A signature is not valid in iTextSharp

Question

0.00/5 (No votes)

See more:

Hello,
I got a VB.NET script which makes a PDF document signed. It means - insert a signature and a timestamp. But the final document is not verified and it shows that the signature is not valid: "this document has been altered or corrupted"

Here is the code:

VB

certificateData = podepsat(8)
Dim bytes as Byte()
If String.IsNullOrEmpty(podepsat(2)) Then
   bytes = certificateData.Export(X509ContentType.Pfx)
Else
   bytes = certificateData.Export(X509ContentType.Pfx, podepsat(2))
End If

                processCert(bytes, podepsat(2))

                Dim tsc As ITSAClient = New TSAClientBouncyCastle(podepsat(9), podepsat(10), podepsat(11))

                Dim reader As New PdfReader(fileName)
                fileName = "signed-" & fileName
                Dim fout As New FileStream(fileName, FileMode.Create, FileAccess.Write)
                Dim stp As PdfStamper = PdfStamper.CreateSignature(reader, fout, "\0", Nothing, False)
                Dim sap As PdfSignatureAppearance = stp.SignatureAppearance

                sap.SetCrypto(Nothing, chain, Nothing, PdfSignatureAppearance.SELF_SIGNED)
                sap.Reason = podepsat(3)
                sap.Contact = podepsat(4)
                sap.Location = podepsat(5)
                sap.SignDate = podepsat(6)
                sap.SetVisibleSignature(New iTextSharp.text.Rectangle(100, 100, 300, 200), 1, "Signature")
                Dim dic As New PdfSignature(PdfName.ADOBE_PPKLITE, New PdfName("adbe.pkcs7.detached"))
                dic.Reason = sap.Reason
                dic.Location = sap.Location
                dic.Contact = sap.Contact
                dic.Date = New PdfDate(sap.SignDate)
                sap.CryptoDictionary = dic

                Dim contentEstimated As Integer = 15000
                Dim exc As New Dictionary(Of PdfName, Integer)
                exc(PdfName.CONTENTS) = contentEstimated * 2 + 2
                sap.PreClose(exc)

                Dim sgn As New PdfPKCS7(akp, chain, Nothing, "SHA1", False)
                Dim messageDigest As IDigest = DigestUtilities.GetDigest("SHA1")
                Dim data As Stream = sap.GetRangeStream()
                Dim buf As Byte() = New Byte(8191) {}
                Dim n As Integer
                While (n = data.Read(buf, 0, buf.Length)) > 0
                    messageDigest.BlockUpdate(buf, 0, n)
                End While
                Dim hash As Byte() = New Byte(messageDigest.GetDigestSize() - 1) {}
                messageDigest.DoFinal(hash, 0)
                Dim cal As DateTime = DateTime.Now
                Dim ocsp As Byte() = Nothing
                If chain.Length >= 2 Then
                    Dim url As [String] = PdfPKCS7.GetOCSPURL(chain(0))
                    If url IsNot Nothing AndAlso url.Length > 0 Then
                        ocsp = New OcspClientBouncyCastle().GetEncoded(chain(0), chain(1), url)
                    End If
                End If
                Dim sh As Byte() = sgn.GetAuthenticatedAttributeBytes(hash, cal, ocsp)
                sgn.Update(sh, 0, sh.Length)

                Dim encodedSig As Byte() = sgn.GetEncodedPKCS7(hash, cal, tsc, ocsp)
                If contentEstimated + 2 < encodedSig.Length Then
                    Throw New Exception("Not enough space")
                End If

                Dim paddedSig As Byte() = New Byte(contentEstimated - 1) {}
                System.Array.Copy(encodedSig, 0, paddedSig, 0, encodedSig.Length)

                Dim dic2 As New PdfDictionary()
                dic2.Put(PdfName.CONTENTS, New PdfString(paddedSig).SetHexWriting(True))

                sap.Close(dic2)

Can you help me, please, where is the problem?
processCert fill the akp and chain which are defined up in the code.
certificateData is also declared up.

I can`t find the problem.. Help me solve it, please.

Thank you for your help!

Posted 26-Dec-12 10:30am

janprasil

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

**Zoltán Zörgő** · Answer 1 · 2012-12-26T10:43:00

Solution 1

Is the signer root certificate installed in windows?
Is the Windows Certificate store trusted by the Pdf viewer? Supposing Acrobat, see this article: http://blogs.adobe.com/security/2008/08/setting_signature_trust_in_ado_2.html[^] (the settings described there are still valid)

Posted 26-Dec-12 10:43am

Zoltán Zörgő

Comments

janprasil 26-Dec-12 16:52pm

Thank you..

Yes, I think it is... Because I made the same PDF file with iSafePDF (iSafePDF: The Open Source PDF Signature Tooll) and it perfectly works, so i tried to use the part of the code but it does not work.