static void ClearSignature(string in_docpath,
string in_digsig_field_name,
string in_outpath)
{
Console.Out.WriteLine("================================================================================");
Console.Out.WriteLine("Clearing certification signature");
using (PDFDoc doc = new PDFDoc(in_docpath))
{
DigitalSignatureField digsig = new DigitalSignatureField(doc.GetField(in_digsig_field_name));
Console.Out.WriteLine("Clearing signature: " + in_digsig_field_name);
digsig.ClearSignature();
if (!digsig.HasCryptographicSignature())
{
Console.Out.WriteLine("Cryptographic signature cleared properly.");
}
// Save incrementally so as to not invalidate other signatures' hashes from previous saves.
doc.Save(in_outpath, SDFDoc.SaveOptions.e_incremental);
}
Console.Out.WriteLine("================================================================================");
}
static void SignPDF(string in_docpath,
string in_approval_field_name,
string in_private_key_file_path,
string in_keyfile_password,
string in_appearance_img_path,
string in_outpath)
{
Console.Out.WriteLine("================================================================================");
Console.Out.WriteLine("Signing PDF document");
// Open an existing PDF
using (PDFDoc doc = new PDFDoc(in_docpath))
{
// Sign the approval signatures.
Field found_approval_field = doc.GetField(in_approval_field_name);
DigitalSignatureField found_approval_signature_digsig_field = new DigitalSignatureField(found_approval_field);
Image img2 = Image.Create(doc, in_appearance_img_path);
SignatureWidget found_approval_signature_widget = new SignatureWidget(found_approval_field.GetSDFObj());
found_approval_signature_widget.CreateSignatureAppearance(img2);
#if USE_DOTNET_CRYPTO
DotNetCryptoSignatureHandler sigHandler = new DotNetCryptoSignatureHandler(in_private_key_file_path, in_keyfile_password);
SDF.SignatureHandlerId sigHandlerId = doc.AddSignatureHandler(sigHandler);
found_approval_signature_digsig_field.SignOnNextSaveWithCustomHandler(sigHandlerId);
#else
found_approval_signature_digsig_field.SignOnNextSave(in_private_key_file_path, in_keyfile_password);
#endif
doc.Save(in_outpath, SDFDoc.SaveOptions.e_incremental);
}
Console.Out.WriteLine("================================================================================");
}
static void Main(string[] args)
{
// Initialize PDFNetC
PDFNet.Initialize();
bool result = true;
//////////////////// TEST 0:
/* Create an approval signature field that we can sign after certifying.
* (Must be done before calling CertifyOnNextSave/SignOnNextSave/WithCustomHandler.) */
try
{
using (PDFDoc doc = new PDFDoc(input_path + "tiger.pdf"))
{
DigitalSignatureField approval_signature_field = doc.CreateDigitalSignatureField("PDFTronApprovalSig");
SignatureWidget widgetAnnotApproval = SignatureWidget.Create(doc, new Rect(300, 300, 500, 200), approval_signature_field);
Page page1 = doc.GetPage(1);
page1.AnnotPushBack(widgetAnnotApproval);
doc.Save(output_path + "tiger_withApprovalField_output.pdf", SDFDoc.SaveOptions.e_remove_unused);
}
}
catch (Exception e)
{
Console.Error.WriteLine(e);
result = false;
}
//////////////////// TEST 1: certify a PDF.
try
{
CertifyPDF(input_path + "tiger_withApprovalField.pdf",
"PDFTronCertificationSig",
input_path + "pdftron.pfx",
"password",
input_path + "pdftron.bmp",
output_path + "tiger_withApprovalField_certified_output.pdf");
PrintSignaturesInfo(output_path + "tiger_withApprovalField_certified_output.pdf");
}
catch (Exception e)
{
Console.Error.WriteLine(e);
result = false;
}
//////////////////// TEST 2: sign a PDF with a certification and an unsigned signature field in it.
try
{
SignPDF(input_path + "tiger_withApprovalField_certified.pdf",
"PDFTronApprovalSig",
input_path + "pdftron.pfx",
"password",
input_path + "signature.jpg",
output_path + "tiger_withApprovalField_certified_approved_output.pdf");
PrintSignaturesInfo(output_path + "tiger_withApprovalField_certified_approved_output.pdf");
}
catch (Exception e)
{
Console.Error.WriteLine(e);
result = false;
}
//////////////////// TEST 3: Clear a certification from a document that is certified and has two approval signatures.
try
{
ClearSignature(input_path + "tiger_withApprovalField_certified_approved.pdf",
"PDFTronCertificationSig",
output_path + "tiger_withApprovalField_certified_approved_certcleared_output.pdf");
PrintSignaturesInfo(output_path + "tiger_withApprovalField_certified_approved_certcleared_output.pdf");
}
catch (Exception e)
{
Console.Error.WriteLine(e);
result = false;
}
//////////////////// End of tests. ////////////////////
if (result)
{
Console.Out.WriteLine("Tests successful.\n==========");
}
else
{
Console.Out.WriteLine("Tests FAILED!!!\n==========");
}
}
static void PrintSignaturesInfo(string in_docpath)
{
Console.Out.WriteLine("================================================================================");
Console.Out.WriteLine("Reading and printing digital signature information");
using (PDFDoc doc = new PDFDoc(in_docpath))
{
if (!doc.HasSignatures())
{
Console.Out.WriteLine("Doc has no signatures.");
Console.Out.WriteLine("================================================================================");
return;
}
else
{
Console.Out.WriteLine("Doc has signatures.");
}
for (FieldIterator fitr = doc.GetFieldIterator(); fitr.HasNext(); fitr.Next())
{
if (fitr.Current().IsLockedByDigitalSignature())
{
Console.Out.WriteLine("==========\nField locked by a digital signature");
}
else
{
Console.Out.WriteLine("==========\nField not locked by a digital signature");
}
Console.Out.WriteLine("Field name: " + fitr.Current().GetName());
Console.Out.WriteLine("==========");
}
Console.Out.WriteLine("====================\nNow iterating over digital signatures only.\n====================");
DigitalSignatureFieldIterator digsig_fitr = doc.GetDigitalSignatureFieldIterator();
for (; digsig_fitr.HasNext(); digsig_fitr.Next())
{
Console.Out.WriteLine("==========");
Console.Out.WriteLine("Field name of digital signature: " + new Field(digsig_fitr.Current().GetSDFObj()).GetName());
DigitalSignatureField digsigfield = digsig_fitr.Current();
if (!digsigfield.HasCryptographicSignature())
{
Console.Out.WriteLine("Either digital signature field lacks a digital signature dictionary, " +
"or digital signature dictionary lacks a cryptographic hash entry. " +
"Digital signature field is not presently considered signed.\n" +
"==========");
continue;
}
int cert_count = digsigfield.GetCertCount();
Console.Out.WriteLine("Cert count: " + cert_count);
for (int i = 0; i < cert_count; ++i)
{
byte[] cert = digsigfield.GetCert(i);
Console.Out.WriteLine("Cert #" + i + " size: " + cert.Length);
}
DigitalSignatureField.SubFilterType subfilter = digsigfield.GetSubFilter();
Console.Out.WriteLine("Subfilter type: " + (int)subfilter);
if (subfilter != DigitalSignatureField.SubFilterType.e_ETSI_RFC3161)
{
Console.Out.WriteLine("Signature's signer: " + digsigfield.GetSignatureName());
Date signing_time = digsigfield.GetSigningTime();
if (signing_time.IsValid())
{
Console.Out.WriteLine("Signing day: " + (int)signing_time.day);
}
Console.Out.WriteLine("Location: " + digsigfield.GetLocation());
Console.Out.WriteLine("Reason: " + digsigfield.GetReason());
Console.Out.WriteLine("Contact info: " + digsigfield.GetContactInfo());
}
else
{
Console.Out.WriteLine("SubFilter == e_ETSI_RFC3161 (DocTimeStamp; no signing info)\n");
}
Console.Out.WriteLine(((digsigfield.HasVisibleAppearance()) ? "Visible" : "Not visible"));
DigitalSignatureField.DocumentPermissions digsig_doc_perms = digsigfield.GetDocumentPermissions();
string[] locked_fields = digsigfield.GetLockedFields();
foreach (string field_name in locked_fields)
{
Console.Out.WriteLine("This digital signature locks a field named: " + field_name);
}
switch (digsig_doc_perms)
{
case DigitalSignatureField.DocumentPermissions.e_no_changes_allowed:
Console.Out.WriteLine("No changes to the document can be made without invalidating this digital signature.");
break;
case DigitalSignatureField.DocumentPermissions.e_formfilling_signing_allowed:
Console.Out.WriteLine("Page template instantiation, form filling, and signing digital signatures are allowed without invalidating this digital signature.");
break;
case DigitalSignatureField.DocumentPermissions.e_annotating_formfilling_signing_allowed:
Console.Out.WriteLine("Annotating, page template instantiation, form filling, and signing digital signatures are allowed without invalidating this digital signature.");
break;
case DigitalSignatureField.DocumentPermissions.e_unrestricted:
Console.Out.WriteLine("Document not restricted by this digital signature.");
break;
default:
throw new Exception("Unrecognized digital signature document permission level.");
}
Console.Out.WriteLine("==========");
}
}
Console.Out.WriteLine("================================================================================");
}
static void CertifyPDF(string in_docpath,
string in_cert_field_name,
string in_private_key_file_path,
string in_keyfile_password,
string in_appearance_image_path,
string in_outpath)
{
Console.Out.WriteLine("================================================================================");
Console.Out.WriteLine("Certifying PDF document");
// Open an existing PDF
using (PDFDoc doc = new PDFDoc(in_docpath))
{
Console.Out.WriteLine("PDFDoc has " + (doc.HasSignatures() ? "signatures" : "no signatures"));
Page page1 = doc.GetPage(1);
// Create a random text field that we can lock using the field permissions feature.
TextWidget annot1 = TextWidget.Create(doc, new Rect(50, 550, 350, 600), "asdf_test_field");
page1.AnnotPushBack(annot1);
/* Create new signature form field in the PDFDoc. The name argument is optional;
* leaving it empty causes it to be auto-generated. However, you may need the name for later.
* Acrobat doesn't show digsigfield in side panel if it's without a widget. Using a
* Rect with 0 width and 0 height, or setting the NoPrint/Invisible flags makes it invisible. */
DigitalSignatureField certification_sig_field = doc.CreateDigitalSignatureField(in_cert_field_name);
SignatureWidget widgetAnnot = SignatureWidget.Create(doc, new Rect(0, 100, 200, 150), certification_sig_field);
page1.AnnotPushBack(widgetAnnot);
// (OPTIONAL) Add an appearance.
// Widget AP from image
Image img = Image.Create(doc, in_appearance_image_path);
widgetAnnot.CreateSignatureAppearance(img);
// End of optional appearance-adding code.
// Add permissions. Lock the random text field.
Console.Out.WriteLine("Adding document permissions.");
certification_sig_field.SetDocumentPermissions(DigitalSignatureField.DocumentPermissions.e_annotating_formfilling_signing_allowed);
Console.Out.WriteLine("Adding field permissions.");
string[] fields_to_lock = new string[1];
fields_to_lock[0] = "asdf_test_field";
certification_sig_field.SetFieldPermissions(DigitalSignatureField.FieldPermissions.e_include, fields_to_lock);
#if USE_DOTNET_CRYPTO
DotNetCryptoSignatureHandler sigHandler = new DotNetCryptoSignatureHandler(in_private_key_file_path, in_keyfile_password);
SDF.SignatureHandlerId sigHandlerId = doc.AddSignatureHandler(sigHandler);
found_approval_signature_digsig_field.CertifyOnNextSaveWithCustomHandler(sigHandlerId);
#else
certification_sig_field.CertifyOnNextSave(in_private_key_file_path, in_keyfile_password);
#endif
///// (OPTIONAL) Add more information to the signature dictionary.
certification_sig_field.SetLocation("Vancouver, BC");
certification_sig_field.SetReason("Document certification.");
certification_sig_field.SetContactInfo("www.pdftron.com");
///// End of optional sig info code.
// Save the PDFDoc. Once the method below is called, PDFNetC will also sign the document using the information provided.
doc.Save(in_outpath, 0);
}
Console.Out.WriteLine("================================================================================");
}
public void AdhocTest()
{
PDFDoc doc = new PDFDoc(GetTestPdf(SamplePdf));
// Ad-hoc field added for signing the PDF
var signatureField = doc.FieldCreate("sample-field-name", Field.Type.e_signature, "signer name");
signatureField.SetValue("Signature Name");
var digitalSignatureField = new DigitalSignatureField(signatureField);
// Before the rest of the lines or else it fails due to dictionary being empty
digitalSignatureField.SignOnNextSave(GetCertificatePath("pdf-signing.pfx"), CertPassword);
digitalSignatureField.SetReason("reason");
digitalSignatureField.SetContactInfo("*****@*****.**");
digitalSignatureField.SetLocation("location");
digitalSignatureField.SetFieldPermissions(DigitalSignatureField.FieldPermissions.e_include, new string[0]);
digitalSignatureField.SetDocumentPermissions(DigitalSignatureField.DocumentPermissions
.e_formfilling_signing_allowed);
// Save file
var temporaryFile = Path.GetTempFileName();
doc.Save(temporaryFile, pdftron.SDF.SDFDoc.SaveOptions.e_incremental);
// VALIDATE
var result = new PDFDoc(temporaryFile);
var verificationOptions = new VerificationOptions(VerificationOptions.SignatureVerificationSecurityLevel
.e_compatibility_and_archiving);
// Using filepath/password directly makes it fail on adding trusted cert
// THIS ONE FAILS:
// verificationOptions.AddTrustedCertificate(GetCertificatePath("pdf-signing.crt"));
var x509 = new X509Certificate(GetCertificatePath("pdf-signing.pfx"), CertPassword);
verificationOptions.AddTrustedCertificate(x509.GetRawCertData());
DigitalSignatureFieldIterator signatureFieldIterator = result.GetDigitalSignatureFieldIterator();
for (; signatureFieldIterator.HasNext(); signatureFieldIterator.Next())
{
var dsField = signatureFieldIterator.Current();
var verificationResult = dsField.Verify(verificationOptions);
var status = verificationResult.GetTrustStatus();
var certCount = dsField.GetCertCount();
Console.WriteLine($"Verification status {status}");
Console.WriteLine($"Digest status {verificationResult.GetDigestStatus()}");
Console.WriteLine($"Digest document status {verificationResult.GetDocumentStatus()}");
Console.WriteLine($"Verification status {verificationResult.GetVerificationStatus()}");
Console.WriteLine($"Cert count: {certCount}");
Console.WriteLine($"Signature Name{dsField.GetSignatureName()}");
var sigTime = dsField.GetSigningTime();
Console.WriteLine($"Signing Time: {sigTime.day}/{sigTime.month}/{sigTime.year} {sigTime.hour}:{sigTime.minute}.{sigTime.second}");
Assert.True(status != VerificationResult.TrustStatus.e_untrusted, "Unexpected status e_untrusted");
Assert.True(certCount > 0, "DigitalSignatureField should have a certificate");
}
}
