CODEWITHSUNDEEP
itextdigital-signaturedocusignapicosign-api
Kostas
Kostas

Reputation: 1883

Invalid signature when signing an existing signature field with CoSign SAPI

I am having a pdf with multiple signature fields. I am using iTextSharp in order to create the pdf with the signature fields and I am trying to sign each signature field with the CoSign SAPI. When I append the signature object from the response of the call, the signature is invalid.

Below is an example of the code I use in order to sign an existing signature field from a pdf document with many (signature fields):

public void SignDocument(string filePath, string fieldName, string username, string password)
        {
            byte[] fileBuffer = File.ReadAllBytes(filePath);
            DocumentType document = new DocumentType()
            {
                Item = new DocumentTypeBase64Data()
                {
                    Value = fileBuffer,
                    MimeType = "application/pdf"
                }
            };
            ClaimedIdentity claimedIdentity = new ClaimedIdentity()
            {
                Name = new NameIdentifierType()
                {
                    Value = username
                },
                SupportingInfo = new CoSignAuthDataType()
                {
                    LogonPassword = password
                }
            };
            SAPISigFieldSettingsType sigFieldSettings = new SAPISigFieldSettingsType()
            {
                Invisible = true,
                InvisibleSpecified = true,
                X = 145,
                XSpecified = true,
                Y = 125,
                YSpecified = true,
                Width = 160,
                WidthSpecified = true,
                Height = 45,
                HeightSpecified = true,
                Page = 1,
                PageSpecified = true,
                AppearanceMask = 11,
                AppearanceMaskSpecified = true,
                TimeFormat = new TimeDateFormatType()
                {
                    TimeFormat = "hh:mm:ss",
                    DateFormat = "dd/MM/yyyy",
                    ExtTimeFormat = ExtendedTimeFormatEnum.GMT,
                    ExtTimeFormatSpecified = true
                }
            };

            SignRequest signRequest = new SignRequest()
            {
                InputDocuments = new RequestBaseTypeInputDocuments()
                {
                    Items = new DocumentType[] { document }
                },
                OptionalInputs = new RequestBaseTypeOptionalInputs()
                {
                    SignatureType = "http://arx.com/SAPIWS/DSS/1.0/signature-field-sign",
                    ClaimedIdentity = claimedIdentity,
                    SAPISigFieldSettings = sigFieldSettings,
                    ReturnPDFTailOnly = true,
                    ReturnPDFTailOnlySpecified = true,
                    SignatureFieldName = fieldName
                }
            };
            DssSignResult response = _client.DssSign(signRequest);

            if (response.Result.ResultMajor.Equals(SIGN_SUCCESS_RESULT_MAJOR))
            {
                byte[] signatureBuffer = ((DssSignResultSignatureObjectBase64Signature)response.SignatureObject.Item).Value;
                using (var fileStream = new FileStream(filePath, FileMode.Append))
                {
                    fileStream.Write(signatureBuffer, 0, signatureBuffer.Length);
                }
            }
            else
            {
                throw new Exception(response.Result.ResultMessage.Value);
            }
        }

file

This is the file that I want to sign. I am trying to sign the signature field "sig2-9" but the signature is invalid with message "There have been changes made to this document that invalidate the signature". Sorry for not posting the signed document but the certificate owner doesn't want to share his personal information.

signed file

This is the signed file with the invalid signature.

signed file 2

This is a file that I signed with another CoSign api call. This call creates the signature field and signs it, with the same certificate as the "signed file". As you can see the signature in this example is valid. In this example I used the "http://arx.com/SAPIWS/DSS/1.0/signature-field-create-sign" signature type.

Upvotes: 1

Views: 1578

Answers (1)

Aviv Simionovici
Aviv Simionovici

Reputation: 81

Bruno and mkl.

My name is Aviv Simionovici and I am a DSA (DocuSign Signature Appliance) API specialist from DocuSign.

Your code seems fine, although you might forgot the following: 

Req.OptionalInputs.ReturnPDFTailOnlySpecified = true;
Req.OptionalInputs.ReturnPDFTailOnly = true;

For your convenience, here is a function that appends the signature to the PDF:

public bool PDFAttachSignature(string PDFFile, byte[] Signature, bool isDisplayErrorsGUI)
{
   if (Signature == null) return false;
   try
   {
      FileStream f = File.OpenWrite(PDFFile);
      f.Position = f.Length;  //seek to the end of file
      f.Write(Signature, 0, Signature.Length); //write the signature content
      f.Close();
   }
   catch (Exception ex)
   {
      if (isDisplayErrorsGUI)
         MessageBox.Show("Error Attaching the signature\n\nException:\n" + ex.Message, "Error");
         return false;
   }

   return true;
}

The whole visual studio project with the sample is here.

You stated that the signature is not valid when you open the PDF with a PDF viewer. That can also happen due to untrusted certificate in your certificate chain ending in your DSA root certificate. Or because revocation on the certificates on that chain cannot be performed. Please see why the signature is not valid.

Upvotes: 1

Related Questions