iText7 C#检查PDF在签名后被锁定答案

【问题标题】：iText7 C# Check PDF was locked after signatureiText7 C#检查PDF在签名后被锁定
【发布时间】：2019-10-15 14:35:31
【问题描述】：

您好，我也在尝试检查 PDF 文件是否在使用 iText7 .Net 签名后被锁定。我们当前的版本是：7.1.8

目前我正在尝试一些代码，但这并没有回应我的研究：

try
{
    //GET READER 
    PdfReader reader = new PdfReader(pdfModeleFile);
    if (reader != null)
    {
        //GET DOCUMENT 
        PdfDocument pdfDoc = new PdfDocument(reader);
        if (pdfDoc != null)
        {
            //GET FORM
            PdfAcroForm form = PdfAcroForm.GetAcroForm(pdfDoc, false);
            int signState = form.GetSignatureFlags();
            if (signState == 3)
            {
                //GET SIGNATURE
                SignatureUtil signatureUtil = new SignatureUtil(pdfDoc);
                List<string> signNamePdfAllField = signatureUtil.GetSignatureNames().ToList();
                List<string> signNamePdfBlankField = signatureUtil.GetBlankSignatureNames().ToList();
                SignaturePermissions perms = null;

                if ((signNamePdfAllField.Count() > 0 && signNamePdfBlankField.Count() == 0)){
                    //SIGNATURE WAS OK (ALL SIGNATURE WAS PUT)
                }
                else {
                    //ONE OR MORE SIGNATURE WAS MISING
                }
            }
            else
            {
                //SIGNATURE STATE OFF CURRENT PDF WAS NOT OK
            }
        }
        else
        {
            //PDF FILE HAVE NOT FORM
        }
    }
    else
    {
        //PDF FILE HAVE SOME PROBLEM
    }
}
catch (Exception e)
{
    //PDF FILE HAVE SOME PROBLEM
}

为了解释我正在搜索解决方案以获取此信息（例如在 pdf adobe 阅读器上）：

提前谢谢你。

【问题讨论】：

您很可能应该检查签名是否具有 DocMDP 或 FieldMDP 转换参数以及 P 值 1 .
嗨@mkl 感谢您的及时回复您所说的“MDP”？我不知道。因为我的 PDF 没有密码，只有签名并锁定所有字段。
MDP 代表Modification Detection and Prevention，与密码无关。它本质上是 pdf 签名的机制，用于表示在给定签名字段签名后应允许对文档进行哪些更改。

标签： c# itext itext7

【解决方案1】：

通过签名的MDP（Modification Detection and Prevention）信息来表示签名后对文档的锁定。 iText 没有针对这些信息的显式 getter，但您可以使用通用的低级 getter 访问它们。

例如以下代码打印PdfDocument pdfDocument的签名的MDP信息：

SignatureUtil signatureUtil = new SignatureUtil(pdfDocument);
foreach (string name in signatureUtil.GetSignatureNames())
{
    Console.WriteLine("\nInspecting signature '{0}':", name);
    PdfDictionary dict = signatureUtil.GetSignatureDictionary(name);

    PdfArray referenceArray = dict.GetAsArray(PdfName.Reference);
    if (referenceArray == null | referenceArray.Size() == 0)
    {
        Console.WriteLine("The signature does not apply a transform.");
        continue;
    }

    foreach (PdfObject referenceArrayObject in referenceArray)
    {
        PdfObject referenceObject = referenceArrayObject;
        if (referenceObject.IsIndirectReference())
            referenceObject = ((PdfIndirectReference)referenceObject).GetRefersTo(true);
        if (referenceObject.IsIndirectReference())
        {
            Console.WriteLine("A transform is too deeply nested.");
            continue;
        }
        if (!referenceObject.IsDictionary())
        {
            Console.WriteLine("A transform is not a dictionary.");
            continue;
        }
        PdfDictionary reference = (PdfDictionary)referenceObject;

        PdfName method = reference.GetAsName(PdfName.TransformMethod);
        if (method == null)
        {
            Console.WriteLine("The signature does not provide the name of its transform method. (Invalid!)");
            continue;
        }
        if (new PdfName("UR").Equals(method))
        {
            Console.WriteLine("The signature is a usage rights signature.");
            continue;
        }
        if (PdfName.DocMDP.Equals(method))
        {
            Console.WriteLine("The signature has a DocMDP transform method, it is a certification signature.");
        }
        else if (PdfName.FieldMDP.Equals(method))
        {
            Console.WriteLine("The signature has a FieldMDP transform method.");
        }
        else
        {
            Console.WriteLine("The signature has the unknown '{0}' transform method. (Invalid!)", method);
            continue;
        }

        PdfDictionary transformParams = reference.GetAsDictionary(PdfName.TransformParams);
        if (transformParams == null)
        {
            Console.WriteLine("The transform has no parameters. (Invalid!)");
            continue;
        }

        PdfName action = transformParams.GetAsName(PdfName.Action);
        if (action != null)
        {
            if (PdfName.All.Equals(action))
            {
                Console.WriteLine("The transform locks all form fields.");
            }
            else
            {
                PdfArray fields = transformParams.GetAsArray(PdfName.Fields);
                if (PdfName.Include.Equals(action))
                {
                    if (fields == null)
                        Console.WriteLine("The transform locks all listed form fields but does not provide the list. (Invalid!)");
                    else
                        Console.WriteLine("The transform locks all the listed form fields: {0}", fields);
                }
                else if (PdfName.Exclude.Equals(action))
                {
                    if (fields == null)
                        Console.WriteLine("The transform locks all except listed form fields but does not provide the list. (Invalid!)");
                    else
                        Console.WriteLine("The transform locks all except the listed form fields: {0}", fields);
                }
                else
                {
                    Console.WriteLine("The transform uses the unknown action '{0}' for field locking. (Invalid!)", action);
                }
            }
        }

        PdfNumber p = transformParams.GetAsNumber(PdfName.P);
        if (p != null)
        {
            switch (p.IntValue())
            {
                case 1:
                    Console.WriteLine("The transform locks the document entirely.");
                    break;
                case 2:
                    Console.WriteLine("The transform restricts document manipulation to at most filling in forms, instantiating page templates, and signing.");
                    break;
                case 3:
                    Console.WriteLine("The transform restricts document manipulation to at most filling in forms, instantiating page templates, and signing, as well as annotation creation, deletion, and modification.");
                    break;
                default:
                    Console.WriteLine("The transform access permissions value is unknown: {0}. (Invalid!)", p.IntValue());
                    break;
            }
            Console.WriteLine("In a PAdES or PDF-2 context, addition of validation related information and proofs of existence is additionally allowed.");
        }
    }
}

您似乎对 P 值 1 的 "The transform locks the document entirely." 输出最感兴趣。

有关背景知识，请研究 PDF 规范 ISO 32000-1 和 ISO 32000-2 以及 Adobe 和 ETSI 扩展。

Java 等效项可以在CheckMdpTransformations 测试testShowMdpForStep4SignedByAliceBobCarolAndDave 中找到。

【讨论】：

嗨@mkl 感谢您的示例，它工作正常。谢谢。