java - 添加 PDF 撤销信息作为签名属性 pdfRevocationInfoArchival OID 1.2.840.113583.1.1.8-6ren

java - 添加 PDF 撤销信息作为签名属性 pdfRevocationInfoArchival OID 1.2.840.113583.1.1.8

转载作者：行者123 更新时间：2023-12-05 07:03:33

We have added pdfRevocationInfoArchival OID (1.2.840.113583.1.1.8) as a signed attribute while generating signature. While building this attribute we used external CRL file (ca-crl.crl) and builds the OID 1.2.840.113583.1.1.8 as ASN1 object. After signing pdf and timestamping signature, everything works fine. But we are not able to understand the identifier (adbe-revocationInfoArchival) which added is in the PDF is correct and which can be used to verify this PDF by fetching this OID. Also we are not able to check that this attribute is in proper format in which PDF can verify it. Is there any tool or utility available to check this attribute which is inserted as a signed attribute is valid.

If any PDF tool/utility is available to visualize attribute are available in PDF please share.

We have build the issuers CRL info at position [0] is this correct to way add the CRL in this OID? I have share the code below code snippet

以下对象标识符标识 Adobe 的吊销信息属性:

adbe-revocationInfoArchival OBJECT IDENTIFIER ::=
        { adbe(1.2.840.113583) acrobat(1) security(1) 8 }

Adobe 的 Revocation Information 属性值具有 ASN.1 类型 RevocationInfoArchival:

    /**
     ** RevocationInfoArchival ::= SEQUENCE {
     **   crl [0] EXPLICIT SEQUENCE of CRLs, OPTIONAL
     **   ocsp [1] EXPLICIT SEQUENCE of OCSP Responses, OPTIONAL
     **   otherRevInfo [2] EXPLICIT SEQUENCE of OtherRevInfo, OPTIONAL
      }
    */

在 Java Bouncy CaSTLe API 中使用 Adobe 的 Revocation Information 属性值构建:

private ASN1EncodableVector genPdfInfoArchival(ASN1EncodableVector v) {
        
        ASN1EncodableVector v1 = new ASN1EncodableVector();
        
        List<X509CRL> crls = new ArrayList<X509CRL>();
        ASN1InputStream t = null;
        try {
            
            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
            CRL crl = certFactory.generateCRL(new FileInputStream(new File("e://app//esp//crl//NSDLe-GovCA2019-Test-2.crl")));
            System.out.println("crl:" + crl);
            crls.add((X509CRL)crl);
            
            if (!crls.isEmpty()) {
                ASN1EncodableVector v11 = new ASN1EncodableVector();
                for (Iterator<X509CRL> i = crls.iterator(); i.hasNext();) {
                    t = new ASN1InputStream(new ByteArrayInputStream(i.next().getEncoded()));
                    v11.add(t.readObject());
                }
                //0 for CRL
                v1.add(new DERTaggedObject(true, 0, new DERSequence(v11)));
            }
} 
        
        return v1;}

After building OID adding it in SignerInforGeneratorBuilder as a signed attribute and generating the signature and then adding this signature in PDF

            CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
            ASN1EncodableVector signedAttr = new ASN1EncodableVector();
            String ID_ADBE_REVOCATION = "1.2.840.113583.1.1.8";

            //TODO add message digest for sgning - nikhilW
            Attribute attr = new Attribute(CMSAttributes.messageDigest,  new DERSet(new DEROctetString(IOUtils.toByteArray(hashdata))));
            signedAttr.add(attr);
            
            //TODO generate pdf info archival and add it as CMS signed attribute - nikhilW
            ASN1EncodableVector pdfInfo = genPdfInfoArchival(signedAttr);
            Attribute ar = new Attribute(new ASN1ObjectIdentifier(ID_ADBE_REVOCATION),   new DERSet (new DERSequence(pdfInfo)));
            signedAttr.add(ar);
            
            List<Certificate> certList = new ArrayList<Certificate>();
            certList.addAll(Arrays.asList(certificateChain));
            Store certs = new JcaCertStore(certList);
            
            DefaultSignedAttributeTableGenerator sa = new DefaultSignedAttributeTableGenerator(new AttributeTable(signedAttr));
            SignerInfoGeneratorBuilder builder = new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
            
            builder.setSignedAttributeGenerator(sa);

Please find below google drive link contains sample signed pdf file hello_signed_ts_pdfarchivalinfo.pdf
pdf_sample_signed

如有任何帮助，我们将不胜感激。

最佳答案

我已经使用下面的 java 源代码检查了在 pdf 中添加的属性。还有一个 iText Java 实用程序可以调试 pdf 对象树 iText RUP或从我的谷歌驱动器链接下载它Download iTextRUP Java Jar使用 java -jar jar-name 运行它可能有助于调试 pdf 对象。

Pdf 文件信息检索源代码返回位置 [0] 处的 CRL 流对象

private void getPdfRevoInfoArch(SignerInformation signerInform) {
        
        AttributeTable at = signerInform.getSignedAttributes();
        
        ASN1Encodable arch =    at.get(new ASN1ObjectIdentifier("1.2.840.113583.1.1.8")).getAttrValues().getObjectAt(0);
        
        //ASN1Encodable arch1 = at.get(new ASN1ObjectIdentifier("1.2.840.113583.1.1.8")).getAttrValues().getObjectAt(1);
                
        System.out.println("arc:" + arch);
        System.out.println("archSize:" + at.get(new ASN1ObjectIdentifier("1.2.840.113583.1.1.8")).getAttrValues().size());
        
    }

关于java - 添加 PDF 撤销信息作为签名属性 pdfRevocationInfoArchival OID 1.2.840.113583.1.1.8，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/63169453/

文章推荐： javascript - 如何在 TypeORM 中左连接 JSON 函数

文章推荐： java - 无效的 JWK 设置 URL : null

java - 添加 PDF 撤销信息作为签名属性 pdfRevocationInfoArchival OID 1.2.840.113583.1.1.8
We have added pdfRevocationInfoArchival OID (1.2.840.113583.1.1.8) as a signed attribute while gener

行者123

个人简介

我是一名优秀的程序员,十分优秀！

作者热门文章

滴滴打车优惠券免费领取

全站热门文章

首页

博学

6Ren·AI

商城

java - 添加 PDF 撤销信息作为签名属性 pdfRevocationInfoArchival OID 1.2.840.113583.1.1.8