Beispiel #1
0
        private static void SignP7M(X509Certificate2 card, string sourcepath)
        {
            var service = new CAdESService();

            // Creation of MS CAPI signature token
            var token = new MSCAPISignatureToken {
                Cert = card
            };

            var parameters = new SignatureParameters
            {
                SignatureAlgorithm = SignatureAlgorithm.RSA,
                SignatureFormat    = SignatureFormat.CAdES_BES,
                DigestAlgorithm    = DigestAlgorithm.SHA256,
                SignaturePackaging = SignaturePackaging.ENVELOPING,
                SigningCertificate = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(token.Cert),
                SigningDate        = DateTime.UtcNow
            };

            var toBeSigned = new FileDocument(sourcepath);

            var iStream = service.ToBeSigned(toBeSigned, parameters);

            var signatureValue = token.Sign(iStream, parameters.DigestAlgorithm, token.GetKeys()[0]);

            var signedDocument = service.SignDocument(toBeSigned, parameters, signatureValue);

            var dest = sourcepath + ".p7m";

            if (File.Exists(dest))
            {
                File.Delete(dest);
            }
            var fout = File.OpenWrite(dest);

            signedDocument.OpenStream().CopyTo(fout);
            fout.Close();
        }
Beispiel #2
0
        static void Main(string[] args)
        {
            string pathToSign      = Path.Combine("Resources", "test.pdf");
            string pathCertificate = Path.Combine("Resources", "test.p12");
            string pathSigned      = "test.pdf.p7m";

            Document             toBeSigned = new FileDocument(pathToSign);
            Pkcs12SignatureToken token      = new Pkcs12SignatureToken("password", pathCertificate);
            IDssPrivateKeyEntry  privateKey = token.GetKeys()[0];

            SignatureParameters parameters = new SignatureParameters();

            parameters.SignaturePackaging = SignaturePackaging.ENVELOPING;
            parameters.SigningCertificate = privateKey.GetCertificate();
            parameters.CertificateChain   = privateKey.GetCertificateChain();
            parameters.SigningDate        = DateTime.Now;
            parameters.DigestAlgorithm    = DigestAlgorithm.SHA256;

            CAdESService service = new CAdESService();

            parameters.SignatureFormat = EU.Europa.EC.Markt.Dss.Signature.SignatureFormat.CAdES_BES;

            /* CERTIFIED TIMESTAMP
             * var ocspSource1 = new OnlineOcspSource();
             * var crlSource1 = new FileCacheCrlSource();
             * var crlOnline1 = new OnlineCrlSource();
             * crlOnline1.IntermediateAcUrl = @"http://www.eci.bce.ec/CRL/cacrl.crl";
             * crlSource1.CachedSource = crlOnline1;
             * var verifier1 = new OCSPAndCRLCertificateVerifier(crlSource1, ocspSource1);
             * var estado = verifier1.Check(privateKey.GetCertificate(), privateKey.GetCertificateChain()[1], DateTime.Now);
             */

            /*
             * //parameters.SignatureFormat = SignatureFormat.CAdES_T; //Se añade TSA.
             * parameters.SignatureFormat = EU.Europa.EC.Markt.Dss.Signature.SignatureFormat.CAdES_C; //Se añade CRL y OCSP.
             * //parameters.SignatureFormat = SignatureFormat.CAdES_X; //No se añade nada más al código.
             * //parameters.SignatureFormat = EU.Europa.EC.Markt.Dss.Signature.SignatureFormat.CAdES_XL; //No se añade nada más al código.
             *
             * string urlTss = @"http://tsp.iaik.tugraz.at/tsp/TspRequest";
             * string username = "";
             * string password = "";
             *
             *
             * OnlineTspSource tspSource = new OnlineTspSource(urlTss, username, password);
             * service.TspSource = tspSource;
             *
             * OnlineOcspSource ocspSource = new OnlineOcspSource();
             * TrustedListCertificateVerifier verifier = new TrustedListCertificateVerifier();
             * FileCacheCrlSource crlSource = new FileCacheCrlSource();
             * OnlineCrlSource crlOnline = new OnlineCrlSource();
             * crlOnline.IntermediateAcUrl = @"http://www.eci.bce.ec/CRL/cacrl.crl";
             * //@"http://www.eci.bce.ec/CRL/pruebas/cacrl.crl"
             *
             * crlSource.CachedSource = crlOnline;
             * verifier.CrlSource = crlSource;
             * verifier.OcspSource = ocspSource;
             *
             * ValidationContext validationContext = verifier.ValidateCertificate(parameters.SigningCertificate, DateTime.Now,
             *  new EU.Europa.EC.Markt.Dss.Validation.Certificate.CompositeCertificateSource(
             *      new EU.Europa.EC.Markt.Dss.Validation.Certificate.ListCertificateSource(parameters.CertificateChain)), null, null);
             *
             * service.Verifier = verifier;
             */

            /* DOUBLE-SIGN
             * Document contentInCMS = null;
             *
             * try
             * {
             *  CmsSignedData cmsData = new CmsSignedData(toBeSigned.OpenStream());
             *  if (cmsData != null && cmsData.SignedContent != null
             *      && cmsData.SignedContent.GetContent() != null)
             *  {
             *      Stream buf = new MemoryStream();
             *      cmsData.SignedContent.Write(buf);
             *      buf.Seek(0, SeekOrigin.Begin);
             *      contentInCMS = new InMemoryDocument(Streams.ReadAll(buf));
             *  }
             * }
             * catch (CmsException)
             * {
             * }
             *
             * Stream iStream = service.ToBeSigned(contentInCMS ?? toBeSigned, parameters);
             * byte[] signatureValue = token.Sign(iStream, parameters.DigestAlgorithm, privateKey);
             *
             * // We invoke the service to sign the document with the signature value obtained in the previous step.
             * Document signedDocument = contentInCMS != null
             *  ? service.AddASignatureToDocument(toBeSigned, parameters, signatureValue)
             *  : service.SignDocument(toBeSigned, parameters, signatureValue);
             *
             * FileStream fs = new FileStream(pathParaFirmado, FileMode.OpenOrCreate);
             * Streams.PipeAll(signedDocument.OpenStream(), fs);
             * fs.Close();
             * return;
             */

            Document signedDocument = service.SignDocument(toBeSigned, parameters,
                                                           (hashbytes) => privateKey.Encrypt(hashbytes));

            FileStream fs = new FileStream(pathSigned, FileMode.OpenOrCreate);

            Streams.PipeAll(signedDocument.OpenStream(), fs);
            fs.Close();

            return;

            // Already signed document
            Document document = new FileDocument(pathSigned);

            SignedDocumentValidator validator;

            validator = SignedDocumentValidator.FromDocument(document);
            //validator.CertificateVerifier = verifier;
            validator.ExternalContent = document;

            ValidationReport     report = validator.ValidateDocument();
            SignatureInformation info   = report.SignatureInformationList[0];

            Console.WriteLine("--> Final_Conclusion: ");
            Console.WriteLine(info.FinalConclusion); // --> AdES
            Console.ReadKey();
        }