使用itextSharp 5.3.3对数字签名和validationPdf文档
我正在尝试使用iTextSharp 5.3.3对服务器(c#)上的pdf文档进行数字签名和validation。
我使用DigiSign(在线工具)生成.Pfx文件,然后使用Windows生成证书(.cer)文件
/// /// Signs a PDF document using iTextSharp library /// /// The path of the source pdf document which is to be signed /// The path at which the signed pdf document should be generated /// A Stream containing the private/public key in .pfx format which would be used to sign the document /// The password for the private key /// String describing the reason for signing, would be embedded as part of the signature /// Location where the document was signed, would be embedded as part of the signature public static void signPdfFile (string sourceDocument, string destinationPath, Stream privateKeyStream, string keyPassword, string reason, string location) { Pkcs12Store pk12=new Pkcs12Store(privateKeyStream, keyPassword.ToCharArray()); privateKeyStream.Dispose(); //then Iterate throught certificate entries to find the private key entry string alias=null; foreach (string tAlias in pk12.Aliases) { if (pk12.IsKeyEntry(tAlias)) { alias = tAlias; break; } } var pk=pk12.GetKey(alias).Key; // reader and stamper PdfReader reader = new PdfReader(sourceDocument); using (FileStream fout = new FileStream(destinationPath, FileMode.Create, FileAccess.ReadWrite)) { using (PdfStamper stamper = PdfStamper.CreateSignature(reader, fout, '\0')) { // appearance PdfSignatureAppearance appearance = stamper.SignatureAppearance; //appearance.Image = new iTextSharp.text.pdf.PdfImage(); appearance.Reason = reason; appearance.Location = location; appearance.SetVisibleSignature(new iTextSharp.text.Rectangle(20, 10, 170, 60), 1, "Icsi-Vendor"); // digital signature IExternalSignature es = new PrivateKeySignature(pk, "SHA-256"); MakeSignature.SignDetached(appearance, es, new X509Certificate[] { pk12.GetCertificate(alias).Certificate }, null, null, null, 0, CryptoStandard.CMS); stamper.Close(); } } } 文档签名后,我需要validation文档。 我使用下面的代码,但得到错误。
/// /// Verifies the signature of a prevously signed PDF document using the specified public key /// /// a Previously signed pdf document /// Public key to be used to verify the signature in .cer format /// Throw System.InvalidOperationException if the document is not signed or the signature could not be verified public static void verifyPdfSignature (string pdfFile, Stream publicKeyStream) { var parser=new X509CertificateParser(); var certificate=parser.ReadCertificate(publicKeyStream); publicKeyStream.Dispose(); PdfReader reader = new PdfReader(pdfFile); AcroFields af = reader.AcroFields; var names = af.GetSignatureNames(); if (names.Count == 0) { throw new InvalidOperationException("No Signature present in pdf file."); } foreach (string name in names) { if (!af.SignatureCoversWholeDocument(name)) { throw new InvalidOperationException(string.Format("The signature: {0} does not covers the whole document.", name)); } PdfPKCS7 pk = af.VerifySignature(name); var cal = pk.SignDate; var pkc = pk.Certificates; if (!pk.Verify()) { throw new InvalidOperationException("The signature could not be verified."); } if (!pk.VerifyTimestampImprint()) { throw new InvalidOperationException("The signature timestamp could not be verified."); } IList[] fails = CertificateVerification.VerifyCertificates(pkc, new X509Certificate[] { certificate }, null, cal); if (fails != null) { throw new InvalidOperationException("The file is not signed using the specified key-pair."); } } }
validation时出现两个错误:
- 一个在(!pk.VerifyTimestampImprint()) – >无法validation签名时间戳。
- 另一个在CertificateVerification.VerifyCertificates – > NullReference错误
感谢这方面的任何帮助。