2

I'm using Jpedal (LGPL version 4.48b55) to render the pages of a document containing signatures with visual representation activated. However, those signatures appear with an overimposed question mark and the text "Signature Not Verified".

If I and visualize the file through Adobe Acrobat Reader, I get a green tick and a text saying the "signature is valid" (since I included the certificate authority of the signatures in the list).

Is there any way to force jPedal to validate the signatures with a list of valid certificate authorities, so it renders the signatures as valid?

JoshDM
  • 4,939
  • 7
  • 43
  • 72
Sirs
  • 1,277
  • 17
  • 30
  • did you import your certificate into the java keystore? – yms Feb 27 '12 at 14:51
  • The root ca is in the system keystore (in the CryptoAPI since I'm working on Windows), do I need to include it into a java specific one for jPedal? – Sirs Feb 27 '12 at 16:59
  • 2
    you need to pass in the key/cert when you open the file public void openPdfFile(String filename, Certificate certificate, PrivateKey key) – mark stephens Feb 28 '12 at 07:39
  • Is that a commercial version functionality? I'm using the LGPL version and I don't see that function in the PDFDecoder o PDFReader API... – Sirs Feb 28 '12 at 10:29
  • Is the Certificate in the PDF or the cache? – mark stephens Feb 27 '12 at 16:44

1 Answers1

2

In order to use a certificate in Java, you need to install it first on the Java Keystore. Use the tool keytool provided with Java runtime to accomplish this task.

From the page "The Most Common Java Keytool Keystore Commands":

# Import New CA into Trusted Certs
keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts

If you want your application to use the keystore from the OS directly, you will have to specify a specific provider for this, different from the default.

From the documentation:

Keystore implementations are provider-based. More specifically, the application interfaces supplied by KeyStore are implemented in terms of a "Service Provider Interface" (SPI). That is, there is a corresponding abstract KeystoreSpi class, also in the java.security package, which defines the SPI methods that "providers" must implement.

And also:

There is a built-in default implementation, provided by Sun Microsystems. It implements the keystore as a file, utilizing a proprietary keystore type (format) named "JKS".

yms
  • 10,361
  • 3
  • 38
  • 68
  • Thanks for the tip. I imported it successfully, but unfortunately I still get the "Signature Not Verified" message and the question mark... – Sirs Feb 28 '12 at 10:03
  • Since it is an LGPL project, I would recommend stepping into the code, maybe this way you can have a better idea of what is going wrong. – yms Feb 28 '12 at 22:01