public static void addLTV(String src, String dest, IOcspClient ocsp, ICrlClient crl, ITSAClient itsaClient)
{
PdfReader reader = new PdfReader(src);
PdfWriter writer = new PdfWriter(dest);
PdfDocument pdfDoc = new PdfDocument(reader, writer, new StampingProperties().UseAppendMode());
LtvVerification v = new LtvVerification(pdfDoc);
SignatureUtil signatureUtil = new SignatureUtil(pdfDoc);
IList <string> names = signatureUtil.GetSignatureNames();
String sigName = names[names.Count - 1];
PdfPKCS7 pkcs7 = signatureUtil.ReadSignatureData(sigName);
if (pkcs7.IsTsp())
{
v.AddVerification(sigName, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN,
LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO);
}
else
{
foreach (var name in names)
{
v.AddVerification(name, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN,
LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO);
}
}
v.Merge();
pdfDoc.Close();
}
static void addLTVToStream(Stream source, Stream destination, IOcspClient ocsp, ICrlClient crl,
LtvVerification.Level timestampLevel, LtvVerification.Level signatureLevel)
{
PdfDocument pdfDoc = new PdfDocument(new PdfReader(source),
new PdfWriter(destination),
new StampingProperties().UseAppendMode());
LtvVerification v = new LtvVerification(pdfDoc);
SignatureUtil signatureUtil = new SignatureUtil(pdfDoc);
IList <string> names = signatureUtil.GetSignatureNames();
String sigName = names[(names.Count - 1)];
PdfPKCS7 pkcs7 = signatureUtil.ReadSignatureData(sigName);
if (pkcs7.IsTsp())
{
v.AddVerification(sigName, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN,
timestampLevel, LtvVerification.CertificateInclusion.YES);
}
else
{
foreach (String name in names)
{
v.AddVerification(name, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN,
signatureLevel, LtvVerification.CertificateInclusion.YES);
}
}
v.Merge();
pdfDoc.Close();
}
public virtual void TestISAValidPdf()
{
String filePath = sourceFolder + "isaValidPdf.pdf";
String signatureName = "Signature1";
PdfDocument document = new PdfDocument(new PdfReader(filePath));
SignatureUtil sigUtil = new SignatureUtil(document);
PdfPKCS7 pdfPKCS7 = sigUtil.ReadSignatureData(signatureName);
NUnit.Framework.Assert.IsTrue(pdfPKCS7.VerifySignatureIntegrityAndAuthenticity());
NUnit.Framework.Assert.IsFalse(sigUtil.SignatureCoversWholeDocument(signatureName));
String textFromPage = PdfTextExtractor.GetTextFromPage(document.GetPage(1));
// We are working with the latest revision of the document, that's why we should get amended page text.
// However Signature shall be marked as not covering the complete document, indicating its invalidity
// for the current revision.
NUnit.Framework.Assert.AreEqual("This is manipulated malicious text, ha-ha!", textFromPage);
NUnit.Framework.Assert.AreEqual(2, sigUtil.GetTotalRevisions());
NUnit.Framework.Assert.AreEqual(1, sigUtil.GetRevision(signatureName));
Stream sigInputStream = sigUtil.ExtractRevision(signatureName);
PdfDocument sigRevDocument = new PdfDocument(new PdfReader(sigInputStream));
SignatureUtil sigRevUtil = new SignatureUtil(sigRevDocument);
PdfPKCS7 sigRevSignatureData = sigRevUtil.ReadSignatureData(signatureName);
NUnit.Framework.Assert.IsTrue(sigRevSignatureData.VerifySignatureIntegrityAndAuthenticity());
NUnit.Framework.Assert.IsTrue(sigRevUtil.SignatureCoversWholeDocument(signatureName));
sigRevDocument.Close();
document.Close();
}
internal static void BasicCheckSignedDoc(String filePath, String signatureName)
{
PdfDocument outDocument = new PdfDocument(new PdfReader(filePath));
SignatureUtil sigUtil = new SignatureUtil(outDocument);
PdfPKCS7 signatureData = sigUtil.ReadSignatureData(signatureName);
NUnit.Framework.Assert.IsTrue(signatureData.VerifySignatureIntegrityAndAuthenticity());
outDocument.Close();
}
public PdfPKCS7 VerifySignature(SignatureUtil signUtil, String name)
{
PdfPKCS7 pkcs7 = signUtil.ReadSignatureData(name);
Console.Out.WriteLine("Signature covers whole document: " + signUtil.SignatureCoversWholeDocument(name));
Console.Out.WriteLine("Document revision: " + signUtil.GetRevision(name) + " of "
+ signUtil.GetTotalRevisions());
Console.Out.WriteLine("Integrity check OK? " + pkcs7.VerifySignatureIntegrityAndAuthenticity());
return(pkcs7);
}
public static (PdfPKCS7, FileDetailsModel) VerifySignature(FileDetailsModel model, SignatureUtil signUtil, String name)
{
PdfPKCS7 pkcs7 = signUtil.ReadSignatureData(name);
logger.Error("Signature covers whole document: " + signUtil.SignatureCoversWholeDocument(name));
logger.Error("Document revision: " + signUtil.GetRevision(name) + " of "
+ signUtil.GetTotalRevisions());
logger.Error("Integrity check OK? " + pkcs7.VerifySignatureIntegrityAndAuthenticity());
model.Integrity = pkcs7.VerifySignatureIntegrityAndAuthenticity() == true?"OK":"NOT OK";
return(pkcs7, model);
}
public virtual void TestSWA01()
{
String filePath = sourceFolder + "siwa.pdf";
String signatureName = "Signature1";
PdfDocument document = new PdfDocument(new PdfReader(filePath));
SignatureUtil sigUtil = new SignatureUtil(document);
PdfPKCS7 pdfPKCS7 = sigUtil.ReadSignatureData(signatureName);
NUnit.Framework.Assert.IsTrue(pdfPKCS7.VerifySignatureIntegrityAndAuthenticity());
NUnit.Framework.Assert.IsFalse(sigUtil.SignatureCoversWholeDocument(signatureName));
document.Close();
}
private void VerifySignatures(SignatureUtil signUtil, IList <String> names)
{
foreach (String name in names)
{
PdfPKCS7 pkcs7 = signUtil.ReadSignatureData(name);
// verify signature integrity
if (!pkcs7.VerifySignatureIntegrityAndAuthenticity())
{
AddError(String.Format("\"{0}\" signature integrity is invalid\n", name));
}
VerifyCertificates(pkcs7);
}
}
static void Verify()
{
String digestAlgorithm = "";
String encryptionAlgorithm = "";
DateTime signDate;
bool verifyTimeStamp = false;
Org.BouncyCastle.X509.X509Certificate signCert;
bool revokeStatus = false;
bool isTSP = false;
PdfDocument pdfDocument = new PdfDocument(new PdfReader("c:\\temp\\valid signed contract.pdf"));
// Checks that signature is genuine and the document was not modified.
Boolean genuineAndWasNotModified = false;
String signatureFieldName = "Signature1";
SignatureUtil signatureUtil = new SignatureUtil(pdfDocument);
try
{
PdfPKCS7 signature1 = signatureUtil.ReadSignatureData(signatureFieldName);
if (signature1 != null)
{
genuineAndWasNotModified = signature1.VerifySignatureIntegrityAndAuthenticity();
digestAlgorithm = signature1.GetDigestAlgorithm();
encryptionAlgorithm = signature1.GetEncryptionAlgorithm();
signDate = signature1.GetTimeStampDate();
verifyTimeStamp = signature1.VerifyTimestampImprint();
signDate = signature1.GetSignDate();
signCert = signature1.GetSigningCertificate();
isTSP = signature1.IsTsp();
revokeStatus = signature1.IsRevocationValid();
}
}
catch (iText.Signatures.VerificationException issue)
{
issue.
}
catch (Exception ignored)
{
// ignoring exceptions,
// we are only interested in signatures that are passing the check successfully
}
pdfDocument.Close();
}
private SignedDocumentInfo CollectInfo(String documentPath)
{
SignedDocumentInfo docInfo = new SignedDocumentInfo();
PdfDocument pdfDoc = new PdfDocument(new PdfReader(documentPath));
PdfAcroForm form = PdfAcroForm.GetAcroForm(pdfDoc, false);
SignatureUtil signUtil = new SignatureUtil(pdfDoc);
IList <String> names = signUtil.GetSignatureNames();
docInfo.SetNumberOfTotalRevisions(signUtil.GetTotalRevisions());
SignaturePermissions perms = null;
IList <SignatureInfo> signInfos = new List <SignatureInfo>();
foreach (String name in names)
{
SignatureInfo sigInfo = new SignatureInfo();
sigInfo.SetSignatureName(name);
sigInfo.SetRevisionNumber(signUtil.GetRevision(name));
sigInfo.SetSignatureCoversWholeDocument(signUtil.SignatureCoversWholeDocument(name));
IList <PdfWidgetAnnotation> widgetAnnotationsList = form.GetField(name).GetWidgets();
if (widgetAnnotationsList != null && widgetAnnotationsList.Count > 0)
{
sigInfo.SetSignaturePosition(widgetAnnotationsList[0].GetRectangle().ToRectangle());
}
PdfPKCS7 pkcs7 = signUtil.ReadSignatureData(name);
sigInfo.SetDigestAlgorithm(pkcs7.GetHashAlgorithm());
sigInfo.SetEncryptionAlgorithm(pkcs7.GetEncryptionAlgorithm());
PdfName filterSubtype = pkcs7.GetFilterSubtype();
if (filterSubtype != null)
{
sigInfo.SetFilterSubtype(filterSubtype.ToString());
}
X509Certificate signCert = pkcs7.GetSigningCertificate();
sigInfo.SetSignerName(iText.Signatures.CertificateInfo.GetSubjectFields(signCert).GetField("CN"));
sigInfo.SetAlternativeSignerName(pkcs7.GetSignName());
sigInfo.SetSignDate(pkcs7.GetSignDate().ToUniversalTime());
if (TimestampConstants.UNDEFINED_TIMESTAMP_DATE != pkcs7.GetTimeStampDate())
{
sigInfo.SetTimeStamp(pkcs7.GetTimeStampDate().ToUniversalTime());
TimeStampToken ts = pkcs7.GetTimeStampToken();
sigInfo.SetTimeStampService(ts.TimeStampInfo.Tsa.ToString());
}
sigInfo.SetLocation(pkcs7.GetLocation());
sigInfo.SetReason(pkcs7.GetReason());
PdfDictionary sigDict = signUtil.GetSignatureDictionary(name);
PdfString contactInfo = sigDict.GetAsString(PdfName.ContactInfo);
if (contactInfo != null)
{
sigInfo.SetContactInfo(contactInfo.ToString());
}
perms = new SignaturePermissions(sigDict, perms);
sigInfo.SetIsCertifiaction(perms.IsCertification());
sigInfo.SetIsFieldsFillAllowed(perms.IsFillInAllowed());
sigInfo.SetIsAddingAnnotationsAllowed(perms.IsAnnotationsAllowed());
IList <String> fieldLocks = new List <String>();
foreach (SignaturePermissions.FieldLock Lock in perms.GetFieldLocks())
{
fieldLocks.Add(Lock.ToString());
}
sigInfo.SetFieldsLocks(fieldLocks);
X509Certificate[] certs = pkcs7.GetSignCertificateChain();
IList <CertificateInfo> certInfos = new List <CertificateInfo>();
for (int i = 0; i < certs.Length; i++)
{
X509Certificate cert = (X509Certificate)certs[i];
CertificateInfo certInfo = new CertificateInfo();
certInfo.SetIssuer(cert.IssuerDN);
certInfo.SetSubject(cert.SubjectDN);
certInfo.SetValidFrom(cert.NotBefore);
certInfo.SetValidTo(cert.NotAfter);
certInfos.Add(certInfo);
}
sigInfo.SetCertificateInfos(certInfos);
signInfos.Add(sigInfo);
}
docInfo.SetSignatureInfos(signInfos);
return(docInfo);
}
