search

intoolswetrust / jsignpdf

PDF signing software written in Java. It supports visible signatures, timestamping, certificate verification and many other cool features
https://intoolswetrust.github.io/jsignpdf/
Other
315 stars 121 forks source link

Illegal reflective access by net.sf.jsignpdf.utils.KeyStoreUtils #28

Closed CodeAndWeb closed 3 years ago

CodeAndWeb commented 4 years ago

I am currently trying to sign pdfs from command line inside a docker container.

My docker file looks like this:

FROM php:7.3-apache

RUN apt-get update 
RUN mkdir -p /usr/share/man/man1/
RUN apt-get install -y openjdk-11-jre-headless

COPY JSignPdf /usr/src/JSignPdf
WORKDIR /usr/src/JSignPdf

Creating the signed pdf works using

java -jar JSignPdf.jar \
    -tsh SHA256 \
    -kst PKCS12 \
    --out-directory /data \
    -ksp topsecret \
    --keystore-file /data/certificate.p12 \
    --tsa-server-url http://timestamp.comodoca.com \
    /data/in.pdf

But I am getting these warnings:

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.jsignpdf.utils.KeyStoreUtils (file:/usr/src/JSignPdf/JSignPdf.jar) to field java.security.KeyStore.keyStoreSpi
WARNING: Please consider reporting this to the maintainers of net.sf.jsignpdf.utils.KeyStoreUtils
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
porteusconf commented 4 years ago

Try it with java 8 ... I bet you have java-11-LTS (or newer) and it sounds like JSignPDF.jar won't work on java newer than 8 (aka 1.8). Maybe like https://github.com/pflaeging/PortableSigner2/issues/20 Anyways java8 works for me...

bash-5.0$ java -jar JSignPdf.jar -tsh SHA256 -kst PKCS12 --out-directory /tmp \
-ksp topsecret --keystore-file /tmp/my_name.p12 \
--tsa-server-url http://timestamp.comodoca.com /tmp/certified.pdf 
JSignPdf version 1.6.4
INFO  Checking input and output PDF paths.
INFO  Getting key alias
INFO  Used key alias: my.name@some.edu
INFO  Loading private key
INFO  Getting certificate chain
INFO  Opening input PDF file: /tmp/certified.pdf
INFO  Creating output PDF file: /tmp/certified_signed.pdf
INFO  Creating signature
INFO  Setting certification level
INFO  Processing (it may take a while) ...
INFO  Creating TSA client.
INFO  Setting TSA hash algorithm: SHA256
INFO  Closing result PDF stream
INFO  Finished: Signature succesfully created.
bash-5.0$ date
Tue Jul 14 17:28:18 EDT 2020
bash-5.0$ java -version
openjdk version "1.8.0_232"
OpenJDK Runtime Environment Corretto-8.232.09.2 (build 1.8.0_232-b09)
OpenJDK 64-Bit Server VM Corretto-8.232.09.2 (build 25.232-b09, mixed mode)

Above is with Corretto, but also worked with adoptopenjdk8 via brew cask install adoptopenjdk8 on macos. Java 8 LTS will be avail for a while in openjdk form, like at least until 2026 per https://adoptopenjdk.net/support.html And oracle will support it until 2030 if you pay them ;-)

If you need to have more than one version of java installed check-out jenv https://www.jenv.be/