Skip to content

PAdES LT and LTA doesn't work in JSignPdf_3_1_0-RC-2 #432

Description

@JohnPlanetary

Windows 11 Home 64 bits.
jsignpdf-3.1.0-RC-2-windows-x64.zip

I've attempted to sign with PAdES in "LT" and in "LTA" options and in both cases it didn't work.
The "Engine DSS" was activated to receive the online revocation (OCSP/ CRL, AIA).
And the Signature Engine was selected to EU DSS (PAdES).

The "B" and the "T" options produce valid signed PDF files. But the with "LT" and "LTA" options I always receive a error.
I've used both my own made signing certificate, and the hardware one with the valid EU signing certificate, and failed in both, in the "LT" and "LTA" options.

When I switch to the "OpenPDF" engine both my own made signing certificate, and the hardware with the valid EU signing certificate work fine, and produce valid signing pdf's.

In LT:


Verificando caminhos de entrada e saída do PDF.
Obtendo o apelido da chave
Apelido de chave usado: {redacted hardware EU certificate}
Carregando chave privada
Obtendo cadeia de certificados
Definindo o nível de certificação
Configurando assinatura visível
Configurando texto da camada 2 (descrição)
Criando cliente TSA.
Configurando o algoritmo de hash TSA: SHA-512
Processando (pode demorar um pouco) ...
Criando assinatura
SEVERE Problema ocorrido
eu.europa.esig.dss.alert.exception.AlertException: Revocation data is missing for one or more certificate(s). [C-31A4591C0A3AB1375CA7B9306F76D357F90B6A91F5E2D015BF51EDA63CF2A2C0: Revocation data is skipped for untrusted certificate chain!; C-A574F9FEEB813AB7A1950DD22FFE415F79C9DAF0E315A33B729CEAE63B851C8E: Revocation data is skipped for untrusted certificate chain!; C-28CAD66D2C81D77B177A021561F0E34D7899F4331D61336F435107CA220D0AA7: Revocation data is skipped for untrusted certificate chain!; C-4FFC3BCB2DA5C1623A5E98714DF0C4E9CA622DB07CB0EB6B2083388A0602029D: Revocation data is skipped for untrusted certificate chain!; C-CD0A3E00A1BDAE3A159FA9E3D70F8E664F560FDCE16357CBE440ED0B0D88244F: Revocation data is skipped for untrusted certificate chain!; C-1EAF840188B14F9DD12C07ACA343E196C38D8F5256B1E36FFF519A442BDA53EE: Revocation data is skipped for untrusted certificate chain!]
	at eu.europa.esig.dss.alert.handler.ThrowAlertExceptionHandler.process(ThrowAlertExceptionHandler.java:41)
	at eu.europa.esig.dss.alert.AbstractAlert.alert(AbstractAlert.java:62)
	at eu.europa.esig.dss.spi.validation.SignatureValidationAlerter.assertAllRequiredRevocationDataPresent(SignatureValidationAlerter.java:81)
	at eu.europa.esig.dss.spi.validation.executor.CompleteValidationContextExecutor.assertSignaturesValid(CompleteValidationContextExecutor.java:57)
	at eu.europa.esig.dss.spi.validation.executor.CompleteValidationContextExecutor.validate(CompleteValidationContextExecutor.java:51)
	at eu.europa.esig.dss.spi.validation.analyzer.DefaultDocumentAnalyzer.validateContext(DefaultDocumentAnalyzer.java:501)
	at eu.europa.esig.dss.spi.validation.analyzer.DefaultDocumentAnalyzer.getValidationData(DefaultDocumentAnalyzer.java:377)
	at eu.europa.esig.dss.pades.validation.PDFDocumentAnalyzer.getValidationData(PDFDocumentAnalyzer.java:341)
	at eu.europa.esig.dss.pades.signature.PAdESLevelBaselineLT.extendSignatures(PAdESLevelBaselineLT.java:75)
	at eu.europa.esig.dss.pades.signature.PAdESLevelBaselineT.extendSignatures(PAdESLevelBaselineT.java:82)
	at eu.europa.esig.dss.pades.signature.PAdESLevelBaselineT.extendSignatures(PAdESLevelBaselineT.java:49)
	at eu.europa.esig.dss.pades.signature.PAdESService.signDocument(PAdESService.java:217)
	at net.sf.jsignpdf.engine.dss.DssSigningEngine.signWithContentSize(DssSigningEngine.java:386)
	at net.sf.jsignpdf.engine.dss.DssSigningEngine.sign(DssSigningEngine.java:315)
	at net.sf.jsignpdf.SignerLogic.signFile(SignerLogic.java:86)
	at net.sf.jsignpdf.fx.service.SigningService$1.call(SigningService.java:26)
	at net.sf.jsignpdf.fx.service.SigningService$1.call(SigningService.java:22)
	at javafx.graphics/javafx.concurrent.Task$TaskCallable.call(Unknown Source)
	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
	at javafx.graphics/javafx.concurrent.Service.lambda$executeTask$6(Unknown Source)
	at java.base/java.security.AccessController.doPrivileged(Unknown Source)
	at javafx.graphics/javafx.concurrent.Service.lambda$executeTask$7(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)

Concluído: Falha na criação da assinatura.

In LTA seems the same error:

Verificando caminhos de entrada e saída do PDF.
Obtendo o apelido da chave
Apelido de chave usado: {redacted hardware EU certificate}
Carregando chave privada
Obtendo cadeia de certificados
Definindo o nível de certificação
Configurando assinatura visível
Configurando texto da camada 2 (descrição)
Criando cliente TSA.
Configurando o algoritmo de hash TSA: SHA-512
Processando (pode demorar um pouco) ...
Criando assinatura
SEVERE Problema ocorrido
eu.europa.esig.dss.alert.exception.AlertException: Revocation data is missing for one or more certificate(s). [C-31A4591C0A3AB1375CA7B9306F76D357F90B6A91F5E2D015BF51EDA63CF2A2C0: Revocation data is skipped for untrusted certificate chain!; C-A574F9FEEB813AB7A1950DD22FFE415F79C9DAF0E315A33B729CEAE63B851C8E: Revocation data is skipped for untrusted certificate chain!; C-28CAD66D2C81D77B177A021561F0E34D7899F4331D61336F435107CA220D0AA7: Revocation data is skipped for untrusted certificate chain!; C-4FFC3BCB2DA5C1623A5E98714DF0C4E9CA622DB07CB0EB6B2083388A0602029D: Revocation data is skipped for untrusted certificate chain!; C-CD0A3E00A1BDAE3A159FA9E3D70F8E664F560FDCE16357CBE440ED0B0D88244F: Revocation data is skipped for untrusted certificate chain!; C-1EAF840188B14F9DD12C07ACA343E196C38D8F5256B1E36FFF519A442BDA53EE: Revocation data is skipped for untrusted certificate chain!]
	at eu.europa.esig.dss.alert.handler.ThrowAlertExceptionHandler.process(ThrowAlertExceptionHandler.java:41)
	at eu.europa.esig.dss.alert.AbstractAlert.alert(AbstractAlert.java:62)
	at eu.europa.esig.dss.spi.validation.SignatureValidationAlerter.assertAllRequiredRevocationDataPresent(SignatureValidationAlerter.java:81)
	at eu.europa.esig.dss.spi.validation.executor.CompleteValidationContextExecutor.assertSignaturesValid(CompleteValidationContextExecutor.java:57)
	at eu.europa.esig.dss.spi.validation.executor.CompleteValidationContextExecutor.validate(CompleteValidationContextExecutor.java:51)
	at eu.europa.esig.dss.spi.validation.analyzer.DefaultDocumentAnalyzer.validateContext(DefaultDocumentAnalyzer.java:501)
	at eu.europa.esig.dss.spi.validation.analyzer.DefaultDocumentAnalyzer.getValidationData(DefaultDocumentAnalyzer.java:377)
	at eu.europa.esig.dss.pades.validation.PDFDocumentAnalyzer.getValidationData(PDFDocumentAnalyzer.java:341)
	at eu.europa.esig.dss.pades.signature.PAdESLevelBaselineLT.extendSignatures(PAdESLevelBaselineLT.java:75)
	at eu.europa.esig.dss.pades.signature.PAdESLevelBaselineT.extendSignatures(PAdESLevelBaselineT.java:82)
	at eu.europa.esig.dss.pades.signature.PAdESLevelBaselineLTA.extendSignatures(PAdESLevelBaselineLTA.java:50)
	at eu.europa.esig.dss.pades.signature.PAdESLevelBaselineLTA.extendSignatures(PAdESLevelBaselineLTA.java:34)
	at eu.europa.esig.dss.pades.signature.PAdESService.signDocument(PAdESService.java:217)
	at net.sf.jsignpdf.engine.dss.DssSigningEngine.signWithContentSize(DssSigningEngine.java:386)
	at net.sf.jsignpdf.engine.dss.DssSigningEngine.sign(DssSigningEngine.java:315)
	at net.sf.jsignpdf.SignerLogic.signFile(SignerLogic.java:86)
	at net.sf.jsignpdf.fx.service.SigningService$1.call(SigningService.java:26)
	at net.sf.jsignpdf.fx.service.SigningService$1.call(SigningService.java:22)
	at javafx.graphics/javafx.concurrent.Task$TaskCallable.call(Unknown Source)
	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
	at javafx.graphics/javafx.concurrent.Service.lambda$executeTask$6(Unknown Source)
	at java.base/java.security.AccessController.doPrivileged(Unknown Source)
	at javafx.graphics/javafx.concurrent.Service.lambda$executeTask$7(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)

Concluído: Falha na criação da assinatura.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions