我可以签署我的 pdf 并通过添加我的 smith.crt 来验证它在 adobe reader 中得到信任(我得到绿色复选标记),我的问题是证明我的 pdf,我无法获得我的 pdf 左上角的蓝丝带,是因为我使用 self-signed 证书?
我收到消息:
文件认证的有效性是未知的。作者无法验证。
你能帮帮我吗,我怎么能得到那条蓝丝带?
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import com.itextpdf.text.Document;
import com.itextpdf.text.DocumentException;
import com.itextpdf.text.Paragraph;
import com.itextpdf.text.Rectangle;
import com.itextpdf.text.pdf.PdfReader;
import com.itextpdf.text.pdf.PdfSignatureAppearance;
import com.itextpdf.text.pdf.PdfStamper;
import com.itextpdf.text.pdf.PdfWriter;
import com.itextpdf.text.pdf.security.BouncyCastleDigest;
import com.itextpdf.text.pdf.security.ExternalDigest;
import com.itextpdf.text.pdf.security.ExternalSignature;
import com.itextpdf.text.pdf.security.MakeSignature.CryptoStandard;
import com.itextpdf.text.pdf.security.PrivateKeySignature;
import com.itextpdf.text.pdf.security.MakeSignature;
public class SO {
public static String ORIGINAL = "src/test.pdf";
public static String SIGNED1 = "src/signedtest.pdf";
public void createPdf(String filename) throws IOException, DocumentException {
Document document = new Document();
PdfWriter.getInstance(document, new FileOutputStream(filename));
document.open();
document.add(new Paragraph("Test!"));
document.close();
}
public void signPdf(String src, String dest)
throws IOException, DocumentException, GeneralSecurityException {
String path = "src/keyS";
String keystore_password = "SOSOSO";
String key_password = "SOSOSO";
String alias = "SO";
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream(path), keystore_password.toCharArray());
PrivateKey pk = (PrivateKey) ks.getKey(alias, key_password.toCharArray());
Certificate[] chain = ks.getCertificateChain(alias);
// reader / stamper
PdfReader reader = new PdfReader(src);
FileOutputStream os = new FileOutputStream(dest);
PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0', null, true);
// appearance
PdfSignatureAppearance appearance = stamper
.getSignatureAppearance();
appearance.setReason("Test");
appearance.setLocation("Test st.");
appearance.setVisibleSignature(new Rectangle(350, 750, 500, 800), 1, "first");
appearance.setCertificationLevel(PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED);
// digital signature
ExternalSignature es = new PrivateKeySignature(pk, "SHA-256", "BC");
ExternalDigest digest = new BouncyCastleDigest();
MakeSignature.signDetached(appearance, digest, es, chain, null, null, null, 0, CryptoStandard.CMS);
}
public static void main(String[] args)
throws IOException, DocumentException, GeneralSecurityException {
Security.addProvider(new BouncyCastleProvider());
SO potpis = new SO();
potpis.createPdf(ORIGINAL);
potpis.signPdf(ORIGINAL, SIGNED1);
}
}
1 回答
验证需要 CA(证书颁发机构)。将文档复制到新站点(客户的计算机)时,它将通过可信 CA 存储执行验证。在那里,它找不到你,验证失败。
您可以尝试并将自己注册为可信 CA,但它仅用于在开发环境中测试您的代码。
要拥有真实的东西,您必须使用已在新站点(客户的计算机)注册的可信 CA.通常,在互联网上,这意味着您需要REAL CA(VeriSign 或类似)。
有关在计算机上安装可信 CA 的详细信息:如何安装受信任的根 CA 证书
同样,后一个选项将为您提供站点(开发机器)上的蓝色功能区,但不会在任何其他站点(客户的计算机)上。