Search code examples
javapdfitextbouncycastle

Including a self signed keystore to list of trusted certificates

Using the following command ;

keytool -keystore org726.store -genkey -alias org726

The password i used for above steps was "password". Its hardcoded in the code underneath in ks.load().

i am generating the keystore and using a java program to digitally sign the pdf

public void signPdfFirstTime(String src, String dest)
{
    try{
    BouncyCastleProvider provider = new BouncyCastleProvider();
 Security.addProvider(provider);
 //KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
String path = properties.getProperty("PRIVATE");
String keystore_password = properties.getProperty("PASSWORD");
String PASSWORD = "password";
 ks.load(new FileInputStream(KEYSTORE1), PASSWORD.toCharArray());
 //ks.load(new FileInputStream(path), keystore_password.toCharArray());
 String alias = (String)ks.aliases().nextElement();
 PrivateKey pk = (PrivateKey) ks.getKey(alias, "password".toCharArray());
 Certificate[] chain = ks.getCertificateChain(alias);
 PdfReader reader = new PdfReader(src);
       FileOutputStream os = new FileOutputStream(dest);
       PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0');
       // appearance
       PdfSignatureAppearance appearance = stamper .getSignatureAppearance();
      appearance.setImage(Image.getInstance("D:\\logo.jpg"));
       appearance.setReason("I've written this.");
       appearance.setLocation("Chennai");
       appearance.setVisibleSignature(new Rectangle(72, 732, 144, 780), 1,    "first");
       // digital signature
   System.out.println(PageSize.A4.getHeight());
   System.out.println(PageSize.A4.getWidth());
       ExternalSignature es = new PrivateKeySignature(pk, DigestAlgorithms.SHA1, provider.getName());
       ExternalDigest digest = new BouncyCastleDigest();
       MakeSignature.signDetached(appearance, digest, es, chain, null, null, null, 0, CryptoStandard.CADES);

    }catch(Exception e)
    {
        e.printStackTrace();
    }
}

But in the resultant pdf i am getting: Signer's identity is unknown because it has not been included in the list of your trusted certificates.Its a .store file. Upon debugging in Eclipse its x509 cert upon inspection.

How do i include it in list of trusted certificates?

Solution

  • The Signer's identity is unknown because it has not been included in the list of your trusted certificates message is from adobe acrobat or from reader. To solve the problem you've to include the issuer CA of your certificate to acrobat configuration.

    You can do the following next steps:

    Validate the signature from acrobat and then when adobe says that is invalid access to the signature properties. On the new window select signer tab and click on show certificate button then you see the certificate validation path. Now you have to select the issuer CA certificate and in the trust tab click on Add to Trusted identities... button, then you can validate the signature again and this time must be valid.

    If for test purpose you're signing with a selfsigned certificate add directly the certificate to trusted identities instead of the CA.

    Hope this helps,