public static (SignaturePermissions, FileDetailsModel) InspectSignature(FileDetailsModel model, PdfDocument pdfDoc, SignatureUtil signUtil, PdfAcroForm form,
String name, SignaturePermissions perms)
{
IList <PdfWidgetAnnotation> widgets = form.GetField(name).GetWidgets();
PdfPKCS7 pkcs7 = null;
(pkcs7, model) = VerifySignature(model, signUtil, name);
logger.Error("Digest algorithm: " + pkcs7.GetHashAlgorithm());
logger.Error("Encryption algorithm: " + pkcs7.GetEncryptionAlgorithm());
logger.Error("Filter subtype: " + pkcs7.GetFilterSubtype());
X509Certificate cert = (X509Certificate)pkcs7.GetSigningCertificate();
logger.Error("Name of the signer: "
+ iText.Signatures.CertificateInfo.GetSubjectFields(cert).GetField("CN"));
model.SignerName = iText.Signatures.CertificateInfo.GetSubjectFields(cert).GetField("CN");
if (pkcs7.GetSignName() != null)
{
logger.Error("Alternative name of the signer: " + pkcs7.GetSignName());
}
logger.Error("Signed on: " + pkcs7.GetSignDate().ToUniversalTime().ToString("yyyy-MM-dd"));
model.SignatureDate = pkcs7.GetSignDate().ToUniversalTime().ToString("yyyy-MM-dd");
logger.Error("Location: " + pkcs7.GetLocation());
logger.Error("Reason: " + pkcs7.GetReason());
PdfDictionary sigDict = signUtil.GetSignatureDictionary(name);
PdfString contact = sigDict.GetAsString(PdfName.ContactInfo);
if (contact != null)
{
logger.Error("Contact info: " + contact);
}
return(perms, model);
}
public SignaturePermissions InspectSignature(PdfDocument pdfDoc, SignatureUtil signUtil, PdfAcroForm form,
String name, SignaturePermissions perms)
{
IList <PdfWidgetAnnotation> widgets = form.GetField(name).GetWidgets();
// Check the visibility of the signature annotation
if (widgets != null && widgets.Count > 0)
{
Rectangle pos = widgets[0].GetRectangle().ToRectangle();
int pageNum = pdfDoc.GetPageNumber(widgets[0].GetPage());
if (pos.GetWidth() == 0 || pos.GetHeight() == 0)
{
Console.Out.WriteLine("Invisible signature");
}
else
{
Console.Out.WriteLine(String.Format("Field on page {0}; llx: {1}, lly: {2}, urx: {3}; ury: {4}",
pageNum, pos.GetLeft(), pos.GetBottom(), pos.GetRight(), pos.GetTop()));
}
}
/* Find out how the message digest of the PDF bytes was created,
* how these bytes and additional attributes were signed
* and how the signed bytes are stored in the PDF
*/
PdfPKCS7 pkcs7 = VerifySignature(signUtil, name);
Console.Out.WriteLine("Digest algorithm: " + pkcs7.GetHashAlgorithm());
Console.Out.WriteLine("Encryption algorithm: " + pkcs7.GetEncryptionAlgorithm());
Console.Out.WriteLine("Filter subtype: " + pkcs7.GetFilterSubtype());
// Get the signing certificate to find out the name of the signer.
X509Certificate cert = (X509Certificate)pkcs7.GetSigningCertificate();
Console.Out.WriteLine("Name of the signer: "
+ iText.Signatures.CertificateInfo.GetSubjectFields(cert).GetField("CN"));
if (pkcs7.GetSignName() != null)
{
Console.Out.WriteLine("Alternative name of the signer: " + pkcs7.GetSignName());
}
/* Get the signing time.
* Mind that the getSignDate() method is not that secure as timestamp
* because it's based only on signature author claim. I.e. this value can only be trusted
* if signature is trusted and it cannot be used for signature verification.
*/
Console.Out.WriteLine("Signed on: " + pkcs7.GetSignDate().ToUniversalTime().ToString("yyyy-MM-dd"));
/* If a timestamp was applied, retrieve information about it.
* Timestamp is a secure source of signature creation time,
* because it's based on Time Stamping Authority service.
*/
if (TimestampConstants.UNDEFINED_TIMESTAMP_DATE != pkcs7.GetTimeStampDate())
{
Console.Out.WriteLine("TimeStamp: " +
pkcs7.GetTimeStampDate().ToUniversalTime().ToString("yyyy-MM-dd"));
TimeStampToken ts = pkcs7.GetTimeStampToken();
Console.Out.WriteLine("TimeStamp service: " + ts.TimeStampInfo.Tsa);
Console.Out.WriteLine("Timestamp verified? " + pkcs7.VerifyTimestampImprint());
}
Console.Out.WriteLine("Location: " + pkcs7.GetLocation());
Console.Out.WriteLine("Reason: " + pkcs7.GetReason());
/* If you want less common entries than PdfPKCS7 object has, such as the contact info,
* you should use the signature dictionary and get the properties by name.
*/
PdfDictionary sigDict = signUtil.GetSignatureDictionary(name);
PdfString contact = sigDict.GetAsString(PdfName.ContactInfo);
if (contact != null)
{
Console.Out.WriteLine("Contact info: " + contact);
}
/* Every new signature can add more restrictions to a document, but it can’t take away previous restrictions.
* So if you want to retrieve information about signatures restrictions, you need to pass
* the SignaturePermissions instance of the previous signature, or null if there was none.
*/
perms = new SignaturePermissions(sigDict, perms);
Console.Out.WriteLine("Signature type: " + (perms.IsCertification() ? "certification" : "approval"));
Console.Out.WriteLine("Filling out fields allowed: " + perms.IsFillInAllowed());
Console.Out.WriteLine("Adding annotations allowed: " + perms.IsAnnotationsAllowed());
foreach (SignaturePermissions.FieldLock Lock in perms.GetFieldLocks())
{
Console.Out.WriteLine("Lock: " + Lock);
}
return(perms);
}
private SignedDocumentInfo CollectInfo(String documentPath)
{
SignedDocumentInfo docInfo = new SignedDocumentInfo();
PdfDocument pdfDoc = new PdfDocument(new PdfReader(documentPath));
PdfAcroForm form = PdfAcroForm.GetAcroForm(pdfDoc, false);
SignatureUtil signUtil = new SignatureUtil(pdfDoc);
IList <String> names = signUtil.GetSignatureNames();
docInfo.SetNumberOfTotalRevisions(signUtil.GetTotalRevisions());
SignaturePermissions perms = null;
IList <SignatureInfo> signInfos = new List <SignatureInfo>();
foreach (String name in names)
{
SignatureInfo sigInfo = new SignatureInfo();
sigInfo.SetSignatureName(name);
sigInfo.SetRevisionNumber(signUtil.GetRevision(name));
sigInfo.SetSignatureCoversWholeDocument(signUtil.SignatureCoversWholeDocument(name));
IList <PdfWidgetAnnotation> widgetAnnotationsList = form.GetField(name).GetWidgets();
if (widgetAnnotationsList != null && widgetAnnotationsList.Count > 0)
{
sigInfo.SetSignaturePosition(widgetAnnotationsList[0].GetRectangle().ToRectangle());
}
PdfPKCS7 pkcs7 = signUtil.ReadSignatureData(name);
sigInfo.SetDigestAlgorithm(pkcs7.GetHashAlgorithm());
sigInfo.SetEncryptionAlgorithm(pkcs7.GetEncryptionAlgorithm());
PdfName filterSubtype = pkcs7.GetFilterSubtype();
if (filterSubtype != null)
{
sigInfo.SetFilterSubtype(filterSubtype.ToString());
}
X509Certificate signCert = pkcs7.GetSigningCertificate();
sigInfo.SetSignerName(iText.Signatures.CertificateInfo.GetSubjectFields(signCert).GetField("CN"));
sigInfo.SetAlternativeSignerName(pkcs7.GetSignName());
sigInfo.SetSignDate(pkcs7.GetSignDate().ToUniversalTime());
if (TimestampConstants.UNDEFINED_TIMESTAMP_DATE != pkcs7.GetTimeStampDate())
{
sigInfo.SetTimeStamp(pkcs7.GetTimeStampDate().ToUniversalTime());
TimeStampToken ts = pkcs7.GetTimeStampToken();
sigInfo.SetTimeStampService(ts.TimeStampInfo.Tsa.ToString());
}
sigInfo.SetLocation(pkcs7.GetLocation());
sigInfo.SetReason(pkcs7.GetReason());
PdfDictionary sigDict = signUtil.GetSignatureDictionary(name);
PdfString contactInfo = sigDict.GetAsString(PdfName.ContactInfo);
if (contactInfo != null)
{
sigInfo.SetContactInfo(contactInfo.ToString());
}
perms = new SignaturePermissions(sigDict, perms);
sigInfo.SetIsCertifiaction(perms.IsCertification());
sigInfo.SetIsFieldsFillAllowed(perms.IsFillInAllowed());
sigInfo.SetIsAddingAnnotationsAllowed(perms.IsAnnotationsAllowed());
IList <String> fieldLocks = new List <String>();
foreach (SignaturePermissions.FieldLock Lock in perms.GetFieldLocks())
{
fieldLocks.Add(Lock.ToString());
}
sigInfo.SetFieldsLocks(fieldLocks);
X509Certificate[] certs = pkcs7.GetSignCertificateChain();
IList <CertificateInfo> certInfos = new List <CertificateInfo>();
for (int i = 0; i < certs.Length; i++)
{
X509Certificate cert = (X509Certificate)certs[i];
CertificateInfo certInfo = new CertificateInfo();
certInfo.SetIssuer(cert.IssuerDN);
certInfo.SetSubject(cert.SubjectDN);
certInfo.SetValidFrom(cert.NotBefore);
certInfo.SetValidTo(cert.NotAfter);
certInfos.Add(certInfo);
}
sigInfo.SetCertificateInfos(certInfos);
signInfos.Add(sigInfo);
}
docInfo.SetSignatureInfos(signInfos);
return(docInfo);
}
