科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>kotlin - DSS - No revocation found for the certificate - Stack Overflow

    kotlin - DSS - No revocation found for the certificate - Stack Overflow

    programmeradmin2浏览0评论

    My provided code sample bellow is trying to sign document in PAdES using with provided Keystore and TSA. I am using DSS library for that purpose.

    This coded produced some warnings and then error because of missing revocation data for certificates, see full message bellow:

    2025-02-07 18:47:39,207 [] [] [main] WARN eu.europa.esig.dss.spi.x509.TokenIssuerSelector No matching issuer found for the token creation date. The process continues with an issuer which has the same public key.
2025-02-07 18:47:39,210 [] [] [main] INFO eu.europa.esig.dss.spi.x509.aia.AIACertificateSource Retrieving C-08E7EAC998A62C4155CC4CBC5EDA32F5B41A12C012F29AB3433BD366348149F0 certificate's issuer using AIA.
2025-02-07 18:47:39,249 [] [] [main] WARN eu.europa.esig.dss.spi.validation.SignatureValidationContext No revocation found for the certificate C-08E7EAC998A62C4155CC4CBC5EDA32F5B41A12C012F29AB3433BD366348149F0
2025-02-07 18:47:39,250 [] [] [main] WARN eu.europa.esig.dss.spi.validation.SignatureValidationContext No revocation found for the certificate C-F882EFFC16DE28D508C092E35825B00242CF963071C279EF09310D9D95784B35
2025-02-07 18:47:39,250 [] [] [main] WARN eu.europa.esig.dss.spi.validation.SignatureValidationContext No revocation found for the certificate C-CFA1DC359DED2BC3CB890FA230E5DAF77B540F1A6E2B23DDCF1754E18CFAA0D5
2025-02-07 18:47:39,250 [] [] [main] WARN eu.europa.esig.dss.spi.validation.TimestampTokenVerifier POE extraction is skipped for untrusted timestamp : T-03CD01B6E7EEF5C65427B4EA6227391257966492CDB3F1AC7FEBB04F8985ECF1.
2025-02-07 18:47:39,251 [] [] [main] WARN eu.europa.esig.dss.spi.validation.SignatureValidationContext No revocation found for the certificate C-5904EEE597CDAC096143A29BDDD9C195738751D4595FA1F0900618E85112B9EF
2025-02-07 18:47:39,252 [] [] [main] WARN eu.europa.esig.dss.spi.validation.SignatureValidationContext No revocation found for the certificate C-6EE34EFC52D13C5C802BDE3D70AC4506666095B171E20F96B6CCB8A4A5DF1B77
2025-02-07 18:47:39,258 [] [] [main] ERROR:

Message: Revocation data is missing for one or more certificate(s). [C-F882EFFC16DE28D508C092E35825B00242CF963071C279EF09310D9D95784B35: Revocation data is skipped for untrusted certificate chain!; C-08E7EAC998A62C4155CC4CBC5EDA32F5B41A12C012F29AB3433BD366348149F0: Revocation data is skipped for untrusted certificate chain!; C-6EE34EFC52D13C5C802BDE3D70AC4506666095B171E20F96B6CCB8A4A5DF1B77: Revocation data is skipped for untrusted certificate chain!; C-CFA1DC359DED2BC3CB890FA230E5DAF77B540F1A6E2B23DDCF1754E18CFAA0D5: Revocation data is skipped for untrusted certificate chain!; C-5904EEE597CDAC096143A29BDDD9C195738751D4595FA1F0900618E85112B9EF: Revocation data is skipped for untrusted certificate chain!]

    My code:

            val document = InMemoryDocument(javaClass.getResourceAsStream("/docToSign.pdf"))

        val tspServer = ";
        val tspSource = OnlineTSPSource(tspServer)
        tspSource.setDataLoader(TimestampDataLoader()) // Ensure proper Content-Type

        javaClass.getResourceAsStream("/keystore.jks").use { fis ->
            JKSSignatureToken(fis, PasswordProtection("cert-password".toCharArray())).use { token ->
                val keys = token.keys

                val pk = keys.first { (it as KSPrivateKeyEntry).alias == "cert-alias" }

                val signingCertificate = CertificateToken(getCertificateRoot())
                val certificateChain = getCertificateTrustChain().map { CertificateToken(it) }

                val parameters = PAdESSignatureParameters().apply {
                    signatureLevel = SignatureLevel.PAdES_BASELINE_LTA
                    signaturePackaging = SignaturePackaging.ENVELOPED
                    digestAlgorithm = DigestAlgorithm.SHA256
                    this.signingCertificate = signingCertificate
                    this.certificateChain = certificateChain
                    contentSize = 100000
                }

                val trustedCertSource = CommonTrustedCertificateSource()
                trustedCertSource.addCertificate(parameters.signingCertificate)

                val certificateVerifier = CommonCertificateVerifier()

                val service = PAdESService(certificateVerifier)
                service.setTspSource(tspSource)
                service.setPdfObjFactory(PdfBoxNativeObjectFactory())

                val toBeSigned = service.getDataToSign(document, parameters)
                val signatureValue = token.sign(toBeSigned, parameters.digestAlgorithm, pk)

                val signedDocument = service.signDocument(document, parameters, signatureValue)

                signedDocument.save("/signedDoc.pdf")
            }
        }

    I also tried disable check with

    certificateVerifier.isCheckRevocationForUntrustedChains = false

    but it didn't help at all

    Can you help me to identify issue? Thank you

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论