/// <summary>
/// Prepares an
/// <see cref="PdfPKCS7"/>
/// instance for the given signature.
/// This method handles signature parsing and might throw an exception if
/// signature is malformed.
/// <p>
/// The returned
/// <see cref="PdfPKCS7"/>
/// can be used to fetch additional info about the signature
/// and also to perform integrity check of data signed by the given signature field.
/// </p>
/// Prepared
/// <see cref="PdfPKCS7"/>
/// instance calculates digest based on signature's /ByteRange entry.
/// In order to check that /ByteRange is properly defined and given signature indeed covers the current PDF document
/// revision please use
/// <see cref="SignatureCoversWholeDocument(System.String)"/>
/// method.
/// </summary>
/// <param name="signatureFieldName">the signature field name</param>
/// <param name="securityProvider">the security provider or null for the default provider</param>
/// <returns>
/// a
/// <see cref="PdfPKCS7"/>
/// instance which can be used to fetch additional info about the signature
/// and also to perform integrity check of data signed by the given signature field.
/// </returns>
public virtual PdfPKCS7 ReadSignatureData(String signatureFieldName)
{
PdfSignature signature = GetSignature(signatureFieldName);
if (signature == null)
{
return(null);
}
try {
PdfName sub = signature.GetSubFilter();
PdfString contents = signature.GetContents();
PdfPKCS7 pk = null;
if (sub.Equals(PdfName.Adbe_x509_rsa_sha1))
{
PdfString cert = signature.GetPdfObject().GetAsString(PdfName.Cert);
if (cert == null)
{
cert = signature.GetPdfObject().GetAsArray(PdfName.Cert).GetAsString(0);
}
pk = new PdfPKCS7(PdfEncodings.ConvertToBytes(contents.GetValue(), null), cert.GetValueBytes());
}
else
{
pk = new PdfPKCS7(PdfEncodings.ConvertToBytes(contents.GetValue(), null), sub);
}
UpdateByteRange(pk, signature);
PdfString date = signature.GetDate();
if (date != null)
{
pk.SetSignDate(PdfDate.Decode(date.ToString()));
}
String signName = signature.GetName();
pk.SetSignName(signName);
String reason = signature.GetReason();
if (reason != null)
{
pk.SetReason(reason);
}
String location = signature.GetLocation();
if (location != null)
{
pk.SetLocation(location);
}
return(pk);
}
catch (Exception e) {
throw new PdfException(e);
}
}
/// <summary>Adds keys to the signature dictionary that define the field permissions.</summary>
/// <remarks>
/// Adds keys to the signature dictionary that define the field permissions.
/// This method is only used for signatures that lock fields.
/// </remarks>
/// <param name="crypto">the signature dictionary</param>
protected internal virtual void AddFieldMDP(PdfSignature crypto, PdfSigFieldLockDictionary fieldLock)
{
PdfDictionary reference = new PdfDictionary();
PdfDictionary transformParams = new PdfDictionary();
transformParams.PutAll(fieldLock.GetPdfObject());
transformParams.Put(PdfName.Type, PdfName.TransformParams);
transformParams.Put(PdfName.V, new PdfName("1.2"));
reference.Put(PdfName.TransformMethod, PdfName.FieldMDP);
reference.Put(PdfName.Type, PdfName.SigRef);
reference.Put(PdfName.TransformParams, transformParams);
reference.Put(new PdfName("DigestValue"), new PdfString("aa"));
PdfArray loc = new PdfArray();
loc.Add(new PdfNumber(0));
loc.Add(new PdfNumber(0));
reference.Put(new PdfName("DigestLocation"), loc);
reference.Put(new PdfName("DigestMethod"), new PdfName("MD5"));
reference.Put(PdfName.Data, document.GetTrailer().Get(PdfName.Root));
PdfArray types = crypto.GetPdfObject().GetAsArray(PdfName.Reference);
if (types == null)
{
types = new PdfArray();
}
types.Add(reference);
crypto.Put(PdfName.Reference, types);
}
/// <summary>Sign the document using an external container, usually a PKCS7.</summary>
/// <remarks>
/// Sign the document using an external container, usually a PKCS7. The signature is fully composed
/// externally, iText will just put the container inside the document.
/// <br /><br />
/// NOTE: This method closes the underlying pdf document. This means, that current instance
/// of PdfSigner cannot be used after this method call.
/// </remarks>
/// <param name="externalSignatureContainer">the interface providing the actual signing</param>
/// <param name="estimatedSize">the reserved size for the signature</param>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
/// <exception cref="System.IO.IOException"/>
public virtual void SignExternalContainer(IExternalSignatureContainer externalSignatureContainer, int estimatedSize
)
{
if (closed)
{
throw new PdfException(PdfException.ThisInstanceOfPdfSignerAlreadyClosed);
}
PdfSignature dic = new PdfSignature();
PdfSignatureAppearance appearance = GetSignatureAppearance();
dic.SetReason(appearance.GetReason());
dic.SetLocation(appearance.GetLocation());
dic.SetSignatureCreator(appearance.GetSignatureCreator());
dic.SetContact(appearance.GetContact());
dic.SetDate(new PdfDate(GetSignDate()));
// time-stamp will over-rule this
externalSignatureContainer.ModifySigningDictionary(dic.GetPdfObject());
cryptoDictionary = dic;
IDictionary <PdfName, int?> exc = new Dictionary <PdfName, int?>();
exc[PdfName.Contents] = estimatedSize * 2 + 2;
PreClose(exc);
Stream data = GetRangeStream();
byte[] encodedSig = externalSignatureContainer.Sign(data);
if (estimatedSize < encodedSig.Length)
{
throw new System.IO.IOException("Not enough space");
}
byte[] paddedSig = new byte[estimatedSize];
System.Array.Copy(encodedSig, 0, paddedSig, 0, encodedSig.Length);
PdfDictionary dic2 = new PdfDictionary();
dic2.Put(PdfName.Contents, new PdfString(paddedSig).SetHexWriting(true));
Close(dic2);
closed = true;
}
