public ActionResult Index(string userfile)
{
// Our action only works if a userfile is given to work with
if (string.IsNullOrEmpty(userfile)) {
return HttpNotFound();
}
var filename = userfile.Replace("_", "."); // Note: we're passing the filename argument with "." as "_" because of limitations of ASP.NET MVC
// Get an instance of the CadesSignatureExplorer class, used to open/validate CAdES signatures
var sigExplorer = new CadesSignatureExplorer(Util.GetRestPkiClient()) {
Validate = true // Specify that we want to validate the signatures in the file, not only inspect them
};
// Set the CAdES signature file
sigExplorer.SetSignatureFile(Server.MapPath("~/App_Data/" + filename));
// Parameters for the signature validation. We have encapsulated this code in a method to include several
// possibilities depending on the argument passed. Experiment changing the argument to see different validation
// configurations. Once you decide which is best for your case, you can place the code directly here.
setValidationParameters(sigExplorer, 1);
// try changing this number ---------^ for different validation parameters
// Call the Open() method, which returns the signature file's information
var signature = sigExplorer.Open();
// Render the information (see file Views/OpenCadesSignature/Index.html for more information on the information returned)
return View(signature);
}
public ActionResult Index(string userfile)
{
// Our action only works if a userfile is given to work with
if (string.IsNullOrEmpty(userfile))
{
return(HttpNotFound());
}
var filename = userfile.Replace("_", "."); // Note: we're passing the filename argument with "." as "_" because of limitations of ASP.NET MVC
// Get an instance of the CadesSignatureExplorer class, used to open/validate CAdES signatures
var sigExplorer = new CadesSignatureExplorer(Util.GetRestPkiClient())
{
Validate = true // Specify that we want to validate the signatures in the file, not only inspect them
};
// Set the CAdES signature file
sigExplorer.SetSignatureFile(Server.MapPath("~/App_Data/" + filename));
// Parameters for the signature validation. We have encapsulated this code in a method to include several
// possibilities depending on the argument passed. Experiment changing the argument to see different validation
// configurations. Once you decide which is best for your case, you can place the code directly here.
setValidationParameters(sigExplorer, 1);
// try changing this number ---------^ for different validation parameters
// Call the Open() method, which returns the signature file's information
var signature = sigExplorer.Open();
// Render the information (see file Views/OpenCadesSignature/Index.html for more information on the information returned)
return(View(signature));
}
// GET: CheckCadesRest?c={id}
public ActionResult Index(string c)
{
// On PrinterFriendlyVersionController, we stored the unformatted version of the verification
// code (without hyphens) but used the formatted version (with hiphens) on the printer-friendly
// PDF. Now, we remove the hyphens before looking it up.
var verificationCode = AlphaCode.Parse(c);
// Get document associated with verification code.
var fileId = StorageMock.LookupVerificationCode(verificationCode);
if (fileId == null)
{
// Invalid code give!
// Small delay to slow down brute-force attacks (if you want to be extra careful you might
// want to add a CAPTCHA to the process).
Thread.Sleep(TimeSpan.FromSeconds(2));
// Return Not Found
return(HttpNotFound());
}
// Read document from storage.
var fileContent = StorageMock.Read(fileId);
// Get an instance of the CadesSignatureExplorer class, used to open/validate CAdES signatures.
var sigExplorer = new CadesSignatureExplorer(Util.GetRestPkiClient())
{
// Specify that we want to validate the signatures in the file, not only inspect them.
Validate = true,
// Specify the parameters for the signature validation:
// Full compliance with ICP-Brasil as long as the signer has an ICP-Brasil certificate.
AcceptableExplicitPolicies = SignaturePolicyCatalog.GetPkiBrazilCades(),
// Specify the security context to be used to determine trust in the certificate chain. We
// have encapsulated the security context choice on Util.cs.
SecurityContextId = Util.GetSecurityContextId()
};
// Set the CAdES file.
sigExplorer.SetSignatureFile(fileContent);
// Call the Open() method, which returns the signature file's information.
var signature = sigExplorer.Open();
// Render the information (see file Check/Index.html for more information on
// the information returned).
return(View(new OpenCadesSignatureModel()
{
Signature = signature,
File = fileId
}));
}
public async Task <ActionResult> Index(string userfile)
{
// Our action only works if a userfile is given to work with.
string userfilePath;
if (!StorageMock.TryGetFile(userfile, out userfilePath))
{
return(HttpNotFound());
}
// Get an instance of the CadesSignatureExplorer class, used to open/validate CAdES
// signatures.
var sigExplorer = new CadesSignatureExplorer(Util.GetRestPkiClient())
{
// Specify that we want to validate the signatures in the file, not only inspect them.
Validate = true,
// Specify the parameters for the signature validation:
// Full compliance with ICP-Brasil as long as the signer has an ICP-Brasil certificate.
AcceptableExplicitPolicies = SignaturePolicyCatalog.GetPkiBrazilCades(),
// Specify the security context to be used to determine trust in the certificate chain. We
// have encapsulated the security context choice on Util.cs.
SecurityContextId = Util.GetSecurityContextId(),
};
// Set the CAdES signature file.
sigExplorer.SetSignatureFile(userfilePath);
// Call the OpenAndExtractContent() method, which returns the signature file's information and the encapsulated content.
var data = await sigExplorer.OpenAndExtractContentAsync();
var signature = data.Signature;
var encapsulatedContent = data.Signature.HasEncapsulatedContent ? data.EncapsulatedContent : null;
// Render the information (see file OpenCadesSignature/Index.html for more information on
// the information returned).
return(View(new OpenCadesSignatureModel()
{
Signature = signature,
// WARNING: this sample always consider the encapsulated content type as pdf, so the downloadable file uses pdf extension
File = encapsulatedContent != null ? StorageMock.Store(encapsulatedContent.GetContent(), ".pdf") : ""
}));
}
public async Task <ActionResult> Index(string userfile)
{
// Our action only works if a userfile is given to work with.
if (string.IsNullOrEmpty(userfile))
{
return(HttpNotFound());
}
var filename = userfile.Replace("_", ".");
// Note: we're receiving the userfile argument with "_" as "." because of limitations of
// ASP.NET MVC.
// Get an instance of the CadesSignatureExplorer class, used to open/validate CAdES
// signatures.
var sigExplorer = new CadesSignatureExplorer(Util.GetRestPkiClient())
{
// Specify that we want to validate the signatures in the file, not only inspect them.
Validate = true,
// Specify the parameters for the signature validation:
// Accept any CAdES signature as long as the signer has an ICP-Brasil certificate.
DefaultSignaturePolicyId = StandardCadesSignaturePolicies.CadesBes,
// We have encapsulated the security context choice on Util.cs
SecurityContextId = Util.GetSecurityContextId(),
// Alternatively, you may require full compliance with ICP-Brasil by doing:
//AcceptableExplicitPolicies = SignaturePolicyCatalog.GetPkiBrazilCades(),
//DefaultSignaturePolicyId = null,
};
// Set the CAdES signature file
sigExplorer.SetSignatureFile(Server.MapPath("~/App_Data/" + filename));
// Call the Open() method, which returns the signature file's information
var signature = await sigExplorer.OpenAsync();
// Render the information. (see file Views/OpenCadesSignature/Index.html for more information on
// the information returned)
return(View(signature));
}
// This function is called by the Index method (see above). It contains examples of signature validation parameters.
private static void setValidationParameters(CadesSignatureExplorer sigExplorer, int caseNumber)
{
switch (caseNumber) {
/*
Example #1: accept only 100%-compliant ICP-Brasil signatures
*/
case 1:
// By specifying a catalog of acceptable policies and omitting the default signature policy, we're telling Rest PKI
// that only the policies in the catalog should be accepted
sigExplorer.AcceptableExplicitPolicies = SignaturePolicyCatalog.GetPkiBrazilCades();
sigExplorer.DefaultSignaturePolicyId = null;
break;
/*
Example #2: accept any CAdES signature as long as the signer has an ICP-Brasil certificate
These parameters will only accept signatures made with ICP-Brasil certificates that comply with the
minimal security features defined in the CAdES standard (ETSI TS 101 733). The signatures need not, however,
follow the extra requirements defined in the ICP-Brasil signature policy documentation (DOC-ICP-15.03).
These parameters are less restrictive than the parameters from example #1
*/
case 2:
// By omitting the accepted policies catalog and defining a default policy, we're telling Rest PKI to validate
// all signatures in the file with the default policy -- even signatures with an explicit signature policy.
sigExplorer.AcceptableExplicitPolicies = null;
sigExplorer.DefaultSignaturePolicyId = StandardCadesSignaturePolicies.CadesBes;
// The CadesBes policy requires us to choose a security context
sigExplorer.SecurityContextId = StandardSecurityContexts.PkiBrazil;
break;
/*
Example #3: accept any CAdES signature as long as the signer is trusted by Windows
Same case as example #2, but using the WindowsServer trust arbitrator
*/
case 3:
sigExplorer.AcceptableExplicitPolicies = null;
sigExplorer.DefaultSignaturePolicyId = StandardCadesSignaturePolicies.CadesBes;
sigExplorer.SecurityContextId = StandardSecurityContexts.WindowsServer;
break;
/*
Example #4: accept only 100%-compliant ICP-Brasil signatures that provide signer certificate protection.
"Signer certificate protection" means that a signature keeps its validity even after the signer certificate
is revoked or expires. On ICP-Brasil, this translates to policies AD-RT and up (but not AD-RB).
*/
case 4:
sigExplorer.AcceptableExplicitPolicies = SignaturePolicyCatalog.GetPkiBrazilCadesWithSignerCertificateProtection();
sigExplorer.DefaultSignaturePolicyId = null;
break;
/*
Example #5: accept only 100%-compliant ICP-Brasil signatures that provide CA certificate protection (besides signer
certificate protection).
"CA certificate protection" means that a signature keeps its validity even after either the signer certificate or
its Certification Authority (CA) certificate expires or is revoked. On ICP-Brasil, this translates to policies
AD-RC/AD-RV and up (but not AD-RB nor AD-RT).
*/
case 5:
sigExplorer.AcceptableExplicitPolicies = SignaturePolicyCatalog.GetPkiBrazilCadesWithCACertificateProtection();
sigExplorer.DefaultSignaturePolicyId = null;
break;
}
}
// This function is called by the Index method (see above). It contains examples of signature validation parameters.
private static void setValidationParameters(CadesSignatureExplorer sigExplorer, int caseNumber)
{
switch (caseNumber)
{
/*
* Example #1: accept only 100%-compliant ICP-Brasil signatures
*/
case 1:
// By specifying a catalog of acceptable policies and omitting the default signature policy, we're telling Rest PKI
// that only the policies in the catalog should be accepted
sigExplorer.AcceptableExplicitPolicies = SignaturePolicyCatalog.GetPkiBrazilCades();
sigExplorer.DefaultSignaturePolicyId = null;
break;
/*
* Example #2: accept any CAdES signature as long as the signer has an ICP-Brasil certificate
*
* These parameters will only accept signatures made with ICP-Brasil certificates that comply with the
* minimal security features defined in the CAdES standard (ETSI TS 101 733). The signatures need not, however,
* follow the extra requirements defined in the ICP-Brasil signature policy documentation (DOC-ICP-15.03).
*
* These parameters are less restrictive than the parameters from example #1
*/
case 2:
// By omitting the accepted policies catalog and defining a default policy, we're telling Rest PKI to validate
// all signatures in the file with the default policy -- even signatures with an explicit signature policy.
sigExplorer.AcceptableExplicitPolicies = null;
sigExplorer.DefaultSignaturePolicyId = StandardCadesSignaturePolicies.CadesBes;
// The CadesBes policy requires us to choose a security context
sigExplorer.SecurityContextId = StandardSecurityContexts.PkiBrazil;
break;
/*
* Example #3: accept any CAdES signature as long as the signer is trusted by Windows
*
* Same case as example #2, but using the WindowsServer trust arbitrator
*/
case 3:
sigExplorer.AcceptableExplicitPolicies = null;
sigExplorer.DefaultSignaturePolicyId = StandardCadesSignaturePolicies.CadesBes;
sigExplorer.SecurityContextId = StandardSecurityContexts.WindowsServer;
break;
/*
* Example #4: accept only 100%-compliant ICP-Brasil signatures that provide signer certificate protection.
*
* "Signer certificate protection" means that a signature keeps its validity even after the signer certificate
* is revoked or expires. On ICP-Brasil, this translates to policies AD-RT and up (but not AD-RB).
*/
case 4:
sigExplorer.AcceptableExplicitPolicies = SignaturePolicyCatalog.GetPkiBrazilCadesWithSignerCertificateProtection();
sigExplorer.DefaultSignaturePolicyId = null;
break;
/*
* Example #5: accept only 100%-compliant ICP-Brasil signatures that provide CA certificate protection (besides signer
* certificate protection).
*
* "CA certificate protection" means that a signature keeps its validity even after either the signer certificate or
* its Certification Authority (CA) certificate expires or is revoked. On ICP-Brasil, this translates to policies
* AD-RC/AD-RV and up (but not AD-RB nor AD-RT).
*/
case 5:
sigExplorer.AcceptableExplicitPolicies = SignaturePolicyCatalog.GetPkiBrazilCadesWithCACertificateProtection();
sigExplorer.DefaultSignaturePolicyId = null;
break;
}
}
