Ошибки при цифровой подписи PDF

Question

Я использую следующие программы для подписания PDF (я получил полную выборку из http://developers.itextpdf.com/examples/security/digital-signatures-white-paper/digital-signatures-chapter-2.

import java.io.FileInputStream; 
import java.io.FileOutputStream; 
import java.io.IOException; 
import java.security.GeneralSecurityException; 
import java.security.KeyStore; 
import java.security.PrivateKey; 
import java.security.Security; 
import java.security.cert.Certificate; 

import org.bouncycastle.jce.provider.BouncyCastleProvider; 

import com.itextpdf.text.DocumentException; 
import com.itextpdf.text.Rectangle; 
import com.itextpdf.text.pdf.PdfReader; 
import com.itextpdf.text.pdf.PdfSignatureAppearance; 
import com.itextpdf.text.pdf.PdfStamper; 
import com.itextpdf.text.pdf.security.BouncyCastleDigest; 
import com.itextpdf.text.pdf.security.DigestAlgorithms; 
import com.itextpdf.text.pdf.security.ExternalDigest; 
import com.itextpdf.text.pdf.security.ExternalSignature; 
import com.itextpdf.text.pdf.security.MakeSignature; 
import com.itextpdf.text.pdf.security.MakeSignature.CryptoStandard; 
import com.itextpdf.text.pdf.security.PrivateKeySignature; 

public class C2_01_SignHelloWorld { 

public static final String KEYSTORE = "src/main/resources/ks"; 
public static final char[] PASSWORD = "password".toCharArray(); 
public static final String SRC  = "src/main/resources/CA_Commercial_Construction.pdf"; 
public static final String DEST  = "results/chapter2/CA_Commercial_Construction_signed%s.pdf"; 

public void sign(String src, String dest, Certificate[] chain, PrivateKey pk, String digestAlgorithm, String provider, CryptoStandard subfilter, String reason, String location) 
     throws GeneralSecurityException, IOException, DocumentException { 
    // Creating the reader and the stamper 
    PdfReader reader = new PdfReader(src); 
    FileOutputStream os = new FileOutputStream(dest); 
    PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0'); 
    // Creating the appearance 
    PdfSignatureAppearance appearance = stamper.getSignatureAppearance(); 
    appearance.setReason(reason); 
    appearance.setLocation(location); 
    appearance.setVisibleSignature(new Rectangle(36, 748, 144, 780), 1, "sig"); 
    // Creating the signature 
    ExternalDigest digest = new BouncyCastleDigest(); 
    ExternalSignature signature = new PrivateKeySignature(pk, digestAlgorithm, provider); 
    MakeSignature.signDetached(appearance, digest, signature, chain, null, null, null, 0, subfilter); 
} 

public static void main(String[] args) throws GeneralSecurityException, IOException, DocumentException { 
    BouncyCastleProvider provider = new BouncyCastleProvider(); 
    Security.addProvider(provider); 
    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); 
    ks.load(new FileInputStream(KEYSTORE), PASSWORD); 
    String alias = (String) ks.aliases().nextElement(); 
    PrivateKey pk = (PrivateKey) ks.getKey(alias, PASSWORD); 
    Certificate[] chain = ks.getCertificateChain(alias); 
    C2_01_SignHelloWorld app = new C2_01_SignHelloWorld(); 
    app.sign(SRC, String.format(DEST, 1), chain, pk, DigestAlgorithms.SHA256, provider.getName(), CryptoStandard.CMS, "Signed for Testing", "Universe"); 
    app.sign(SRC, String.format(DEST, 2), chain, pk, DigestAlgorithms.SHA512, provider.getName(), CryptoStandard.CMS, "Test 2", "Universe"); 
    app.sign(SRC, String.format(DEST, 3), chain, pk, DigestAlgorithms.SHA256, provider.getName(), CryptoStandard.CADES, "Test 3", "Universe"); 
    //app.sign(SRC, String.format(DEST, 4), chain, pk, DigestAlgorithms.RIPEMD160, provider.getName(), CryptoStandard.CADES, "Test 4", "Ghent"); 
}} 

Я создал свои собственное хранилище ключей с помощью Keytool, но когда я открываю PDF и ознаменовал сертификат как доверенный, я все еще получаю ошибку - «документа был изменен или поврежден, так как он был подписан» Я действительно не знаю, что здесь происходит

EDIT: Там нет ошибки в программе проблемы... Я вижу, как видно из этой PDF-ссылки, которую я создал из вышеперечисленной программы: http://pasteboard.co/9hJX1Hv.png

Answer 1

Я изменил DigestAlgorithm на SHA1, и «документ был изменен или поврежден с момента его подписания» ошибка исчезла. Вставка полностью верна ниже:

import java.io.FileInputStream; 
import java.io.FileOutputStream; 
import java.io.IOException; 
import java.security.GeneralSecurityException; 
import java.security.KeyStore; 
import java.security.PrivateKey; 
import java.security.Security; 
import java.security.cert.Certificate; 

import org.bouncycastle.jce.provider.BouncyCastleProvider; 

import com.itextpdf.text.DocumentException; 
import com.itextpdf.text.Rectangle; 
import com.itextpdf.text.pdf.PdfReader; 
import com.itextpdf.text.pdf.PdfSignatureAppearance; 
import com.itextpdf.text.pdf.PdfStamper; 
import com.itextpdf.text.pdf.security.BouncyCastleDigest; 
import com.itextpdf.text.pdf.security.DigestAlgorithms; 
import com.itextpdf.text.pdf.security.ExternalDigest; 
import com.itextpdf.text.pdf.security.ExternalSignature; 
import com.itextpdf.text.pdf.security.MakeSignature; 
import com.itextpdf.text.pdf.security.MakeSignature.CryptoStandard; 
import com.itextpdf.text.pdf.security.PrivateKeySignature; 

public class C2_01_SignHelloWorld { 

public static final String KEYSTORE = "src/main/resources/ks"; 
public static final char[] PASSWORD = "password".toCharArray(); 
public static final String SRC  = "src/main/resources/CA_Commercial_Construction.pdf"; 
public static final String DEST  = "results/chapter2/CA_Commercial_Construction_signed%s.pdf"; 

public void sign(String src, String dest, Certificate[] chain, PrivateKey pk, String digestAlgorithm, String provider, CryptoStandard subfilter, String reason, String location) 
     throws GeneralSecurityException, IOException, DocumentException { 
    // Creating the reader and the stamper 
    PdfReader reader = new PdfReader(src); 
    FileOutputStream os = new FileOutputStream(dest); 
    PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0'); 
    // Creating the appearance 
    PdfSignatureAppearance appearance = stamper.getSignatureAppearance(); 
    appearance.setReason(reason); 
    appearance.setLocation(location); 
    appearance.setVisibleSignature(new Rectangle(36, 748, 144, 780), 1, "sig"); 
    // Creating the signature 
    ExternalDigest digest = new BouncyCastleDigest(); 
    ExternalSignature signature = new PrivateKeySignature(pk, digestAlgorithm, provider); 
    MakeSignature.signDetached(appearance, digest, signature, chain, null, null, null, 0, subfilter); 
} 

public static void main(String[] args) throws GeneralSecurityException, IOException, DocumentException { 
    BouncyCastleProvider provider = new BouncyCastleProvider(); 
    Security.addProvider(provider); 
    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); 
    ks.load(new FileInputStream(KEYSTORE), PASSWORD); 
    String alias = (String) ks.aliases().nextElement(); 
    PrivateKey pk = (PrivateKey) ks.getKey(alias, PASSWORD); 
    Certificate[] chain = ks.getCertificateChain(alias); 
    C2_01_SignHelloWorld app = new C2_01_SignHelloWorld(); 
    app.sign(SRC, String.format(DEST, 1), chain, pk, DigestAlgorithms.SHA1, provider.getName(), CryptoStandard.CADES, "Signed for Testing", "Universe"); // only change done was in this line to resolve this problem 

}}