使用SSL证书签署PDF文件

时间:2022-09-06 22:18:05

I have a SSL certificate for my application and I want to use it for digitally signing PDF files using iText. The extension of the certificate is .cer and is provided by a certificate signing authority (CA).

我的应用程序有SSL证书,我想用它来使用iText对PDF文件进行数字签名。证书的扩展名为.cer,由证书签名机构(CA)提供。

The problem is that I am not able to convert this .cer certificate into java keystore which is required while signing the PDF using itext library. The code that I have is:

问题是我无法将此.cer证书转换为使用itext库签名PDF时所需的java密钥库。我的代码是:

This code obviously throws Invalid keystore format IOException.

此代码显然抛出无效的密钥库格式IOException。

KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());ks.load(new FileInputStream("C:\\abc.cer"), "abcd".toCharArray());String alias = (String) ks.aliases().nextElement();PrivateKey key = (PrivateKey) ks.getKey(alias, "abcd".toCharArray());java.security.cert.Certificate[] chain = ks.getCertificateChain(alias);PdfReader reader = new PdfReader("C:\\test.pdf");FileOutputStream fout = new FileOutputStream("C:\\signed.pdf");PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');PdfSignatureAppearance sap = stp.getSignatureAppearance();sap.setCrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED);sap.setReason("Test Reason");sap.setLocation("Test Location");sap.setVisibleSignature(new Rectangle(10, 10, 20, 20), 1, null);stp.close();

Please let me know how can i convert a SSL certificate into a java keystore and use it for signing pdf files.

请让我知道如何将SSL证书转换为java密钥库并使用它来签署pdf文件。

1 个解决方案

#1


4  

First, certificates are not "SSL certificates". They are x.509 certificates, some of which can be used for SSL/TLS authentication. If you have such certificate, you can't use it for other purposes including PDF signing.

首先,证书不是“SSL证书”。它们是x.509证书,其中一些可用于SSL / TLS身份验证。如果您拥有此类证书,则不能将其用于其他目的,包括PDF签名。

Next, .cer file is a public part of the certificate, it doesn't include a private key. You need a certificate and a private key to sign anything.

接下来,.cer文件是证书的公共部分,它不包含私钥。您需要一个证书和一个私钥来签署任何内容。

#1


4  

First, certificates are not "SSL certificates". They are x.509 certificates, some of which can be used for SSL/TLS authentication. If you have such certificate, you can't use it for other purposes including PDF signing.

首先,证书不是“SSL证书”。它们是x.509证书,其中一些可用于SSL / TLS身份验证。如果您拥有此类证书,则不能将其用于其他目的,包括PDF签名。

Next, .cer file is a public part of the certificate, it doesn't include a private key. You need a certificate and a private key to sign anything.

接下来,.cer文件是证书的公共部分,它不包含私钥。您需要一个证书和一个私钥来签署任何内容。