This function returns true if the signature is
valid. To be precise, this method updates the
properties IsModified,
IsTimeValid
and IsTrusted.
The return value is true only if the IsModified
is false, and all of IsTimeValid,
IsSecure and IsTrusted are
true.
Signatures' certificates can only be validated
by referencing certificates issued by
certification authorities.
This method allows you to check and validate
the status of a signature with reference to a set
of such certificates. Additionally, ABCpdf can
also use certificates found in the Windows
Certificate Store for validation. See ValidationPolicy
for details.
The certificates you provide will be cached at
a document level so this function is efficient
even when checking multiple signatures within one
document. If you do not provide any parameters,
this function will use the previously cached
certificates to validate the document. Therefore,
unless ValidationPolicy
is set to EntireChainTrust, or certificates have
been provided using a previous call to this
function, calling the parameterless version of
this function will cause an exception to be
thrown to indicate that there are no certificates
to validate against.
ABCpdf does not currently do revocation checks
on certificates provided and on certificates
embedded in a PDF document. If you need to do
this type of operation, you should use the
GetCertificates
function and check the certificates yourself.
If a certificate is unavailable or invalid,
this method may throw an exception. This means
validating against an unsigned signature field
will cause an exception to be thrown.
How does Adobe Reader validate a
PDF document without certificate
files?
You may find that Adobe Reader does
not need a list of certificate files to
validate PDF documents. This is because
Adobe Reader may use several built-in
Public Key Infrastructure hierarchies to
certify PDF documents:
-
Certified Document Services (CDS)
is a trust hierarchy that chains back
to the Adobe Root Certification
Authority (Adobe Root CA).
-
Adobe Approved Trust List (AATL) is
an extra list of CA certificates that
Adobe Reader may download from Adobe
periodically (for Adobe Reader/Acrobat
9 or later).
- The Windows Certificate Store. This
is only true if Windows digital
signature integration is enabled in
Acrobat, which is not the default
for Acrobat 9 and X.
In order to validate a PDF document
the same way Adobe Reader does, you need
to use the same certificates it uses.
This can be easily achieved by exporting
the trusted identities from
Adobe Reader to .cer format
certificate files. (Note: CDS and AATL
certificates are
usually not
in your Windows Certificate Store by
default.)
The Windows Certificate Store can be
accessed by using
System.Security.Cryptography.X509Certificates.X509Store
(examples below).
|
|
|
|