I was able to get it working late last night by changing the temp file path to
null when calling the PdfStamper.CreateSignature method.
Thanks for your help.
Old line
PdfStamper stamper =
PdfStamper.CreateSignature(reader, output, '\0', "c:\\temp\\temppdf.pdf",
false);
New line
PdfStamper stamper =
PdfStamper.CreateSignature(reader, output, '\0', null, false); //changed the
temp path to be null and it works correctly
What's weird, is that it had full rights and access to the path of the file
that was in there, but would break the PDF when it was in there. Another side
note is that when using the temp path, the pdf is about 30k bigger. I've
attached a working and broken copy for you if you want to look at it?
Here is the code that is working, maybe it will help someone out in the future
with pulling certificates from the windows certificate store.
public byte[] SignPdf(string pdf, byte[] password)
{
using (MemoryStream output = new MemoryStream())
{
X509Store x509Store = new
X509Store(StoreName.My, StoreLocation.LocalMachine);
x509Store.Open(OpenFlags.ReadOnly);
//read out the first cert
X509Certificate2 x509Cert =
x509Store.Certificates.Find(
X509FindType.FindByThumbprint,
System.Configuration.ConfigurationManager.AppSettings["PDFCertificateThumbprint"],
false)[0];
OrgX509.X509CertificateParser cp = new
OrgX509.X509CertificateParser();
OrgX509.X509Certificate[] chain = new
OrgX509.X509Certificate[] { cp.ReadCertificate(x509Cert.RawData) };
PdfReader reader = new PdfReader(pdf);
PdfStamper stamper =
PdfStamper.CreateSignature(reader, output, '\0', null, false); //changed the
temp path to be null and it works correctly
//stamper.SetEncryption(null,
// password,
// PdfWriter.ALLOW_PRINTING |
// PdfWriter.ALLOW_COPY |
// PdfWriter.ALLOW_SCREENREADERS,
// PdfWriter.ENCRYPTION_AES_256);
PdfSignatureAppearance sap =
stamper.SignatureAppearance;
sap.SetVisibleSignature(new Rectangle(1, 1, 1,
1), 1, "SigField");
sap.SignDate = DateTime.Now;
sap.SetCrypto(null, chain, null, null);
sap.Reason = "I like to sign";
sap.Location = "Universe";
sap.Acro6Layers = true;
sap.Render =
PdfSignatureAppearance.SignatureRender.Description;
PdfSignature dic = new
PdfSignature(PdfName.ADOBE_PPKMS, PdfName.ADBE_PKCS7_SHA1);
dic.Date = new PdfDate(sap.SignDate);
dic.Name =
PdfPKCS7.GetSubjectFields(chain[0]).GetField("CN");
if (sap.Reason != null)
dic.Reason = sap.Reason;
if (sap.Location != null)
dic.Location = sap.Location;
sap.CryptoDictionary = dic;
int csize = 4000;
Dictionary<PdfName, int> exc = new
Dictionary<PdfName, int>();
exc[PdfName.CONTENTS] = csize * 2 + 2;
sap.PreClose(exc);
HashAlgorithm sha = new
SHA1CryptoServiceProvider();
Stream s = sap.RangeStream;
int read = 0;
byte[] buff = new byte[8192];
while ((read = s.Read(buff, 0, 8192)) > 0)
{
sha.TransformBlock(buff, 0, read, buff,
0);
}
sha.TransformFinalBlock(buff, 0, 0);
byte[] pk = SignMsg(sha.Hash, x509Cert, false);
byte[] outc = new byte[csize];
PdfDictionary dic2 = new PdfDictionary();
Array.Copy(pk, 0, outc, 0, pk.Length);
dic2.Put(PdfName.CONTENTS, new
PdfString(outc).SetHexWriting(true));
sap.Close(dic2);
stamper.Close();
return output.GetBuffer();
}
}
public byte[] SignMsg(Byte[] msg, X509Certificate2 signerCert,
bool detached)
{
// Place message in a ContentInfo object.
// This is required to build a SignedCms object.
ContentInfo contentInfo = new ContentInfo(msg);
// Instantiate SignedCms object with the ContentInfo
above.
// Has default SubjectIdentifierType
IssuerAndSerialNumber.
SignedCms signedCms = new SignedCms(contentInfo,
detached);
// Formulate a CmsSigner object for the signer.
CmsSigner cmsSigner = new CmsSigner(signerCert);
// Include the following line if the top certificate in
the
// smartcard is not in the trusted list.
cmsSigner.IncludeOption = X509IncludeOption.EndCertOnly;
// Sign the CMS/PKCS #7 message. The second argument is
// needed to ask for the pin.
signedCms.ComputeSignature(cmsSigner, false);
// Encode the CMS/PKCS #7 message.
return signedCms.Encode();
}
-----Original Message-----
From: mkl [mailto:m...@wir-sind-cool.org]
Sent: Wednesday, August 17, 2011 3:27 AM
To: itext-questions@lists.sourceforge.net
Subject: Re: [iText-questions] ~RE: Adding signature image to pdf
Edward,
Edward Cooke wrote:
> I've been banging my head against the wall trying to sign the document
> with a certificate and itextsharp. I've tried copying your code on
> http://itextpdf.sourceforge.net/howtosign.html#signextitextsharp2 in
> the Sign by card section at the bottom, changing it to pull a
> certificate from the store instead of by a card. It gets the public
> and private keys and appears to be working correctly. Inside of adobe
> it shows the correct certificate being applied, but it is telling me
> it's an invalid signatre, it's saying that the byte range is invalid. Any
> thoughts?
Even though I'm not working with the .Net versions (and, thus, cannot easily
reproduce your tests), I (and others) might help if you provided a sample
document signed with your code. Seeing what exactly is wrong in the document
often gives good hints when searching the culprit.
Regards, Michael.
--
View this message in context:
http://itext-general.2136553.n4.nabble.com/Adding-signature-image-to-pdf-tp3740010p3749483.html
Sent from the iText - General mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user
administration capabilities and model configuration. Take the hassle out of
deploying and managing Subversion and the tools developers use with it.
http://p.sf.net/sfu/wandisco-d2d-2
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/ Please check the keywords list
before you ask for examples: http://itextpdf.com/themes/keywords.php
------------------------------------------------------------------------------
Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
user administration capabilities and model configuration. Take
the hassle out of deploying and managing Subversion and the
tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
