Home > Java > body text

ESig DSS signature verification always returns INDETERMINATE

WBOY
Release: 2024-02-22 13:49:06
forward
784 people have browsed it

php editor Xinyi introduces to you: In Java development, ESig DSS signature verification always returns "INDETERMINATE", which may be due to the signature being incomplete or unable to be verified. This problem usually involves digital certificates, signature algorithms, etc., and requires careful inspection of the signature data and verification process. Solutions include checking the signature algorithm, certificate validity, signature data integrity, etc. to ensure that all steps are correct. By carefully troubleshooting possible issues, you can resolve this common signature verification headache and ensure the data security and integrity of your system.

Question content

I am trying to use the European Commission-sponsored Digital Signature Service (DSS) library 5.12.1 to verify electronic signatures of digital signatures pdf and xml.

The code I used is

byte[] binaryPdf = Base64.getDecoder().decode(base64EncodedDocument);
CommonTrustedCertificateSource trustedCertSource = new CommonTrustedCertificateSource();
CertificateVerifier cv = new CommonCertificateVerifier();
cv.setAIASource(new DefaultAIASource());
cv.setOcspSource(new OnlineOCSPSource());
cv.setCrlSource(new OnlineCRLSource());
cv.addTrustedCertSources(trustedCertSource);
DSSDocument document = new InMemoryDocument(binaryPdf, shortFileName);
SignedDocumentValidator documentValidator = SignedDocumentValidator.fromDocument(document);
documentValidator.setCertificateVerifier(cv);
UserFriendlyIdentifierProvider userFriendlyIdentifierProvider = new UserFriendlyIdentifierProvider();
documentValidator.setTokenIdentifierProvider(userFriendlyIdentifierProvider);
Reports reports = documentValidator.validateDocument();
Copy after login

As indicated in the dss documentation pdf. My application always gets the no_certificate_chain_found indication with the indeterminate sub-indication (visible in the certificate element of the certificate chain). It cannot find the trust anchor. When I use the sample application 5.12.1 for signature verification and try to verify the same document, I get the expected total_passed indication. My application has access to the internet. What did i do wrong? Thanks!

Workaround

There are differences between the sample application and your code.
The sample application comes with a preconfigured trusted root list (EU LOTL).
Your code comes with an empty CommonTrustedCertificateSource (i.e. no certificate is trusted)

SeeDSS FAQ

So you need to add some certificates to CommonTrustedCertificateSource. If you are only validating signatures you create, add your CA root/signing certificate to Trusted Sources. If you want to verify a third-party signature, the solution is more complicated. For example, you can extract all certified content from a PDF and add them to a trusted list before validating

The above is the detailed content of ESig DSS signature verification always returns INDETERMINATE. For more information, please follow other related articles on the PHP Chinese website!

source:stackoverflow.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template