可信時間戳是由時間戳服務(wù)中心（TSA：Time Stamp Authority）頒發(fā)的具有法律效力的電子憑證, 時間戳與電子數(shù)據(jù)唯一對應(yīng)，其中包含電子數(shù)據(jù) “指紋”、產(chǎn)生時間、時間戳服務(wù)中心信息等。

可信時間戳的法律效力、作用我就不說了 直接貼代碼吧。

import com.itextpdf.text.DocumentException; import com.itextpdf.text.Rectangle; import com.itextpdf.text.pdf.*;import java.io.*; import java.security.MessageDigest; import java.security.SignatureException; import java.security.cert.CertificateParsingException; import java.security.cert.X509Certificate; import java.util.Calendar; import java.util.HashMap;/*** Created by zhangzhenhua on 2016/11/1.*/ public class PDFSigner {//tsaprivate SignerKeystore signerKeystore;private TSAClient tsaClient;private PDFSigner(){}/**** @param tsa_url tsa服務(wù)器地址* @param tsa_accnt tsa賬戶號* @param tsa_passw tsa密碼* @param cert_path 證書路徑* @param cert_passw 證書密碼*/public PDFSigner(String tsa_url,String tsa_accnt,String tsa_passw,String cert_path,String cert_passw) {tsaClient = new TSAClientBouncyCastle(tsa_url, tsa_accnt, tsa_passw);try {signerKeystore = new SignerKeystorePKCS12(new FileInputStream(cert_path), cert_passw);} catch (Exception e) {e.printStackTrace();}}/*** TSA時間戳簽名* @param infilePath 未簽名的文件路徑* @param outfilePath 簽名后的文件路徑* @throws Exception*/public void signPDF(String infilePath,String outfilePath) throws Exception {PdfReader reader = new PdfReader(infilePath);FileOutputStream fout = new FileOutputStream(outfilePath);PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');PdfSignatureAppearance sap = stp.getSignatureAppearance();sap.setCrypto(null, this.signerKeystore.getChain(), null, PdfSignatureAppearance.SELF_SIGNED);sap.setVisibleSignature(new Rectangle(100, 100, 300, 200), 1, "Signature");PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, new PdfName("adbe.pkcs7.detached"));dic.setReason(sap.getReason());dic.setLocation(sap.getLocation());dic.setContact(sap.getContact());dic.setDate(new PdfDate(sap.getSignDate()));sap.setCryptoDictionary(dic);int contentEstimated = 15000;HashMap exc = new HashMap();exc.put(PdfName.CONTENTS, new Integer(contentEstimated * 2 + 2));sap.preClose(exc);PdfPKCS7 sgn = new PdfPKCS7(this.signerKeystore.getPrivateKey(), this.signerKeystore.getChain(), null, "SHA1", null, false);InputStream data = sap.getRangeStream();MessageDigest messageDigest = MessageDigest.getInstance("SHA1");byte buf[] = new byte[8192];int n;while ((n = data.read(buf)) > 0) {messageDigest.update(buf, 0, n);}byte hash[] = messageDigest.digest();Calendar cal = Calendar.getInstance();byte[] ocsp = null;if ( this.signerKeystore.getChain().length >= 2) {String url = PdfPKCS7.getOCSPURL((X509Certificate) this.signerKeystore.getChain()[0]);if (url != null && url.length() > 0)ocsp = new OcspClientBouncyCastle((X509Certificate) this.signerKeystore.getChain()[0], (X509Certificate) this.signerKeystore.getChain()[1], url).getEncoded();}byte sh[] = sgn.getAuthenticatedAttributeBytes(hash, cal, ocsp);sgn.update(sh, 0, sh.length);byte[] encodedSig = sgn.getEncodedPKCS7(hash, cal, this.tsaClient, ocsp);if (contentEstimated + 2 < encodedSig.length)throw new Exception("Not enough space");byte[] paddedSig = new byte[contentEstimated];System.arraycopy(encodedSig, 0, paddedSig, 0, encodedSig.length);PdfDictionary dic2 = new PdfDictionary();dic2.put(PdfName.CONTENTS, new PdfString(paddedSig).setHexWriting(true));sap.close(dic2);}public static void main(String[] args) {//testString TSA_URL = "http://tsa.safelayer.com:8093";String TSA_ACCNT = "";String TSA_PASSW = "";String IN_FILE = "E:\\項目\\paperless\\lipsum.pdf";String OUT_FILE = "E:\\項目\\paperless\\test_signed.pdf";String CERT_PATH = "E:\\項目\\paperless\\bfnsh.pfx";String CERT_PASSW = "123456";PDFSigner signer = new PDFSigner(TSA_URL,TSA_ACCNT,TSA_PASSW,CERT_PATH,CERT_PASSW);try {signer.signPDF(IN_FILE,OUT_FILE);} catch (Exception e) {e.printStackTrace();}}} 以上是簽名類，再貼一下輔助讀取證書的類 import java.security.PrivateKey; import java.security.Provider; import java.security.cert.Certificate;/*** Created by zhangzhenhua on 2016/10/28.*/ public interface SignerKeystore {public PrivateKey getPrivateKey() ;public Certificate[] getChain() ;public Provider getProvider();} /*** Created by hmt on 2016/10/28.*/import java.io.InputStream; import java.security.KeyStore; import java.security.PrivateKey; import java.security.Provider; import java.security.Security; import java.security.cert.Certificate;/*** SignerKeystore implementation using PKCS#12 file (.pfx etc)*/public class SignerKeystorePKCS12 implements SignerKeystore {private static Provider prov = null;private KeyStore ks;private String alias;private String pwd;private PrivateKey key;private Certificate[] chain;public SignerKeystorePKCS12(InputStream inp, String passw) throws Exception {// This should be done once only for the provider...if (prov == null) {prov = new org.bouncycastle.jce.provider.BouncyCastleProvider();Security.addProvider(prov);}this.ks = KeyStore.getInstance("pkcs12", prov);this.pwd = passw;this.ks.load(inp, pwd.toCharArray());this.alias = (String)ks.aliases().nextElement();this.key = (PrivateKey)ks.getKey(alias, pwd.toCharArray());this.chain = ks.getCertificateChain(alias);}public PrivateKey getPrivateKey() {return key;}public Certificate[] getChain() {return chain;}public Provider getProvider() {return ks.getProvider();}}

測試結(jié)果

總結(jié)

以上是生活随笔為你收集整理的PDF时间戳数字签名的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。