/** * Get RFC 3161 timeStampToken. * Method may return null indicating that timestamp should be skipped. * @param caller PdfPKCS7 - calling PdfPKCS7 instance (in case caller needs it) * @param imprint byte[] - data imprint to be time-stamped * @return byte[] - encoded, TSA signed data of the timeStampToken * @throws Exception - TSA request failed * @see com.lowagie.text.pdf.TSAClient#getTimeStampToken(com.lowagie.text.pdf.PdfPKCS7, byte[]) */ public byte[] GetTimeStampToken(PdfPKCS7 caller, byte[] imprint) { return GetTimeStampToken(imprint); }
/** * Verifies a signature. An example usage is: * <p> * <pre> * KeyStore kall = PdfPKCS7.LoadCacertsKeyStore(); * PdfReader reader = new PdfReader("my_signed_doc.pdf"); * AcroFields af = reader.GetAcroFields(); * ArrayList names = af.GetSignatureNames(); * for (int k = 0; k < names.Size(); ++k) { * String name = (String)names.Get(k); * System.out.Println("Signature name: " + name); * System.out.Println("Signature covers whole document: " + af.SignatureCoversWholeDocument(name)); * PdfPKCS7 pk = af.VerifySignature(name); * Calendar cal = pk.GetSignDate(); * Certificate pkc[] = pk.GetCertificates(); * System.out.Println("Subject: " + PdfPKCS7.GetSubjectFields(pk.GetSigningCertificate())); * System.out.Println("Document modified: " + !pk.Verify()); * Object fails[] = PdfPKCS7.VerifyCertificates(pkc, kall, null, cal); * if (fails == null) * System.out.Println("Certificates verified against the KeyStore"); * else * System.out.Println("Certificate failed: " + fails[1]); * } * </pre> * @param name the signature field name * @return a <CODE>PdfPKCS7</CODE> class to continue the verification */ public PdfPKCS7 VerifySignature(String name) { PdfDictionary v = GetSignatureDictionary(name); if (v == null) return null; PdfName sub = v.GetAsName(PdfName.SUBFILTER); PdfString contents = v.GetAsString(PdfName.CONTENTS); PdfPKCS7 pk = null; if (sub.Equals(PdfName.ADBE_X509_RSA_SHA1)) { PdfString cert = v.GetAsString(PdfName.CERT); pk = new PdfPKCS7(contents.GetOriginalBytes(), cert.GetBytes()); } else pk = new PdfPKCS7(contents.GetOriginalBytes()); UpdateByteRange(pk, v); PdfString str = v.GetAsString(PdfName.M); if (str != null) pk.SignDate = PdfDate.Decode(str.ToString()); PdfObject obj = PdfReader.GetPdfObject(v.Get(PdfName.NAME)); if (obj != null) { if (obj.IsString()) pk.SignName = ((PdfString)obj).ToUnicodeString(); else if(obj.IsName()) pk.SignName = PdfName.DecodeName(obj.ToString()); } str = v.GetAsString(PdfName.REASON); if (str != null) pk.Reason = str.ToUnicodeString(); str = v.GetAsString(PdfName.LOCATION); if (str != null) pk.Location = str.ToUnicodeString(); return pk; }
private void UpdateByteRange(PdfPKCS7 pkcs7, PdfDictionary v) { PdfArray b = v.GetAsArray(PdfName.BYTERANGE); RandomAccessFileOrArray rf = reader.SafeFile; try { rf.ReOpen(); byte[] buf = new byte[8192]; for (int k = 0; k < b.Size; ++k) { int start = b.GetAsNumber(k).IntValue; int length = b.GetAsNumber(++k).IntValue; rf.Seek(start); while (length > 0) { int rd = rf.Read(buf, 0, Math.Min(length, buf.Length)); if (rd <= 0) break; length -= rd; pkcs7.Update(buf, 0, rd); } } } finally { try{rf.Close();}catch{} } }
/** * Sets the crypto information to sign. * @param privKey the private key * @param certChain the certificate chain * @param crlList the certificate revocation list. It can be <CODE>null</CODE> */ public void SetSignInfo(ICipherParameters privKey, X509Certificate[] certChain, object[] crlList) { pkcs = new PdfPKCS7(privKey, certChain, crlList, hashAlgorithm, PdfName.ADBE_PKCS7_SHA1.Equals(Get(PdfName.SUBFILTER))); pkcs.SetExternalDigest(externalDigest, externalRSAdata, digestEncryptionAlgorithm); if (PdfName.ADBE_X509_RSA_SHA1.Equals(Get(PdfName.SUBFILTER))) { MemoryStream bout = new MemoryStream(); for (int k = 0; k < certChain.Length; ++k) { byte[] tmp = certChain[k].GetEncoded(); bout.Write(tmp, 0, tmp.Length); } bout.Close(); Cert = bout.ToArray(); Contents = pkcs.GetEncodedPKCS1(); } else Contents = pkcs.GetEncodedPKCS7(); name = PdfPKCS7.GetSubjectFields(pkcs.SigningCertificate).GetField("CN"); if (name != null) Put(PdfName.NAME, new PdfString(name, PdfObject.TEXT_UNICODE)); pkcs = new PdfPKCS7(privKey, certChain, crlList, hashAlgorithm, PdfName.ADBE_PKCS7_SHA1.Equals(Get(PdfName.SUBFILTER))); pkcs.SetExternalDigest(externalDigest, externalRSAdata, digestEncryptionAlgorithm); }