C# 使用iText7将吊销信息添加到签名
我正在制作长期签名。我试图将吊销信息(CRL、OCSP响应、证书链)作为未签名属性添加到签名中,但最终签名中未嵌入吊销信息。 以下是代码片段:C# 使用iText7将吊销信息添加到签名,c#,.net,pdf,itext7,C#,.net,Pdf,Itext7,我正在制作长期签名。我试图将吊销信息(CRL、OCSP响应、证书链)作为未签名属性添加到签名中,但最终签名中未嵌入吊销信息。 以下是代码片段: Stream outputStream = new MemoryStream(); List<byte[]> ocspCollection = new List<byte[]>(); List<byte[]> crlCollection = new List<by
Stream outputStream = new MemoryStream();
List<byte[]> ocspCollection = new List<byte[]>();
List<byte[]> crlCollection = new List<byte[]>();
List<byte[]> certsCollection = new List<byte[]>();
Stream readerStream = new MemoryStream(signedDocument);
PdfReader pdfReader = new PdfReader(readerStream);
PdfSigner pdfSigner = new PdfSigner(pdfReader, outputStream, new StampingProperties().UseAppendMode());
LtvVerification ltvVerification = new LtvVerification(pdfSigner.GetDocument());
X509Chain chain = new X509Chain();
chain.Build(signerCertificate);
foreach (X509ChainElement item in chain.ChainElements)
{
byte[] certBytes = item.Certificate.Export(X509ContentType.Cert);
certsCollection.Add(certBytes);
}
foreach (byte[] ocsp in revocationInfo.OCSPResponses)
{
ocspCollection.Add(ocsp);
}
foreach (byte[] crlBytes in revocationInfo.CRLs)
{
crlCollection.Add(crlBytes);
}
bool revocationInfoAdded = ltvVerification.AddVerification(signingRequest.FieldName, ocspCollection, crlCollection, certsCollection);
Stream outputStream=newmemoryStream();
List ocspCollection=new List();
List crlCollection=新列表();
List certsCollection=新列表();
Stream readerStream=新的MemoryStream(签名文档);
PdfReader PdfReader=新PdfReader(readerStream);
PdfSigner PdfSigner=新的PdfSigner(pdfReader、outputStream、new StampingProperties().UseAndendMode());
LTV验证LTV验证=新的LTV验证(pdfSigner.GetDocument());
X509Chain chain=新的X509Chain();
链。构建(签名证书);
foreach(chain.ChainElements中的X509ChainElement项)
{
byte[]certBytes=item.Certificate.Export(X509ContentType.Cert);
certsCollection.Add(certBytes);
}
foreach(revocationInfo.ocsResponses中的字节[]ocsp)
{
ocspCollection.Add(ocsp);
}
foreach(revocationInfo.CRLs中的字节[]crlBytes)
{
crlCollection.Add(crlBytes);
}
bool revocationfoadded=ltvVerification.AddVerification(signingRequest.FieldName、ocspCollection、crlCollection、certsCollection);
AddVerification()方法在响应中返回true
请从以下链接查找已签名的文档:
我们非常感谢您在这方面提供的任何帮助。
关于一些工作代码
您使用了PdfSigner
(这仅在应用签名或文档时间戳时才有意义,但您只提供了已签名的文件),并且有一些变量我在这里没有。因此,我基本上是基于一个纯粹的PdfDocument
和您的共享文件编写了一个示例,没有这些额外的变量:
using (PdfReader pdfReader = new PdfReader("LTV Doc-Revocation Info Issue.pdf"))
using (PdfWriter pdfWriter = new PdfWriter("LTV Doc-Revocation Info Issue-WithRevocation.pdf"))
using (PdfDocument pdfDocument = new PdfDocument(pdfReader, pdfWriter, new StampingProperties().UseAppendMode()))
{
List<byte[]> ocspCollection = new List<byte[]>();
List<byte[]> crlCollection = new List<byte[]>();
List<byte[]> certsCollection = new List<byte[]>();
ocspCollection.Add(File.ReadAllBytes(@"Ocsp"));
crlCollection.Add(File.ReadAllBytes(@"Crl.crl"));
LtvVerification ltvVerification = new LtvVerification(pdfDocument);
ltvVerification.AddVerification("SH_SIGNATURE_532546", ocspCollection, crlCollection, certsCollection);
ltvVerification.Merge();
}
或
前三种方法明确接受CRL和OCSP客户端(可以实现以提供预先存在的CRL和OCSP),而后一种方法从给定的
IExternalSignatureContainer
实现中获得完整的CMS容器,因此,在该实现中,您可以添加任何需要的信息。请共享revocationInfo
的内容,以允许复制该问题ltvVerification.AddVerification
只是将提供的所有内容添加到文档中……我看不到您在AddVerification
之后调用ltvVerification.Merge()
。该调用是必需的…@mkl请从以下链接查找吊销信息内容:我正在调用ltvVerification.Merge(),但这不会为问题的解决方案添加任何内容。感谢您的快速帮助,并让我了解该场景。竖起大拇指
public virtual void SignDetached(IExternalSignature externalSignature, X509Certificate[] chain,
ICollection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient,
int estimatedSize, PdfSigner.CryptoStandard sigtype)
public virtual void SignDetached(IExternalSignature externalSignature, X509Certificate[] chain,
ICollection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient,
int estimatedSize, PdfSigner.CryptoStandard sigtype, SignaturePolicyInfo signaturePolicy)
public virtual void SignDetached(IExternalSignature externalSignature, X509Certificate[] chain,
ICollection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient,
int estimatedSize, PdfSigner.CryptoStandard sigtype, SignaturePolicyIdentifier signaturePolicy)
public virtual void SignExternalContainer(IExternalSignatureContainer externalSignatureContainer,
int estimatedSize)