C# 如何检查签名文档的数字签名是否由可信证书签名?
我开发的应用程序可以处理pdf文档,我必须了解我的文档是由可信签名签名的。 我使用itextsharp获取信息,但我不知道如何检查签名的有效性C# 如何检查签名文档的数字签名是否由可信证书签名?,c#,pdf,itext,digital-signature,C#,Pdf,Itext,Digital Signature,我开发的应用程序可以处理pdf文档,我必须了解我的文档是由可信签名签名的。 我使用itextsharp获取信息,但我不知道如何检查签名的有效性 var pdfReader = new PdfReader(document.FilePath); var acroFields = pdfReader.AcroFields; var names = acroFields.GetSignatureNames(); foreach (var name in names) {
var pdfReader = new PdfReader(document.FilePath);
var acroFields = pdfReader.AcroFields;
var names = acroFields.GetSignatureNames();
foreach (var name in names)
{
var signatureName = name as string;
var pk = acroFields.VerifySignature(signatureName);
var signatureIsValid = false;
foreach (var certificate in pk.Certificates)
{
signatureIsValid = certificate.IsValidNow; // It just check date
}
}
为了检查受信任的机构,您需要有受信任的CA证书进行检查。如果您有证书,您可以使用如下代码检查证书是否来自您期望的可信机构:
X509Certificate2 authorityCert = GetAuthorityCertificate();
X509Certificate2 certificateToCheck = GetYourCertificate();
X509Chain chain = new X509Chain();
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
chain.ChainPolicy.VerificationTime = DateTime.Now;
chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 0);
//Adding your CA root to the chain
chain.ChainPolicy.ExtraStore.Add(authorityCert);
bool isChainValid = chain.Build(certificateToCheck);
if (!isChainValid)
{
//Ok, let c what is wrong...
string[] errors = chain.ChainStatus
.Select(m => $"{m.StatusInformation.Trim()}, status: {m.Status}")
.ToArray();
string certificateErrors = "Error occured during checking certificate.";
if (errors != null && errors.Length > 0)
certificateErrors = string.Join(" \n", errors);
throw new ApplicationException("Trust chain is not from known authority. Errors: " + certificateErrors);
}
//Let see if our chain actually contains known root, for which you are cheking
if (!chain.ChainElements
.Cast<X509ChainElement>()
.Any(m => m.Certificate.Thumbprint == authorityCert.Thumbprint))
throw new ApplicationException("Could not locate CA root!Thumbprints did not match.");
X509Certificate2AuthorityCert=GetAuthorityCertificate();
X509Certificate2 certificateToCheck=GetYourCertificate();
X509Chain chain=新的X509Chain();
chain.ChainPolicy.RevocationMode=X509RevocationMode.NoCheck;
chain.ChainPolicy.RevocationFlag=X509RevocationFlag.ExcludeRoot;
chain.ChainPolicy.VerificationFlags=X509VerificationFlags.AllowUnknownCertificationAuthority;
chain.ChainPolicy.VerificationTime=DateTime.Now;
chain.ChainPolicy.UrlRetrievalTimeout=新的时间跨度(0,0,0);
//将CA根添加到链中
chain.ChainPolicy.ExtraStore.Add(authorityCert);
bool isChainValid=chain.Build(certificateToCheck);
如果(!isChainValid)
{
//好吧,让c看看怎么了。。。
字符串[]错误=chain.ChainStatus
.Select(m=>$“{m.StatusInformation.Trim()},状态:{m.status}”)
.ToArray();
string certificateErrors=“检查证书时出错。”;
if(errors!=null&&errors.Length>0)
certificateErrors=string.Join(“\n”,错误);
抛出新的ApplicationException(“信任链不是来自已知权限。错误:“+certificateErrors”);
}
//让我们看看我们的链是否真的包含已知的根,您正在为此进行检查
如果(!chain.ChainElements)
.Cast()
.Any(m=>m.Certificate.Thumbprint==authorityCert.Thumbprint))
抛出新的ApplicationException(“找不到CA根目录!指纹不匹配。”);
X509Certificate2 authorityCert = GetAuthorityCertificate();
X509Certificate2 certificateToCheck = GetYourCertificate();
X509Chain chain = new X509Chain();
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
chain.ChainPolicy.VerificationTime = DateTime.Now;
chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 0);
//Adding your CA root to the chain
chain.ChainPolicy.ExtraStore.Add(authorityCert);
bool isChainValid = chain.Build(certificateToCheck);
if (!isChainValid)
{
//Ok, let c what is wrong...
string[] errors = chain.ChainStatus
.Select(m => $"{m.StatusInformation.Trim()}, status: {m.Status}")
.ToArray();
string certificateErrors = "Error occured during checking certificate.";
if (errors != null && errors.Length > 0)
certificateErrors = string.Join(" \n", errors);
throw new ApplicationException("Trust chain is not from known authority. Errors: " + certificateErrors);
}
//Let see if our chain actually contains known root, for which you are cheking
if (!chain.ChainElements
.Cast<X509ChainElement>()
.Any(m => m.Certificate.Thumbprint == authorityCert.Thumbprint))
throw new ApplicationException("Could not locate CA root!Thumbprints did not match.");
X509Certificate2AuthorityCert=GetAuthorityCertificate();
X509Certificate2 certificateToCheck=GetYourCertificate();
X509Chain chain=新的X509Chain();
chain.ChainPolicy.RevocationMode=X509RevocationMode.NoCheck;
chain.ChainPolicy.RevocationFlag=X509RevocationFlag.ExcludeRoot;
chain.ChainPolicy.VerificationFlags=X509VerificationFlags.AllowUnknownCertificationAuthority;
chain.ChainPolicy.VerificationTime=DateTime.Now;
chain.ChainPolicy.UrlRetrievalTimeout=新的时间跨度(0,0,0);
//将CA根添加到链中
chain.ChainPolicy.ExtraStore.Add(authorityCert);
bool isChainValid=chain.Build(certificateToCheck);
如果(!isChainValid)
{
//好吧,让c看看怎么了。。。
字符串[]错误=chain.ChainStatus
.Select(m=>$“{m.StatusInformation.Trim()},状态:{m.status}”)
.ToArray();
string certificateErrors=“检查证书时出错。”;
if(errors!=null&&errors.Length>0)
certificateErrors=string.Join(“\n”,错误);
抛出新的ApplicationException(“信任链不是来自已知权限。错误:“+certificateErrors”);
}
//让我们看看我们的链是否真的包含已知的根,您正在为此进行检查
如果(!chain.ChainElements)
.Cast()
.Any(m=>m.Certificate.Thumbprint==authorityCert.Thumbprint))
抛出新的ApplicationException(“找不到CA根目录!指纹不匹配。”);
pk.证书pk.Certificates