Error al activar LTV TimeStamp iTextSharp c#

Question:

I am currently programming a digital signer in C# with library iTextSharp . Initially, the signer did the task correctly, since he signed the document, requested the pin, etc. Everything was fine, until they asked me to sign and also activate LTV , which in this case uses PAdES .

The document to be signed is a PDF, which must bear a TSA mark, in one instance what I do is ITSAClient t = new TSAClientBouncyCastle("miURL");

So far things were going well.
But when I try to add the LTV as follows

MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, t, 0, CryptoStandard.CADES);
LtvVerification v = pdfStamper.LtvVerification;

LtvTimestamp.Timestamp(signatureAppearance, t, null);

And he sends me a message that says

Document already pre closed

Can you help me please?

I attach the code:

public void firmarDocumentoDosTres(X509Certificate2 cert, String src, String dest, Org.BouncyCastle.X509.X509Certificate[] chain2, CryptoStandard subfilter, ITSAClient tsa)

    {
        PdfReader reader = new PdfReader(src);
        FileStream os = new FileStream(dest, FileMode.Create);
        PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0',null, true);

        PdfSignatureAppearance appearance = stamper.SignatureAppearance;
        appearance.SetVisibleSignature(new iTextSharp.text.Rectangle(10, 20, 100, 200), 1, "sig");

        string strTSA = System.Configuration.ConfigurationSettings.AppSettings["rutaTSA"];

        ITSAClient t = new TSAClientBouncyCastle(strTSA);
        ICrlClient crlClient = new CrlClientOnline(chain2);
        IOcspClient ocspClient = new OcspClientBouncyCastle();
        iTextSharp.text.pdf.security.IExternalSignature signature = new X509Certificate2Signature(cert, "SHA-256");

        MakeSignature.SignDetached(appearance, signature, chain2, null, null, tsa, 0, subfilter);

        stamper.Close();

        LTVSolicitudaddLtvY(dest, dest + ".sig.pdf", ocspClient, crlClient, t);
    }

and the call to the LTV aggregate

public void LTVSolicitudaddLtvY(String src, String dest, IOcspClient ocsp, ICrlClient crl, ITSAClient tsa) 
    {

        PdfReader r = new PdfReader(src);
        FileStream fos = new FileStream(dest, FileMode.Create);

        PdfStamper stp = PdfStamper.CreateSignature(r, fos, '\0', null, true);


        LtvVerification v = stp.LtvVerification;
        AcroFields fields = stp.AcroFields;
        List<String> names = fields.GetSignatureNames();
        String sigName = names[names.Count - 1];
        PdfPKCS7 pkcs7 = fields.VerifySignature(sigName);
        if (pkcs7.IsTsp)
        {
            v.AddVerification(sigName, ocsp, crl,
                LtvVerification.CertificateOption.SIGNING_CERTIFICATE,
                LtvVerification.Level.OCSP_CRL,
                LtvVerification.CertificateInclusion.NO);
        }
        else
        {
            foreach (String name in names) 
            {
                v.AddVerification(name, ocsp, crl,
                    LtvVerification.CertificateOption.WHOLE_CHAIN,
                    LtvVerification.Level.OCSP_CRL,
                    LtvVerification.CertificateInclusion.NO);
            }
        }
        PdfSignatureAppearance sap = stp.SignatureAppearance;
        LtvTimestamp.Timestamp(sap, tsa, null);
    }

What this code does is activate the LTV , however what it does is add a new signature, and what it requires is to activate the LTV to the existing one.

Answer:

Your code is creating a new digital signature, because that's what it was designed for:

 PdfStamper stp = PdfStamper.CreateSignature(r, fos, '\0', null, true);

If what you wanted to do was add LTV (Long Term Validation / Long Term Validation) to an existing signature, what you have to do is go through the signatures already present in the input PDF file.

This SO post in English has examples of how to do what you want:

How to add LTV to a timestamp of a digital signature? (in a PDF using iText)

Scroll to Top