是否可以在不使用时间戳的情况下向字典添加吊销检查?
我正在研究一种允许在远程服务器上使用 p12 证书进行签名的解决方案。
首先,我有在服务器上计算的文档摘要,然后将其发送到另一台服务器上以供签名。
在我添加吊销检查以及签名期间的时间戳之后,使用以下代码:
public class ServerA {
public static ExternalCMSPAdESService service;
public static void main(String[] args) throws Exception {
PDDocument pdDocument = PDDocument.load(new File("Doc 2.pdf"));
DSSDocument documentToSign = new FileDocument(new File("Doc 2.pdf"));
PAdESSignatureParameters signatureParameters = new PAdESSignatureParameters();
SignatureFieldParameters parameters = new SignatureFieldParameters();
DigestAlgorithm digestAlgorithm = DigestAlgorithm.SHA256;
signatureParameters.setDigestAlgorithm(digestAlgorithm);
signatureParameters.setSignatureLevel(SignatureLevel.PAdES_BASELINE_B);
//signatureParameters.setGenerateTBSWithoutCertificate(true);
IPdfObjFactory pdfObjFactory = new ServiceLoaderPdfObjFactory();
AbstractPDFSignatureService pdfSignatureService = (AbstractPDFSignatureService) pdfObjFactory.newPAdESSignatureService();
byte[] documentDigest = pdfSignatureService.digest(documentToSign, signatureParameters);
byte[] signedDigest = Engine.getSignedCMSignedData(documentDigest);
DSSDocument finalDoc = pdfSignatureService.sign(documentToSign, signedDigest, signatureParameters);
CommonCertificateVerifier commonCertificateVerifier = new CommonCertificateVerifier();
commonCertificateVerifier.setCrlSource(new OnlineCRLSource());
commonCertificateVerifier.setOcspSource(new OnlineOCSPSource());
commonCertificateVerifier.setCheckRevocationForUntrustedChains(true);
service = new ExternalCMSPAdESService(commonCertificateVerifier);
TimestampDataLoader timestampDataLoader = new TimestampDataLoader();// uses the specific content-type
OnlineTSPSource tsa1 = new OnlineTSPSource("http://dss.nowina.lu/pki-factory/tsa/ee-good-tsa");
tsa1.setDataLoader(timestampDataLoader);
service.setTspSource(tsa1);
PAdESSignatureParameters extensionParameters = new PAdESSignatureParameters();
extensionParameters.setSignatureLevel(SignatureLevel.PAdES_BASELINE_LT);
commonCertificateVerifier.setCheckRevocationForUntrustedChains(true);
DSSDocument extendedDocument = service.extendDocument(finalDoc, extensionParameters);
save(finalDoc);
save2(extendedDocument);
}
private static void save2(DSSDocument signedDocument) {
try (FileOutputStream fos = new FileOutputStream("DSS-2.pdf")) {
Utils.copy(signedDocument.openStream(), fos);
} catch (Exception e) {
Alert alert = new Alert(Alert.AlertType.ERROR, "Unable to save file : " + e.getMessage(), ButtonType.CLOSE);
alert.showAndWait();
return;
}
}
private static void save(DSSDocument signedDocument) {
try (FileOutputStream fos = new FileOutputStream("DSS.pdf")) {
Utils.copy(signedDocument.openStream(), fos);
} catch (Exception e) {
Alert alert = new Alert(Alert.AlertType.ERROR, "Unable to save file : " + e.getMessage(), ButtonType.CLOSE);
alert.showAndWait();
return;
}
}
}
对于服务器 B,我将时间戳部分添加到签名中:
public class ServerB {
static PadesCMSSignedDataBuilder padesCMSSignedDataBuilder;
public static String pathCert = "Barid-Media-Client_Authentification.p12";
public static byte[] getSignedCMSignedData(byte[] documentDigest) throws Exception {
CommonCertificateVerifier commonCertificateVerifier = new CommonCertificateVerifier();
commonCertificateVerifier.setCrlSource(new OnlineCRLSource());
commonCertificateVerifier.setOcspSource(new OnlineOCSPSource());
commonCertificateVerifier.setCheckRevocationForUntrustedChains(true);
padesCMSSignedDataBuilder = new PadesCMSSignedDataBuilder(commonCertificateVerifier);
SignatureTokenConnection signingToken = new Pkcs12SignatureToken(
"certificate.p12",
new KeyStore.PasswordProtection("123456".toCharArray()));
DSSPrivateKeyEntry privateKey = getKey(
"certificate.p12",
"123456");
PAdESSignatureParameters parameters = new PAdESSignatureParameters();
parameters.setDigestAlgorithm(DigestAlgorithm.SHA256);
parameters.setEncryptionAlgorithm(EncryptionAlgorithm.RSA);
parameters.setSignatureLevel(SignatureLevel.PAdES_BASELINE_B);
parameters.setSigningCertificate(privateKey.getCertificate());
ToBeSigned dataToSign = getDataToSign(documentDigest, parameters);
SignatureValue signatureValue = signingToken.sign(dataToSign, DigestAlgorithm.SHA256, privateKey);
return generateCMSSignedData(documentDigest, parameters, signatureValue);
}
protected static byte[] generateCMSSignedData(byte[] messageDigest, final PAdESSignatureParameters parameters,
final SignatureValue signatureValue) throws Exception {
final SignatureAlgorithm signatureAlgorithm = parameters.getSignatureAlgorithm();
final SignatureLevel signatureLevel = parameters.getSignatureLevel();
Objects.requireNonNull(signatureAlgorithm, "SignatureAlgorithm cannot be null!");
Objects.requireNonNull(signatureLevel, "SignatureLevel must be defined!");
SigningResponseWithEvidence signingResponseWithEvidence = new SigningResponseWithEvidence();
final CustomContentSigner customContentSigner = new CustomContentSigner(signatureAlgorithm.getJCEId(), signatureValue.getValue());
final SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = padesCMSSignedDataBuilder.getSignerInfoGeneratorBuilder(parameters, messageDigest);
final CMSProcessableByteArray content = new CMSProcessableByteArray(messageDigest);
final CMSSignedDataGenerator generator = padesCMSSignedDataBuilder.createCMSSignedDataGenerator(parameters, customContentSigner,
signerInfoGeneratorBuilder, null);
CMSSignedData data = CMSUtils.generateDetachedCMSSignedData(generator, content);
data = signTimeStamps(data,false).getCmsSignedData();
return data.getEncoded();
}
private static ResultTimeStamp signTimeStamps(CMSSignedData cmsSignedData,
boolean cancelOnErrorTsa) throws Exception {
SignerInformationStore signerStore = cmsSignedData.getSignerInfos();
java.util.Iterator iterator = ((java.util.Collection)signerStore.getSigners()).iterator();
java.util.List newSigners = new java.util.ArrayList();
CMSSignedData returned = null;
ResultTimeStamp resultTimeStamp = new ResultTimeStamp();
while (iterator.hasNext())
{
Object result = signTimeStamp((SignerInformation)iterator.next(),cancelOnErrorTsa);
if(result != null)
newSigners.add(result);
}
if(newSigners.size() != 0) {
returned = CMSSignedData.replaceSigners(cmsSignedData, new SignerInformationStore(newSigners));
resultTimeStamp.setSuccessTsa(true);
} else {
returned = cmsSignedData;
resultTimeStamp.setSuccessTsa(false);
}
resultTimeStamp.setCmsSignedData(returned);
return resultTimeStamp;
}
public static Object signTimeStamp(SignerInformation next, boolean cancelOnErrorTsa
) throws Exception {
AttributeTable unsignedAttributes = next.getUnsignedAttributes();
ASN1EncodableVector vector = new ASN1EncodableVector();
SignerInformation newSigner = null;
if (unsignedAttributes != null)
{
vector = unsignedAttributes.toASN1EncodableVector();
}
int codestatus = 0;
try {
codestatus = initializeSSLConnexion();
} catch (Exception e) {
if(!cancelOnErrorTsa) {
throw new ProSignServerGlobalException("014");
} else {
return null;
}
}
if(codestatus == 503) {
if(!cancelOnErrorTsa) {
throw new ProSignServerGlobalException("014");
} else {
return null;
}
} else {
try {
TSA tsaClient = new TSA("https://tsa.baridesign.ma:8443/servlets/Horodatage/MetaTIME/TimeStampService/TSPService",
pathCert,
"123456");
java.security.MessageDigest mda = java.security.MessageDigest.getInstance("SHA-256");
byte[] digest = mda.digest(next.getSignature());
byte[] token = tsaClient.getTimeStampToken(digest);
ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken;
ASN1Encodable signatureTimeStamp = new org.bouncycastle.asn1.cms.Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token)));
vector.add(signatureTimeStamp);
newSigner = SignerInformation.replaceUnsignedAttributes(next, new AttributeTable(vector));
if (newSigner == null) return next;
} catch (Exception e) {
if(!cancelOnErrorTsa) {
throw new ProSignServerGlobalException("014");
} else {
return null;
}
}
}
return newSigner;
}
public static int initializeSSLConnexion() throws Exception {
int codestatus = 200;
try{
KeyStore clientStore = KeyStore.getInstance("PKCS12");
clientStore.load(new FileInputStream(ResourceUtils
.getFile(pathCert)), "123456".toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(clientStore, "123456".toCharArray());
KeyManager[] keyManager = keyManagerFactory.getKeyManagers();
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream("C:/Program Files/Java/jre1.8.0_221/lib/security/cacerts"),
"changeit".toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
TrustManager[] trustManager = trustManagerFactory.getTrustManagers();
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(keyManager, trustManager, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
URL url = new URL("https://tsa.baridesign.ma:8443/servlets/Horodatage/MetaTIME/TimeStampService/TSPService");
HttpsURLConnection urlConn = (HttpsURLConnection) url.openConnection();
if(urlConn.getResponseCode() == 503) {
codestatus = 503;
}
} catch (KeyStoreException e) {
System.out.println("1");
codestatus = 503;
} catch (IOException e) {
codestatus = 503;
} catch (NoSuchAlgorithmException e) {
System.out.println("3");
codestatus = 503;
} catch (CertificateException e) {
System.out.println("4");
codestatus = 503;
} catch (UnrecoverableKeyException e) {
System.out.println("5");
} catch (KeyManagementException e) {
System.out.println("6");
codestatus = 503;
} catch (Throwable t) {
codestatus = 503;
throw new Exception("Failed to get TSA response from '" );
}
return codestatus;
}
public static DSSPrivateKeyEntry getKey(String certificate, String pin) throws Exception {
try (Pkcs12SignatureToken signatureToken = new Pkcs12SignatureToken(certificate,
new KeyStore.PasswordProtection(pin.toCharArray()))) {
List<DSSPrivateKeyEntry> keys = signatureToken.getKeys();
KSPrivateKeyEntry dssPrivateKeyEntry = (KSPrivateKeyEntry) keys.get(0);
DSSPrivateKeyEntry entry = signatureToken.getKey(dssPrivateKeyEntry.getAlias(),
new KeyStore.PasswordProtection(pin.toCharArray()));
return entry;
}
}
public static ToBeSigned getDataToSign(byte[] messageDigest, final PAdESSignatureParameters parameters) throws DSSException {
final SignatureAlgorithm signatureAlgorithm = parameters.getSignatureAlgorithm();
final CustomContentSigner customContentSigner = new CustomContentSigner(signatureAlgorithm.getJCEId());
SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = padesCMSSignedDataBuilder.getSignerInfoGeneratorBuilder(parameters, messageDigest);
final CMSSignedDataGenerator gn = new CMSSignedDataGenerator();
final CMSProcessableByteArray content = new CMSProcessableByteArray(messageDigest);
CMSSignedData originalData = CMSUtils.generateDetachedCMSSignedData(gn, content);
final CMSSignedDataGenerator generator = padesCMSSignedDataBuilder.createCMSSignedDataGenerator(parameters, customContentSigner,
signerInfoGeneratorBuilder, originalData);
CMSUtils.generateDetachedCMSSignedData(generator, content);
final byte[] dataToSign = customContentSigner.getOutputStream().toByteArray();
return new ToBeSigned(dataToSign);
}
}
但在这种情况下,我要寻找的不是必须使用时间戳
现在我正在寻找的是找到一种解决方案,在预期区域中添加撤销检查(仍然使用 esig/Dss 签名)而不添加时间戳。
I am working on a solution that allows signing using p12 certificate on a remote server.
First, I have the digest of the document which is calculated on a server and then I send it for signature on another server.
Right after I added the revocation check as well as a timestamp during the signature, using the following code:
public class ServerA {
public static ExternalCMSPAdESService service;
public static void main(String[] args) throws Exception {
PDDocument pdDocument = PDDocument.load(new File("Doc 2.pdf"));
DSSDocument documentToSign = new FileDocument(new File("Doc 2.pdf"));
PAdESSignatureParameters signatureParameters = new PAdESSignatureParameters();
SignatureFieldParameters parameters = new SignatureFieldParameters();
DigestAlgorithm digestAlgorithm = DigestAlgorithm.SHA256;
signatureParameters.setDigestAlgorithm(digestAlgorithm);
signatureParameters.setSignatureLevel(SignatureLevel.PAdES_BASELINE_B);
//signatureParameters.setGenerateTBSWithoutCertificate(true);
IPdfObjFactory pdfObjFactory = new ServiceLoaderPdfObjFactory();
AbstractPDFSignatureService pdfSignatureService = (AbstractPDFSignatureService) pdfObjFactory.newPAdESSignatureService();
byte[] documentDigest = pdfSignatureService.digest(documentToSign, signatureParameters);
byte[] signedDigest = Engine.getSignedCMSignedData(documentDigest);
DSSDocument finalDoc = pdfSignatureService.sign(documentToSign, signedDigest, signatureParameters);
CommonCertificateVerifier commonCertificateVerifier = new CommonCertificateVerifier();
commonCertificateVerifier.setCrlSource(new OnlineCRLSource());
commonCertificateVerifier.setOcspSource(new OnlineOCSPSource());
commonCertificateVerifier.setCheckRevocationForUntrustedChains(true);
service = new ExternalCMSPAdESService(commonCertificateVerifier);
TimestampDataLoader timestampDataLoader = new TimestampDataLoader();// uses the specific content-type
OnlineTSPSource tsa1 = new OnlineTSPSource("http://dss.nowina.lu/pki-factory/tsa/ee-good-tsa");
tsa1.setDataLoader(timestampDataLoader);
service.setTspSource(tsa1);
PAdESSignatureParameters extensionParameters = new PAdESSignatureParameters();
extensionParameters.setSignatureLevel(SignatureLevel.PAdES_BASELINE_LT);
commonCertificateVerifier.setCheckRevocationForUntrustedChains(true);
DSSDocument extendedDocument = service.extendDocument(finalDoc, extensionParameters);
save(finalDoc);
save2(extendedDocument);
}
private static void save2(DSSDocument signedDocument) {
try (FileOutputStream fos = new FileOutputStream("DSS-2.pdf")) {
Utils.copy(signedDocument.openStream(), fos);
} catch (Exception e) {
Alert alert = new Alert(Alert.AlertType.ERROR, "Unable to save file : " + e.getMessage(), ButtonType.CLOSE);
alert.showAndWait();
return;
}
}
private static void save(DSSDocument signedDocument) {
try (FileOutputStream fos = new FileOutputStream("DSS.pdf")) {
Utils.copy(signedDocument.openStream(), fos);
} catch (Exception e) {
Alert alert = new Alert(Alert.AlertType.ERROR, "Unable to save file : " + e.getMessage(), ButtonType.CLOSE);
alert.showAndWait();
return;
}
}
}
and for server B, I added the timestamp part to the signature:
public class ServerB {
static PadesCMSSignedDataBuilder padesCMSSignedDataBuilder;
public static String pathCert = "Barid-Media-Client_Authentification.p12";
public static byte[] getSignedCMSignedData(byte[] documentDigest) throws Exception {
CommonCertificateVerifier commonCertificateVerifier = new CommonCertificateVerifier();
commonCertificateVerifier.setCrlSource(new OnlineCRLSource());
commonCertificateVerifier.setOcspSource(new OnlineOCSPSource());
commonCertificateVerifier.setCheckRevocationForUntrustedChains(true);
padesCMSSignedDataBuilder = new PadesCMSSignedDataBuilder(commonCertificateVerifier);
SignatureTokenConnection signingToken = new Pkcs12SignatureToken(
"certificate.p12",
new KeyStore.PasswordProtection("123456".toCharArray()));
DSSPrivateKeyEntry privateKey = getKey(
"certificate.p12",
"123456");
PAdESSignatureParameters parameters = new PAdESSignatureParameters();
parameters.setDigestAlgorithm(DigestAlgorithm.SHA256);
parameters.setEncryptionAlgorithm(EncryptionAlgorithm.RSA);
parameters.setSignatureLevel(SignatureLevel.PAdES_BASELINE_B);
parameters.setSigningCertificate(privateKey.getCertificate());
ToBeSigned dataToSign = getDataToSign(documentDigest, parameters);
SignatureValue signatureValue = signingToken.sign(dataToSign, DigestAlgorithm.SHA256, privateKey);
return generateCMSSignedData(documentDigest, parameters, signatureValue);
}
protected static byte[] generateCMSSignedData(byte[] messageDigest, final PAdESSignatureParameters parameters,
final SignatureValue signatureValue) throws Exception {
final SignatureAlgorithm signatureAlgorithm = parameters.getSignatureAlgorithm();
final SignatureLevel signatureLevel = parameters.getSignatureLevel();
Objects.requireNonNull(signatureAlgorithm, "SignatureAlgorithm cannot be null!");
Objects.requireNonNull(signatureLevel, "SignatureLevel must be defined!");
SigningResponseWithEvidence signingResponseWithEvidence = new SigningResponseWithEvidence();
final CustomContentSigner customContentSigner = new CustomContentSigner(signatureAlgorithm.getJCEId(), signatureValue.getValue());
final SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = padesCMSSignedDataBuilder.getSignerInfoGeneratorBuilder(parameters, messageDigest);
final CMSProcessableByteArray content = new CMSProcessableByteArray(messageDigest);
final CMSSignedDataGenerator generator = padesCMSSignedDataBuilder.createCMSSignedDataGenerator(parameters, customContentSigner,
signerInfoGeneratorBuilder, null);
CMSSignedData data = CMSUtils.generateDetachedCMSSignedData(generator, content);
data = signTimeStamps(data,false).getCmsSignedData();
return data.getEncoded();
}
private static ResultTimeStamp signTimeStamps(CMSSignedData cmsSignedData,
boolean cancelOnErrorTsa) throws Exception {
SignerInformationStore signerStore = cmsSignedData.getSignerInfos();
java.util.Iterator iterator = ((java.util.Collection)signerStore.getSigners()).iterator();
java.util.List newSigners = new java.util.ArrayList();
CMSSignedData returned = null;
ResultTimeStamp resultTimeStamp = new ResultTimeStamp();
while (iterator.hasNext())
{
Object result = signTimeStamp((SignerInformation)iterator.next(),cancelOnErrorTsa);
if(result != null)
newSigners.add(result);
}
if(newSigners.size() != 0) {
returned = CMSSignedData.replaceSigners(cmsSignedData, new SignerInformationStore(newSigners));
resultTimeStamp.setSuccessTsa(true);
} else {
returned = cmsSignedData;
resultTimeStamp.setSuccessTsa(false);
}
resultTimeStamp.setCmsSignedData(returned);
return resultTimeStamp;
}
public static Object signTimeStamp(SignerInformation next, boolean cancelOnErrorTsa
) throws Exception {
AttributeTable unsignedAttributes = next.getUnsignedAttributes();
ASN1EncodableVector vector = new ASN1EncodableVector();
SignerInformation newSigner = null;
if (unsignedAttributes != null)
{
vector = unsignedAttributes.toASN1EncodableVector();
}
int codestatus = 0;
try {
codestatus = initializeSSLConnexion();
} catch (Exception e) {
if(!cancelOnErrorTsa) {
throw new ProSignServerGlobalException("014");
} else {
return null;
}
}
if(codestatus == 503) {
if(!cancelOnErrorTsa) {
throw new ProSignServerGlobalException("014");
} else {
return null;
}
} else {
try {
TSA tsaClient = new TSA("https://tsa.baridesign.ma:8443/servlets/Horodatage/MetaTIME/TimeStampService/TSPService",
pathCert,
"123456");
java.security.MessageDigest mda = java.security.MessageDigest.getInstance("SHA-256");
byte[] digest = mda.digest(next.getSignature());
byte[] token = tsaClient.getTimeStampToken(digest);
ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken;
ASN1Encodable signatureTimeStamp = new org.bouncycastle.asn1.cms.Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token)));
vector.add(signatureTimeStamp);
newSigner = SignerInformation.replaceUnsignedAttributes(next, new AttributeTable(vector));
if (newSigner == null) return next;
} catch (Exception e) {
if(!cancelOnErrorTsa) {
throw new ProSignServerGlobalException("014");
} else {
return null;
}
}
}
return newSigner;
}
public static int initializeSSLConnexion() throws Exception {
int codestatus = 200;
try{
KeyStore clientStore = KeyStore.getInstance("PKCS12");
clientStore.load(new FileInputStream(ResourceUtils
.getFile(pathCert)), "123456".toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(clientStore, "123456".toCharArray());
KeyManager[] keyManager = keyManagerFactory.getKeyManagers();
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream("C:/Program Files/Java/jre1.8.0_221/lib/security/cacerts"),
"changeit".toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
TrustManager[] trustManager = trustManagerFactory.getTrustManagers();
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(keyManager, trustManager, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
URL url = new URL("https://tsa.baridesign.ma:8443/servlets/Horodatage/MetaTIME/TimeStampService/TSPService");
HttpsURLConnection urlConn = (HttpsURLConnection) url.openConnection();
if(urlConn.getResponseCode() == 503) {
codestatus = 503;
}
} catch (KeyStoreException e) {
System.out.println("1");
codestatus = 503;
} catch (IOException e) {
codestatus = 503;
} catch (NoSuchAlgorithmException e) {
System.out.println("3");
codestatus = 503;
} catch (CertificateException e) {
System.out.println("4");
codestatus = 503;
} catch (UnrecoverableKeyException e) {
System.out.println("5");
} catch (KeyManagementException e) {
System.out.println("6");
codestatus = 503;
} catch (Throwable t) {
codestatus = 503;
throw new Exception("Failed to get TSA response from '" );
}
return codestatus;
}
public static DSSPrivateKeyEntry getKey(String certificate, String pin) throws Exception {
try (Pkcs12SignatureToken signatureToken = new Pkcs12SignatureToken(certificate,
new KeyStore.PasswordProtection(pin.toCharArray()))) {
List<DSSPrivateKeyEntry> keys = signatureToken.getKeys();
KSPrivateKeyEntry dssPrivateKeyEntry = (KSPrivateKeyEntry) keys.get(0);
DSSPrivateKeyEntry entry = signatureToken.getKey(dssPrivateKeyEntry.getAlias(),
new KeyStore.PasswordProtection(pin.toCharArray()));
return entry;
}
}
public static ToBeSigned getDataToSign(byte[] messageDigest, final PAdESSignatureParameters parameters) throws DSSException {
final SignatureAlgorithm signatureAlgorithm = parameters.getSignatureAlgorithm();
final CustomContentSigner customContentSigner = new CustomContentSigner(signatureAlgorithm.getJCEId());
SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = padesCMSSignedDataBuilder.getSignerInfoGeneratorBuilder(parameters, messageDigest);
final CMSSignedDataGenerator gn = new CMSSignedDataGenerator();
final CMSProcessableByteArray content = new CMSProcessableByteArray(messageDigest);
CMSSignedData originalData = CMSUtils.generateDetachedCMSSignedData(gn, content);
final CMSSignedDataGenerator generator = padesCMSSignedDataBuilder.createCMSSignedDataGenerator(parameters, customContentSigner,
signerInfoGeneratorBuilder, originalData);
CMSUtils.generateDetachedCMSSignedData(generator, content);
final byte[] dataToSign = customContentSigner.getOutputStream().toByteArray();
return new ToBeSigned(dataToSign);
}
}
But in this case what I'm looking for is not to have to use a timestamp
Now what I'm looking for is to find a solution to add revocation checking in the intended area (still signing with esig/Dss) without adding a timestamp.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论