I am currently programming a digital signer in C# with the iTextSharp library. Initially the signer did the task correctly, since he signed the document, requested the pin, etc. Everything was fine, until I was asked to sign and also activate LTV , which in this case uses PAdES .
The document to be signed is a PDF, which must bear a mark of a TSA , in one instance what I do is ITSAClient t = new TSAClientBouncyCastle("miURL");
Up to here things were going well.
But when I try to add the LTV in the following way
MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, t, 0, CryptoStandard.CADES);
LtvVerification v = pdfStamper.LtvVerification;
LtvTimestamp.Timestamp(signatureAppearance, t, null);
And he sends me a message that says
Document already pre closed
Could you please help me?
I attach the code:
public void firmarDocumentoDosTres(X509Certificate2 cert, String src, String dest, Org.BouncyCastle.X509.X509Certificate[] chain2, CryptoStandard subfilter, ITSAClient tsa)
{
PdfReader reader = new PdfReader(src);
FileStream os = new FileStream(dest, FileMode.Create);
PdfStamper stamper = PdfStamper.CreateSignature(reader, os, 'public void LTVSolicitudaddLtvY(String src, String dest, IOcspClient ocsp, ICrlClient crl, ITSAClient tsa)
{
PdfReader r = new PdfReader(src);
FileStream fos = new FileStream(dest, FileMode.Create);
PdfStamper stp = PdfStamper.CreateSignature(r, fos, 'MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, t, 0, CryptoStandard.CADES);
LtvVerification v = pdfStamper.LtvVerification;
LtvTimestamp.Timestamp(signatureAppearance, t, null);
', null, true);
LtvVerification v = stp.LtvVerification;
AcroFields fields = stp.AcroFields;
List<String> names = fields.GetSignatureNames();
String sigName = names[names.Count - 1];
PdfPKCS7 pkcs7 = fields.VerifySignature(sigName);
if (pkcs7.IsTsp)
{
v.AddVerification(sigName, ocsp, crl,
LtvVerification.CertificateOption.SIGNING_CERTIFICATE,
LtvVerification.Level.OCSP_CRL,
LtvVerification.CertificateInclusion.NO);
}
else
{
foreach (String name in names)
{
v.AddVerification(name, ocsp, crl,
LtvVerification.CertificateOption.WHOLE_CHAIN,
LtvVerification.Level.OCSP_CRL,
LtvVerification.CertificateInclusion.NO);
}
}
PdfSignatureAppearance sap = stp.SignatureAppearance;
LtvTimestamp.Timestamp(sap, tsa, null);
}
',null, true);
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.SetVisibleSignature(new iTextSharp.text.Rectangle(10, 20, 100, 200), 1, "sig");
string strTSA = System.Configuration.ConfigurationSettings.AppSettings["rutaTSA"];
ITSAClient t = new TSAClientBouncyCastle(strTSA);
ICrlClient crlClient = new CrlClientOnline(chain2);
IOcspClient ocspClient = new OcspClientBouncyCastle();
iTextSharp.text.pdf.security.IExternalSignature signature = new X509Certificate2Signature(cert, "SHA-256");
MakeSignature.SignDetached(appearance, signature, chain2, null, null, tsa, 0, subfilter);
stamper.Close();
LTVSolicitudaddLtvY(dest, dest + ".sig.pdf", ocspClient, crlClient, t);
}
and the call to the LTV aggregate
public void firmarDocumentoDosTres(X509Certificate2 cert, String src, String dest, Org.BouncyCastle.X509.X509Certificate[] chain2, CryptoStandard subfilter, ITSAClient tsa)
{
PdfReader reader = new PdfReader(src);
FileStream os = new FileStream(dest, FileMode.Create);
PdfStamper stamper = PdfStamper.CreateSignature(reader, os, 'public void LTVSolicitudaddLtvY(String src, String dest, IOcspClient ocsp, ICrlClient crl, ITSAClient tsa)
{
PdfReader r = new PdfReader(src);
FileStream fos = new FileStream(dest, FileMode.Create);
PdfStamper stp = PdfStamper.CreateSignature(r, fos, '%pre%', null, true);
LtvVerification v = stp.LtvVerification;
AcroFields fields = stp.AcroFields;
List<String> names = fields.GetSignatureNames();
String sigName = names[names.Count - 1];
PdfPKCS7 pkcs7 = fields.VerifySignature(sigName);
if (pkcs7.IsTsp)
{
v.AddVerification(sigName, ocsp, crl,
LtvVerification.CertificateOption.SIGNING_CERTIFICATE,
LtvVerification.Level.OCSP_CRL,
LtvVerification.CertificateInclusion.NO);
}
else
{
foreach (String name in names)
{
v.AddVerification(name, ocsp, crl,
LtvVerification.CertificateOption.WHOLE_CHAIN,
LtvVerification.Level.OCSP_CRL,
LtvVerification.CertificateInclusion.NO);
}
}
PdfSignatureAppearance sap = stp.SignatureAppearance;
LtvTimestamp.Timestamp(sap, tsa, null);
}
',null, true);
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.SetVisibleSignature(new iTextSharp.text.Rectangle(10, 20, 100, 200), 1, "sig");
string strTSA = System.Configuration.ConfigurationSettings.AppSettings["rutaTSA"];
ITSAClient t = new TSAClientBouncyCastle(strTSA);
ICrlClient crlClient = new CrlClientOnline(chain2);
IOcspClient ocspClient = new OcspClientBouncyCastle();
iTextSharp.text.pdf.security.IExternalSignature signature = new X509Certificate2Signature(cert, "SHA-256");
MakeSignature.SignDetached(appearance, signature, chain2, null, null, tsa, 0, subfilter);
stamper.Close();
LTVSolicitudaddLtvY(dest, dest + ".sig.pdf", ocspClient, crlClient, t);
}
This code does activate the LTV , but what it does is add a new signature, and what it requires is to activate the LTV to the existing one.