Hi,
Yeah, the log output is confusing, I'll improve it slightly to output
what it was searching for. I ran ShowSignature and it's the root
certificate that is missing in the chain.
Tilman
Am 23.06.2020 um 14:59 schrieb Chris Parton:
Hi all, I'm trying to use the example AddValidationInformation[1] class to add
LTV to an existing signed PDF. I've tried with a signed PDF of my own, and a
sample GlobalSign[2] PDF.
In both cases, I get the same error, and a 0kb PDF generated. Logs[4] are at
the bottom of this post.
Steps to reproduce:
1. git clone g...@github.com:apache/pdfbox.git
2. cd pdfbox/examples
3. mvn clean install
4. Open pdfbox project in IntelliJ
5. Run AddValidationInformation class, with the downloaded GlobalSign pdf as
a program argument
The GlobalSign PDF has LTV enabled already, but I get the same error on my own
document which doesn't have LTV. For my own document, I can enable LTV via
Adobe Acrobat's UI[3], which makes me think the document itself is fine.
Can anybody shed some light on why this might be happening? The recursive
traverseChain() method seems to spin until it hits the end of the certificate
chain, and continues to look for an issuer cert.
Thanks so much, I appreciate your help! Let me know if you need any more
information and I'll do my best to provide it.
[1]
https://github.com/apache/pdfbox/blob/2.0.20/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java
[2]
https://storage.pardot.com/707663/57753/globalsign_parchment_digital_signatures_case_study.pdf
[3]
https://www.ssl.com/how-to/long-term-validation-ltv-of-pdf-digital-signatures-in-adobe-acrobat/#enable
[4] App logs
Jun. 23, 2020 10:51:19 PM
org.apache.pdfbox.examples.signature.validation.CertInformationCollector
getAlternativeIssuerCertificate
INFO: Get alternative issuer certificate from:
http://secure.globalsign.com/cacert/gsaatl2sha2g2.crt
Jun. 23, 2020 10:51:19 PM
org.apache.pdfbox.examples.signature.validation.CertInformationCollector
getAlternativeIssuerCertificate
INFO: Get alternative issuer certificate from:
http://secure.globalsign.com/cacert/gsaatlsha2g2.crt
Jun. 23, 2020 10:51:19 PM
org.apache.pdfbox.examples.signature.validation.CertInformationCollector
getAlternativeIssuerCertificate
SEVERE: Error getting alternative issuer certificate from
http://secure.globalsign.com/cacert/gsaatlsha2g2.crt
java.io.IOException: No Issuer Certificate found for Cert: CN=GlobalSign CA for
AATL - SHA256 - G2, O=GlobalSign nv-sa, C=BE
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.traverseChain(CertInformationCollector.java:257)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.getAlternativeIssuerCertificate(CertInformationCollector.java:291)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.traverseChain(CertInformationCollector.java:211)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.getAlternativeIssuerCertificate(CertInformationCollector.java:291)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.traverseChain(CertInformationCollector.java:211)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.processSignerStore(CertInformationCollector.java:182)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.getCertInfo(CertInformationCollector.java:109)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.getLastCertInfo(CertInformationCollector.java:87)
at
org.apache.pdfbox.examples.signature.validation.AddValidationInformation.doValidation(AddValidationInformation.java:130)
at
org.apache.pdfbox.examples.signature.validation.AddValidationInformation.validateSignature(AddValidationInformation.java:108)
at
org.apache.pdfbox.examples.signature.validation.AddValidationInformation.main(AddValidationInformation.java:588)
Jun. 23, 2020 10:51:19 PM
org.apache.pdfbox.examples.signature.validation.CertInformationCollector
traverseChain
INFO: Found the right Issuer Cert! for Cert: CN=GlobalSign CA 2 for AATL,
O=GlobalSign nv-sa, C=BE
CN=GlobalSign CA for AATL - SHA256 - G2, O=GlobalSign nv-sa, C=BE
Jun. 23, 2020 10:51:19 PM
org.apache.pdfbox.examples.signature.validation.CertInformationCollector
getAlternativeIssuerCertificate
SEVERE: Error getting alternative issuer certificate from
http://secure.globalsign.com/cacert/gsaatl2sha2g2.crt
java.io.IOException: No Issuer Certificate found for Cert: CN=GlobalSign CA for
AATL - SHA256 - G2, O=GlobalSign nv-sa, C=BE
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.traverseChain(CertInformationCollector.java:257)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.traverseChain(CertInformationCollector.java:250)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.getAlternativeIssuerCertificate(CertInformationCollector.java:291)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.traverseChain(CertInformationCollector.java:211)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.processSignerStore(CertInformationCollector.java:182)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.getCertInfo(CertInformationCollector.java:109)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.getLastCertInfo(CertInformationCollector.java:87)
at
org.apache.pdfbox.examples.signature.validation.AddValidationInformation.doValidation(AddValidationInformation.java:130)
at
org.apache.pdfbox.examples.signature.validation.AddValidationInformation.validateSignature(AddValidationInformation.java:108)
at
org.apache.pdfbox.examples.signature.validation.AddValidationInformation.main(AddValidationInformation.java:588)
Jun. 23, 2020 10:51:19 PM
org.apache.pdfbox.examples.signature.validation.CertInformationCollector
traverseChain
INFO: Found the right Issuer Cert! for Cert: EMAILADDRESS=market...@globalsign.com,
CN=Marketing, O="GMO GlobalSign, Inc.", L=Portsmouth, ST=New Hampshire, C=US
CN=GlobalSign CA 2 for AATL, O=GlobalSign nv-sa, C=BE
Jun. 23, 2020 10:51:19 PM
org.apache.pdfbox.examples.signature.validation.CertInformationCollector
traverseChain
INFO: Found the right Issuer Cert! for Cert: CN=GlobalSign CA 2 for AATL,
O=GlobalSign nv-sa, C=BE
CN=GlobalSign CA for AATL - SHA256 - G2, O=GlobalSign nv-sa, C=BE
Exception in thread "main" java.io.IOException: No Issuer Certificate found for
Cert: CN=GlobalSign CA for AATL - SHA256 - G2, O=GlobalSign nv-sa, C=BE
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.traverseChain(CertInformationCollector.java:257)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.traverseChain(CertInformationCollector.java:250)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.traverseChain(CertInformationCollector.java:250)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.processSignerStore(CertInformationCollector.java:182)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.getCertInfo(CertInformationCollector.java:109)
at
org.apache.pdfbox.examples.signature.validation.CertInformationCollector.getLastCertInfo(CertInformationCollector.java:87)
at
org.apache.pdfbox.examples.signature.validation.AddValidationInformation.doValidation(AddValidationInformation.java:130)
at
org.apache.pdfbox.examples.signature.validation.AddValidationInformation.validateSignature(AddValidationInformation.java:108)
at
org.apache.pdfbox.examples.signature.validation.AddValidationInformation.main(AddValidationInformation.java:588)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: users-h...@pdfbox.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: users-h...@pdfbox.apache.org
