Подписание PDF с ITEXT: подпись недействительна после подписания ⇐ C#

[Anonymous]

Я использую ITEXT, чтобы подписать документ PDF с внешней подписью, но подпись отмечена как измененная или поврежденная. При открытии в Adobe Acrobat я получаю следующее сообщение: < /p>
The document has been altered or corrupted since the signature was applied.
Signed by the current user
Signing time is based on the local computer clock
Signature details: Last verification: 2025.03.31 15:14:37 +03'00'
Field: Signature_1 (invisible signature)
< /code>
Вот мой код подписи: < /p>
public AttachDocumentSignResponseDto AttachDocumentSign(byte[] documentBytes, byte[] signatureBytes)
{
ArgumentNullException.ThrowIfNull(documentBytes);
ArgumentNullException.ThrowIfNull(signatureBytes);

using var readerStream = new MemoryStream(documentBytes);
using var outputStream = new MemoryStream();
using var pdfReader = new PdfReader(readerStream);

IExternalSignatureContainer external = new MfuaExternalSignatureContainer(signatureBytes);

var fieldName = PdfConstants.SignatureName(documentBytes.SignaturesCount());

PdfSigner.SignDeferred(
pdfReader,
fieldName,
outputStream,
external);

var signedPdfBytes = outputStream.ToArray();

return new AttachDocumentSignResponseDto(Convert.ToBase64String(signedPdfBytes));
}

public sealed class MfuaExternalSignatureContainer : IExternalSignatureContainer
{
private readonly byte[] _signatureBytes;

public MfuaExternalSignatureContainer(byte[] signatureBytes)
{
ArgumentNullException.ThrowIfNull(signatureBytes);

_signatureBytes = signatureBytes;
}

public byte[] Sign(Stream data)
{
return _signatureBytes;
}

public void ModifySigningDictionary(PdfDictionary signDic)
{
signDic.Put(PdfName.Filter, PdfName.Adobe_PPKLite);
signDic.Put(PdfName.SubFilter, PdfName.Adbe_pkcs7_detached);
}
}
< /code>
Что может привести к модификации PDF после подписания?public AttachDocumentSignResponseDto AttachDocumentSign(byte[] documentBytes, byte[] signatureBytes)
{
ArgumentNullException.ThrowIfNull(documentBytes);
ArgumentNullException.ThrowIfNull(signatureBytes);
ArgumentNullException.ThrowIfNull(documentBytes);

using var outputStream = new MemoryStream();
using var readerStream = new MemoryStream(documentBytes);
using var reader = new PdfReader(readerStream);

var fieldName = PdfConstants.SignatureName(documentBytes.SignaturesCount());

PdfTwoPhaseSigner.AddSignatureToPreparedDocument(reader, fieldName, outputStream, signatureBytes);

return new AttachDocumentSignResponseDto(Convert.ToBase64String(outputStream.ToArray()));
}
< /code>
Подготовьте метод документа: < /p>
public PrepareDocumentSignResponseDto PrepareDocumentSign(byte[] documentBytes, AlgorithmSignature algorithmSignature, byte[] certificateBytes)
{
ArgumentNullException.ThrowIfNull(documentBytes);
ArgumentNullException.ThrowIfNull(algorithmSignature);
ArgumentNullException.ThrowIfNull(certificateBytes);

using var readerStream = new MemoryStream(documentBytes);
using var outputStream = new MemoryStream();

using var reader = new PdfReader(readerStream);
using var writer = new PdfWriter(outputStream);
using (var pdfDoc = new PdfDocument(reader, writer))
{
var signatureRect = pdfDoc.AddRectangleSignature();
var signaturePage = pdfDoc.GetLastPage();

signaturePage.AddTitle(signatureRect);
signaturePage.AddCertificateInfo(signatureRect, certificateBytes);
}

var pdfBytes = outputStream.ToArray();

using var finalOutput = new MemoryStream();

var hash = PdfSignatureHelper.AddEmptySignature(pdfBytes, finalOutput, algorithmSignature);

var finalPdfBytes = finalOutput.ToArray();

return new PrepareDocumentSignResponseDto(Convert.ToBase64String(finalPdfBytes), hash);
}

public static string AddEmptySignature(byte[] documentBytes, Stream outputStream, AlgorithmSignature algorithmSignature)
{
ArgumentNullException.ThrowIfNull(documentBytes);

using var readerStream = new MemoryStream(documentBytes);
using var reader = new PdfReader(readerStream);

var signerProperties = new SignerProperties();

var fieldName = PdfConstants.SignatureName(documentBytes.SignaturesCount() + 1);
signerProperties.SetFieldName(fieldName);

var twoPhaseSigner = new PdfTwoPhaseSigner(reader, outputStream);
twoPhaseSigner.SetExternalDigest(new CryptoProDigest());

var hashBytes = twoPhaseSigner.PrepareDocumentForSignature(
signerProperties,
algorithmSignature.ToString(),
PdfName.Adobe_PPKLite,
PdfName.Adbe_pkcs7_detached,
PdfConstants.MaxSignatureSize,
true);

var hash = string.Join(":", hashBytes.Select(x => x.ToString("X2")));

return hash;
}

public class CryptoProMessageDigest : IMessageDigest
{
private readonly HashAlgorithm _hashAlgorithm;

public CryptoProMessageDigest(string hashAlgorithm)
{
_hashAlgorithm = hashAlgorithm switch
{
nameof(AlgorithmSignature.Gost_R3411_2012_256) => new Gost3411_2012_256CryptoServiceProvider(),
nameof(AlgorithmSignature.Gost_R3411_2012_512) => new Gost3411_2012_512CryptoServiceProvider(),
_ => throw new NotSupportedException(hashAlgorithm)
};
}

public byte[] Digest(byte[] enc)
{
return _hashAlgorithm.ComputeHash(enc);
}

public byte[] Digest()
{
_hashAlgorithm.TransformFinalBlock([], 0, 0);

return _hashAlgorithm.Hash ?? throw new InvalidOperationException();
}

public int GetDigestLength()
{
return _hashAlgorithm.HashSize / 8; // 256 / 8 = 32 байта, 512 / 8 = 64 байта
}

public void Update(byte[] buf, int off, int len)
{
_hashAlgorithm.TransformBlock(buf, off, len, null, 0);
}

public void Update(byte[] buf)
{
_hashAlgorithm.TransformBlock(buf, 0, buf.Length, null, 0);
}

public void Reset()
{
_hashAlgorithm.Initialize();
}

public string GetAlgorithmName()
{
return _hashAlgorithm.GetType().Name;
}
}
< /code>
Вот моя команда создания сертификатов, которую я использую для подписания < /p>
New-SelfSignedCertificate -Type Custom -Subject "CN=Caphyon, O=Caphyon, C=US" -KeyUsage DigitalSignature -FriendlyName "My Friendly Cert Name" -CertStoreLocation "Cert:\CurrentUser\My" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3", "2.5.29.19={text}")


Подробнее здесь: https://stackoverflow.com/questions/795 ... er-signing