I use iTextSharp to sign a PDF file. But Adobe Reader cannot verify my signature. I use SHA-2 test certificate (I tried also SHA-1) generated by certification authority. I h开发者_高级运维ave installed root certificate for test certificates of this authority.
public static void SignHashed(X509Certificate2 card, Stream input, Stream output) {
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(card.RawData) };
PdfReader reader = new PdfReader(input);
PdfStamper stp = PdfStamper.CreateSignature(reader, output, '\0');
PdfSignatureAppearance sap = stp.SignatureAppearance;
sap.SignDate = DateTime.Now;
sap.SetCrypto(null, chain, null, PdfSignatureAppearance.WINCER_SIGNED);
sap.Reason = "Testování";
sap.Location = "Praha";
sap.Acro6Layers = true;
sap.Render = PdfSignatureAppearance.SignatureRender.GraphicAndDescription;
PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKMS, PdfName.ADBE_PKCS7_SHA1);
dic.Date = new PdfDate(sap.SignDate);
dic.Name = PdfPKCS7.GetSubjectFields(chain[0]).GetField("CN");
if (sap.Reason != null) dic.Reason = sap.Reason;
if (sap.Location != null) dic.Location = sap.Location;
sap.CryptoDictionary = dic;
int csize = 4000;
Hashtable exc = new Hashtable();
exc[PdfName.CONTENTS] = csize * 2 + 2;
sap.PreClose(exc);
System.Security.Cryptography.HashAlgorithm sha = new System.Security.Cryptography.SHA1CryptoServiceProvider();
Stream s = sap.RangeStream;
int read = 0;
byte[] buff = new byte[8192];
while ((read = s.Read(buff, 0, 8192)) > 0) {
sha.TransformBlock(buff, 0, read, buff, 0);
}
sha.TransformFinalBlock(buff, 0, 0);
byte[] pk = SignMsg(sha.Hash, card, false);
byte[] outc = new byte[csize];
PdfDictionary dic2 = new PdfDictionary();
Array.Copy(pk, 0, outc, 0, pk.Length);
dic2.Put(PdfName.CONTENTS, new PdfString(outc).SetHexWriting(true));
sap.Close(dic2);
}
Does anyone knows better solution for sign a PDF?
Adobe Reader can't verify the sign because need to import the CA chain to Adobe Reader in Advanced menú, option "Manage Trusted Identities". Good luck!
精彩评论