Unfortunately, sharing the document is not possible. I managed to retrieve the trusted lists (Adobe and EU) from the following URLs (these are the ones Acrobat uses): https://trustlist.adobe.com/eutl12.acrobatsecuritysettings https://trustlist.adobe.com/tl12.acrobatsecuritysettings
The above URLs resolve to PDF files, each having a file attachment named "SecuritySettings.xml". The Base64 encoded certificates are in the file (decoding results in "CER"-formatted X.509 data). They are obviously not all root certificates Unfortunately, including these certificates does not resolve the issue. I can send some data, mostly images, but I don't think the mailing list will allow images. Constantine On Sat, Mar 18, 2023 at 6:44 AM Tilman Hausherr <thaush...@t-online.de> wrote: > On 17.03.2023 15:58, Constantine Dokolas wrote: > > Hello everyone. > > > > I'm trying to validate a PDF that involves the AATL (Adobe Approved Trust > > List). Acrobat says "Source of trust obtained from Adobe Approved Trust > > List (AATL)". I'm using the Apache CXF 2.4.9 example validation code. > This > > is the first time it could not verify the signature, throwing a "No root > > certificate in the chain". > > Can you share the PDF? ShowSignature tries to retrieve missing issuer > certificates from URLs in the certificates. The related code is based on > an older Apache CXF version (because they seemed to have discontinued > that part) which I later improved. > > > > > I can see the comment in SigUtils mentioning that trusted lists are not > > being taken into account and mentioning PDFBOX-3017. > > > > As a note, I've managed to figure out how to retrieve the AATL/EUTL > > certificates. > > I'd be interested in getting AATL certificates. I do have some code that > takes EUTL certificates, but the weird thing is that not all of them are > root certificates. > > Tilman > > > > > > Any suggestions? > > Constantine > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org > For additional commands, e-mail: dev-h...@pdfbox.apache.org > >
