Class PdfSignatureValidator
- Namespace
- SimpleSign.PAdES.Validation
- Assembly
- SimpleSign.PAdES.dll
PAdES signature validation engine. Orchestrates integrity, cryptographic, chain, and revocation verification by delegating to focused verifier classes.
public sealed class PdfSignatureValidator : IPdfSignatureValidator
- Inheritance
-
PdfSignatureValidator
- Implements
- Inherited Members
Examples
var validator = new PdfSignatureValidator(new ValidationOptions
{
CheckRevocation = true,
TrustSystemRoots = true,
});
var results = await validator.ValidateAsync(File.OpenRead("signed.pdf"));
foreach (var r in results)
Console.WriteLine($"{r.FieldName}: Valid={r.IsValid}, Signer={r.SignerName}");
Constructors
PdfSignatureValidator(IHttpClientProvider, IRevocationChecker, ValidationOptions?, ILogger<PdfSignatureValidator>?, IEnumerable<ITrustAnchorProvider>?, IEnumerable<IChainValidationProvider>?, ICertificateChainService?, ICryptoVerifier?, IIntegrityVerifier?, ICmsParser?, ITimestampValidator?)
Creates a validator with injected revocation checker and trust anchor providers. This is the recommended constructor when using DI.
public PdfSignatureValidator(IHttpClientProvider httpClientProvider, IRevocationChecker revocationChecker, ValidationOptions? options = null, ILogger<PdfSignatureValidator>? logger = null, IEnumerable<ITrustAnchorProvider>? trustAnchorProviders = null, IEnumerable<IChainValidationProvider>? chainValidationProviders = null, ICertificateChainService? certChainService = null, ICryptoVerifier? cryptoVerifier = null, IIntegrityVerifier? integrityVerifier = null, ICmsParser? cmsParser = null, ITimestampValidator? timestampValidator = null)
Parameters
httpClientProviderIHttpClientProviderrevocationCheckerIRevocationCheckeroptionsValidationOptionsloggerILogger<PdfSignatureValidator>trustAnchorProvidersIEnumerable<ITrustAnchorProvider>chainValidationProvidersIEnumerable<IChainValidationProvider>certChainServiceICertificateChainServicecryptoVerifierICryptoVerifierintegrityVerifierIIntegrityVerifiercmsParserICmsParsertimestampValidatorITimestampValidator
PdfSignatureValidator(IHttpClientProvider, ValidationOptions?, ILogger<PdfSignatureValidator>?)
Creates a validator using a custom IHttpClientProvider.
Use this in ASP.NET Core to integrate with IHttpClientFactory.
public PdfSignatureValidator(IHttpClientProvider httpClientProvider, ValidationOptions? options = null, ILogger<PdfSignatureValidator>? logger = null)
Parameters
httpClientProviderIHttpClientProvideroptionsValidationOptionsloggerILogger<PdfSignatureValidator>
PdfSignatureValidator(IHttpClientProvider, ValidationOptions?, ILogger<PdfSignatureValidator>?, IEnumerable<ICountryExtension>?)
Creates a validator from one or more ICountryExtension packages, using a custom IHttpClientProvider.
public PdfSignatureValidator(IHttpClientProvider httpClientProvider, ValidationOptions? options, ILogger<PdfSignatureValidator>? logger, IEnumerable<ICountryExtension>? countryExtensions)
Parameters
httpClientProviderIHttpClientProvideroptionsValidationOptionsloggerILogger<PdfSignatureValidator>countryExtensionsIEnumerable<ICountryExtension>
PdfSignatureValidator(IHttpClientProvider, ValidationOptions?, ILogger<PdfSignatureValidator>?, IEnumerable<ITrustAnchorProvider>?, IEnumerable<IChainValidationProvider>?)
Creates a validator with explicit trust anchor and chain validation providers, using a custom IHttpClientProvider.
public PdfSignatureValidator(IHttpClientProvider httpClientProvider, ValidationOptions? options, ILogger<PdfSignatureValidator>? logger, IEnumerable<ITrustAnchorProvider>? trustAnchorProviders, IEnumerable<IChainValidationProvider>? chainValidationProviders = null)
Parameters
httpClientProviderIHttpClientProvideroptionsValidationOptionsloggerILogger<PdfSignatureValidator>trustAnchorProvidersIEnumerable<ITrustAnchorProvider>chainValidationProvidersIEnumerable<IChainValidationProvider>
PdfSignatureValidator(ValidationOptions?, HttpClient?, ILogger<PdfSignatureValidator>?)
public PdfSignatureValidator(ValidationOptions? options = null, HttpClient? httpClient = null, ILogger<PdfSignatureValidator>? logger = null)
Parameters
optionsValidationOptionsValidation options. If null, uses Default.
httpClientHttpClientHttpClient instance for OCSP/CRL calls. In ASP.NET Core, inject via
IHttpClientFactory.CreateClient()to avoid socket exhaustion. If null, uses a shared static instance with a 30-second timeout.loggerILogger<PdfSignatureValidator>Optional logger for structured diagnostics.
PdfSignatureValidator(ValidationOptions?, HttpClient?, ILogger<PdfSignatureValidator>?, IEnumerable<ICountryExtension>?)
Creates a validator from one or more ICountryExtension packages. Each extension contributes its trust anchors and chain validation providers automatically. This is the recommended way to enable country-specific validation (e.g., ICP-Brasil, eIDAS).
public PdfSignatureValidator(ValidationOptions? options, HttpClient? httpClient, ILogger<PdfSignatureValidator>? logger, IEnumerable<ICountryExtension>? countryExtensions)
Parameters
optionsValidationOptionshttpClientHttpClientloggerILogger<PdfSignatureValidator>countryExtensionsIEnumerable<ICountryExtension>
PdfSignatureValidator(ValidationOptions?, HttpClient?, ILogger<PdfSignatureValidator>?, IEnumerable<ITrustAnchorProvider>?, IEnumerable<IChainValidationProvider>?)
Creates a validator with explicit trust anchor and chain validation providers. Use this to register country-specific root CA bundles and validation rules (e.g., ICP-Brasil, Gov.br).
public PdfSignatureValidator(ValidationOptions? options, HttpClient? httpClient, ILogger<PdfSignatureValidator>? logger, IEnumerable<ITrustAnchorProvider>? trustAnchorProviders, IEnumerable<IChainValidationProvider>? chainValidationProviders = null)
Parameters
optionsValidationOptionshttpClientHttpClientloggerILogger<PdfSignatureValidator>trustAnchorProvidersIEnumerable<ITrustAnchorProvider>chainValidationProvidersIEnumerable<IChainValidationProvider>
Methods
ValidateAsync(Stream, string?, CancellationToken)
Validates all signatures present in the PDF.
public Task<IReadOnlyList<SignatureValidationResult>> ValidateAsync(Stream pdfStream, string? operationId = null, CancellationToken cancellationToken = default)
Parameters
pdfStreamStreamoperationIdstringcancellationTokenCancellationToken
Returns
Exceptions
- ArgumentNullException
pdfStreamis null.- InvalidDataException
The PDF is malformed or unreadable.
- EncryptedPdfException
The PDF is encrypted.
ValidateBatchAsync(IEnumerable<(Stream Stream, string? Identifier)>, int, string?, CancellationToken)
Validates multiple PDFs in parallel with configurable concurrency.
public Task<IReadOnlyList<BatchValidationResult>> ValidateBatchAsync(IEnumerable<(Stream Stream, string? Identifier)> items, int maxConcurrency = 4, string? operationId = null, CancellationToken cancellationToken = default)
Parameters
itemsIEnumerable<(Stream Stream, string Identifier)>Sequence of (Stream, Identifier) tuples. Streams must be seekable. The identifier is optional and used for logging/reporting.
maxConcurrencyintMaximum parallel validations. Default: 4.
operationIdstringOptional correlation ID for log messages.
cancellationTokenCancellationTokenCancellation token.
Returns
Exceptions
- ArgumentNullException
itemsis null.- ArgumentOutOfRangeException
maxConcurrencyis less than 1.
ValidateFieldAsync(Stream, string, CancellationToken)
Validates a single signature by field name.
public Task<SignatureValidationResult?> ValidateFieldAsync(Stream pdfStream, string fieldName, CancellationToken cancellationToken = default)
Parameters
pdfStreamStreamfieldNamestringcancellationTokenCancellationToken
Returns
Exceptions
- ArgumentNullException
pdfStreamis null.- ArgumentException
fieldNameis null or whitespace.- InvalidDataException
The PDF is malformed or unreadable.
- EncryptedPdfException
The PDF is encrypted.