Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

Unable to use PKCS #12 signature PDF file.

Avatar

Level 2

I used JDK1.5 keytool to generated a PKCS #12( default is Version 1):

keytool -genkey -validity 36000 -keysize 1024 -alias jyang -keyalg RSA -keystore c:\abc.pfx -storetype pkcs12 -storepass 123456 -keypass 123456 -dname "C=US, EMAILADDRESS=jsmith@blcpro.com, OU=R and D, O=BLC, CN=John Smith"

Then upload the abc.pfx file to the LiveCycle Server side : Trust Store Management--Local Credentials, the alias name is JYANG.

After that, I try to use this PKCS12 file to sign the PDF file:

public static void main(String[] args) {

        try    {
            // This example will upload an XDP file to the LiveCycle Repository
            ServiceClientFactory myFactory = ServiceClientFactory.createInstance(LCCommonUtil.getConnectionProps());

            // Create a SignatureServiceClient object
            SignatureServiceClient signClient = new SignatureServiceClient(myFactory);

            // Specify a PDF document to sign
            FileInputStream fileInputStream = new FileInputStream(
                    "C:\\Applications\\pdfForms\\TestDigitalSign\\ConferenceReg_flatten_sf_added.pdf");

            Document credDoc = new Document(fileInputStream);

            // Specify the name of the signature field
            String fieldName = "SignatureField1";

            //
            // Create a Credential object
            //
            Credential myCred = Credential.getInstance("JYANG"); // LC Server: Local Credentials
             System.out.println("******"+myCred.getSpiName());
            // Specify the reason to sign the document
            String reason = "The document was reviewed";

            // Specify the location of the signer
            String location = "New York HQ";

            // Specify contact information
            String contactInfo = "Tony Blue";

            // Create a PDFSignatureAppearanceOptions object and show date information
            PDFSignatureAppearanceOptionSpec appear = new PDFSignatureAppearanceOptionSpec();
            appear.setShowDate(true);
            appear.setShowReason(true);

            // Set revocation checking to false
            java.lang.Boolean revCheck = new Boolean(false);

            // Create objects to pass to the sign method
            OCSPOptionSpec ocspSpec = new OCSPOptionSpec();
            CRLOptionSpec crlSpec = new CRLOptionSpec();
            TSPOptionSpec tspSpec = new TSPOptionSpec();

            // Sign the PDF document
            Document signedDoc = signClient.sign(
                credDoc,
                fieldName,
                myCred,
                HashAlgorithm.SHA1,
                reason,
                location,
                contactInfo,
                appear,
                revCheck,
                ocspSpec,
                crlSpec,
                tspSpec);

            // Save the signed PDF document
            File outFile = new File("C:\\ConferenceReg_flatten_signed.pdf");

            signedDoc.copyToFile(outFile);
        }
        catch (Exception ee) {
            ee.printStackTrace();
        }
    }

Then I got these error message. But if I use the Acrobat to generate a PKCS#12 file, this code will be works. I also tried JDK1.6 to generated PKCS#12( it's Version3). still not work. Any one can help me?  Thank you!

-------------------------Error Message----------------------------------------------------------------------------

ALC-DSS-303-016 The specified Credential Alias JYANG not found. (in the operation : getCredentialFromStore)
Caused By: findCredentialByAlias: no Local or HSM credential found -- No such object in the store(error code bin: 262, hex: 0x106)(CredentialServiceImpl.java466)
ALC-DSS-303-016 The specified Credential Alias JYANG not found. (in the operation : getCredentialFromStore)
Caused By: findCredentialByAlias: no Local or HSM credential found -- No such object in the store(error code bin: 262, hex: 0x106)(CredentialServiceImpl.java466)
com.adobe.livecycle.signatures.service.impl.PDFUtilities.getCredentialFromStore(PDFUtilities.java:541)
com.adobe.livecycle.signatures.service.impl.SignCertifyImpl.sign(SignCertifyImpl.java:277)
com.adobe.livecycle.signatures.service.impl.DocumentSecurityService.sign(DocumentSecurityService.java:1308)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
com.adobe.idp.dsc.component.impl.DefaultPOJOInvokerImpl.invoke(DefaultPOJOInvokerImpl.java:118)
com.adobe.idp.dsc.interceptor.impl.InvocationInterceptor.intercept(InvocationInterceptor.java:140)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor$1.doInTransaction(TransactionInterceptor.java:74)
com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionCMTAdapterBean.execute(EjbTransactionCMTAdapterBean.java:342)
com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionCMTAdapterBean.doSupports(EjbTransactionCMTAdapterBean.java:212)
com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionCMTAdapter_z73hg_ELOImpl.doSupports(EjbTransactionCMTAdapter_z73hg_ELOImpl.java:301)
com.adobe.idp.dsc.transaction.impl.ejb.EjbTransactionProvider.execute(EjbTransactionProvider.java:104)
com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor.intercept(TransactionInterceptor.java:72)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.interceptor.impl.InvocationStrategyInterceptor.intercept(InvocationStrategyInterceptor.java:55)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.interceptor.impl.InvalidStateInterceptor.intercept(InvalidStateInterceptor.java:37)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.interceptor.impl.AuthorizationInterceptor.intercept(AuthorizationInterceptor.java:132)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.interceptor.impl.JMXInterceptor.intercept(JMXInterceptor.java:48)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.engine.impl.ServiceEngineImpl.invoke(ServiceEngineImpl.java:115)
com.adobe.idp.dsc.routing.Router.routeRequest(Router.java:118)
com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.invoke(AbstractMessageReceiver.java:315)
com.adobe.idp.dsc.provider.impl.soap.axis.sdk.SoapSdkEndpoint.invokeCall(SoapSdkEndpoint.java:138)
com.adobe.idp.dsc.provider.impl.soap.axis.sdk.SoapSdkEndpoint.invoke(SoapSdkEndpoint.java:81)
sun.reflect.GeneratedMethodAccessor750.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:397)
org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:186)
org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:323)
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454)
org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:226)
weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:124)
weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
com.adobe.idp.dsc.provider.impl.soap.axis.InvocationFilter.doFilter(InvocationFilter.java:43)
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3393)
weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
weblogic.security.service.SecurityManager.runAs(Unknown Source)
weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2140)
weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2046)
weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366)
weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
Caused By: com.adobe.truststore.errors.exception.TrustStoreServerException
com.adobe.truststore.dsc.CredentialServiceImpl.findCredentialByAlias(CredentialServiceImpl.java:466)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
com.adobe.idp.dsc.component.impl.DefaultPOJOInvokerImpl.invoke(DefaultPOJOInvokerImpl.java:118)
com.adobe.idp.dsc.interceptor.impl.InvocationInterceptor.intercept(InvocationInterceptor.java:140)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor$1.doInTransaction(TransactionInterceptor.java:74)
com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionBMTAdapterBean.doRequiresNew(EjbTransactionBMTAdapterBean.java:218)
com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionBMTAdapter_jmbvky_ELOImpl.doRequiresNew(EjbTransactionBMTAdapter_jmbvky_ELOImpl.java:141)
com.adobe.idp.dsc.transaction.impl.ejb.EjbTransactionProvider.execute(EjbTransactionProvider.java:133)
com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor.intercept(TransactionInterceptor.java:72)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.interceptor.impl.InvocationStrategyInterceptor.intercept(InvocationStrategyInterceptor.java:55)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.interceptor.impl.InvalidStateInterceptor.intercept(InvalidStateInterceptor.java:37)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.interceptor.impl.AuthorizationInterceptor.intercept(AuthorizationInterceptor.java:132)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.interceptor.impl.JMXInterceptor.intercept(JMXInterceptor.java:48)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.engine.impl.ServiceEngineImpl.invoke(ServiceEngineImpl.java:115)
com.adobe.idp.dsc.routing.Router.routeRequest(Router.java:118)
com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:91)
com.adobe.idp.dsc.provider.impl.vm.VMMessageDispatcher.doSend(VMMessageDispatcher.java:215)
com.adobe.idp.dsc.provider.impl.base.AbstractMessageDispatcher.send(AbstractMessageDispatcher.java:57)
com.adobe.idp.dsc.clientsdk.ServiceClient.invoke(ServiceClient.java:208)
com.adobe.truststore.client.CredentialServiceClient.findCredentialByAlias(CredentialServiceClient.java:367)
com.adobe.livecycle.signatures.service.impl.PDFUtilities.getCredentialFromStore(PDFUtilities.java:526)
com.adobe.livecycle.signatures.service.impl.SignCertifyImpl.sign(SignCertifyImpl.java:277)
com.adobe.livecycle.signatures.service.impl.DocumentSecurityService.sign(DocumentSecurityService.java:1308)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
com.adobe.idp.dsc.component.impl.DefaultPOJOInvokerImpl.invoke(DefaultPOJOInvokerImpl.java:118)
com.adobe.idp.dsc.interceptor.impl.InvocationInterceptor.intercept(InvocationInterceptor.java:140)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor$1.doInTransaction(TransactionInterceptor.java:74)
com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionCMTAdapterBean.execute(EjbTransactionCMTAdapterBean.java:342)
com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionCMTAdapterBean.doSupports(EjbTransactionCMTAdapterBean.java:212)
com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionCMTAdapter_z73hg_ELOImpl.doSupports(EjbTransactionCMTAdapter_z73hg_ELOImpl.java:301)
com.adobe.idp.dsc.transaction.impl.ejb.EjbTransactionProvider.execute(EjbTransactionProvider.java:104)
com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor.intercept(TransactionInterceptor.java:72)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.interceptor.impl.InvocationStrategyInterceptor.intercept(InvocationStrategyInterceptor.java:55)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.interceptor.impl.InvalidStateInterceptor.intercept(InvalidStateInterceptor.java:37)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.interceptor.impl.AuthorizationInterceptor.intercept(AuthorizationInterceptor.java:132)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.interceptor.impl.JMXInterceptor.intercept(JMXInterceptor.java:48)
com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)
com.adobe.idp.dsc.engine.impl.ServiceEngineImpl.invoke(ServiceEngineImpl.java:115)
com.adobe.idp.dsc.routing.Router.routeRequest(Router.java:118)
com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.invoke(AbstractMessageReceiver.java:315)
com.adobe.idp.dsc.provider.impl.soap.axis.sdk.SoapSdkEndpoint.invokeCall(SoapSdkEndpoint.java:138)
com.adobe.idp.dsc.provider.impl.soap.axis.sdk.SoapSdkEndpoint.invoke(SoapSdkEndpoint.java:81)
sun.reflect.GeneratedMethodAccessor750.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:397)
org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:186)
org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:323)
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454)
org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:226)
weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:124)
weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
com.adobe.idp.dsc.provider.impl.soap.axis.InvocationFilter.doFilter(InvocationFilter.java:43)
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3393)
weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
weblogic.security.service.SecurityManager.runAs(Unknown Source)
weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2140)
weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2046)
weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366)
weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
weblogic.work.ExecuteThread.run(ExecuteThread.java:172)

7 Replies

Avatar

Former Community Member

Can you install the PFX (into the Windows certificate store) on the client and sign a PDF using Acrobat and the credential?  This will help determine if the problem is with the credential itself.

Did you set the credential as a "Document Signing Credential" in the Trust Store?

Can you post the PFX file you created for testing?

Regards

Steve

Avatar

Level 2

I just installed the PFX on the client and using Acrobat sign a PDF successfully. Also the credential has been set as " "Document Signing Credential" in the Trust Store.  Attachment are pfx file that I using Keytool.exe generated by JDK 1.5 and JDK1.6

Avatar

Former Community Member

What are the passwords for each of the PFX files.  I tried "123456" as your code indicated, but this does not appear to be correct.

Thanks

Steve

Avatar

Level 2

I am sorry, the password is blc123


Thanks
Jack

Avatar

Former Community Member

Thanks, I'll let you know what I discover shortly.

Steve

Avatar

Former Community Member

I created a process using LiveCycle Workbench that uses the "Sign Signature Field" operation from LiveCycle Digital Signatures ES.  When I tested using the credentials you uploaded, it generates the following error...

ALC-DSS-303-001 Could not sign Signature Field SignatureField1[0] (in the operation : sign)
Caused By: ALC-DSS-303-014 Subject name and the subject alt name missing. (in the operation : getSignerName)
com.adobe.livecycle.signatures.service.impl.SignCertifyImpl.sign(SignCertifyImpl.java:467)
com.adobe.livecycle.signatures.service.impl.DocumentSecurityService.sign(DocumentSecurityService.java:1308)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
com.adobe.idp.dsc.component.impl.DefaultPOJOInvokerImpl.invoke(DefaultPOJOInvokerImpl.java:118)

It seems that there is some problem with the digital signatures service and the way the credential is creaated by the Java keytool.  I tried using the keytool to generate other certificates and I was able to duplicate the problem.  I was unable to create a credential using ther keytool that would work.

At this point, if you are just testing, then use a self-signed certificate created by Acrobat (as you know this works).  If you absolutley need to use the Java Keytool, then you may want to contact Adobe technical support.

In the past I have used OpenSSL to generate certificates that work properly.

Regards

Steve

Avatar

Employee

Hi Jack,

The problem is the digital ID you've created does not contain the Key Usage extension. In order to sign using either the LC server or Acrobat/Reader, the digital ID must contain the Key Usage extension and assert  digitalSignature and/or nonRepudiation.

Steve