C# iTextSharp中具有延迟签名的证书链
我正在使用移动签名服务签署PDF文档。在服务对文档的散列签名后,我收到了来自服务的证书。我能够用证书替换文档中的零填充签名容器,没有任何问题,但是我在包含证书链方面遇到了问题 我在应用程序中有根证书、中间证书和叶证书,但我不能将它们包含在签名中。我想我能做的是在代码中创建一个链,然后从该链中注入编码的字节,但这会导致一个无效的证书 我使用的代码如下所示:C# iTextSharp中具有延迟签名的证书链,c#,pdf,itextsharp,itext,pkcs#7,C#,Pdf,Itextsharp,Itext,Pkcs#7,我正在使用移动签名服务签署PDF文档。在服务对文档的散列签名后,我收到了来自服务的证书。我能够用证书替换文档中的零填充签名容器,没有任何问题,但是我在包含证书链方面遇到了问题 我在应用程序中有根证书、中间证书和叶证书,但我不能将它们包含在签名中。我想我能做的是在代码中创建一个链,然后从该链中注入编码的字节,但这会导致一个无效的证书 我使用的代码如下所示: X509CertificateParser cp = new X509CertificateParser(); var certFromSe
X509CertificateParser cp = new X509CertificateParser();
var certFromServer = getCertFromServer();
var rootCert = cp.ReadCertificate(new X509Certificate2(rootCertPath).RawData);
var interCert = cp.ReadCertificate(new X509Certificate2(interCertPath)RawData);
var leafCert = cp.ReadCertificate(new X509Certificate2(leafCertPath).RawData);
List<X509Certificate> intermediateCerts = new List<X509Certificate> {
interCert,
leafCert
};
X509CertificateParser parser = new X509CertificateParser();
PkixCertPathBuilder builder = new PkixCertPathBuilder();
X509CertStoreSelector holder = new X509CertStoreSelector {
Certificate = parser.ReadCertificate(certFromServer)
};
intermediateCerts.Add(holder.Certificate);
HashSet rootCerts = new HashSet {new TrustAnchor(rootCert, null)};
PkixBuilderParameters builderParams = new PkixBuilderParameters(rootCerts, holder)
{
IsRevocationEnabled = false
};
X509CollectionStoreParameters intermediateStoreParameters =
new X509CollectionStoreParameters(intermediateCerts);
builderParams.AddStore(X509StoreFactory.Create(
"Certificate/Collection", intermediateStoreParameters)
);
PkixCertPathBuilderResult result = builder.Build(builderParams);
byte[] certChainBytes = result.CertPath.GetEncoded("PKCS7");
// ExternalSignatureContainer is a container that simply returns the cert bytes
// from its Sign method without changing them.
IExternalSignatureContainer container = new ExternalSignatureContainer(certChainBytes);
MakeSignature.SignDeferred(reader, _signatureFieldName, baos, container);
X509CertificateParser cp=新的X509CertificateParser();
var certFromServer=getCertFromServer();
var rootCert=cp.ReadCertificate(新的X509Certificate2(rootCertPath).RawData);
var interCert=cp.ReadCertificate(新的X509Certificate2(interCertPath)原始数据);
var leafCert=cp.ReadCertificate(新的X509Certificate2(leafCertPath).RawData);
List intermediateCerts=新列表{
插入,
叶蝉
};
X509CertificateParser=新的X509CertificateParser();
PkixCertPathBuilder=新的PkixCertPathBuilder();
X509CertStoreSelector支架=新X509CertStoreSelector{
Certificate=parser.ReadCertificate(certFromServer)
};
中级证书。添加(持有人证书);
HashSet rootCerts=newhashset{new TrustAnchor(rootCert,null)};
PkixBuilderParameters builderParams=新的PkixBuilderParameters(根证书,持有者)
{
IsRevocationEnabled=错误
};
X509采集存储参数中间存储重新参数=
新的X509CollectionStoreParameters(intermediateCerts);
builderParams.AddStore(X509StoreFactory.Create(
“证书/集合”,中间人(重新参数)
);
PkixCertPathBuilderResult结果=builder.Build(builderParams);
byte[]certChainBytes=result.CertPath.GetEncoded(“PKCS7”);
//ExternalSignatureContainer是一个只返回证书字节的容器
//从它的符号方法,而不改变它们。
IExternalSignatureContainer=新的ExternalSignatureContainer(certChainBytes);
MakeSignature.SignDeferred(reader,_signatureFieldName,baos,container);
在iTextSharp中为签名容器构建证书链的正确方法是什么?ExternalSignatureContainer是一个容器,它只从其签名方法返回证书字节,而不更改它们。-但是
SignExternalSignatureContainerSignSignexternalsignaturecanierSignSign