Using SSL certificate for signing PDF files

2019-06-06 11:24发布

问题:

I have a SSL certificate for my application and I want to use it for digitally signing PDF files using iText. The extension of the certificate is .cer and is provided by a certificate signing authority (CA).

The problem is that I am not able to convert this .cer certificate into java keystore which is required while signing the PDF using itext library. The code that I have is:

This code obviously throws Invalid keystore format IOException.

KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream("C:\\abc.cer"), "abcd".toCharArray());
String alias = (String) ks.aliases().nextElement();
PrivateKey key = (PrivateKey) ks.getKey(alias, "abcd".toCharArray());
java.security.cert.Certificate[] chain = ks.getCertificateChain(alias);
PdfReader reader = new PdfReader("C:\\test.pdf");
FileOutputStream fout = new FileOutputStream("C:\\signed.pdf");
PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');
PdfSignatureAppearance sap = stp.getSignatureAppearance();
sap.setCrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED);
sap.setReason("Test Reason");
sap.setLocation("Test Location");
sap.setVisibleSignature(new Rectangle(10, 10, 20, 20), 1, null);
stp.close();

Please let me know how can i convert a SSL certificate into a java keystore and use it for signing pdf files.

回答1:

First, certificates are not "SSL certificates". They are x.509 certificates, some of which can be used for SSL/TLS authentication. If you have such certificate, you can't use it for other purposes including PDF signing.

Next, .cer file is a public part of the certificate, it doesn't include a private key. You need a certificate and a private key to sign anything.