProxyConfig(null);
return dataLoader;
}
相关的Maven依赖:
<dependency>
<groupId>com.github.librepdf</groupId>
<artifactId>openpdf</artifactId>
<version>1.2.21</version>
</dependency>
<dependency>
<groupId>org.digidoc4j.dss</groupId>
<artifactId>dss-pades-openpdf</artifactId>
<version>5.4.d4j.1</version>
</dependency>
<dependency>
<groupId>org.digidoc4j</groupId>
<artifactId>digidoc4j</artifactId>
<version>3.2.0</version>
</dependency>