Re: [iText-questions] want to verify a pdf signed by timestamp

Thu, 05 Apr 2012 07:18:43 -0700 

Hi,

The PAdES LTV's pk.SignDate is "1/1/0001 12:00:00 AM" thus you must to  
use the pk.TimeStampDate instead of it.

Attila.


         public virtual void Verify(Stream inStream)
         {
             List<X509Certificate> kall = new List<X509Certificate>();
             foreach  
(System.Security.Cryptography.X509Certificates.StoreLocation  
storeLocation in  
typeof(System.Security.Cryptography.X509Certificates.StoreLocation).GetEnumValues())
             {
                 foreach  
(System.Security.Cryptography.X509Certificates.StoreName storeName in  
typeof(System.Security.Cryptography.X509Certificates.StoreName).GetEnumValues())
                 {
                      
System.Security.Cryptography.X509Certificates.X509Store store = new  
System.Security.Cryptography.X509Certificates.X509Store(storeName,  
storeLocation);
                      
store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadOnly);
                     try
                     {
                         X509CertificateParser certParser = new  
X509CertificateParser();
                          
System.Security.Cryptography.X509Certificates.X509Certificate2Collection col =  
store.Certificates;
                         foreach  
(System.Security.Cryptography.X509Certificates.X509Certificate2 cer in  
col)
                         {
                             kall.Add(certParser.ReadCertificate(cer.RawData));
                         }
                     }
                     finally
                     {
                         store.Close();
                     }
                 }
             }
             PdfReader reader = new PdfReader(inStream);
             AcroFields af = reader.AcroFields;
             List<String> names = af.GetSignatureNames();
             for (int k = 0; k < names.Count; ++k)
             {
                 String name = names[k];
                 System.Console.Out.WriteLine("Signature name: " + name);
                 System.Console.Out.WriteLine("Signature covers whole  
document: " + af.SignatureCoversWholeDocument(name));
                 System.Console.Out.WriteLine("Document revision: " +  
af.GetRevision(name) + " of " + af.TotalRevisions);
                 PdfPKCS7 pk = af.VerifySignature(name);
                 // PAdES LTV -> pk.SignDate is "1/1/0001 12:00:00 AM"
                 DateTime cal = pk.SignDate.Equals(new DateTime(1, 1,  
1, 0, 0, 0)) ? pk.TimeStampDate : pk.SignDate;
                 X509Certificate[] pkc = pk.Certificates;
                 System.Console.Out.WriteLine("Subject: " +  
PdfPKCS7.GetSubjectFields(pk.SigningCertificate).GetField("CN"));
                 System.Console.Out.WriteLine("Document modified: " +  
!pk.Verify());
                 Object[] fails = PdfPKCS7.VerifyCertificates(pkc,  
kall, null, cal);
                 if (fails == null)
                     System.Console.Out.WriteLine("Certificates  
verified against the KeyStore");
                 else
                 {
                     System.Console.Out.WriteLine("Certificate failed:  
" + fails[1]);
                 }
                 System.Console.Out.WriteLine();
             }
         }
     }



Idézet (Christian Fritschka <christian.fritsc...@abacus.ch>):

> Hi all,
>
> once again but with the latest iText vesion. I signed a pdf with the  
> example "How to apply verification according to PAdES-LTV" and  
> wanted to verify the signed document with example "How to verify".  
> Both from "http://itextpdf.sourceforge.net/howtosign.html";.
>
> The validation is ok - a part of it. Because "Timestamp imprint  
> verifies:" says all the time "false".
> If I check the signed document in Adobe everthing is fine. But not  
> with iText.
>
> Is there a solution how get "Timestamp imprint verifies:" to true?
>
> Thanks a lot
>
> Am 27.01.2012 um 15:34 schrieb mkl:
>
>> Christian,
>>
>> Christian Fritschka wrote
>>> I have a PDF which is signed with a timestamp. When I try to verify the
>>> signature I get the message that this signature is not valid. Especially
>>> when I try to read the signatures date - it's null.
>>
>> iText does not yet fully support PAdES part 4 document time stamps, it
>> generates them but cannot verify them: It finds them but treats them as
>> regular CMS style document signatures. As RFC 3161 style time stamps are
>> very much like CMS signatures this works to a certain degree. But as both
>> the document hash and the time reference are coded in different fields in
>> these styles, the hash value verification fails and the time stamp time
>> cannot be read.
>>
>> If I understood his posts correctly, Paulo started working on PAdES document
>> time stamp verification late December. As long as this kind of verification
>> is not explicitly requested by some paying client, though, it surely is not
>> a high priority project.
>>
>> Regards,   Michael
>>
>> --
>> View this message in context:  
>> http://itext-general.2136553.n4.nabble.com/want-to-verify-a-pdf-signed-by-timestamp-tp4327813p4333631.html
>> Sent from the iText - General mailing list archive at Nabble.com.
>>
>> ------------------------------------------------------------------------------
>> Try before you buy = See our experts in action!
>> The most comprehensive online learning library for Microsoft developers
>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
>> Metro Style Apps, more. Free future releases when you subscribe now!
>> http://p.sf.net/sfu/learndevnow-dev2
>> _______________________________________________
>> iText-questions mailing list
>> iText-questions@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>
>> iText(R) is a registered trademark of 1T3XT BVBA.
>> Many questions posted to this list can (and will) be answered with  
>> a reference to the iText book: http://www.itextpdf.com/book/
>> Please check the keywords list before you ask for examples:  
>> http://itextpdf.com/themes/keywords.php
>
>
> ------------------------------------------------------------------------------
> Better than sec? Nothing is better than sec when it comes to
> monitoring Big Data applications. Try Boundary one-second
> resolution app monitoring today. Free.
> http://p.sf.net/sfu/Boundary-dev2dev
> _______________________________________________
> iText-questions mailing list
> iText-questions@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a  
> reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples:  
> http://itextpdf.com/themes/keywords.php
>


------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second 
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference 
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: 
http://itextpdf.com/themes/keywords.php

Reply via email to