问题
Following External signing PDF with iText by Grazina, and reading the mkl answer on that post, I currently have invalid signature (syntax error), even after adding the hash prefix.
Current code:
private void SignPDFCore(string pdfFilePath)
{
var chain = this.GetUserCertificates(userId, ProgramV2.TempCertificatesLogFilePath);
//var certificate = chain.First();
var signedPdfFilePath = $"{pdfFilePath}.signed.pdf";
using (PdfReader reader = new PdfReader(pdfFilePath))
{
using (FileStream baos = File.OpenWrite(signedPdfFilePath))
{
PdfStamper pdfStamper = PdfStamper.CreateSignature(reader, baos, '\0', null, true);
PdfSignatureAppearance sap = pdfStamper.SignatureAppearance;
//sap.Certificate = certificate; //Chain[0];
sap.SetVisibleSignature(new iTextSharp.text.Rectangle(36, 720, 160, 780), 1, signatureFieldName);
//sap.SetVisibleSignature(signatureFieldName);
//sap.SignDate = DateTime.Now;
PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_DETACHED);
//dic.Date = new PdfDate(sap.SignDate);
dic.Name = "Name Test"; //CertificateInfo.GetSubjectFields(certificate).GetField("CN");
sap.CryptoDictionary = dic;
sap.Acro6Layers = true;
//sap.CertificationLevel = PdfSignatureAppearance.CERTIFIED_FORM_FILLING_AND_ANNOTATIONS;
sap.Reason = "test";
sap.Location = "test";
IExternalSignature signatureExternal = new RemoteSignature(this, signedPdfFilePath);
MakeSignature.SignDetached(sap, signatureExternal, chain, null, null, null, 8192, CryptoStandard.CMS);
}
}
}
public class RemoteSignature : IExternalSignature {
private string FilePath { get; set; }
public RemoteSignature(string filePath){
this.FilePath = filePath;
}
public virtual byte[] Sign(byte[] message){
IDigest messageDigest = DigestUtilities.GetDigest(GetHashAlgorithm());
byte[] messageHash = DigestAlgorithms.Digest(messageDigest, message);
//Add prefix to hash
byte[] sha256Prefix = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 };
byte[] digestInfo = new byte[sha256Prefix.Length + messageHash.Length];
sha256Prefix.CopyTo(digestInfo, 0);
messageHash.CopyTo(digestInfo, sha256Prefix.Length);
// Request signature for hash value messageHash and return signature bytes
var signedHash = CALL_WEBSERVICE_TO_SIGN_HASH(digestInfo);
return signedHash;
}
public virtual String GetHashAlgorithm() {
return "SHA-256";
}
public virtual String GetEncryptionAlgorithm() {
return "RSA";
}
}
RESULTS OBTAINED
MESSAGE HASH (BASE 64):
YY4Zu4mx+HLFVDQiUZ7fFB+b6q47tsUgFeVuRVyKhT0=
MESSAGE HASH WITH PREFIX (BASE 64):
MDEwDQYJYIZIAWUDBAIBBQAEIGGOGbuJsfhyxVQ0IlGe3xQfm+quO7bFIBXlbkVcioU9
SIGNED HASH (base 64):
L9uAzytd6UZocXN2OYHy0qfBc0q+hFErs9jBBVSI3szI7LA5i5dIL7bWhoP0Uz7Y23NSst2LWJMcSLwoXg3H5cYVCW44eEDFIP6DxuIC6j6rLFugDzt0E5cMqWKpniH3YHVyVOFVNZNIgEtNgWHUuYl8KT+S5IMN7+8G7P7eDuuT0jS/+c05JmN5i9oQmNXB1cpvRi0TFnvUTrUGKcJ2ueGJ7YDTA9OPIlbby041zQjtK6VGHldVGm2IYiggxO8+0ULO5ARbZQGe1D4FaLtOqTUSpgt+jfpVwn9jif2sP+q16alF3hKyIgnrY2Ui2k9R/XhwikLjnIWnr7j1YANyZBOCTv507UOecFLW00l/uONnwrT86xL6h+w3aH2vnK5UxObFzYJeXUql7m9Nsau0hw7rgFNq4xYoBj2yYr8R2ZrXHgwDAV4u42PnOo4AzDLSoE7eRVmRLxzkxyZPm6+v0/H7chaBRpadkkwkSFvw12+Tksv58xYywr5R3EdxSIks
Can mkl please help checking the signed hash, like did in Grazina's answer? Thanks.
来源:https://stackoverflow.com/questions/59669163/external-signing-pdf-with-itext-2