Table of Contents

Class PdfSignatureValidator

Namespace
SimpleSign.PAdES.Validation
Assembly
SimpleSign.PAdES.dll

PAdES signature validation engine. Orchestrates integrity, cryptographic, chain, and revocation verification by delegating to focused verifier classes.

public sealed class PdfSignatureValidator : IPdfSignatureValidator
Inheritance
PdfSignatureValidator
Implements
Inherited Members

Examples

var validator = new PdfSignatureValidator(new ValidationOptions
{
    CheckRevocation = true,
    TrustSystemRoots = true,
});
var results = await validator.ValidateAsync(File.OpenRead("signed.pdf"));
foreach (var r in results)
    Console.WriteLine($"{r.FieldName}: Valid={r.IsValid}, Signer={r.SignerName}");

Constructors

PdfSignatureValidator(IHttpClientProvider, IRevocationChecker, ValidationOptions?, ILogger<PdfSignatureValidator>?, IEnumerable<ITrustAnchorProvider>?, IEnumerable<IChainValidationProvider>?, ICertificateChainService?, ICryptoVerifier?, IIntegrityVerifier?, ICmsParser?, ITimestampValidator?)

Creates a validator with injected revocation checker and trust anchor providers. This is the recommended constructor when using DI.

public PdfSignatureValidator(IHttpClientProvider httpClientProvider, IRevocationChecker revocationChecker, ValidationOptions? options = null, ILogger<PdfSignatureValidator>? logger = null, IEnumerable<ITrustAnchorProvider>? trustAnchorProviders = null, IEnumerable<IChainValidationProvider>? chainValidationProviders = null, ICertificateChainService? certChainService = null, ICryptoVerifier? cryptoVerifier = null, IIntegrityVerifier? integrityVerifier = null, ICmsParser? cmsParser = null, ITimestampValidator? timestampValidator = null)

Parameters

httpClientProvider IHttpClientProvider
revocationChecker IRevocationChecker
options ValidationOptions
logger ILogger<PdfSignatureValidator>
trustAnchorProviders IEnumerable<ITrustAnchorProvider>
chainValidationProviders IEnumerable<IChainValidationProvider>
certChainService ICertificateChainService
cryptoVerifier ICryptoVerifier
integrityVerifier IIntegrityVerifier
cmsParser ICmsParser
timestampValidator ITimestampValidator

PdfSignatureValidator(IHttpClientProvider, ValidationOptions?, ILogger<PdfSignatureValidator>?)

Creates a validator using a custom IHttpClientProvider. Use this in ASP.NET Core to integrate with IHttpClientFactory.

public PdfSignatureValidator(IHttpClientProvider httpClientProvider, ValidationOptions? options = null, ILogger<PdfSignatureValidator>? logger = null)

Parameters

httpClientProvider IHttpClientProvider
options ValidationOptions
logger ILogger<PdfSignatureValidator>

PdfSignatureValidator(IHttpClientProvider, ValidationOptions?, ILogger<PdfSignatureValidator>?, IEnumerable<ICountryExtension>?)

Creates a validator from one or more ICountryExtension packages, using a custom IHttpClientProvider.

public PdfSignatureValidator(IHttpClientProvider httpClientProvider, ValidationOptions? options, ILogger<PdfSignatureValidator>? logger, IEnumerable<ICountryExtension>? countryExtensions)

Parameters

httpClientProvider IHttpClientProvider
options ValidationOptions
logger ILogger<PdfSignatureValidator>
countryExtensions IEnumerable<ICountryExtension>

PdfSignatureValidator(IHttpClientProvider, ValidationOptions?, ILogger<PdfSignatureValidator>?, IEnumerable<ITrustAnchorProvider>?, IEnumerable<IChainValidationProvider>?)

Creates a validator with explicit trust anchor and chain validation providers, using a custom IHttpClientProvider.

public PdfSignatureValidator(IHttpClientProvider httpClientProvider, ValidationOptions? options, ILogger<PdfSignatureValidator>? logger, IEnumerable<ITrustAnchorProvider>? trustAnchorProviders, IEnumerable<IChainValidationProvider>? chainValidationProviders = null)

Parameters

httpClientProvider IHttpClientProvider
options ValidationOptions
logger ILogger<PdfSignatureValidator>
trustAnchorProviders IEnumerable<ITrustAnchorProvider>
chainValidationProviders IEnumerable<IChainValidationProvider>

PdfSignatureValidator(ValidationOptions?, HttpClient?, ILogger<PdfSignatureValidator>?)

public PdfSignatureValidator(ValidationOptions? options = null, HttpClient? httpClient = null, ILogger<PdfSignatureValidator>? logger = null)

Parameters

options ValidationOptions

Validation options. If null, uses Default.

httpClient HttpClient

HttpClient instance for OCSP/CRL calls. In ASP.NET Core, inject via IHttpClientFactory.CreateClient() to avoid socket exhaustion. If null, uses a shared static instance with a 30-second timeout.

logger ILogger<PdfSignatureValidator>

Optional logger for structured diagnostics.

PdfSignatureValidator(ValidationOptions?, HttpClient?, ILogger<PdfSignatureValidator>?, IEnumerable<ICountryExtension>?)

Creates a validator from one or more ICountryExtension packages. Each extension contributes its trust anchors and chain validation providers automatically. This is the recommended way to enable country-specific validation (e.g., ICP-Brasil, eIDAS).

public PdfSignatureValidator(ValidationOptions? options, HttpClient? httpClient, ILogger<PdfSignatureValidator>? logger, IEnumerable<ICountryExtension>? countryExtensions)

Parameters

options ValidationOptions
httpClient HttpClient
logger ILogger<PdfSignatureValidator>
countryExtensions IEnumerable<ICountryExtension>

PdfSignatureValidator(ValidationOptions?, HttpClient?, ILogger<PdfSignatureValidator>?, IEnumerable<ITrustAnchorProvider>?, IEnumerable<IChainValidationProvider>?)

Creates a validator with explicit trust anchor and chain validation providers. Use this to register country-specific root CA bundles and validation rules (e.g., ICP-Brasil, Gov.br).

public PdfSignatureValidator(ValidationOptions? options, HttpClient? httpClient, ILogger<PdfSignatureValidator>? logger, IEnumerable<ITrustAnchorProvider>? trustAnchorProviders, IEnumerable<IChainValidationProvider>? chainValidationProviders = null)

Parameters

options ValidationOptions
httpClient HttpClient
logger ILogger<PdfSignatureValidator>
trustAnchorProviders IEnumerable<ITrustAnchorProvider>
chainValidationProviders IEnumerable<IChainValidationProvider>

Methods

ValidateAsync(Stream, string?, CancellationToken)

Validates all signatures present in the PDF.

public Task<IReadOnlyList<SignatureValidationResult>> ValidateAsync(Stream pdfStream, string? operationId = null, CancellationToken cancellationToken = default)

Parameters

pdfStream Stream
operationId string
cancellationToken CancellationToken

Returns

Task<IReadOnlyList<SignatureValidationResult>>

Exceptions

ArgumentNullException

pdfStream is null.

InvalidDataException

The PDF is malformed or unreadable.

EncryptedPdfException

The PDF is encrypted.

ValidateBatchAsync(IEnumerable<(Stream Stream, string? Identifier)>, int, string?, CancellationToken)

Validates multiple PDFs in parallel with configurable concurrency.

public Task<IReadOnlyList<BatchValidationResult>> ValidateBatchAsync(IEnumerable<(Stream Stream, string? Identifier)> items, int maxConcurrency = 4, string? operationId = null, CancellationToken cancellationToken = default)

Parameters

items IEnumerable<(Stream Stream, string Identifier)>

Sequence of (Stream, Identifier) tuples. Streams must be seekable. The identifier is optional and used for logging/reporting.

maxConcurrency int

Maximum parallel validations. Default: 4.

operationId string

Optional correlation ID for log messages.

cancellationToken CancellationToken

Cancellation token.

Returns

Task<IReadOnlyList<BatchValidationResult>>

Exceptions

ArgumentNullException

items is null.

ArgumentOutOfRangeException

maxConcurrency is less than 1.

ValidateFieldAsync(Stream, string, CancellationToken)

Validates a single signature by field name.

public Task<SignatureValidationResult?> ValidateFieldAsync(Stream pdfStream, string fieldName, CancellationToken cancellationToken = default)

Parameters

pdfStream Stream
fieldName string
cancellationToken CancellationToken

Returns

Task<SignatureValidationResult>

Exceptions

ArgumentNullException

pdfStream is null.

ArgumentException

fieldName is null or whitespace.

InvalidDataException

The PDF is malformed or unreadable.

EncryptedPdfException

The PDF is encrypted.