Adobe Sign 的 PDF 签名验证

Question

I have a pdf file that is being signed by the Adobe Sign. However, i am not able to verify/validate the signature using the ABCPdf. I guess i am missing Root Certificate for that. How can i find root certificate for Adobe Sign. I have root certificate for all the other providers like Digicert, Global sign. Also, all the other signature providers are working fine.

if ((signature.Validate(collection)) && (!signature.IsModified))
        {
            isValid = true;
        }
        try
        {
            isValid = signature.Validate();
        }
        catch (WebSupergoo.ABCpdf11.Internal.PDFException)
        {
            return ESignedStatus.SignedTempered;
        }

        var certs = signature.GetCertificates();

        if (!signature.IsTrusted)
            return ESignedStatus.SignedUnverified;
        else if (!isValid)
            return ESignedStatus.SignedTempered;

Answer 1

I believe your answer is here: https://www.websupergoo.com/helppdfnet/source/6-abcpdf.objects/signature/1-methods/validate.htm

How does Adobe Reader validate a PDF document without certificate files?

You may find that Adobe Reader does not need a list of certificate files to validate PDF documents. This is because Adobe Reader may use several built-in Public Key Infrastructure hierarchies to certify PDF documents:

Certified Document Services (CDS) is a trust hierarchy that chains back to the Adobe Root Certification Authority (Adobe Root CA). Adobe Approved Trust List (AATL) is an extra list of CA certificates that Adobe Reader may download from Adobe periodically (for Adobe Reader/Acrobat 9 or later). The Windows Certificate Store. This is only true if Windows digital signature integration is enabled in Acrobat, which has not been the default since Acrobat 9. In order to validate a PDF document the same way Adobe Reader does, you need to use the same certificates it uses. This can be easily achieved by exporting the trusted identities from Adobe Reader to .cer format certificate files. (Note: CDS and AATL certificates are usually not in your Windows Certificate Store by default.).

These then need to be placed in the Windows Certificate Store. For them to be trusted they need to be in one of the Trusted folder - Trusted People or Trusted Root Certification Authorities. Needless to say, adding items to these folders - particularly the latter - is a big deal and you must be very careful to ensure you know what you are doing.

The Windows Certificate Store can be accessed by using System.Security.Cryptography.X509Certificates.X509Store (examples below).

To export it from Acrobat / Acrobat Reader: