英文:
Adding PDF revocation information as an signed attribute pdfRevocationInfoArchival OID 1.2.840.113583.1.1.8
问题
We have added pdfRevocationInfoArchival OID (1.2.840.113583.1.1.8) as a signed attribute while generating signature. While building this attribute we used external CRL file (ca-crl.crl) and builds the OID 1.2.840.113583.1.1.8 as ASN1 object. After signing pdf and timestamping signature, everything works fine. But we are not able to understand the identifier (adbe-revocationInfoArchival) which added is in the PDF is correct and which can be used to verify this PDF by fetching this OID. Also we are not able to check that this attribute is in proper format in which PDF can verify it. Is there any tool or utility available to check this attribute which is inserted as a signed attribute is valid.
If any PDF tool/utility is available to visualize attribute are available in PDF please share.
We have build the issuers CRL info at position [0] is this correct to way add the CRL in this OID? I have share the code below code snippet
以下是Adobe的吊销信息属性的对象标识符:
adbe-revocationInfoArchival OBJECT IDENTIFIER ::= { adbe(1.2.840.113583) acrobat(1) security(1) 8 }
Adobe的吊销信息属性值具有ASN.1类型RevocationInfoArchival:
crl [0] EXPLICIT SEQUENCE of CRLs, OPTIONAL
ocsp [1] EXPLICIT SEQUENCE of OCSP Responses, OPTIONAL
otherRevInfo [2] EXPLICIT SEQUENCE of OtherRevInfo, OPTIONAL
}```
使用Java Bouncy Castle API构建Adobe的吊销信息属性值:
```private ASN1EncodableVector genPdfInfoArchival(ASN1EncodableVector v) {
ASN1EncodableVector v1 = new ASN1EncodableVector();
List<X509CRL> crls = new ArrayList<X509CRL>();
ASN1InputStream t = null;
try {
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
CRL crl = certFactory.generateCRL(new FileInputStream(new File("e://app//esp//crl//NSDLe-GovCA2019-Test-2.crl")));
System.out.println("crl:" + crl);
crls.add((X509CRL)crl);
if (!crls.isEmpty()) {
ASN1EncodableVector v11 = new ASN1EncodableVector();
for (Iterator<X509CRL> i = crls.iterator(); i.hasNext();) {
t = new ASN1InputStream(new ByteArrayInputStream(i.next().getEncoded()));
v11.add(t.readObject());
}
//0 for CRL
v1.add(new DERTaggedObject(true, 0, new DERSequence(v11)));
}
}
return v1;}
在构建OID并将其添加为签名属性后,生成签名,然后将此签名添加到PDF中:
ASN1EncodableVector signedAttr = new ASN1EncodableVector();
String ID_ADBE_REVOCATION = "1.2.840.113583.1.1.8";
//TODO add message digest for sgning - nikhilW
Attribute attr = new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(IOUtils.toByteArray(hashdata))));
signedAttr.add(attr);
//TODO generate pdf info archival and add it as CMS signed attribute - nikhilW
ASN1EncodableVector pdfInfo = genPdfInfoArchival(signedAttr);
Attribute ar = new Attribute(new ASN1ObjectIdentifier(ID_ADBE_REVOCATION), new DERSet (new DERSequence(pdfInfo)));
signedAttr.add(ar);
List<Certificate> certList = new ArrayList<Certificate>();
certList.addAll(Arrays.asList(certificateChain));
Store certs = new JcaCertStore(certList);
DefaultSignedAttributeTableGenerator sa = new DefaultSignedAttributeTableGenerator(new AttributeTable(signedAttr));
SignerInfoGeneratorBuilder builder = new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
builder.setSignedAttributeGenerator(sa);
请查看以下Google Drive链接,其中包含示例签名的PDF文件**hello_signed_ts_pdfarchivalinfo.pdf**
pdf_sample_signed
任何帮助将不胜感激。
英文:
>We have added pdfRevocationInfoArchival OID (1.2.840.113583.1.1.8) as a signed attribute while generating signature. While building this attribute we used external CRL file (ca-crl.crl) and builds the OID 1.2.840.113583.1.1.8 as ASN1 object. After signing pdf and timestamping signature, everything works fine. But we are not able to understand the identifier (adbe-revocationInfoArchival) which added is in the PDF is correct and which can be used to verify this PDF by fetching this OID. Also we are not able to check that this attribute is in proper format in which PDF can verify it. Is there any tool or utility available to check this attribute which is inserted as a signed attribute is valid.
>> If any PDF tool/utility is available to visualize attribute are available in PDF please share.
> We have build the issuers CRL info at position [0] is this correct to way add the CRL in this OID? I have share the code below code snippet
The following object identifier identifies Adobe's revocation information attribute:
adbe-revocationInfoArchival OBJECT IDENTIFIER ::=
{ adbe(1.2.840.113583) acrobat(1) security(1) 8 }
Adobe's Revocation Information attribute value has ASN.1 type RevocationInfoArchival:
/**
** RevocationInfoArchival ::= SEQUENCE {
** crl [0] EXPLICIT SEQUENCE of CRLs, OPTIONAL
** ocsp [1] EXPLICIT SEQUENCE of OCSP Responses, OPTIONAL
** otherRevInfo [2] EXPLICIT SEQUENCE of OtherRevInfo, OPTIONAL
}
*/
Adobe's Revocation Information attribute value building using in Java Bouncy Castle API:
private ASN1EncodableVector genPdfInfoArchival(ASN1EncodableVector v) {
ASN1EncodableVector v1 = new ASN1EncodableVector();
List<X509CRL> crls = new ArrayList<X509CRL>();
ASN1InputStream t = null;
try {
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
CRL crl = certFactory.generateCRL(new FileInputStream(new File("e://app//esp//crl//NSDLe-GovCA2019-Test-2.crl")));
System.out.println("crl:" + crl);
crls.add((X509CRL)crl);
if (!crls.isEmpty()) {
ASN1EncodableVector v11 = new ASN1EncodableVector();
for (Iterator<X509CRL> i = crls.iterator(); i.hasNext();) {
t = new ASN1InputStream(new ByteArrayInputStream(i.next().getEncoded()));
v11.add(t.readObject());
}
//0 for CRL
v1.add(new DERTaggedObject(true, 0, new DERSequence(v11)));
}
}
return v1;}
>After building OID adding it in SignerInforGeneratorBuilder as a signed attribute and generating the signature and then adding this signature in PDF
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ASN1EncodableVector signedAttr = new ASN1EncodableVector();
String ID_ADBE_REVOCATION = "1.2.840.113583.1.1.8";
//TODO add message digest for sgning - nikhilW
Attribute attr = new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(IOUtils.toByteArray(hashdata))));
signedAttr.add(attr);
//TODO generate pdf info archival and add it as CMS signed attribute - nikhilW
ASN1EncodableVector pdfInfo = genPdfInfoArchival(signedAttr);
Attribute ar = new Attribute(new ASN1ObjectIdentifier(ID_ADBE_REVOCATION), new DERSet (new DERSequence(pdfInfo)));
signedAttr.add(ar);
List<Certificate> certList = new ArrayList<Certificate>();
certList.addAll(Arrays.asList(certificateChain));
Store certs = new JcaCertStore(certList);
DefaultSignedAttributeTableGenerator sa = new DefaultSignedAttributeTableGenerator(new AttributeTable(signedAttr));
SignerInfoGeneratorBuilder builder = new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
builder.setSignedAttributeGenerator(sa);
>Please find below google drive link contains sample signed pdf file hello_signed_ts_pdfarchivalinfo.pdf
pdf_sample_signed
Any help would be appreciated.
答案1
得分: 0
我已经检查了使用以下Java源代码添加的PDF属性。此外,有一个iText Java实用程序可以调试PDF对象树 iText RUP 或从我的Google驱动器链接中下载 下载 iTextRUP Java Jar,使用 java -jar jar-name 运行它可能有助于调试PDF对象。
Pdf归档信息检索源代码返回位置[0]的CRL流对象
private void getPdfRevoInfoArch(SignerInformation signerInform) {
AttributeTable at = signerInform.getSignedAttributes();
ASN1Encodable arch = at.get(new ASN1ObjectIdentifier("1.2.840.113583.1.1.8")).getAttrValues().getObjectAt(0);
// ASN1Encodable arch1 = at.get(new ASN1ObjectIdentifier("1.2.840.113583.1.1.8")).getAttrValues().getObjectAt(1);
System.out.println("arc:" + arch);
System.out.println("archSize:" + at.get(new ASN1ObjectIdentifier("1.2.840.113583.1.1.8")).getAttrValues().size());
}
英文:
I have checked for the attribute added in pdf using below java source code. Also there is iText Java utility which will debug pdf object tree iText RUP or download it from my google drive link Download iTextRUP Java Jar run it with java -jar jar-name may it will help debuging pdf objects.
Pdf Archival Info Retrieval Source Code Returns CRL stream object at position [0]
private void getPdfRevoInfoArch(SignerInformation signerInform) {
AttributeTable at = signerInform.getSignedAttributes();
ASN1Encodable arch = at.get(new ASN1ObjectIdentifier("1.2.840.113583.1.1.8")).getAttrValues().getObjectAt(0);
//ASN1Encodable arch1 = at.get(new ASN1ObjectIdentifier("1.2.840.113583.1.1.8")).getAttrValues().getObjectAt(1);
System.out.println("arc:" + arch);
System.out.println("archSize:" + at.get(new ASN1ObjectIdentifier("1.2.840.113583.1.1.8")).getAttrValues().size());
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论