我正在嘗試創(chuàng)建一個證書 (A)，該證書為存儲在 p12 密鑰庫中的其他證書 (B) 簽名。此存儲的證書 (B) 已添加到我本地計算機的受信任證書庫中。證書 A 用于使用 bouncy Castle 1.52 library 對 pdf 文檔進行簽名，但我在簽名文檔中獲得的數(shù)字簽名無效。如果有人可以幫助我，我將解釋所做的步驟。首先，我從 p12 密鑰庫（B）創(chuàng)建一個 CSR：    private static PKCS10CertificationRequest generateCSR() {    PKCS10CertificationRequest csr = null;    try {        initCACert();        PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(                new X500Principal("CN=Requested Test Certificate"), CAcert.getPublicKey());        JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");        ContentSigner signer = csBuilder.build(CApk);        csr = p10Builder.build(signer);    } catch (Exception e) {        log.error(e);    }    return csr;}然后，使用此 CSR 生成證書 (A)。    private static Certificate signCSR() throws Exception {     PKCS10CertificationRequest csr = generateCSR();    AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA");    AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);    X500Name issuer = X500Name.getInstance(CAcert.getSubjectX500Principal().getEncoded());    BigInteger serial = new BigInteger(32, new SecureRandom());    Calendar c = Calendar.getInstance();    c.add(Calendar.SECOND, -1);    Date from = c.getTime();    c.add(Calendar.YEAR, 5);    Date to = c.getTime();    X509v1CertificateBuilder certBuilder = new X509v1CertificateBuilder(issuer, serial, from, to, csr.getSubject(),            csr.getSubjectPublicKeyInfo());    ContentSigner signer = new BcRSAContentSignerBuilder(sigAlgId, digAlgId)            .build(PrivateKeyFactory.createKey(CApk.getEncoded()));    X509CertificateHolder holder = certBuilder.build(signer);    CertificateFactory certFactory = CertificateFactory.getInstance("X.509");    InputStream in = new ByteArrayInputStream(holder.getEncoded());    Certificate cert = certFactory.generateCertificate(in);    return cert;}