如何检查签名文档的数字签名是否由受信任的证书签名?

How to check if digital signature of signed document signed by trusted certificate?

我开发了可以处理 pdf 文档的应用程序,并且我必须了解我的文档是由受信任的签名签署的。 我使用 itextsharp 获取信息,但我不知道如何检查签名的有效性。 

var pdfReader = new PdfReader(document.FilePath);
var acroFields = pdfReader.AcroFields;
var names = acroFields.GetSignatureNames();

    foreach (var name in names)
    {
         var signatureName = name as string;
         var pk = acroFields.VerifySignature(signatureName);
         var signatureIsValid = false;
         foreach (var certificate in pk.Certificates)
         {
             signatureIsValid = certificate.IsValidNow; // It just check date
         }
    }

下面屏幕上的文档有两个数字签名,但他们没有使用受信任的证书进行签名。我必须向用户显示一些类似的消息。

为了检查受信任的权限,您需要有受信任的 CA 证书来检查。如果你有一个,你可以使用这样的代码来检查证书是否来自你期望的可信机构:

    X509Certificate2 authorityCert = GetAuthorityCertificate();
    X509Certificate2 certificateToCheck = GetYourCertificate();

    X509Chain chain = new X509Chain();
    chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
    chain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
    chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
    chain.ChainPolicy.VerificationTime = DateTime.Now;
    chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 0);

    //Adding your CA root to the chain
    chain.ChainPolicy.ExtraStore.Add(authorityCert);

    bool isChainValid = chain.Build(certificateToCheck);
    if (!isChainValid)
    {
        //Ok, let c what is wrong...
        string[] errors = chain.ChainStatus
            .Select(m => $"{m.StatusInformation.Trim()}, status: {m.Status}")
            .ToArray();

        string certificateErrors = "Error occured during checking certificate.";
        if (errors != null && errors.Length > 0)
            certificateErrors = string.Join(" \n", errors);

        throw new ApplicationException("Trust chain is not from known authority. Errors: " + certificateErrors);
    }

    //Let see if our chain actually contains known root, for which you are cheking
    if (!chain.ChainElements
        .Cast<X509ChainElement>()
        .Any(m => m.Certificate.Thumbprint == authorityCert.Thumbprint))
        throw new ApplicationException("Could not locate CA root!Thumbprints did not match.");