Signature Validate Function. Check and validate the status of this signature. ABCpdf .NET PDF Library.

ABCpdf .net

 
   

Check and validate the status of this signature.

 

   
Syntax  

[C#]bool Validate()
bool Validate(string[] certificatePaths)
bool Validate(System.Collections.IEnumerable certificates)

[Visual Basic]Function Validate() As Boolean
Function Validate(certificatePaths() As String) As Boolean
Function Validate(certificates As System.Collections.IEnumerable) As Boolean

Throws Exceptions may throw Exception()

 

   

Params
 
Name Description
certificatePaths An array of paths to X.509 certificate (.cer) files.
certificates A collection of System.Security.Cryptography.X509Certificates.X509Certificate2
return True if the certificate is valid.

 

   

Notes
 
This function returns true if the signature is valid. To be precise, this method updates the properties IsModified, IsTimeValid and IsTrusted. The return value is true only if the IsModified is false, and all of IsTimeValid, IsSecure and IsTrusted are true.

Signatures' certificates can only be validated by referencing certificates issued by certification authorities.

This method allows you to check and validate the status of a signature with reference to a set of such certificates. Additionally, ABCpdf can also use certificates found in the Windows Certificate Store for validation. See ValidationPolicy for details.

The certificates you provide will be cached at a document level so this function is efficient even when checking multiple signatures within one document. If you do not provide any parameters, this function will use the previously cached certificates to validate the document. Therefore, unless ValidationPolicy is set to EntireChainTrust, or certificates have been provided using a previous call to this function, calling the parameterless version of this function will cause an exception to be thrown to indicate that there are no certificates to validate against.

ABCpdf does not currently do revocation checks on certificates provided and on certificates embedded in a PDF document. If you need to do this type of operation, you should use the GetCertificates function and check the certificates yourself.

If a certificate is unavailable or invalid, this method may throw an exception. This means validating against an unsigned signature field will cause an exception to be thrown.

How does Adobe Reader validate a PDF document without certificate files?

You may find that Adobe Reader does not need a list of certificate files to validate PDF documents. This is because Adobe Reader may use several built-in Public Key Infrastructure hierarchies to certify PDF documents:

  • Certified Document Services (CDS) is a trust hierarchy that chains back to the Adobe Root Certification Authority (Adobe Root CA).
  • Adobe Approved Trust List (AATL) is an extra list of CA certificates that Adobe Reader may download from Adobe periodically (for Adobe Reader/Acrobat 9 or later).
  • The Windows Certificate Store. This is only true if Windows digital signature integration is enabled in Acrobat, which is not the default for Acrobat 9 and X.

In order to validate a PDF document the same way Adobe Reader does, you need to use the same certificates it uses. This can be easily achieved by exporting the trusted identities from Adobe Reader to .cer format certificate files. (Note: CDS and AATL certificates are usually not in your Windows Certificate Store by default.)

The Windows Certificate Store can be accessed by using System.Security.Cryptography.X509Certificates.X509Store (examples below).

 

   

Example
 

[C#]
// Validate using certificate files
Doc theDoc = new Doc();
theDoc.Read(Server.MapPath("../Rez/Signed.pdf"));
string[] theCerts = Server.MapPath("../Rez/JohnSmith.cer").Split(new char[] { ';' });
Signature theSig = (Signature)theDoc.Form["Signature"];
if ((theSig.Validate(theCerts)) && (!theSig.IsModified)) {
  theDoc.AddText("Signature valid at " + DateTime.Now.ToString());
}
theDoc.Save(Server.MapPath("SignedAndValidated.pdf"));

// Validate using the Windows Certificate Store
Doc theDoc = new Doc();
theDoc.Read(Server.MapPath("../Rez/Signed.pdf"));
X509Store theStore = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
theStore.Open(OpenFlags.ReadOnly);
Signature theSig = (Signature)theDoc.Form["Signature"];
if ((theSig.Validate(theStore.Certificates)) && (!theSig.IsModified)) {
  theDoc.AddText("Signature valid at " + DateTime.Now.ToString());
}
theStore.Close();
theDoc.Save(Server.MapPath("SignedAndValidated.pdf"));

[Visual Basic]
' Validate using certificate files
Dim theDoc As Doc = New Doc()
theDoc.Read(Server.MapPath("../Rez/Signed.pdf"))
Dim theCerts() As String = { Server.MapPath("../Rez/JohnSmith.cer") }
Dim theSig As Signature = theDoc.Form("Signature")
If (theSig.Validate(theCerts)) And (Not theSig.IsModified) Then
  theDoc.AddText("Signature valid at " + DateTime.Now.ToString())
End If
theDoc.Save(Server.MapPath("SignedAndValidated.pdf"))

' Validate using the Windows Certificate Store
Dim theDoc As Doc = New Doc()
theDoc.Read(Server.MapPath("../Rez/Signed.pdf"))
Dim theStore As X509Store = New X509Store(StoreName.Root, StoreLocation.LocalMachine)
theStore.Open(OpenFlags.ReadOnly)
Dim theSig As Signature = theDoc.Form("Signature")
If (theSig.Validate(store.Certificates)) And (Not theSig.IsModified) Then
  theDoc.AddText("Signature valid at " + DateTime.Now.ToString())
End If
theStore.Close()
theDoc.Save(Server.MapPath("SignedAndValidated.pdf"))