Objective-C
Objective-C
Validate PDF Signatures
See more PDF Signatures Examples
This example demonstrates how to validate the signatures in a PDF and also shows how to get information from each signature.Note: This example requires Chilkat v9.5.0.85 or greater.
Chilkat Objective-C Downloads
#import <CkoPdf.h>
#import <CkoJsonObject.h>
#import <CkoDtObj.h>
#import <NSString.h>
BOOL success = NO;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
CkoPdf *pdf = [[CkoPdf alloc] init];
// Load a PDF that has cryptographic signatures to be validated
success = [pdf LoadFile: @"qa_data/pdf/sign_testing_1/helloSigned2.pdf"];
if (success == NO) {
NSLog(@"%@",pdf.LastErrorText);
return;
}
// Each time we verify a signature, information about the signature is written into
// sigInfo (replacing whatever sigInfo previously contained).
CkoJsonObject *sigInfo = [[CkoJsonObject alloc] init];
sigInfo.EmitCompact = NO;
// Iterate over each signature and validate each.
int numSignatures = [pdf.NumSignatures intValue];
BOOL validated = NO;
int i = 0;
while (i < numSignatures) {
validated = [pdf VerifySignature: [NSNumber numberWithInt: i] sigInfo: sigInfo];
NSLog(@"%@%d%@%d",@"Signature ",i,@" validated: ",validated);
NSLog(@"%@",[sigInfo Emit]);
i = i + 1;
}
NSLog(@"%@",@"Finished.");
// When VerifySignature validates a signature, a lot of information is deposited into the JSON sigInfo object.
// The information can vary depending on what was included in the signature (for example, various authenticated attributes
// and unauthenticated attributes may or may not be included).
// Here is a sample of the information you'll see.
//
// The following online tool can be used to generate code to parse any given JSON.
// Generate Parsing Code from JSON
// {
// "validated": true,
// "signatureDictionary": { <--- This is the contents of the PDF Signature Dictionary for this signature.
// "/ByteRange": [
// 0,
// 154682,
// 170512,
// 3233
// ],
// "/Contents": "<hex_data>",
// "/Filter": "/Adobe.PPKLite", <--- The meaning of the Signature Dictionary entries are defined in the PDF format specification document.
// "/M": "D:20201006110216-05'00'",
// "/Name": "yubikey rsa 1024 authentication",
// "/Prop_Build": {
// "/App": {
// "/Name": "/Adobe#20Acrobat#20Pro#20DC",
// "/OS": [
// "/Win"
// ],
// "/R": 1313792,
// "/REx": "2020.012.20048",
// "/TrustedMode": true
// },
// "/Filter": {
// "/Date": "Sep 11 2020 16:30:54",
// "/Name": "/Adobe.PPKLite",
// "/R": 131104,
// "/V": 2
// },
// "/PubSec": {
// "/Date": "Sep 11 2020 16:30:54",
// "/NonEFontNoWarn": true,
// "/R": 131105
// }
// },
// "/SubFilter": "/adbe.pkcs7.detached",
// "/Type": "/Sig"
// },
// "pkcs7": { <--- This is the content of the CMS signature.
// "verify": {
// "certs": [ <--- Each signing certificate is listed here (by issuer common name and signing cert's serail number (in hex))
// {
// "issuerCN": "yubikey rsa 1024 authentication",
// "serial": "66BE58138D761E92BC594A722932657BE26D421F"
// }
// ],
// "digestAlgorithms": [
// "sha256"
// ],
// "signerInfo": [ <--- contains data from each SignerInfo
// {
// "cert": {
// "serialNumber": "66BE58138D761E92BC594A722932657BE26D421F",
// "issuerCN": "yubikey rsa 1024 authentication",
// "digestAlgOid": "2.16.840.1.101.3.4.2.1",
// "digestAlgName": "SHA256"
// },
// "contentType": "1.2.840.113549.1.7.1",
// "messageDigest": "btQOuSEvC31mdRFHtyEUPw8R9NuKfk0XPcQ6Lcmn6pk=",
// "signingAlgOid": "1.2.840.113549.1.1.11",
// "signingAlgName": "RSA-SHA256-PKCSV-1_5",
// "authAttr": { <--- CMS authenticated attributes are contained here.
// "1.2.840.113583.1.1.8": {
// "der": "MAA="
// },
// "1.2.840.113549.1.9.3": {
// "name": "contentType",
// "oid": "1.2.840.113549.1.7.1"
// },
// "1.2.840.113549.1.9.4": {
// "name": "messageDigest",
// "digest": "btQOuSEvC31mdRFHtyEUPw8R9NuKfk0XPcQ6Lcmn6pk="
// }
// },
// "unauthAttr": { <--- CMS unauthenticated attributes are contained here.
// "1.2.840.113549.1.9.16.2.14": {
// "name": "timestampToken",
// "der": "MIIOvAYJKo ... Es/70g=",
// "verify": {
// "digestAlgorithms": [
// "sha256"
// ],
// "signerInfo": [
// {
// "cert": {
// "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D",
// "issuerCN": "DigiCert SHA2 Assured ID Timestamping CA",
// "digestAlgOid": "2.16.840.1.101.3.4.2.1",
// "digestAlgName": "SHA256"
// },
// "contentType": "1.2.840.113549.1.9.16.1.4",
// "signingTime": "201006160423Z",
// "messageDigest": "Atv5Rj3kidB8IR6CplYiX3o6De/k8SC6JJ6uUPAGO0g=",
// "signingAlgOid": "1.2.840.113549.1.1.1",
// "signingAlgName": "RSA-PKCSV-1_5",
// "authAttr": {
// "1.2.840.113549.1.9.3": {
// "name": "contentType",
// "oid": "1.2.840.113549.1.9.16.1.4"
// },
// "1.2.840.113549.1.9.5": {
// "name": "signingTime",
// "utctime": "201006160423Z"
// },
// "1.2.840.113549.1.9.16.2.12": {
// "name": "signingCertificate",
// "der": "MBowGDAWBBQDJb1QXtqWMC3CL0+gHkwovig0xQ=="
// },
// "1.2.840.113549.1.9.4": {
// "name": "messageDigest",
// "digest": "Atv5Rj3kidB8IR6CplYiX3o6De/k8SC6JJ6uUPAGO0g="
// }
// }
// }
// ]
// },
// "timestampSignatureVerified": true,
// "tstInfo": {
// "tsaPolicyId": "2.16.840.1.114412.7.1",
// "messageImprint": {
// "hashAlg": "sha256",
// "digest": "gLJtrRWUSDfjzDkF1MfWG1wyHA6FrUJLkWMGRG+eMlA=",
// "digestMatches": true
// },
// "serialNumber": "00CE57E1113970607EF63B1D1160545321",
// "genTime": "20201006160423Z"
// }
// }
// }
// }
// ],
// "pkcs7": {
// "verify": {
// "certs": [
// {
// "issuerCN": "DigiCert SHA2 Assured ID Timestamping CA",
// "serial": "04CD3F8568AE76C61BB0FE7160CCA76D"
// },
// {
// "issuerCN": "DigiCert Assured ID Root CA",
// "serial": "0AA125D6D6321B7E41E405DA3697C215"
// }
// ]
// }
// }
// }
// }
// }
// **** The point of this code is to show how to get at each desired piece of information contained in the signature.
// **** If your signature contains additional information not shown here, then you can use the online tool to generate the parse code.
// **** It is likely you're only interested in a few items of information, and therefore you wouldn't copy all of this code, but might
// **** choose to use bits and pieces to get the information you find important.
CkoJsonObject *json = [[CkoJsonObject alloc] init];
// Imagine that the "json" object contains the information obtained by validating a signature...
// The code below was generated using the online tool: Generate Parsing Code from JSON
CkoDtObj *unauthAttrTimestampTokenTstInfoGenTime = [[CkoDtObj alloc] init];
CkoDtObj *signingTime = [[CkoDtObj alloc] init];
CkoDtObj *authAttrSigningTimeUtctime = [[CkoDtObj alloc] init];
int intVal;
NSString *strVal = 0;
NSString *issuerCN = 0;
NSString *serial = 0;
NSString *certSerialNumber = 0;
NSString *certIssuerCN = 0;
NSString *certDigestAlgOid = 0;
NSString *certDigestAlgName = 0;
NSString *contentType = 0;
NSString *messageDigest = 0;
NSString *signingAlgOid = 0;
NSString *signingAlgName = 0;
NSString *authAttr1_2_840_113583_1_1_8Der = 0;
NSString *authAttrContentTypeName = 0;
NSString *authAttrContentTypeOid = 0;
NSString *authAttrMessageDigestName = 0;
NSString *authAttrMessageDigestDigest = 0;
NSString *unauthAttrTimestampTokenName = 0;
NSString *unauthAttrTimestampTokenDer = 0;
BOOL unauthAttrTimestampTokenTimestampSignatureVerified;
NSString *unauthAttrTimestampTokenTstInfoTsaPolicyId = 0;
NSString *unauthAttrTimestampTokenTstInfoMessageImprintHashAlg = 0;
NSString *unauthAttrTimestampTokenTstInfoMessageImprintDigest = 0;
BOOL unauthAttrTimestampTokenTstInfoMessageImprintDigestMatches;
NSString *unauthAttrTimestampTokenTstInfoSerialNumber = 0;
int j;
int count_j;
NSString *authAttrSigningTimeName = 0;
NSString *authAttrSigningCertificateName = 0;
NSString *authAttrSigningCertificateDer = 0;
validated = [json BoolOf: @"validated"];
NSString *signatureDictionary_Contents = [json StringOf: @"signatureDictionary./Contents"];
NSString *signatureDictionary_Filter = [json StringOf: @"signatureDictionary./Filter"];
NSString *signatureDictionary_M = [json StringOf: @"signatureDictionary./M"];
NSString *signatureDictionary_Name = [json StringOf: @"signatureDictionary./Name"];
NSString *signatureDictionary_Prop_Build_App_Name = [json StringOf: @"signatureDictionary./Prop_Build./App./Name"];
int signatureDictionary_Prop_Build_App_R = [[json IntOf: @"signatureDictionary./Prop_Build./App./R"] intValue];
NSString *signatureDictionary_Prop_Build_App_REx = [json StringOf: @"signatureDictionary./Prop_Build./App./REx"];
BOOL signatureDictionary_Prop_Build_App_TrustedMode = [json BoolOf: @"signatureDictionary./Prop_Build./App./TrustedMode"];
NSString *signatureDictionary_Prop_Build_Filter_Date = [json StringOf: @"signatureDictionary./Prop_Build./Filter./Date"];
NSString *signatureDictionary_Prop_Build_Filter_Name = [json StringOf: @"signatureDictionary./Prop_Build./Filter./Name"];
int signatureDictionary_Prop_Build_Filter_R = [[json IntOf: @"signatureDictionary./Prop_Build./Filter./R"] intValue];
int signatureDictionary_Prop_Build_Filter_V = [[json IntOf: @"signatureDictionary./Prop_Build./Filter./V"] intValue];
NSString *signatureDictionary_Prop_Build_PubSec_Date = [json StringOf: @"signatureDictionary./Prop_Build./PubSec./Date"];
BOOL signatureDictionary_Prop_Build_PubSec_NonEFontNoWarn = [json BoolOf: @"signatureDictionary./Prop_Build./PubSec./NonEFontNoWarn"];
int signatureDictionary_Prop_Build_PubSec_R = [[json IntOf: @"signatureDictionary./Prop_Build./PubSec./R"] intValue];
NSString *signatureDictionary_SubFilter = [json StringOf: @"signatureDictionary./SubFilter"];
NSString *signatureDictionary_Type = [json StringOf: @"signatureDictionary./Type"];
i = 0;
int count_i = [[json SizeOfArray: @"signatureDictionary./ByteRange"] intValue];
while (i < count_i) {
json.I = [NSNumber numberWithInt: i];
intVal = [[json IntOf: @"signatureDictionary./ByteRange[i]"] intValue];
i = i + 1;
}
i = 0;
count_i = [[json SizeOfArray: @"signatureDictionary./Prop_Build./App./OS"] intValue];
while (i < count_i) {
json.I = [NSNumber numberWithInt: i];
strVal = [json StringOf: @"signatureDictionary./Prop_Build./App./OS[i]"];
i = i + 1;
}
i = 0;
count_i = [[json SizeOfArray: @"pkcs7.verify.certs"] intValue];
while (i < count_i) {
json.I = [NSNumber numberWithInt: i];
issuerCN = [json StringOf: @"pkcs7.verify.certs[i].issuerCN"];
serial = [json StringOf: @"pkcs7.verify.certs[i].serial"];
i = i + 1;
}
i = 0;
count_i = [[json SizeOfArray: @"pkcs7.verify.digestAlgorithms"] intValue];
while (i < count_i) {
json.I = [NSNumber numberWithInt: i];
strVal = [json StringOf: @"pkcs7.verify.digestAlgorithms[i]"];
i = i + 1;
}
i = 0;
count_i = [[json SizeOfArray: @"pkcs7.verify.signerInfo"] intValue];
while (i < count_i) {
json.I = [NSNumber numberWithInt: i];
certSerialNumber = [json StringOf: @"pkcs7.verify.signerInfo[i].cert.serialNumber"];
certIssuerCN = [json StringOf: @"pkcs7.verify.signerInfo[i].cert.issuerCN"];
certDigestAlgOid = [json StringOf: @"pkcs7.verify.signerInfo[i].cert.digestAlgOid"];
certDigestAlgName = [json StringOf: @"pkcs7.verify.signerInfo[i].cert.digestAlgName"];
contentType = [json StringOf: @"pkcs7.verify.signerInfo[i].contentType"];
messageDigest = [json StringOf: @"pkcs7.verify.signerInfo[i].messageDigest"];
signingAlgOid = [json StringOf: @"pkcs7.verify.signerInfo[i].signingAlgOid"];
signingAlgName = [json StringOf: @"pkcs7.verify.signerInfo[i].signingAlgName"];
authAttr1_2_840_113583_1_1_8Der = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113583.1.1.8\".der"];
authAttrContentTypeName = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.3\".name"];
authAttrContentTypeOid = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.3\".oid"];
authAttrMessageDigestName = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.4\".name"];
authAttrMessageDigestDigest = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.4\".digest"];
unauthAttrTimestampTokenName = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".name"];
unauthAttrTimestampTokenDer = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".der"];
unauthAttrTimestampTokenTimestampSignatureVerified = [json BoolOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".timestampSignatureVerified"];
unauthAttrTimestampTokenTstInfoTsaPolicyId = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".tstInfo.tsaPolicyId"];
unauthAttrTimestampTokenTstInfoMessageImprintHashAlg = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".tstInfo.messageImprint.hashAlg"];
unauthAttrTimestampTokenTstInfoMessageImprintDigest = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".tstInfo.messageImprint.digest"];
unauthAttrTimestampTokenTstInfoMessageImprintDigestMatches = [json BoolOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".tstInfo.messageImprint.digestMatches"];
unauthAttrTimestampTokenTstInfoSerialNumber = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".tstInfo.serialNumber"];
[json DtOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".tstInfo.genTime" bLocal: NO dt: unauthAttrTimestampTokenTstInfoGenTime];
j = 0;
count_j = [[json SizeOfArray: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.digestAlgorithms"] intValue];
while (j < count_j) {
json.J = [NSNumber numberWithInt: j];
strVal = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.digestAlgorithms[j]"];
j = j + 1;
}
j = 0;
count_j = [[json SizeOfArray: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo"] intValue];
while (j < count_j) {
json.J = [NSNumber numberWithInt: j];
certSerialNumber = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo[j].cert.serialNumber"];
certIssuerCN = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo[j].cert.issuerCN"];
certDigestAlgOid = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo[j].cert.digestAlgOid"];
certDigestAlgName = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo[j].cert.digestAlgName"];
contentType = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo[j].contentType"];
[json DtOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo[j].signingTime" bLocal: NO dt: signingTime];
messageDigest = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo[j].messageDigest"];
signingAlgOid = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo[j].signingAlgOid"];
signingAlgName = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo[j].signingAlgName"];
authAttrContentTypeName = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo[j].authAttr.\"1.2.840.113549.1.9.3\".name"];
authAttrContentTypeOid = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo[j].authAttr.\"1.2.840.113549.1.9.3\".oid"];
authAttrSigningTimeName = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo[j].authAttr.\"1.2.840.113549.1.9.5\".name"];
[json DtOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo[j].authAttr.\"1.2.840.113549.1.9.5\".utctime" bLocal: NO dt: authAttrSigningTimeUtctime];
authAttrSigningCertificateName = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo[j].authAttr.\"1.2.840.113549.1.9.16.2.12\".name"];
authAttrSigningCertificateDer = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo[j].authAttr.\"1.2.840.113549.1.9.16.2.12\".der"];
authAttrMessageDigestName = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo[j].authAttr.\"1.2.840.113549.1.9.4\".name"];
authAttrMessageDigestDigest = [json StringOf: @"pkcs7.verify.signerInfo[i].unauthAttr.\"1.2.840.113549.1.9.16.2.14\".verify.signerInfo[j].authAttr.\"1.2.840.113549.1.9.4\".digest"];
j = j + 1;
}
i = i + 1;
}
i = 0;
count_i = [[json SizeOfArray: @"pkcs7.verify.pkcs7.verify.certs"] intValue];
while (i < count_i) {
json.I = [NSNumber numberWithInt: i];
issuerCN = [json StringOf: @"pkcs7.verify.pkcs7.verify.certs[i].issuerCN"];
serial = [json StringOf: @"pkcs7.verify.pkcs7.verify.certs[i].serial"];
i = i + 1;
}