签名在iTextSharp中无效 [英] A signature is not valid in iTextSharp
本文介绍了签名在iTextSharp中无效的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
您好,
我有一个VB.NET脚本,可以签署PDF文档。这意味着 - 插入签名和时间戳。但最终文件未经过验证,并显示签名无效:此文件已被更改或损坏
以下是代码:
Hello,
I got a VB.NET script which makes a PDF document signed. It means - insert a signature and a timestamp. But the final document is not verified and it shows that the signature is not valid: "this document has been altered or corrupted"
Here is the code:
certificateData = podepsat(8)
Dim bytes as Byte()
If String.IsNullOrEmpty(podepsat(2)) Then
bytes = certificateData.Export(X509ContentType.Pfx)
Else
bytes = certificateData.Export(X509ContentType.Pfx, podepsat(2))
End If
processCert(bytes, podepsat(2))
Dim tsc As ITSAClient = New TSAClientBouncyCastle(podepsat(9), podepsat(10), podepsat(11))
Dim reader As New PdfReader(fileName)
fileName = "signed-" & fileName
Dim fout As New FileStream(fileName, FileMode.Create, FileAccess.Write)
Dim stp As PdfStamper = PdfStamper.CreateSignature(reader, fout, "\0", Nothing, False)
Dim sap As PdfSignatureAppearance = stp.SignatureAppearance
sap.SetCrypto(Nothing, chain, Nothing, PdfSignatureAppearance.SELF_SIGNED)
sap.Reason = podepsat(3)
sap.Contact = podepsat(4)
sap.Location = podepsat(5)
sap.SignDate = podepsat(6)
sap.SetVisibleSignature(New iTextSharp.text.Rectangle(100, 100, 300, 200), 1, "Signature")
Dim dic As New PdfSignature(PdfName.ADOBE_PPKLITE, New PdfName("adbe.pkcs7.detached"))
dic.Reason = sap.Reason
dic.Location = sap.Location
dic.Contact = sap.Contact
dic.Date = New PdfDate(sap.SignDate)
sap.CryptoDictionary = dic
Dim contentEstimated As Integer = 15000
Dim exc As New Dictionary(Of PdfName, Integer)
exc(PdfName.CONTENTS) = contentEstimated * 2 + 2
sap.PreClose(exc)
Dim sgn As New PdfPKCS7(akp, chain, Nothing, "SHA1", False)
Dim messageDigest As IDigest = DigestUtilities.GetDigest("SHA1")
Dim data As Stream = sap.GetRangeStream()
Dim buf As Byte() = New Byte(8191) {}
Dim n As Integer
While (n = data.Read(buf, 0, buf.Length)) > 0
messageDigest.BlockUpdate(buf, 0, n)
End While
Dim hash As Byte() = New Byte(messageDigest.GetDigestSize() - 1) {}
messageDigest.DoFinal(hash, 0)
Dim cal As DateTime = DateTime.Now
Dim ocsp As Byte() = Nothing
If chain.Length >= 2 Then
Dim url As [String] = PdfPKCS7.GetOCSPURL(chain(0))
If url IsNot Nothing AndAlso url.Length > 0 Then
ocsp = New OcspClientBouncyCastle().GetEncoded(chain(0), chain(1), url)
End If
End If
Dim sh As Byte() = sgn.GetAuthenticatedAttributeBytes(hash, cal, ocsp)
sgn.Update(sh, 0, sh.Length)
Dim encodedSig As Byte() = sgn.GetEncodedPKCS7(hash, cal, tsc, ocsp)
If contentEstimated + 2 < encodedSig.Length Then
Throw New Exception("Not enough space")
End If
Dim paddedSig As Byte() = New Byte(contentEstimated - 1) {}
System.Array.Copy(encodedSig, 0, paddedSig, 0, encodedSig.Length)
Dim dic2 As New PdfDictionary()
dic2.Put(PdfName.CONTENTS, New PdfString(paddedSig).SetHexWriting(True))
sap.Close(dic2)
你能帮我吗,问题出在哪里?
processCert填写akp和代码中定义的链。
certificateData也被声明了。
我找不到问题..帮助请解决。
感谢您的帮助!
Can you help me, please, where is the problem?
processCert fill the akp and chain which are defined up in the code.
certificateData is also declared up.
I can`t find the problem.. Help me solve it, please.
Thank you for your help!
推荐答案
签名者根证书安装在Windows?
Pdf查看器是否信任Windows证书存储区?假设Acrobat,请参阅此文章: http://blogs.adobe.com/security/2008/08/setting_signature_trust_in_ado_2 .html [ ^ ] (这里描述的设置仍然有效)
Is the signer root certificate installed in windows?
Is the Windows Certificate store trusted by the Pdf viewer? Supposing Acrobat, see this article: http://blogs.adobe.com/security/2008/08/setting_signature_trust_in_ado_2.html[^] (the settings described there are still valid)
这篇关于签名在iTextSharp中无效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
