All geek questions in one place

How to enable LTV for timestamp signing?

I am using iText 5.5.3 to sign PDF documents. I need these documents to be temporary and supported by LTV. I followed the instructions and used the addLtv method (sample code 5.9, page 137 in Lowagie white paper). I get a PDF file with two signatures, which is normal: the first is my own signature, the second is a timestamp at the document level.

However, Acrobat tells me that my LTV signature is enabled, but the timestamp signature is missing:

Image from Acrobat Pro XI http://img15.hostingpics.net/pics/727285so2.jpg

This is because the timestamp certificate revocation information is not embedded in the document:

There is no review information 1 http://img15.hostingpics.net/pics/491507so2a.jpg

There is no review information for 2 http://img15.hostingpics.net/pics/312720so2b.jpg

In my opinion, the addLtv method should get all the revocation information and paste it into the document. Is this correct, or do I need to "manually" get and paste this information?

+4
source share
1 answer

Here is an example of the code in question:

public void addLtv(String src, String dest, OcspClient ocsp, CrlClient crl, TSAClient tsa) throws IOException, DocumentException, GeneralSecurityException
{
    PdfReader r = new PdfReader(src);
    FileOutputStream fos = new FileOutputStream(dest);
    PdfStamper stp = PdfStamper.createSignature(r, fos, '\0', null, true);
    LtvVerification v = stp.getLtvVerification();
    AcroFields fields = stp.getAcroFields();
    List<String> names = fields.getSignatureNames();
    String sigName = names.get(names.size() - 1);
    PdfPKCS7 pkcs7 = fields.verifySignature(sigName);
    if (pkcs7.isTsp())
    {
        v.addVerification(sigName, ocsp, crl,
            LtvVerification.CertificateOption.SIGNING_CERTIFICATE,
            LtvVerification.Level.OCSP_CRL,
            LtvVerification.CertificateInclusion.NO);
    }
    else
    {
        for (String name : names)
        {
            v.addVerification(name, ocsp, crl,
                LtvVerification.CertificateOption.WHOLE_CHAIN,
                LtvVerification.Level.OCSP_CRL,
                LtvVerification.CertificateInclusion.NO);
        }
    }
    PdfSignatureAppearance sap = stp.getSignatureAppearance();
    LtvTimestamp.timestamp(sap, tsa, null);
}

This code identifies the last completed PDF signature field and checks to see if it is a document timestamp or a regular signature.

If it is a document timestamp, the code only adds validation information for this document timestamp. Otherwise, the code adds verification data for all signatures.

( , ( / ) -, LTV, , . , , .)

​​ .

, , , PDF ( TSA , , ). Adobe Reader/Acrobat LTV .

, ( , , ) :

public void addLtvNoTS(String src, String dest, OcspClient ocsp, CrlClient crl) throws IOException, DocumentException, GeneralSecurityException
{
    PdfReader r = new PdfReader(src);
    FileOutputStream fos = new FileOutputStream(dest);
    PdfStamper stp = new PdfStamper(r, fos, '\0', true);
    LtvVerification v = stp.getLtvVerification();
    AcroFields fields = stp.getAcroFields();
    List<String> names = fields.getSignatureNames();
    String sigName = names.get(names.size() - 1);
    PdfPKCS7 pkcs7 = fields.verifySignature(sigName);
    if (pkcs7.isTsp())
    {
        v.addVerification(sigName, ocsp, crl,
            LtvVerification.CertificateOption.SIGNING_CERTIFICATE,
            LtvVerification.Level.OCSP_CRL,
            LtvVerification.CertificateInclusion.NO);
    }
    else
    {
        for (String name : names)
        {
            v.addVerification(name, ocsp, crl,
                LtvVerification.CertificateOption.WHOLE_CHAIN,
                LtvVerification.Level.OCSP_CRL,
                LtvVerification.CertificateInclusion.NO);
        }
    }
    stp.close();
}

, iText addLtv () LTV, , LTV, ETSI PAdES, Adobe LTV.

ETSI TS 102 778-4 V1.1.2 (2009-12) PDF, LTV, 2.

Figure 2: Illustration of PDF Document with LTV

. DSS . . . 3.

Figure 3: Illustration of PDF Document with repeated LTV

, Adobe ( PDF iText 2013 .),

LTV enabled , , ( ) . , .

PDF ,    CRL OSCP

- DSS, DSS LTV-enabled. ( ).

- PDF- LTV ETSI, , Adobe, , LTV.

.

+9

Source: https://habr.com/ru/post/1570798/

More articles:


All Articles