使用itext7从pdf中的数字签名中提取电子邮件地址 [英] Extract Email address from a digital signature in pdf using itext7

问题描述

鉴于使用dsc令牌证书对pdf进行了签名. Adobe Reader将已签名用户的电子邮件地址提供给已签名的用户.如何使用itext7 c#从数字签名中提取电子邮件地址?

Given a pdf is signed using DSC token certificate. Adobe reader gives the email address of the user to who has signed.How can i extract email address from digital signature using itext7 c#?

我试图提取PdfPKCS7类中的数据.但是它不包含电子邮件地址.

I have tried to extract data in PdfPKCS7 class.But it does not contain email address.

使用ItextSharp，

Using ItextSharp,

PdfReader reader = new PdfReader(path);
AcroFields fields = reader.AcroFields;
List<String> names = fields.GetSignatureNames();
foreach (string name in names)
{
   VerifySignature(fields, name);
}

验证签名方法提供证书详细信息的地方

Where verify Signature method gives certificate details

 virtual public PdfPKCS7 VerifySignature(AcroFields fields, String name)
 {
    Console.WriteLine("Signature covers whole document: " + fields.SignatureCoversWholeDocument(name));
    Console.WriteLine("Document revision: " + fields.GetRevision(name) + " of " + fields.TotalRevisions);
    PdfPKCS7 pkcs7 = fields.VerifySignature(name);
    Console.WriteLine("Integrity check OK? " + pkcs7.Verify());
    return pkcs7;
}

推荐答案

您的示例PDF至少在四个位置包含电子邮件地址:

Your example PDF contains the email address in at least four locations:

• 签名值的名称条目.
• 签署者证书的主题备用名称.
• 签署者证书的主题DN的通用名称.
• 签署者证书的主题DN的电子邮件地址.

• The Name entry of the signature value.
• The subject alternative name of the signer certificate.
• The common name of the subject DN of the signer certificate.
• The email address of the subject DN of the signer certificate.

以下代码与您的iTextSharp代码以及四个电子邮件地址位置的输出相对应:

The following code corresponds to your iTextSharp code plus the output of the four email address locations:

using (PdfReader pdfReader = new PdfReader(PDF))
using (PdfDocument pdfDocument = new PdfDocument(pdfReader))
{
    SignatureUtil signatureUtil = new SignatureUtil(pdfDocument);
    foreach (string signatureName in signatureUtil.GetSignatureNames())
    {
        Console.WriteLine("\n{0}\n**********", signatureName);
        Console.WriteLine("Name: " + signatureUtil.GetSignature(signatureName).GetName());
        Console.WriteLine("Signature covers whole document: " + signatureUtil.SignatureCoversWholeDocument(signatureName));
        Console.WriteLine("Document revision: " + signatureUtil.GetRevision(signatureName) + " of " + signatureUtil.GetTotalRevisions());
        PdfPKCS7 pkcs7 = signatureUtil.ReadSignatureData(signatureName);
        Console.WriteLine("Integrity check OK? " + pkcs7.VerifySignatureIntegrityAndAuthenticity());
        Org.BouncyCastle.X509.X509Certificate cert = pkcs7.GetSigningCertificate();
        Console.Write("Subject alternative names: ");
        foreach (var list in cert.GetSubjectAlternativeNames())
            foreach (var name in (IList)list)
                Console.Write(name + " ");
        Console.WriteLine();
        Org.BouncyCastle.Asn1.X509.X509Name subjectDn = cert.SubjectDN;
        Console.WriteLine("Subject DN: " + subjectDn);
        Console.Write("Subject DN common name: ");
        foreach (var name in subjectDn.GetValueList(Org.BouncyCastle.Asn1.X509.X509Name.CN))
            Console.Write(name + " ");
        Console.WriteLine();
        Console.Write("Subject DN email: ");
        foreach (var name in subjectDn.GetValueList(Org.BouncyCastle.Asn1.X509.X509Name.EmailAddress))
            Console.Write(name + " ");
        Console.WriteLine();
    }
}

文件的输出:

Signature1
**********
Name: gerald.holmann@qoppa.com
Signature covers whole document: True
Document revision: 1 of 1
Integrity check OK? True
Subject alternative names: 1 gerald.holmann@qoppa.com 
Subject DN: CN=gerald.holmann@qoppa.com,E=gerald.holmann@qoppa.com
Subject DN common name: gerald.holmann@qoppa.com 
Subject DN email: gerald.holmann@qoppa.com

我显然无法确定您会遇到的其他证书将使用这些职位中的哪个职位.因此，您要么必须确定是否在需求中指定了该字段，要么可能必须简单地检查所有这些字段.

I obviously cannot tell which of these positions will be used by other certificates you'll come across. Thus, you either have to find out whether that is specified somewhere in your requirements or you may have to simply check all these fields.

您所指出的位置的Adobe Reader最有可能显示签署者证书的主题DN的通用名称，但这不必是电子邮件地址，可以是用作通用名称的任何内容证书所有者.

Adobe Reader at the position you pointed out most likely shows the common name of the subject DN of the signer certificate, but this needn't be an email address, it can be anything that serves as a common name for the certificate owner.

这篇关于使用itext7从pdf中的数字签名中提取电子邮件地址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！