How to enable Long Term Validation (LTV) with pdfbox

Question

I using pdfbox to signature but when check signature in acrobat reader has result: Long term validation(LTV) not enable

And this is my source code

@Override
public byte[] sign(InputStream content) throws IOException {
    try {
        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
        X509Certificate cert = (X509Certificate) this.certificateChain[0];
        ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256WithRSA").build(this.privateKey);
        gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).build(sha1Signer, cert));
        gen.addCertificates(new JcaCertStore(Arrays.asList(this.certificateChain)));
        CMSProcessableInputStream msg = new CMSProcessableInputStream(content);
        CMSSignedData signedData = gen.generate(msg, false);

        //add timestamp if TSA is available
        TimeStampManager timeStampManager = new TimeStampManager();
        signedData = timeStampManager.addSignedTimeStamp(signedData, timeStampToken);
        return signedData.getEncoded();
    } catch (Exception e) {
        // Write log error sign to table Log in DB
        // TODO: 10/19/20  
        
        //throw new IOException cause a SignatureInterface
        throw new IOException(e);
    }
}

TimestampManager.addSignedTimeStamp

/**
 * Extend cms signed data with TimeStamp first or to all signers
 *
 * @param signedData Generated CMS signed data
 * @param timeStampToken TimeStampToken
 * @return CMSSignedData Extended CMS signed data
 * @throws IOException, TSPException
 */
public CMSSignedData addSignedTimeStamp(CMSSignedData signedData, TimeStampToken timeStampToken) throws IOException, TSPException {
    SignerInformationStore signerStore = signedData.getSignerInfos();
    List<SignerInformation> signersWithTimeStamp = new ArrayList<>();
   
    for (SignerInformation signer : signerStore.getSigners()) {
        // This adds a timestamp to every signer (into his unsigned attributes) in the signature.
        signersWithTimeStamp.add(signTimeStamp(signer, timeStampToken));
    }

    // new SignerInformationStore have to be created cause new SignerInformation instance
    // also SignerInformationStore have to be replaced in a signedData
    return CMSSignedData.replaceSigners(signedData, new SignerInformationStore(signersWithTimeStamp));
}

/**
 * Extend CMS Signer Information with the TimeStampToken into the unsigned Attributes.
 *
 * @param signer information about signer
 * @return information about SignerInformation
 * @throws IOException
 */
private SignerInformation signTimeStamp(SignerInformation signer, TimeStampToken timeStampToken) throws IOException, TSPException {
    AttributeTable unsignedAttributes = signer.getUnsignedAttributes();

    ASN1EncodableVector vector = new ASN1EncodableVector();
    if (unsignedAttributes != null) {
        vector = unsignedAttributes.toASN1EncodableVector();
    }

    byte[] token = timeStampToken.getEncoded();
    ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken;
    ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token)));
    vector.add(signatureTimeStamp);
    Attributes signedAttributes = new Attributes(vector);

    // replace unsignedAttributes with the signed once
    return SignerInformation.replaceUnsignedAttributes(signer, new AttributeTable(signedAttributes));
}

I want signature auto enable LTV same this

Please help auto enable LTV in signature with pdfbox in my source code! Thanks!

Answer 1

Update: My issue when i use pdf-example version 2.0.21 Then i update version pdf-example to 2.0.23 then my issue is resolve