Spire.PDF is a professional PDF library applied to creating, writing, editing, handling and reading PDF files without any external dependencies. Get free and professional technical support for Spire.PDF for .NET, Java, Android, C++, Python.

Mon Aug 19, 2024 10:15 am

Hi,

I am using FreeSpire.PDF version 10.2.0.
I have successfully added certificate chain to signature. I am about to get LTV enabled using the code below. I get the signed PDF but it is not LTV Enabled. Where am I wrong?
Code: Select all
   private string SignDocument(string _base64String)
   {
       try
       {
           string ReturnValue = "";

           PdfDocument doc = new PdfDocument(Convert.FromBase64String(_base64String));
           PdfPageBase page = doc.Pages[doc.Pages.Count - 1];
           var _filepath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "LogsFiles\\");

           X509Certificate2Collection collection = new X509Certificate2Collection();
           collection.Import(_filepath + "xxxxxx.pfx", "yyyyy", X509KeyStorageFlags.DefaultKeySet);

           PdfPKCS7Formatter formatter = new PdfPKCS7Formatter(collection[0], false);

           formatter.ExtraCertificateStore = collection;//full certificate chain support.                 
           formatter.TimestampService = new TSAHttpService("http://xxxxx.com", "yyy", "xxxxxxxx");
           formatter.OCSPService = new OCSPHttpService("http://yyyyy.com");

           PdfOrdinarySignatureMaker maker = new PdfOrdinarySignatureMaker(doc, formatter);
           Spire.Pdf.Interactive.DigitalSignatures.PdfSignature signature = maker.Signature;
           //Setting Signature Information
           signature.Name = "Test";           

           PdfSignatureAppearance appearance = new PdfSignatureAppearance(signature);
           
           appearance.DateLabel = "Date: ";
           appearance.NameLabel = "Name";           
           //1.Signature and signature details
           appearance.GraphicMode = Spire.Pdf.Interactive.DigitalSignatures.GraphicMode.SignDetail;

           //The location of the signature in the pdf
           maker.MakeSignature("signature", doc.Pages[doc.Pages.Count - 1], (page.ActualSize.Width / 2) - 50, page.ActualSize.Height - 100, 110, 50, appearance);


           var memStr = new MemoryStream();
           doc.SaveToStream(memStr);
           byte[] bytes = memStr.ToArray();
           ReturnValue = Convert.ToBase64String(bytes);

           doc.Close();

           return ReturnValue;
       }
       catch (Exception ex)
       {         
           return ex.Message;
       }
   }


Please note that both root certificate of the document signing and root certificate od the timestamp chain is trusted.
Show Signer’s Certificate - I have the hole chain ( root certificate which is trusted, intermediate/issuer and leaf certificate)
Advanced Properties - also I have the hole chain on the same logic like signer certificate. This certificate is used by the timestamp authority to sign the timestamp.

1.png


What i get now using OCSP validation it that LTV is not enabled, please see the picture, Why?

2.png


Additional information: please note that everything is fine (LTV is enabled) when I am signing the document manually with the same certificate in acrobat reader, and using the same timestamp in the security panel

3.png


Thanks,

MariaSmit
 
Posts: 1
Joined: Mon Aug 19, 2024 8:15 am

Tue Aug 20, 2024 9:53 am

Hello,

Thank you for your inquiry. I simplified your code and signed the PDF, and the result shows that everything is normal(LTV is enabled). I have attached my input and output documents for your reference. Meanwhile, I used the following code. It set "https://freetsa.org/tsr" and OCSPHttpService(null), you can try this on your side and then let us know your further test results.
Code: Select all
  PdfDocument doc = new PdfDocument("in.pdf");
                PdfPageBase page = doc.Pages[doc.Pages.Count - 1];
                X509Certificate2Collection collection = new X509Certificate2Collection();
                collection.Import("gary.pfx", "password", X509KeyStorageFlags.DefaultKeySet);
                PdfPKCS7Formatter formatter = new PdfPKCS7Formatter(collection[0], false);
                formatter.ExtraCertificateStore = collection;//full certificate chain support.                 
                formatter.TimestampService = new TSAHttpService("https://freetsa.org/tsr");
                formatter.OCSPService = new OCSPHttpService(null);               
                PdfOrdinarySignatureMaker maker = new PdfOrdinarySignatureMaker(doc, formatter);
                PdfSignature signature = maker.Signature;
                //Setting Signature Information
                signature.Name = "Test";               
                PdfSignatureAppearance appearance = new PdfSignatureAppearance(signature);             
                appearance.DateLabel = "Date: ";
                appearance.NameLabel = "Name";
                //1.Signature and signature details
                appearance.GraphicMode = GraphicMode.SignDetail;
                //The location of the signature in the pdf
                maker.MakeSignature("signature", doc.Pages[doc.Pages.Count - 1], (page.ActualSize.Width / 2) - 50, page.ActualSize.Height - 100, 110, 50, appearance);
                doc.SaveToFile("Sign-free.pdf");
                doc.Close();


Sincerely,
Amin
E-iceblue support team
User avatar

Amin.Gan
 
Posts: 283
Joined: Mon Jul 15, 2024 5:40 am

Return to Spire.PDF