0

I'm developing a webserver in c# that performs digital signatures validations, to ensure that the pdf files weren't modified. I'm using iText and iTextSharp for this.

But the client-side is based on a java applet. I perform the digital signatures in that java applet. In java i'm able to make the signatures and then verify them. But if I verify the signature in C# it is given a nullreferenceexception.

Here is my Java digital signature code:

           String path = "C:/Users/a/Desktop/cert.pfx";
    String keystore_password = "fgf";
    String key_password = "fgf";

    ////

    BouncyCastleProvider provider = new BouncyCastleProvider();
    Security.addProvider(provider);


    KeyStore ks = KeyStore.getInstance("pkcs12", "BC");
    ks.load(new FileInputStream(path), keystore_password.toCharArray());

    String alias = (String)ks.aliases().nextElement();

    PrivateKey pk = (PrivateKey) ks.getKey(alias, key_password.toCharArray());

    Certificate[] chain = ks.getCertificateChain(alias);

            PdfReader reader = new PdfReader(src);
    dest = "C:/Users/a/Desktop/" + dest;
    FileOutputStream os = new FileOutputStream(dest);
    PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0');

    PdfSignatureAppearance appearance = stamper.getSignatureAppearance();


    ExternalSignature es = new PrivateKeySignature(pk, "SHA-256", "BC");
    ExternalDigest digest = new BouncyCastleDigest();

    MakeSignature.signDetached(appearance, digest, es, chain, null, null, null, 0, CryptoStandard.CMS);

And my C# verification code:

             PdfReader reader = new PdfReader(pdfFile);
            AcroFields af = reader.AcroFields;
            var names = af.GetSignatureNames();

            if (names.Count == 0)
            {
                throw new InvalidOperationException("No Signature present in pdf file.");
            }


            foreach (string name in names)
            {
                if (!af.SignatureCoversWholeDocument(name))
                {
                    throw new InvalidOperationException(string.Format("The signature: {0} does not covers the whole document.", name));
                }


                PdfPKCS7 pk = af.VerifySignature(name);
                var cal = pk.SignDate;
                var pkc = pk.Certificates;

                if (!pk.Verify())
                {
                    Console.WriteLine("The signature is not valid.");
                    return false;
                }
             }

In the line af.VerifySignature(name); the NullReferenceException is thrown up!

The fun thing is, if I perform the signatures with C# code I'm able to verify it in java, since I add these instructions: BouncyCastleProvider provider = new BouncyCastleProvider(); Security.addProvider(provider);

I think my problem relies on some byte conversions... But in C# I don't know how to call a bouncycastleprovider.

Can you help me? My best regards: William.

William
  • 85
  • 2
  • 11
  • *In the line af.VerifySignature(name); the NullReferenceException is thrown up!* - can you provide something like a stacktrace? – mkl Mar 14 '14 at 15:19
  • The stackTrace: at org.bouncycastle.security.SignerUtil.getSigner(String algorithm) at iTextSharp.text.pdf.PdfPKCS7..ctor(Byte[] contentsKey) at iTextSharp.text.pdf.AcroFields.VerifySignature(String name) at SignatureLibrary.iText.PDFValidation(String pdfFile) in c:\\Users\\guilhermesousa\\Documents\\Visual Studio 2012\\Projects\\SignatureLibrary\\SignatureLibrary\\iText.cs:line 122" – William Mar 14 '14 at 15:45
  • Which is your iTextSharp version? I cannot find a `PdfPKCS7` constructor with only one `Byte[]` parameter... – mkl Mar 14 '14 at 16:12
  • I think it is the 5.5.0 version.. But i'm not sure. My dll just says itextsharp. But why are you trying to construct a PdfPKCS7? You just have to assign it to the af.VerifySignature(name); to build it. – William Mar 14 '14 at 16:32
  • *But why are you trying to construct a PdfPKCS7* - the stack trace shows the constructor... – mkl Mar 14 '14 at 17:46
  • Did you fix the problem? – William Mar 17 '14 at 09:27
  • 1
    The stacktrace line `iTextSharp.text.pdf.PdfPKCS7..ctor(Byte[] contentsKey)` indicates that you are not actually using version 5.5.0 but a version from before 5.3.0 because `PdfPKCS7` in 5.3.0 had been refactored into the namespace `iTextSharp.text.pdf.security`. Thus, please update your iTextSharp, test again, and if you still get that `NullReferenceException`, post an updated stacktrace. – mkl Mar 17 '14 at 09:38
  • You're right. Thank you very much. I downloaded the latest itextsharp version and it worked well the verification. – William Mar 17 '14 at 12:31

1 Answers1

0

The stacktrace posted by the OP in a comment

...
at org.bouncycastle.security.SignerUtil.getSigner(String algorithm)
at iTextSharp.text.pdf.PdfPKCS7..ctor(Byte[] contentsKey)
at iTextSharp.text.pdf.AcroFields.VerifySignature(String name)
at SignatureLibrary.iText.PDFValidation(String pdfFile)
in ...\\SignatureLibrary\\SignatureLibrary\\iText.cs:line 122

contains the line iTextSharp.text.pdf.PdfPKCS7..ctor(Byte[] contentsKey) which indicates that the OP was not using the current iTextSharp version 5.5.0 but instead a version from before 5.3.0 (published June 2012): in version 5.3.0 PdfPKCS7 had been refactored into the namespace iTextSharp.text.pdf.security.

This refactoring was part of a major update of the whole iText signature creation and verification code, an update which introduced many new features.

Thus, the OP was advised to update the iTextSharp assembly, and indeed:

I downloaded the latest itextsharp version and it worked well the verification.

mkl
  • 90,588
  • 15
  • 125
  • 265