C# iText使用外部签名Web服务创建签名PDF
我尝试在iText中实现使用外部签名Web服务对PDF进行签名。 我使用iText()提供的示例客户机-服务器签名作为蓝图C# iText使用外部签名Web服务创建签名PDF,c#,pdf,itext,signature,pades,C#,Pdf,Itext,Signature,Pades,我尝试在iText中实现使用外部签名Web服务对PDF进行签名。 我使用iText()提供的示例客户机-服务器签名作为蓝图 public class ServerSignature : IExternalSignature { public String GetHashAlgorithm() { return DigestAlgorithms.SHA256; } public String GetEncryptionAlgorithm()
public class ServerSignature : IExternalSignature
{
public String GetHashAlgorithm()
{
return DigestAlgorithms.SHA256;
}
public String GetEncryptionAlgorithm()
{
return "ECDSA";
//return "1.2.840.10045.4.3.2";
}
public byte[] Sign(byte[] message)
{
string base64encodedMessage = Convert.ToBase64String(message);
// upload to WebService and return response
return Convert.FromBase64String(signatureValueFromWebServiceResponse)
}
}
在方法public byte[]sign(byte[]message)中,我使用以下请求将接收到的消息上载到Web服务
<?xml version='1.0' encoding='UTF-8'?>
<CreateXMLSignatureRequest xmlns='http://www.buergerkarte.at/namespaces/securitylayer/1.2#'>
<KeyboxIdentifier>SecureSignatureKeypair</KeyboxIdentifier>
<DataObjectInfo Structure='detached'>
<DataObject>
<Base64Content>_BASE_64_ENCODED_MESSAGE_GOES_HERE_</Base64Content>
</DataObject>
<TransformsInfo>
<FinalDataMetaInfo>
<MimeType>application/octet-stream</MimeType>
</FinalDataMetaInfo>
</TransformsInfo>
</DataObjectInfo>
</CreateXMLSignatureRequest>
安全签名密钥对
_基本\u 64 \u编码\u消息\u转到\u此处_
应用程序/八位字节流
从收到的响应中,我返回dsig:SignatureValue的base64解码值。但结果pdf中的签名无效
<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
<sl:CreateXMLSignatureResponse xmlns:sl="http://www.buergerkarte.at/namespaces/securitylayer/1.2#">
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="signature-1-1">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
<dsig:Reference Id="reference-1-1" URI="#signed-data-1-1">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
<xpf:XPath xmlns:xpf="http://www.w3.org/2002/06/xmldsig-filter2" Filter="intersect">id('signed-data-1-1')/node()</xpf:XPath>
</dsig:Transform>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<dsig:DigestValue>7jsgSqDrGHnQkoM4DbxMl8zrw2uOPDCKssM40dbsnG4=</dsig:DigestValue>
</dsig:Reference>
<dsig:Reference Id="etsi-data-reference-1-1" Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
<xpf:XPath xmlns:xpf="http://www.w3.org/2002/06/xmldsig-filter2" Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#">//*[@Id='etsi-signed-1-1']/etsi:QualifyingProperties/etsi:SignedProperties</xpf:XPath>
</dsig:Transform>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<dsig:DigestValue>AJjWF42gp3Tqlm1e48cFpEag6qimlxxNLJCN3ifdILo=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>OOf0hDYe3iviLhhI+ILVzDBMdFe81dyQ9wvGlJoPqK8x8EJ307sNhf6Ek+tG769BB5dwc4cfdA+FdImq32zCrw==</dsig:SignatureValue>
<dsig:KeyInfo>
<dsig:X509Data>
<dsig:X509Certificate>MIIFm[...]RLIq62uftJSg==</dsig:X509Certificate>
</dsig:X509Data>
</dsig:KeyInfo>
<dsig:Object Id="signed-data-1-1">MYGRMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwLwYJKoZIhvcNAQkEMSIEIKIfaQzzGO9vOx1dur+Rj8cLeE2YGq/0a3yiOSrhOPIyMEQGCyqGSIb3DQEJEAIvMTUwMzAxMC8wCwYJYIZIAWUDBAIBBCAr+qi8RnPA0LmY6f0eQiHiJSypOC4h8FIOOPMMN9TFsA==</dsig:Object>
<dsig:Object Id="etsi-signed-1-1">
<etsi:QualifyingProperties xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" Target="#signature-1-1">
<etsi:SignedProperties>
<etsi:SignedSignatureProperties>
<etsi:SigningTime>2019-11-10T23:00:45Z</etsi:SigningTime>
<etsi:SigningCertificate>
<etsi:Cert>
<etsi:CertDigest>
<etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<etsi:DigestValue>2wlg8N3c1NxfsP3JJs9V/VJevH8=</etsi:DigestValue>
</etsi:CertDigest>
<etsi:IssuerSerial>
<dsig:X509IssuerName>CN=a-sign-premium-mobile-05,OU=a-sign-premium-mobile-05,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName>
<dsig:X509SerialNumber>548505616</dsig:X509SerialNumber>
</etsi:IssuerSerial>
</etsi:Cert>
</etsi:SigningCertificate>
<etsi:SignaturePolicyIdentifier>
<etsi:SignaturePolicyImplied/>
</etsi:SignaturePolicyIdentifier>
</etsi:SignedSignatureProperties>
<etsi:SignedDataObjectProperties>
<etsi:DataObjectFormat ObjectReference="#reference-1-1">
<etsi:MimeType>application/octet-stream</etsi:MimeType>
</etsi:DataObjectFormat>
</etsi:SignedDataObjectProperties>
</etsi:SignedProperties>
</etsi:QualifyingProperties>
</dsig:Object>
</dsig:Signature>
</sl:CreateXMLSignatureResponse>
id('signed-data-1-1')/node()
7jsgSqDrGHnQkoM4DbxMl8zrw2uOPDCKssM40dbsnG4=
//*[@Id='etsi-signed-1-1']/etsi:QualifyingProperties/etsi:SignedProperties
AJjWF42gp3Tqlm1e48cFpEag6qimlxxNLJCN3ifdILo=
OOF0HDYE3IVILHI+ILVzDBMdFe81dyQ9wvGlJoPqK8x8EJ307sNhf6Ek+tG769BB5dwc4cfdA+FdImq32zCrw==
MIIFm[…]RLIq62uftJSg==
MYGRMBGGCSQGSIB3DQEJAZELBGKQHKIG9W0BBWEWLWYJKOZHIVCNAQKEMSIEIKIFAQZGO9VOX1DUR+Rj8cLeE2YGq/0A3YIOSRHOPIYMEQGSIB3DQEJEVMTUWMZAXMC8WCWYJYIZIAWIDBABIBCAR+Q8RNPA0LMY6EQHIJSYPOC8FIOOPMN9TFSA==
2019-11-10T23:00:45Z
2wlg8N3c1NxfsP3JJs9V/VJevH8=
CN=a-sign-premium-mobile-05,OU=a-sign-premium-mobile-05,O=a-Trust。F电子设备系统。Datenverkehr股份有限公司,C=AT
548505616
应用程序/八位字节流
有人知道我需要如何修改代码以生成有效的签名PDF吗?如果我看得没错(我不太擅长XML签名,我更喜欢CMS签名),您的XML签名会对两块数据进行签名
- 首先是ID为signed-data-1-1、base64已解码和
- 然后使用ID
在etsi-signed-1-1
中创建dsig:Object
etsi:SignedProperties
CreateXMLSignatureRequest
)是否允许您完全不包含任何XML元信息
我建议您尝试使用CreateCMSSignatureRequest
创建CMS签名容器,您可以使用iText 7将其完全嵌入PDF。注意,您将需要一个IExternalSignatureContainer
实现,而不是上面的IExternalSignature
根据所需的确切签名类型,您可以尝试执行CreateCMSSignatureRequest
调用,并将PAdESCompatibility
设置为true
您可能想看一看,尤其是