问题
is it possible to timestamp PDF document offline using iText or any other component?
I've googled standard solution utilizing iText and TSAClient class but it requires TSA as online service. We have certificate from TSA (including private key) whose purpose is to create timestamp signatures but I can't find any technical way how to do it with iText.
Thanks for any guidance. Richmond
回答1:
I've googled standard solution utilizing iText and TSAClient class but it requires TSA as online service.
TSAClient is not a final class but merely an interface:
/**
* Time Stamp Authority client (caller) interface.
* <p>
* Interface used by the PdfPKCS7 digital signature builder to call
* Time Stamp Authority providing RFC 3161 compliant time stamp token.
* @author Martin Brunecky, 07/17/2007
* @since 2.1.6
*/
public interface TSAClient {
/**
* Get the time stamp token size estimate.
* Implementation must return value large enough to accomodate the entire token
* returned by getTimeStampToken() _prior_ to actual getTimeStampToken() call.
* @return an estimate of the token size
*/
public int getTokenSizeEstimate();
/**
* Get RFC 3161 timeStampToken.
* Method may return null indicating that timestamp should be skipped.
* @param caller PdfPKCS7 - calling PdfPKCS7 instance (in case caller needs it)
* @param imprint byte[] - data imprint to be time-stamped
* @return byte[] - encoded, TSA signed data of the timeStampToken
* @throws Exception - TSA request failed
*/
public byte[] getTimeStampToken(PdfPKCS7 caller, byte[] imprint) throws Exception;
}
Thus, all you have to do is implement that interface to generate time stamps in any way you want. Even though the comments seem to imply some online service, you merely have to return some byte[] time stamp stamping the given byte[] imprint.
That been said, time stamping like that does not really merit the name. Can you guarantee the time stamps you intend to create to be correct within an acceptable error range?
Thus, you hardly will find an existing TSAClient implementation for that. But existing security libraries (like Bouncy Castle) should make creating time stamp request responses quite easy.
来源:https://stackoverflow.com/questions/21333322/offline-pdf-timestamping-using-itext