Внешний знак PDFBox 3.0.5 вызывает сообщение «Подпись недействительна»

Внешний знак PDFBox 3.0.5 вызывает сообщение «Подпись недействительна» ⇐ JAVA

1 сообщение • Страница 1 из 1

Anonymous

Внешний знак PDFBox 3.0.5 вызывает сообщение «Подпись недействительна»

Цитата

Сообщение Anonymous » 28 окт 2025, 06:57

Я пытался найти множество решений в Интернете, но они не работали. Мне нужно подписать PDF-файл, извлекая хеш из PDF-файла и отправляя его в другую серверную службу, чтобы он подписал хэш и вернул его в подпись PDF. Пожалуйста, помогите мне! Ниже приведен мой код, где DataSigner — это API сторонней службы для вызова сервера для подписи хэша:

Код: Выделить всё

    public class CreateSignature1 {

final DataSigner signer;
private Certificate cert;
private Certificate[] certificateChain;

public CreateSignature1(DataSigner signer) {
this.signer = signer;
}

/**
* Signs the given PDF file.
*
* @param inFile the original PDF file
*/
public void signDocument(File inFile, Certificate cert, Certificate[] certChain) throws
IOException,
CertificateEncodingException,
NoSuchAlgorithmException,
OperatorCreationException,
CMSException {

this.cert = cert;

// we're being given the certificate chain with public key
setCertificateChain(certChain);

String name = inFile.getName();
String substring = name.substring(0, name.lastIndexOf('.'));

File outFile = new File(inFile.getParent(), substring + "_signed_pdfbox.pdf");
signDocument(inFile, outFile);
}

private void setCertificateChain(final Certificate[] certificateChain) {
this.certificateChain = certificateChain;
}

private void signDocument(File inFile, File outFile) throws
IOException,
NoSuchAlgorithmException,
OperatorCreationException,
CertificateEncodingException,
CMSException {
try (
FileOutputStream output = new FileOutputStream(outFile);
PDDocument document = Loader.loadPDF(inFile)
) {
PDSignature signature = new PDSignature();

signature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
//signature.setSubFilter(PDSignature.SUBFILTER_ETSI_CADES_DETACHED);
signature.setSubFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED);
signature.setName("Test Name");
signature.setSignDate(Calendar.getInstance());

SignatureOptions signatureOptions = new SignatureOptions();
signatureOptions.setPage(0);

document.addSignature(signature, signatureOptions);
ExternalSigningSupport externalSigning = document.saveIncrementalForExternalSigning(output);

// retrieve signer certificate and its chain
//X509Certificate cert = (X509Certificate) certificateChain[0];

// build signed attribute table generator and SignerInfo generator builder
ESSCertIDv2 certid = new ESSCertIDv2(
new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256),
MessageDigest.getInstance("SHA-256").digest(cert.getEncoded())
);
SigningCertificateV2 sigcert = new SigningCertificateV2(certid);
Attribute attr = new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2,  new DERSet(sigcert));

ASN1EncodableVector v = new ASN1EncodableVector();
v.add(attr);
AttributeTable atttributeTable = new AttributeTable(v);
CMSAttributeTableGenerator attrGen = new DefaultSignedAttributeTableGenerator(atttributeTable);

org.bouncycastle.asn1.x509.Certificate cert2 = org.bouncycastle.asn1.x509.Certificate.getInstance(ASN1Primitive.fromByteArray(cert.getEncoded()));
JcaSignerInfoGeneratorBuilder sigb = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build());
sigb.setSignedAttributeGenerator(attrGen);

// create ContentSigner that signs by calling the external endpoint
ContentSigner contentSigner = new ContentSigner() {
private MessageDigest digest = MessageDigest.getInstance("SHA-256");
private OutputStream stream = OutputStreamFactory.createStream(digest);

@Override
public byte[] getSignature() {
try {
byte[] hash = digest.digest();
//byte[] signedHash = serverSignature.sign(Base64.getEncoder().encodeToString(hash));

List hashes = Arrays.asList(hash);

List signedHash = signer.sign(hashes);

return signedHash.get(0);
} catch (Exception e) {
throw new RuntimeException("Exception while signing", e);
}
}

@Override
public OutputStream getOutputStream() {
return stream;
}

@Override
public AlgorithmIdentifier getAlgorithmIdentifier() {
return new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.1.1.11"));
}
};

// create the SignedData generator and execute
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addCertificates(new JcaCertStore(Arrays.asList(certificateChain)));
gen.addSignerInfoGenerator(sigb.build(contentSigner, new X509CertificateHolder(cert2)));

CMSTypedData msg = new CMSProcessableInputStream(externalSigning.getContent());
CMSSignedData signedData = gen.generate(msg, false);

byte[] cmsSignature = signedData.getEncoded();
externalSigning.setSignature(cmsSignature);
}
}
}

Подробнее здесь: https://stackoverflow.com/questions/798 ... is-invalid

1761623876

Anonymous

Я пытался найти множество решений в Интернете, но они не работали. Мне нужно подписать PDF-файл, извлекая хеш из PDF-файла и отправляя его в другую серверную службу, чтобы он подписал хэш и вернул его в подпись PDF.  Пожалуйста, помогите мне! Ниже приведен мой код, где DataSigner — это API сторонней службы для вызова сервера для подписи хэша:
[code]    public class CreateSignature1 {

final DataSigner signer;
private Certificate cert;
private Certificate[] certificateChain;

public CreateSignature1(DataSigner signer) {
this.signer = signer;
}

/**
* Signs the given PDF file.
*
* @param inFile the original PDF file
*/
public void signDocument(File inFile, Certificate cert, Certificate[] certChain) throws
IOException,
CertificateEncodingException,
NoSuchAlgorithmException,
OperatorCreationException,
CMSException {

this.cert = cert;

// we're being given the certificate chain with public key
setCertificateChain(certChain);

String name = inFile.getName();
String substring = name.substring(0, name.lastIndexOf('.'));

File outFile = new File(inFile.getParent(), substring + "_signed_pdfbox.pdf");
signDocument(inFile, outFile);
}

private void setCertificateChain(final Certificate[] certificateChain) {
this.certificateChain = certificateChain;
}

private void signDocument(File inFile, File outFile) throws
IOException,
NoSuchAlgorithmException,
OperatorCreationException,
CertificateEncodingException,
CMSException {
try (
FileOutputStream output = new FileOutputStream(outFile);
PDDocument document = Loader.loadPDF(inFile)
) {
PDSignature signature = new PDSignature();

signature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
//signature.setSubFilter(PDSignature.SUBFILTER_ETSI_CADES_DETACHED);
signature.setSubFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED);
signature.setName("Test Name");
signature.setSignDate(Calendar.getInstance());

SignatureOptions signatureOptions = new SignatureOptions();
signatureOptions.setPage(0);

document.addSignature(signature, signatureOptions);
ExternalSigningSupport externalSigning = document.saveIncrementalForExternalSigning(output);

// retrieve signer certificate and its chain
//X509Certificate cert = (X509Certificate) certificateChain[0];

// build signed attribute table generator and SignerInfo generator builder
ESSCertIDv2 certid = new ESSCertIDv2(
new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256),
MessageDigest.getInstance("SHA-256").digest(cert.getEncoded())
);
SigningCertificateV2 sigcert = new SigningCertificateV2(certid);
Attribute attr = new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2,  new DERSet(sigcert));

ASN1EncodableVector v = new ASN1EncodableVector();
v.add(attr);
AttributeTable atttributeTable = new AttributeTable(v);
CMSAttributeTableGenerator attrGen = new DefaultSignedAttributeTableGenerator(atttributeTable);

org.bouncycastle.asn1.x509.Certificate cert2 = org.bouncycastle.asn1.x509.Certificate.getInstance(ASN1Primitive.fromByteArray(cert.getEncoded()));
JcaSignerInfoGeneratorBuilder sigb = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build());
sigb.setSignedAttributeGenerator(attrGen);

// create ContentSigner that signs by calling the external endpoint
ContentSigner contentSigner = new ContentSigner() {
private MessageDigest digest = MessageDigest.getInstance("SHA-256");
private OutputStream stream = OutputStreamFactory.createStream(digest);

@Override
public byte[] getSignature() {
try {
byte[] hash = digest.digest();
//byte[] signedHash = serverSignature.sign(Base64.getEncoder().encodeToString(hash));

List hashes = Arrays.asList(hash);

List signedHash = signer.sign(hashes);

return signedHash.get(0);
} catch (Exception e) {
throw new RuntimeException("Exception while signing", e);
}
}

@Override
public OutputStream getOutputStream() {
return stream;
}

@Override
public AlgorithmIdentifier getAlgorithmIdentifier() {
return new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.1.1.11"));
}
};

// create the SignedData generator and execute
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addCertificates(new JcaCertStore(Arrays.asList(certificateChain)));
gen.addSignerInfoGenerator(sigb.build(contentSigner, new X509CertificateHolder(cert2)));

CMSTypedData msg = new CMSProcessableInputStream(externalSigning.getContent());
CMSSignedData signedData = gen.generate(msg, false);

byte[] cmsSignature = signedData.getEncoded();
externalSigning.setSignature(cmsSignature);
}
}
}
[/code]
[img]https://i.sstatic.net/Ump9mAZE.png[/img]
 

Подробнее здесь: [url]https://stackoverflow.com/questions/79802352/pdfbox-3-0-5-external-sign-causes-signature-is-invalid[/url]