C# 使用iText7将吊销信息添加到签名
我正在制作长期签名。我试图将吊销信息(CRL、OCSP响应、证书链)作为未签名属性添加到签名中,但最终签名中未嵌入吊销信息。 以下是代码片段:C# 使用iText7将吊销信息添加到签名,c#,.net,pdf,itext7,C#,.net,Pdf,Itext7,我正在制作长期签名。我试图将吊销信息(CRL、OCSP响应、证书链)作为未签名属性添加到签名中,但最终签名中未嵌入吊销信息。 以下是代码片段: Stream outputStream = new MemoryStream(); List<byte[]> ocspCollection = new List<byte[]>(); List<byte[]> crlCollection = new List<by
Stream outputStream = new MemoryStream();
List<byte[]> ocspCollection = new List<byte[]>();
List<byte[]> crlCollection = new List<byte[]>();
List<byte[]> certsCollection = new List<byte[]>();
Stream readerStream = new MemoryStream(signedDocument);
PdfReader pdfReader = new PdfReader(readerStream);
PdfSigner pdfSigner = new PdfSigner(pdfReader, outputStream, new StampingProperties().UseAppendMode());
LtvVerification ltvVerification = new LtvVerification(pdfSigner.GetDocument());
X509Chain chain = new X509Chain();
chain.Build(signerCertificate);
foreach (X509ChainElement item in chain.ChainElements)
{
byte[] certBytes = item.Certificate.Export(X509ContentType.Cert);
certsCollection.Add(certBytes);
}
foreach (byte[] ocsp in revocationInfo.OCSPResponses)
{
ocspCollection.Add(ocsp);
}
foreach (byte[] crlBytes in revocationInfo.CRLs)
{
crlCollection.Add(crlBytes);
}
bool revocationInfoAdded = ltvVerification.AddVerification(signingRequest.FieldName, ocspCollection, crlCollection, certsCollection);
Stream outputStream=newmemoryStream();
List ocspCollection=new List();
List crlCollection=新列表();
List certsCollection=新列表();
Stream readerStream=新的MemoryStream(签名文档);
PdfReader PdfReader=新PdfReader(readerStream);
PdfSigner PdfSigner=新的PdfSigner(pdfReader、outputStream、new StampingProperties().UseAndendMode());
LTV验证LTV验证=新的LTV验证(pdfSigner.GetDocument());
X509Chain chain=新的X509Chain();
链。构建(签名证书);
foreach(chain.ChainElements中的X509ChainElement项)
{
byte[]certBytes=item.Certificate.Export(X509ContentType.Cert);
certsCollection.Add(certBytes);
}
foreach(revocationInfo.ocsResponses中的字节[]ocsp)
{
ocspCollection.Add(ocsp);
}
foreach(revocationInfo.CRLs中的字节[]crlBytes)
{
crlCollection.Add(crlBytes);
}
bool revocationfoadded=ltvVerification.AddVerification(signingRequest.FieldName、ocspCollection、crlCollection、certsCollection);
PdfSignerPdfDocumentusing (PdfReader pdfReader = new PdfReader("LTV Doc-Revocation Info Issue.pdf"))
using (PdfWriter pdfWriter = new PdfWriter("LTV Doc-Revocation Info Issue-WithRevocation.pdf"))
using (PdfDocument pdfDocument = new PdfDocument(pdfReader, pdfWriter, new StampingProperties().UseAppendMode()))
{
List<byte[]> ocspCollection = new List<byte[]>();
List<byte[]> crlCollection = new List<byte[]>();
List<byte[]> certsCollection = new List<byte[]>();
ocspCollection.Add(File.ReadAllBytes(@"Ocsp"));
crlCollection.Add(File.ReadAllBytes(@"Crl.crl"));
LtvVerification ltvVerification = new LtvVerification(pdfDocument);
ltvVerification.AddVerification("SH_SIGNATURE_532546", ocspCollection, crlCollection, certsCollection);
ltvVerification.Merge();
}
前三种方法明确接受CRL和OCSP客户端(可以实现以提供预先存在的CRL和OCSP),而后一种方法从给定的
IExternalSignatureContainerrevocationInfoltvVerification.AddVerificationAddVerificationltvVerification.Merge()public virtual void SignDetached(IExternalSignature externalSignature, X509Certificate[] chain,
ICollection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient,
int estimatedSize, PdfSigner.CryptoStandard sigtype)
public virtual void SignDetached(IExternalSignature externalSignature, X509Certificate[] chain,
ICollection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient,
int estimatedSize, PdfSigner.CryptoStandard sigtype, SignaturePolicyInfo signaturePolicy)
public virtual void SignDetached(IExternalSignature externalSignature, X509Certificate[] chain,
ICollection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient,
int estimatedSize, PdfSigner.CryptoStandard sigtype, SignaturePolicyIdentifier signaturePolicy)
public virtual void SignExternalContainer(IExternalSignatureContainer externalSignatureContainer,
int estimatedSize)