public static void addLTV(String src, String dest, IOcspClient ocsp, ICrlClient crl, ITSAClient itsaClient) { PdfReader reader = new PdfReader(src); PdfWriter writer = new PdfWriter(dest); PdfDocument pdfDoc = new PdfDocument(reader, writer, new StampingProperties().UseAppendMode()); LtvVerification v = new LtvVerification(pdfDoc); SignatureUtil signatureUtil = new SignatureUtil(pdfDoc); IList <string> names = signatureUtil.GetSignatureNames(); String sigName = names[names.Count - 1]; PdfPKCS7 pkcs7 = signatureUtil.ReadSignatureData(sigName); if (pkcs7.IsTsp()) { v.AddVerification(sigName, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN, LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO); } else { foreach (var name in names) { v.AddVerification(name, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN, LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO); } } v.Merge(); pdfDoc.Close(); }
static void addLTVToStream(Stream source, Stream destination, IOcspClient ocsp, ICrlClient crl, LtvVerification.Level timestampLevel, LtvVerification.Level signatureLevel) { PdfDocument pdfDoc = new PdfDocument(new PdfReader(source), new PdfWriter(destination), new StampingProperties().UseAppendMode()); LtvVerification v = new LtvVerification(pdfDoc); SignatureUtil signatureUtil = new SignatureUtil(pdfDoc); IList <string> names = signatureUtil.GetSignatureNames(); String sigName = names[(names.Count - 1)]; PdfPKCS7 pkcs7 = signatureUtil.ReadSignatureData(sigName); if (pkcs7.IsTsp()) { v.AddVerification(sigName, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN, timestampLevel, LtvVerification.CertificateInclusion.YES); } else { foreach (String name in names) { v.AddVerification(name, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN, signatureLevel, LtvVerification.CertificateInclusion.YES); } } v.Merge(); pdfDoc.Close(); }
public virtual void TestISAValidPdf() { String filePath = sourceFolder + "isaValidPdf.pdf"; String signatureName = "Signature1"; PdfDocument document = new PdfDocument(new PdfReader(filePath)); SignatureUtil sigUtil = new SignatureUtil(document); PdfPKCS7 pdfPKCS7 = sigUtil.ReadSignatureData(signatureName); NUnit.Framework.Assert.IsTrue(pdfPKCS7.VerifySignatureIntegrityAndAuthenticity()); NUnit.Framework.Assert.IsFalse(sigUtil.SignatureCoversWholeDocument(signatureName)); String textFromPage = PdfTextExtractor.GetTextFromPage(document.GetPage(1)); // We are working with the latest revision of the document, that's why we should get amended page text. // However Signature shall be marked as not covering the complete document, indicating its invalidity // for the current revision. NUnit.Framework.Assert.AreEqual("This is manipulated malicious text, ha-ha!", textFromPage); NUnit.Framework.Assert.AreEqual(2, sigUtil.GetTotalRevisions()); NUnit.Framework.Assert.AreEqual(1, sigUtil.GetRevision(signatureName)); Stream sigInputStream = sigUtil.ExtractRevision(signatureName); PdfDocument sigRevDocument = new PdfDocument(new PdfReader(sigInputStream)); SignatureUtil sigRevUtil = new SignatureUtil(sigRevDocument); PdfPKCS7 sigRevSignatureData = sigRevUtil.ReadSignatureData(signatureName); NUnit.Framework.Assert.IsTrue(sigRevSignatureData.VerifySignatureIntegrityAndAuthenticity()); NUnit.Framework.Assert.IsTrue(sigRevUtil.SignatureCoversWholeDocument(signatureName)); sigRevDocument.Close(); document.Close(); }
internal static void BasicCheckSignedDoc(String filePath, String signatureName) { PdfDocument outDocument = new PdfDocument(new PdfReader(filePath)); SignatureUtil sigUtil = new SignatureUtil(outDocument); PdfPKCS7 signatureData = sigUtil.ReadSignatureData(signatureName); NUnit.Framework.Assert.IsTrue(signatureData.VerifySignatureIntegrityAndAuthenticity()); outDocument.Close(); }
public PdfPKCS7 VerifySignature(SignatureUtil signUtil, String name) { PdfPKCS7 pkcs7 = signUtil.ReadSignatureData(name); Console.Out.WriteLine("Signature covers whole document: " + signUtil.SignatureCoversWholeDocument(name)); Console.Out.WriteLine("Document revision: " + signUtil.GetRevision(name) + " of " + signUtil.GetTotalRevisions()); Console.Out.WriteLine("Integrity check OK? " + pkcs7.VerifySignatureIntegrityAndAuthenticity()); return(pkcs7); }
public static (PdfPKCS7, FileDetailsModel) VerifySignature(FileDetailsModel model, SignatureUtil signUtil, String name) { PdfPKCS7 pkcs7 = signUtil.ReadSignatureData(name); logger.Error("Signature covers whole document: " + signUtil.SignatureCoversWholeDocument(name)); logger.Error("Document revision: " + signUtil.GetRevision(name) + " of " + signUtil.GetTotalRevisions()); logger.Error("Integrity check OK? " + pkcs7.VerifySignatureIntegrityAndAuthenticity()); model.Integrity = pkcs7.VerifySignatureIntegrityAndAuthenticity() == true?"OK":"NOT OK"; return(pkcs7, model); }
public virtual void TestSWA01() { String filePath = sourceFolder + "siwa.pdf"; String signatureName = "Signature1"; PdfDocument document = new PdfDocument(new PdfReader(filePath)); SignatureUtil sigUtil = new SignatureUtil(document); PdfPKCS7 pdfPKCS7 = sigUtil.ReadSignatureData(signatureName); NUnit.Framework.Assert.IsTrue(pdfPKCS7.VerifySignatureIntegrityAndAuthenticity()); NUnit.Framework.Assert.IsFalse(sigUtil.SignatureCoversWholeDocument(signatureName)); document.Close(); }
private void VerifySignatures(SignatureUtil signUtil, IList <String> names) { foreach (String name in names) { PdfPKCS7 pkcs7 = signUtil.ReadSignatureData(name); // verify signature integrity if (!pkcs7.VerifySignatureIntegrityAndAuthenticity()) { AddError(String.Format("\"{0}\" signature integrity is invalid\n", name)); } VerifyCertificates(pkcs7); } }
static void Verify() { String digestAlgorithm = ""; String encryptionAlgorithm = ""; DateTime signDate; bool verifyTimeStamp = false; Org.BouncyCastle.X509.X509Certificate signCert; bool revokeStatus = false; bool isTSP = false; PdfDocument pdfDocument = new PdfDocument(new PdfReader("c:\\temp\\valid signed contract.pdf")); // Checks that signature is genuine and the document was not modified. Boolean genuineAndWasNotModified = false; String signatureFieldName = "Signature1"; SignatureUtil signatureUtil = new SignatureUtil(pdfDocument); try { PdfPKCS7 signature1 = signatureUtil.ReadSignatureData(signatureFieldName); if (signature1 != null) { genuineAndWasNotModified = signature1.VerifySignatureIntegrityAndAuthenticity(); digestAlgorithm = signature1.GetDigestAlgorithm(); encryptionAlgorithm = signature1.GetEncryptionAlgorithm(); signDate = signature1.GetTimeStampDate(); verifyTimeStamp = signature1.VerifyTimestampImprint(); signDate = signature1.GetSignDate(); signCert = signature1.GetSigningCertificate(); isTSP = signature1.IsTsp(); revokeStatus = signature1.IsRevocationValid(); } } catch (iText.Signatures.VerificationException issue) { issue. } catch (Exception ignored) { // ignoring exceptions, // we are only interested in signatures that are passing the check successfully } pdfDocument.Close(); }
private SignedDocumentInfo CollectInfo(String documentPath) { SignedDocumentInfo docInfo = new SignedDocumentInfo(); PdfDocument pdfDoc = new PdfDocument(new PdfReader(documentPath)); PdfAcroForm form = PdfAcroForm.GetAcroForm(pdfDoc, false); SignatureUtil signUtil = new SignatureUtil(pdfDoc); IList <String> names = signUtil.GetSignatureNames(); docInfo.SetNumberOfTotalRevisions(signUtil.GetTotalRevisions()); SignaturePermissions perms = null; IList <SignatureInfo> signInfos = new List <SignatureInfo>(); foreach (String name in names) { SignatureInfo sigInfo = new SignatureInfo(); sigInfo.SetSignatureName(name); sigInfo.SetRevisionNumber(signUtil.GetRevision(name)); sigInfo.SetSignatureCoversWholeDocument(signUtil.SignatureCoversWholeDocument(name)); IList <PdfWidgetAnnotation> widgetAnnotationsList = form.GetField(name).GetWidgets(); if (widgetAnnotationsList != null && widgetAnnotationsList.Count > 0) { sigInfo.SetSignaturePosition(widgetAnnotationsList[0].GetRectangle().ToRectangle()); } PdfPKCS7 pkcs7 = signUtil.ReadSignatureData(name); sigInfo.SetDigestAlgorithm(pkcs7.GetHashAlgorithm()); sigInfo.SetEncryptionAlgorithm(pkcs7.GetEncryptionAlgorithm()); PdfName filterSubtype = pkcs7.GetFilterSubtype(); if (filterSubtype != null) { sigInfo.SetFilterSubtype(filterSubtype.ToString()); } X509Certificate signCert = pkcs7.GetSigningCertificate(); sigInfo.SetSignerName(iText.Signatures.CertificateInfo.GetSubjectFields(signCert).GetField("CN")); sigInfo.SetAlternativeSignerName(pkcs7.GetSignName()); sigInfo.SetSignDate(pkcs7.GetSignDate().ToUniversalTime()); if (TimestampConstants.UNDEFINED_TIMESTAMP_DATE != pkcs7.GetTimeStampDate()) { sigInfo.SetTimeStamp(pkcs7.GetTimeStampDate().ToUniversalTime()); TimeStampToken ts = pkcs7.GetTimeStampToken(); sigInfo.SetTimeStampService(ts.TimeStampInfo.Tsa.ToString()); } sigInfo.SetLocation(pkcs7.GetLocation()); sigInfo.SetReason(pkcs7.GetReason()); PdfDictionary sigDict = signUtil.GetSignatureDictionary(name); PdfString contactInfo = sigDict.GetAsString(PdfName.ContactInfo); if (contactInfo != null) { sigInfo.SetContactInfo(contactInfo.ToString()); } perms = new SignaturePermissions(sigDict, perms); sigInfo.SetIsCertifiaction(perms.IsCertification()); sigInfo.SetIsFieldsFillAllowed(perms.IsFillInAllowed()); sigInfo.SetIsAddingAnnotationsAllowed(perms.IsAnnotationsAllowed()); IList <String> fieldLocks = new List <String>(); foreach (SignaturePermissions.FieldLock Lock in perms.GetFieldLocks()) { fieldLocks.Add(Lock.ToString()); } sigInfo.SetFieldsLocks(fieldLocks); X509Certificate[] certs = pkcs7.GetSignCertificateChain(); IList <CertificateInfo> certInfos = new List <CertificateInfo>(); for (int i = 0; i < certs.Length; i++) { X509Certificate cert = (X509Certificate)certs[i]; CertificateInfo certInfo = new CertificateInfo(); certInfo.SetIssuer(cert.IssuerDN); certInfo.SetSubject(cert.SubjectDN); certInfo.SetValidFrom(cert.NotBefore); certInfo.SetValidTo(cert.NotAfter); certInfos.Add(certInfo); } sigInfo.SetCertificateInfos(certInfos); signInfos.Add(sigInfo); } docInfo.SetSignatureInfos(signInfos); return(docInfo); }