Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
Hello,
I got a VB.NET script which makes a PDF document signed. It means - insert a signature and a timestamp. But the final document is not verified and it shows that the signature is not valid: "this document has been altered or corrupted"
 
Here is the code:

certificateData = podepsat(8)
Dim bytes as Byte()
If String.IsNullOrEmpty(podepsat(2)) Then
   bytes = certificateData.Export(X509ContentType.Pfx)
Else
   bytes = certificateData.Export(X509ContentType.Pfx, podepsat(2))
End If
 
                processCert(bytes, podepsat(2))
 
                Dim tsc As ITSAClient = New TSAClientBouncyCastle(podepsat(9), podepsat(10), podepsat(11))
 
                Dim reader As New PdfReader(fileName)
                fileName = "signed-" & fileName
                Dim fout As New FileStream(fileName, FileMode.Create, FileAccess.Write)
                Dim stp As PdfStamper = PdfStamper.CreateSignature(reader, fout, "\0", Nothing, False)
                Dim sap As PdfSignatureAppearance = stp.SignatureAppearance
 
                sap.SetCrypto(Nothing, chain, Nothing, PdfSignatureAppearance.SELF_SIGNED)
                sap.Reason = podepsat(3)
                sap.Contact = podepsat(4)
                sap.Location = podepsat(5)
                sap.SignDate = podepsat(6)
                sap.SetVisibleSignature(New iTextSharp.text.Rectangle(100, 100, 300, 200), 1, "Signature")
                Dim dic As New PdfSignature(PdfName.ADOBE_PPKLITE, New PdfName("adbe.pkcs7.detached"))
                dic.Reason = sap.Reason
                dic.Location = sap.Location
                dic.Contact = sap.Contact
                dic.Date = New PdfDate(sap.SignDate)
                sap.CryptoDictionary = dic
 
                Dim contentEstimated As Integer = 15000
                Dim exc As New Dictionary(Of PdfName, Integer)
                exc(PdfName.CONTENTS) = contentEstimated * 2 + 2
                sap.PreClose(exc)
 
                Dim sgn As New PdfPKCS7(akp, chain, Nothing, "SHA1", False)
                Dim messageDigest As IDigest = DigestUtilities.GetDigest("SHA1")
                Dim data As Stream = sap.GetRangeStream()
                Dim buf As Byte() = New Byte(8191) {}
                Dim n As Integer
                While (n = data.Read(buf, 0, buf.Length)) > 0
                    messageDigest.BlockUpdate(buf, 0, n)
                End While
                Dim hash As Byte() = New Byte(messageDigest.GetDigestSize() - 1) {}
                messageDigest.DoFinal(hash, 0)
                Dim cal As DateTime = DateTime.Now
                Dim ocsp As Byte() = Nothing
                If chain.Length >= 2 Then
                    Dim url As [String] = PdfPKCS7.GetOCSPURL(chain(0))
                    If url IsNot Nothing AndAlso url.Length > 0 Then
                        ocsp = New OcspClientBouncyCastle().GetEncoded(chain(0), chain(1), url)
                    End If
                End If
                Dim sh As Byte() = sgn.GetAuthenticatedAttributeBytes(hash, cal, ocsp)
                sgn.Update(sh, 0, sh.Length)
 
                Dim encodedSig As Byte() = sgn.GetEncodedPKCS7(hash, cal, tsc, ocsp)
                If contentEstimated + 2 < encodedSig.Length Then
                    Throw New Exception("Not enough space")
                End If
 
                Dim paddedSig As Byte() = New Byte(contentEstimated - 1) {}
                System.Array.Copy(encodedSig, 0, paddedSig, 0, encodedSig.Length)
 
                Dim dic2 As New PdfDictionary()
                dic2.Put(PdfName.CONTENTS, New PdfString(paddedSig).SetHexWriting(True))
 
                sap.Close(dic2)
 
Can you help me, please, where is the problem?
processCert fill the akp and chain which are defined up in the code.
certificateData is also declared up.
 
I can`t find the problem.. Help me solve it, please.
 
Thank you for your help!
Posted 26-Dec-12 11:30am

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Is the signer root certificate installed in windows?
Is the Windows Certificate store trusted by the Pdf viewer? Supposing Acrobat, see this article: http://blogs.adobe.com/security/2008/08/setting_signature_trust_in_ado_2.html[^] (the settings described there are still valid)
  Permalink  
Comments
janprasil at 26-Dec-12 16:52pm
   
Thank you..

Yes, I think it is... Because I made the same PDF file with iSafePDF (iSafePDF: The Open Source PDF Signature Tooll) and it perfectly works, so i tried to use the part of the code but it does not work.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Maciej Los 310
1 OriginalGriff 285
2 Afzaal Ahmad Zeeshan 200
3 Sergey Alexandrovich Kryukov 195
4 BillWoodruff 180
0 OriginalGriff 6,499
1 Sergey Alexandrovich Kryukov 6,048
2 DamithSL 5,193
3 Manas Bhardwaj 4,657
4 Maciej Los 4,120


Advertise | Privacy | Mobile
Web01 | 2.8.1411022.1 | Last Updated 26 Dec 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100