使用iText认证Pdf文档 [英] Certifying Pdf document with iText

问题描述

我可以签署我的pdf并通过添加我的smith.crt验证它在adobe reader中得到信任（我得到​​绿色复选标记），我的问题是证明我的pdf，我无法获得左上角的蓝丝带我的pdf的一角，是因为我使用自签名证书？

我收到消息：

I can sign my pdf and verify it by adding my smith.crt to be trusted in adobe reader (i get the green check mark) , my problem is certifying my pdf, i can not get the blue ribbon in the top left corner of my pdf, is it because i use the self-signed certificate?
I get the message:

文件认证的有效性是未知的。作者
无法验证。

The validity of the document certification is UNKNOWN. The author could not be verified.

你能帮帮我吗，我怎么能得到那个蓝色功能区？

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;



import org.bouncycastle.jce.provider.BouncyCastleProvider;



import com.itextpdf.text.Document;
import com.itextpdf.text.DocumentException;
import com.itextpdf.text.Paragraph;
import com.itextpdf.text.Rectangle;
import com.itextpdf.text.pdf.PdfReader;
import com.itextpdf.text.pdf.PdfSignatureAppearance;
import com.itextpdf.text.pdf.PdfStamper;
import com.itextpdf.text.pdf.PdfWriter;
import com.itextpdf.text.pdf.security.BouncyCastleDigest;
import com.itextpdf.text.pdf.security.ExternalDigest;
import com.itextpdf.text.pdf.security.ExternalSignature;
import com.itextpdf.text.pdf.security.MakeSignature.CryptoStandard;
import com.itextpdf.text.pdf.security.PrivateKeySignature;
import com.itextpdf.text.pdf.security.MakeSignature;


public class SO  {

    public static String ORIGINAL = "src/test.pdf";
    public static String SIGNED1 = "src/signedtest.pdf";

    public void createPdf(String filename) throws IOException, DocumentException {
        Document document = new Document();
        PdfWriter.getInstance(document, new FileOutputStream(filename));
        document.open();
        document.add(new Paragraph("Test!"));
        document.close();
    }


    public void signPdf(String src, String dest)
        throws IOException, DocumentException, GeneralSecurityException {
        String path = "src/keyS";
        String keystore_password = "SOSOSO";
        String key_password = "SOSOSO";
        String alias = "SO";
        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(new FileInputStream(path), keystore_password.toCharArray());
        PrivateKey pk = (PrivateKey) ks.getKey(alias, key_password.toCharArray());
        Certificate[] chain = ks.getCertificateChain(alias);
        // reader / stamper
        PdfReader reader = new PdfReader(src);
        FileOutputStream os = new FileOutputStream(dest);
        PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0', null, true);
        // appearance
        PdfSignatureAppearance appearance = stamper
                .getSignatureAppearance();


        appearance.setReason("Test");
        appearance.setLocation("Test st.");
        appearance.setVisibleSignature(new Rectangle(350, 750, 500, 800), 1, "first");
        appearance.setCertificationLevel(PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED);

        // digital signature
        ExternalSignature es = new PrivateKeySignature(pk, "SHA-256", "BC");
        ExternalDigest digest = new BouncyCastleDigest();
        MakeSignature.signDetached(appearance, digest, es, chain, null, null, null, 0, CryptoStandard.CMS);

    }

    public static void main(String[] args)
        throws IOException, DocumentException, GeneralSecurityException {
        Security.addProvider(new BouncyCastleProvider());
        SO potpis = new SO();
        potpis.createPdf(ORIGINAL);
        potpis.signPdf(ORIGINAL, SIGNED1);

    }
}

推荐答案

验证需要CA（证书颁发机构）。将文档复制到新站点（客户的计算机）时，它将通过可信CA存储执行验证。在那里，它无法找到您并且验证失败。

Verification requires a CA (Certification Authority). When you copy the document to a new site (customer's computer), it will perform verification by going through the trusted CA store. There, it cannot find you and verification fails.

您可以尝试并将自己注册为可信CA，但它仅用于此目的在开发环境中测试您的代码。

You may try and register yourself as a Trusted CA, but it is for the only purpose to test your code in a development environment.

要获得真实的东西，您必须使用已在新站点（客户的计算机）注册的可信CA.通常，在互联网上，这意味着您需要 REAL CA（VeriSign或类似）。

To have the real thing, you must use a Trusted CA that is already registered at the new site (customer's computer). Generally, on the Internet at large this means you need a REAL CA (VeriSign or similar).

有关在您的网站上安装受信任的CA的更多信息电脑：如何安装受信任的根CA证书

More about installing a Trusted CA on your computer: How to install a Trusted Root CA Certificates

同样，后一个选项会给你蓝色您网站上的功能区（开发机器）但不在任何其他网站（客户的计算机）上。

Again, this latter option will give you the blue ribbon on your site (development machine) but not on any other site (customer's computer).

这篇关于使用iText认证Pdf文档的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！