internal IViewExtension Load(ViewExtensionDefinition viewExtension)
{
try
{
if (viewExtension.IsEnabled)
{
if (viewExtension.RequiresSignedEntryPoint)
{
CertificateVerification.CheckAssemblyForValidCertificate(viewExtension.AssemblyPath);
}
var assembly = Assembly.LoadFrom(viewExtension.AssemblyPath);
var result = assembly.CreateInstance(viewExtension.TypeName) as IViewExtension;
ExtensionLoading?.Invoke(result);
return(result);
}
return(null);
}
catch (Exception ex)
{
var name = viewExtension.TypeName == null ? "null" : viewExtension.TypeName;
Log("Could not create an instance of " + name);
Log(ex.Message);
Log(ex.StackTrace);
return(null);
}
}
override public PdfPKCS7 VerifySignature(AcroFields fields, String name)
{
PdfPKCS7 pkcs7 = base.VerifySignature(fields, name);
X509Certificate[] certs = pkcs7.SignCertificateChain;
DateTime cal = pkcs7.SignDate;
var errors = CertificateVerification.VerifyCertificates(certs, certificates, null, cal);
if (errors == null)
{
Console.WriteLine("Certificates verified against the KeyStore");
}
else
{
foreach (object error in errors)
{
Console.WriteLine(error);
}
}
for (int i = 0; i < certs.Length; ++i)
{
X509Certificate cert = certs[i];
Console.WriteLine("=== Certificate " + i + " ===");
ShowCertificateInfo(cert, cal.ToLocalTime());
}
X509Certificate signCert = certs[0];
X509Certificate issuerCert = (certs.Length > 1 ? certs[1] : null);
Console.WriteLine("=== Checking validity of the document at the time of signing ===");
CheckRevocation(pkcs7, signCert, issuerCert, cal);
Console.WriteLine("=== Checking validity of the document today ===");
CheckRevocation(pkcs7, signCert, issuerCert, DateTime.Now);
return(pkcs7);
}
private IExtension Load(ExtensionDefinition extension)
{
try
{
if (extension.RequiresSignedEntryPoint)
{
CertificateVerification.CheckAssemblyForValidCertificate(extension.AssemblyPath);
}
var assembly = Assembly.LoadFrom(extension.AssemblyPath);
var result = assembly.CreateInstance(extension.TypeName) as IExtension;
ExtensionLoading?.Invoke(result);
Logging.Analytics.TrackEvent(
Actions.Load,
Categories.ExtensionOperations, extension.TypeName);
return(result);
}
catch (Exception ex)
{
var name = extension.TypeName == null ? "null" : extension.TypeName;
Log("Could not create an instance of " + name);
Log(ex.Message);
Log(ex.StackTrace);
return(null);
}
}
private void VerifyCertificates(PdfPKCS7 pkcs7)
{
List <X509Certificate> ks = new List <X509Certificate>();
InitKeyStoreForVerification(ks);
X509Certificate[] certs = pkcs7.GetSignCertificateChain();
DateTime cal = pkcs7.GetSignDate();
IList <VerificationException> errors = CertificateVerification.VerifyCertificates(
certs, ks, cal);
if (errors.Count > 0)
{
foreach (VerificationException e in errors)
{
AddError(e.Message + "\n");
}
}
for (int i = 0; i < certs.Length; i++)
{
X509Certificate cert = (X509Certificate)certs[i];
CheckCertificateInfo(cert, cal.ToUniversalTime(), pkcs7);
}
X509Certificate signCert = (X509Certificate)certs[0];
X509Certificate issuerCert = (certs.Length > 1 ? (X509Certificate)certs[1] : null);
//Checking validity of the document at the time of signing
CheckRevocation(pkcs7, signCert, issuerCert, cal.ToUniversalTime());
}
public virtual void ValidCertificateChain01()
{
X509Certificate[] certChain = Pkcs12FileHelper.ReadFirstChain(certsSrc + "signCertRsaWithChain.p12", password
);
String caCertFileName = certsSrc + "rootRsa.p12";
List <X509Certificate> caKeyStore = Pkcs12FileHelper.InitStore(caCertFileName, password);
IList <VerificationException> verificationExceptions = CertificateVerification.VerifyCertificates(certChain
, caKeyStore);
NUnit.Framework.Assert.IsTrue(verificationExceptions.IsEmpty());
}
public PdfPKCS7 VerifySignature(SignatureUtil signUtil, String name)
{
PdfPKCS7 pkcs7 = GetSignatureData(signUtil, name);
X509Certificate[] certs = pkcs7.GetSignCertificateChain();
// Timestamp is a secure source of signature creation time,
// because it's based on Time Stamping Authority service.
DateTime cal = pkcs7.GetTimeStampDate();
// If there is no timestamp, use the current date
if (TimestampConstants.UNDEFINED_TIMESTAMP_DATE == cal)
{
cal = new DateTime();
}
// Check if the certificate chain, presented in the PDF, can be verified against
// the created key store.
IList <VerificationException> errors = CertificateVerification.VerifyCertificates(certs, ks, cal);
if (errors.Count == 0)
{
OUT_STREAM.WriteLine("Certificates verified against the KeyStore");
}
else
{
OUT_STREAM.WriteLine(errors);
}
// Find out if certificates were valid on the signing date, and if they are still valid today
for (int i = 0; i < certs.Length; i++)
{
X509Certificate cert = (X509Certificate)certs[i];
OUT_STREAM.WriteLine("=== Certificate " + i + " ===");
ShowCertificateInfo(cert, cal.ToUniversalTime());
}
// Take the signing certificate
X509Certificate signCert = (X509Certificate)certs[0];
// Take the certificate of the issuer of that certificate (or null if it was self-signed).
X509Certificate issuerCert = (certs.Length > 1 ? (X509Certificate)certs[1] : null);
OUT_STREAM.WriteLine("=== Checking validity of the document at the time of signing ===");
CheckRevocation(pkcs7, signCert, issuerCert, cal.ToUniversalTime());
OUT_STREAM.WriteLine("=== Checking validity of the document today ===");
CheckRevocation(pkcs7, signCert, issuerCert, new DateTime());
return(pkcs7);
}
/// <summary>
/// Check the node libraries defined in the package json file are valid and have a valid certificate
/// </summary>
/// <param name="packageDirectoryPath">path to package location</param>
/// <param name="discoveredPkg">package object to check</param>
private static void CheckPackageNodeLibraryCertificates(string packageDirectoryPath, Package discoveredPkg)
{
var dllfiles = new System.IO.DirectoryInfo(discoveredPkg.BinaryDirectory).EnumerateFiles("*.dll");
if (discoveredPkg.Header.node_libraries.Count() == 0 && dllfiles.Count() != 0)
{
throw new LibraryLoadFailedException(packageDirectoryPath,
String.Format(
Resources.InvalidPackageNoNodeLibrariesDefinedInPackageJson,
discoveredPkg.Name, discoveredPkg.RootDirectory));
}
foreach (var nodeLibraryAssembly in discoveredPkg.Header.node_libraries)
{
//Try to get the assembly name from the manifest file
string filename;
try
{
filename = new AssemblyName(nodeLibraryAssembly).Name + ".dll";
}
catch
{
throw new LibraryLoadFailedException(packageDirectoryPath,
String.Format(
Resources.InvalidPackageMalformedNodeLibraryDefinition,
discoveredPkg.Name, discoveredPkg.RootDirectory));
}
//Verify the node library exists in the package bin directory and has a valid certificate
var filepath = Path.Combine(discoveredPkg.BinaryDirectory, filename);
try
{
CertificateVerification.CheckAssemblyForValidCertificate(filepath);
}
catch (Exception e)
{
throw new LibraryLoadFailedException(packageDirectoryPath,
String.Format(
Resources.InvalidPackageNodeLibraryIsNotSigned,
discoveredPkg.Name, discoveredPkg.RootDirectory, e.Message));
}
}
discoveredPkg.RequiresSignedEntryPoints = true;
}
/// <summary>
/// Verifies the signature of a prevously signed PDF document using the specified public key
/// </summary>
/// <param name="pdfFile">a Previously signed pdf document</param>
/// <param name="publicKeyStream">Public key to be used to verify the signature in .cer format</param>
/// <exception cref="System.InvalidOperationException">Throw System.InvalidOperationException if the document is not signed or the signature could not be verified</exception>
public static void VerifyPdfSignature(string pdfFile, Stream publicKeyStream)
{
var parser = new X509CertificateParser();
var certificate = parser.ReadCertificate(publicKeyStream);
publicKeyStream.Dispose();
PdfReader reader = new PdfReader(pdfFile);
AcroFields af = reader.AcroFields;
var names = af.GetSignatureNames();
if (names.Count == 0)
{
throw new InvalidOperationException("No Signature present in pdf file.");
}
foreach (string name in names)
{
if (!af.SignatureCoversWholeDocument(name))
{
throw new InvalidOperationException(string.Format("The signature: {0} does not covers the whole document.", name));
}
PdfPKCS7 pk = af.VerifySignature(name);
var cal = pk.SignDate;
var pkc = pk.Certificates;
if (!pk.Verify())
{
throw new InvalidOperationException("The signature could not be verified.");
}
if (!pk.VerifyTimestampImprint())
{
throw new InvalidOperationException("The signature timestamp could not be verified.");
}
var fails = CertificateVerification.VerifyCertificates(pkc, new[] { certificate }, null, cal);
if (fails != null && fails.Any())
{
throw new InvalidOperationException("The file is not signed using the specified key-pair.");
}
}
}
private static PdfPKCS7 VerifySignature(AcroFields fields, String name, ref MessageReport.Signature sigInfo)
{
sigInfo.isCoveringWholeDocument = fields.SignatureCoversWholeDocument(name);
PdfPKCS7 pkcs7 = fields.VerifySignature(name);
sigInfo.isIntegral = pkcs7.Verify();
X509Certificate[] certs = pkcs7.SignCertificateChain;
DateTime cal = pkcs7.SignDate;
IList <VerificationException> errors = CertificateVerification.VerifyCertificates(certs, certificates, null, cal);
if (errors == null)
{
Console.WriteLine("Certificates verified against the KeyStore");
}
else
{
foreach (object error in errors)
{
Console.WriteLine(error);
}
}
for (int i = 0; i < certs.Length; ++i)
{
X509Certificate cert = certs[i];
}
X509Certificate signCert = certs[0];
X509Certificate issuerCert = (certs.Length > 1 ? certs[1] : null);
sigInfo.Certificate = GetCertificateInfo(signCert, cal.ToLocalTime());
sigInfo.isValidDateSigning = CheckRevocation(pkcs7, signCert, issuerCert, cal);
sigInfo.isValidToday = CheckRevocation(pkcs7, signCert, issuerCert, DateTime.Now.AddDays(-1));
return(pkcs7);
}
