Inconsistent validation (syncfusion, adobe, xolido & ascertia)
Hi,
Attachment: validation_syncfusion_a3f6a5ac.zip
My use case it's my app must sign pdf files with no previous signatures or with previous sigantures (from other applications like Adobe).
And this signed files with syncfusion maybe could be signed with other applictions after my signature with syncfusion.
Think about that like an application to sing contracts with other parties (sometimes they sing before, sometimes they sign after, and with their favorite applications).
I've tested creating 12 files (with combinations of signatures with Syncfusion, Adobe & Xolido) and then validated this files with Syncfusion, Adobe, Xolido & Ascertia (online).
The results are on this table:
| 1st signature | 2nd signature | filename | Syncfusion validation | Adobe Validation | Xolido validation | ascertia (online verification) |
| ADOBE | only one signature | 1AD | 1 valid | rev1 valid | 1ok | 1 valid |
| ADOBE | ADOBE | 1AD 2AD | 1 valid, 2 valid | rev1 valid, cambios varios, rev2 valid | 1ok 2ok | 1 valid, 2 valid |
| ADOBE | SYNCFUSION | 1AD 2SY | 1 valid, 2 valid | rev1 valid, rev2 valid | 1ok 2ok | 1 valid, 2 valid |
| ADOBE | XOLIDO | 1AD 2XO | 1 INVALID, 2 valid | rev1 valid, cambios varios, rev2 valid | 1ok 2ok | 1 valid, 2 valid |
| SYNCFUSION | only one signature | 1SY | 1 valid | rev1 valid | 1ok | 1 valid |
| SYNCFUSION | ADOBE | 1SY 2AD | 1 INVALID, 2 valid | rev1 valid, cambios varios, rev2 valid | 1ok 2ok | 1 valid, 2 valid |
| SYNCFUSION | SYNCFUSION | 1SY 2SY | 1 valid, 2 valid | rev1 valid, rev2 valid | 1ok 2ok | 1 valid, 2 valid |
| SYNCFUSION | XOLIDO | 1SY 2XO | 1 valid, 2 valid | rev1 error, cambios varios, rev2 valid | 1ok 2ok | 1 valid, 2 valid |
| XOLIDO | only one signature | 1XO | 1 valid | rev1 valid | 1ok | 1 valid |
| XOLIDO | ADOBE | 1XO 2AD | 1 INVALID, 2 valid | rev1 valid, cambios varios, rev2 valid | 1ok 2ok | 1 valid, 2 valid |
| XOLIDO | SYNCFUSION | 1XO 2SY | 1 valid, 2 valid | rev1 valid, rev2 valid | 1ok 2ok | 1 valid, 2 valid |
| XOLIDO | XOLIDO | 1XO 2XO | 1 valid, 2 valid | rev1 valid, rev2 valid | 1ok 2ok | 1 valid, 2 valid |
As you can see, the results are different in three cases (ADXO, SYAD, XOAD)
The validation code is like that:
private void cargaListaFirmas()
{
try
{
lsvFirmas.Items.Clear();
X509CertificateCollection collection = new X509CertificateCollection();
PdfLoadedDocument document = new PdfLoadedDocument(pdfFileName);
if (document.Form != null && document.Form.Fields != null)
foreach (PdfLoadedField field in document.Form.Fields)
{
if (field is PdfLoadedSignatureField)
{
try
{
PdfLoadedSignatureField signatureField = field as PdfLoadedSignatureField;
PdfSignatureValidationResult result = signatureField.ValidateSignature(collection);
SignatureStatus status = result.SignatureStatus;
string subjectName = signatureField.Signature.Certificate.SubjectName;
string issuerName = signatureField.Signature.Certificate.IssuerName;
bool isSignatureValid = result.IsSignatureValid;
string[] subitems = new string[] { subjectName, issuerName,
signatureField.Signature.SignedDate.ToString(),
isSignatureValid.ToString()};
ListViewItem firma = new ListViewItem(subitems, "",
isSignatureValid ? Color.Green : Color.Red, Color.White,
lsvFirmas.Font);
lsvFirmas.Items.Add(firma);
}
catch (Exception excp)
{
// do something
}
}
}
document.Close(true);
}
catch (Exception excp)
{
// do something
return;
}
}
For the cases 1AD2XO, 1SY2AD, 1XO2AD; isSignatureValid is false for the first signature and the reason is {"The document has been altered or corrupted since the signature was applied"}
But the validation with Adobe, Xolido and Ascertia says it's ok.
Attached you can find the 12 files created for test.
Can you help me, please.
Thanks in advance.
Saludos,
Antonio
Attachment: validation_syncfusion_a3f6a5ac.zip
SIGN IN To post a reply.
6 Replies
1 reply marked as answer
SL
Sowmiya Loganathan
Syncfusion Team
June 4, 2020 02:36 PM UTC
Hi Antonio,
Thank you for contacting Syncfusion support.
We were able to reproduce the reported issue “Signature validation is false for the valid signature for the PDF document (caratula 1AD 2XO.pdf, caratula 1SY 2AD.pdf and caratula 1XO 2AD.pdf)” and suspect that this to be a defect. Currently we are validating on this and will update the further details on June 8th, 2020.
Regards,
Sowmiya Loganathan
RB
Ravikumar Baladhandapani
Syncfusion Team
June 8, 2020 03:54 PM UTC
Hi Antonio,
we have confirmed that the issue with “Signature validation is false even if the signature is valid for the particular PDF documents” is a defect. The fix for this issue is estimated to be available on June 15 2020.
Please find the feedback link from below,
Feedback link: https://www.syncfusion.com/feedback/15058/signature-validation-is-false-even-if-the-signature-is-valid-for-the-particular
Note: Can you please share us the product version which you need the patch, so that we will update the patch in the same version.
Regards,
Ravikumar.
AB
Antonio Begines Cerrada
June 8, 2020 04:24 PM UTC
Hi Ravikumar,
Currently i'm using the 18.1460.0.52 version of Syncfusion.Pdf.Base
Saludos,
abc
SL
Sowmiya Loganathan
Syncfusion Team
June 9, 2020 01:08 PM UTC
Hi Antonio,
Thank you for the update.
As promised earlier, we will update the patch for the reported issue in the product version 18.1.0.52 on June 15th, 2020.
Regards,
Sowmiya Loganathan
RB
Ravikumar Baladhandapani
Syncfusion Team
June 15, 2020 04:23 PM UTC
Hi Antonio,
The reported issue “Signature validation is false even if the signature is valid for the particular PDF documents" has been fixed and the patch for this fix can be downloaded from the following location.
Recommended approach - exe will perform automatic configuration
Please find the patch setup from below location:
Advanced approach – use only if you have specific needs and can directly replace existing assemblies for your build environment
Please find the patch assemblies alone from below location:
NuGet packages: http://syncfusion.com/Installs/support/patch/18.1.0.52/6207/F154896/SyncfusionNuget_18.1.0.52_6207_6152020113150832_F154896.zip
Please find the feedback link from below,
Feedback link: https://www.syncfusion.com/feedback/15058/signature-validation-is-false-even-if-the-signature-is-valid-for-the-particular
Assembly Version: 18.1.0.52
Installation Directions :
This patch should replace the files “Syncfusion.Pdf.Base.dll” under the following folder.
$system drive:\ Files\Syncfusion\Essential Studio\$Version # \precompiledassemblies\$Version#\4.6
Eg : $system drive:\Program Files\Syncfusion\Essential Studio\18.1.0.52\precompiledassemblies\18.1.0.52\4.6
To automatically run the Assembly Manager, please check the Run assembly manager checkbox option while installing the patch. If this option is unchecked, the patch will replace the assemblies in precompiled assemblies’ folder only. Then, you will have to manually copy and paste them to the preferred location or you will have to run the Syncfusion Assembly Manager application (available from the Syncfusion Dashboard, installed as a shortcut in the Application menu) to re-install assemblies.
Disclaimer :
Please note that we have created this patch for version 18.1.0.52 specifically to resolve the following issue(s) reported in this/the Forum. 154896
If you have received other patches for the same version for other products, please apply all patches in the order received.
This fix will be included in our 2020 Volume 2 release which will be available by end of June 2020 tentatively.
Regards,
Ravikumar.
Marked as answer
AB
Antonio Begines Cerrada
June 22, 2020 09:41 AM UTC
The fix works fine.
Thanks a lot for your support.
Saludos,
abc
SIGN IN To post a reply.
- 6 Replies
- 3 Participants
- Marked answer
-
AB Antonio Begines Cerrada
- Jun 4, 2020 01:11 AM UTC
- Jun 22, 2020 09:41 AM UTC
