我正在嘗試使用 CA (Entrust) 的證書在 pdf 文檔中進行有效簽名，該證書是使用 Google KMS 的私鑰生成的（私鑰永遠不會從 KMS 中流出）。證書鏈的構(gòu)成為：[entrustCert，intermediate，rootCert]按照我用來實現(xiàn)此目的的代碼部分：String DEST = "/tmp/test_file.pdf";OutputStream outputFile = new FileOutputStream(DEST);CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");X509Certificate[] chain = new X509Certificate[3];chain[0] = (X509Certificate) certificateFactory.generateCertificate(entrustCert);chain[1] = (X509Certificate) certificateFactory.generateCertificate(intermediateCert);chain[2] = (X509Certificate) certificateFactory.generateCertificate(rootCert);int estimatedSize = 8192;PdfReader reader = new PdfReader(contract);ByteArrayOutputStream outputStream = new ByteArrayOutputStream();PdfStamper stamper = PdfStamper.createSignature(reader, outputStream, '\0');PdfSignatureAppearance appearance = stamper.getSignatureAppearance();appearance.setReason(“reason”);appearance.setLocation("Amsterdam");appearance.setVisibleSignature(new Rectangle(36, 748, 144, 780), 1, "sig");appearance.setCertificate(chain[0]);PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_DETACHED);dic.setReason(appearance.getReason());dic.setLocation(appearance.getLocation());dic.setContact(appearance.getContact());dic.setDate(new PdfDate(appearance.getSignDate()));appearance.setCryptoDictionary(dic);HashMap<PdfName, Integer> exc = new HashMap<>();exc.put(PdfName.CONTENTS, (estimatedSize * 2 + 2));appearance.preClose(exc);String hashAlgorithm = DigestAlgorithms.SHA256;BouncyCastleDigest bcd = new BouncyCastleDigest();PdfPKCS7 sgn = new PdfPKCS7(null, chain, hashAlgorithm, null, bcd, false);InputStream data = appearance.getRangeStream();byte[] hash = DigestAlgorithms.digest(data, MessageDigest.getInstance("SHA-256"));byte[] sh = sgn.getAuthenticatedAttributeBytes(hash, null, null, MakeSignature.CryptoStandard.CMS);目前我遇到以下問題：每個簽名均無效：自應用簽名以來，文檔已被更改或損壞。Google 的簽名驗證總是錯誤的。