This is a migrated thread and some comments may be shown as answers.

Validating Signature field in PDF - exception

1 Answer 531 Views
PdfProcessing
This is a migrated thread and some comments may be shown as answers.
Manoela
Top achievements
Rank 1
Manoela asked on 17 Nov 2019, 10:11 PM

I'm having this issue with some digital signed pdfs. 

Here is the code that gets the exception:

var signatureFields = document.AcroForm.FormFields.Where(field => field.FieldType == FormFieldType.Signature).ToList();
            if (signatureFields.IsNotNullOrEmpty())
            {
                foreach (var signatureField in signatureFields)
                {
                    var field = (SignatureField)signatureField;

                    if (field != null && field.Signature != null)
                    {
                        var test = field.Signature.Validate(); - this is the line where I get the exceptions!

 

The method Validate() called without the properties parameter throws exception in 2 cases:

1st - using pdf signed with specialized software

Message: "No signature validation handler was found for the subfilter: ETSI.CAdES.detached

and the StackTrace: at Telerik.Windows.Documents.Fixed.Model.DigitalSignatures.Signature.Validate(SignatureValidationProperties validationProperties)\r\n   at Telerik.Windows.Documents.Fixed.Model.DigitalSignatures.Signature.Validate()\r\n   at... (there goes the path in my project)

2nd - using pdf signed with the same digital signature by Adobe Acrobat Reader

Message "ASN1 bad tag value met.\r\n"

and the StackTrace: at System.Security.Cryptography.Pkcs.SignedCms.OpenToDecode(Byte[] encodedMessage, ContentInfo contentInfo, Boolean detached)\r\n   at System.Security.Cryptography.Pkcs.SignedCms.Decode(Byte[] encodedMessage)\r\n   at Telerik.Windows.Documents.Fixed.Model.DigitalSignatures.Pkcs7Detached.ValidateOverride(SignatureDataProperties dataProperties, SignatureValidationProperties validationProperties)\r\n   at Telerik.Windows.Documents.Fixed.Model.DigitalSignatures.SignatureValidationHandlerBase.Validate(SignatureDataProperties dataProperties, SignatureValidationProperties validationProperties)\r\n   at Telerik.Windows.Documents.Fixed.Model.DigitalSignatures.Signature.Validate(SignatureValidationProperties validationProperties)\r\n   at Telerik.Windows.Documents.Fixed.Model.DigitalSignatures.Signature.Validate()\r\n   at... (there goes the path in my project)

I'll be glad if you can tell me where the problem is and what can I do to fix it. 

I want to be clear, there are just some correctly signed pdfs that cannot pass this validation. Most of them can but I'm afraid that I am missing something, as one of the non-passing digital signatures is new.

 

1 Answer, 1 is accepted

Sort by
0
Georgi
Telerik team
answered on 20 Nov 2019, 01:50 PM

Hello Manoela,

I will dive straight into the questions.

1st - using pdf signed with specialized software. Message: "No signature validation handler was found for the subfilter: ETSI.CAdES.detached

The ETSI.CAdES.detached encoding filter is currently not supported by the PdfProcessing library, which causes the issue you are currently encountering. The list of the supported encodings can be seen in the Signature Encodings section of the documentation. We have logged a feature request in our feedback portal: Add support for ETSI.CAdES.detached signature encoding when validating signature fields, where you can vote to increase its priority and subscribe to be notified when the status of the item changes.

In appreciation for pointing out this to our attention, I have increased your Telerik points.

2nd - using pdf signed with the same digital signature by Adobe Acrobat Reader. Message "ASN1 bad tag value met.\r\n"

To decode a PKCS7 signature content, the PdfProcessing library relies on the SignedCms class, which is part of the .NET Framework. After researching what can be causing the issue in the SignedCms class it seems that it may be related to whether the certificate is properly encoded according to the ASN1 notation. Have you tried validating the original certificate which is used to sign the PDF document with? Are there any issues found? If so, you may try exporting and importing the certificate chain as can be seen in the following blog post and sign the PDF document with the exported certificate.

Regards,
Georgi
Progress Telerik

Get quickly onboarded and successful with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers. Learn More.
Tags
PdfProcessing
Asked by
Manoela
Top achievements
Rank 1
Answers by
Georgi
Telerik team
Share this question
or