private void CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert,
DateTime date)
{
IList <BasicOcspResp> ocsps = new List <BasicOcspResp>();
if (pkcs7.GetOcsp() != null)
{
ocsps.Add(pkcs7.GetOcsp());
}
OCSPVerifier ocspVerifier = new OCSPVerifier(null, ocsps);
IList <VerificationOK> verification = ocspVerifier.Verify(signCert, issuerCert, date);
if (verification.Count == 0)
{
IList <X509Crl> crls = new List <X509Crl>();
if (pkcs7.GetCRLs() != null)
{
foreach (X509Crl crl in pkcs7.GetCRLs())
{
crls.Add((X509Crl)crl);
}
}
CRLVerifier crlVerifier = new CRLVerifier(null, crls);
var verOks = crlVerifier.Verify(signCert, issuerCert, date);
foreach (VerificationOK verOk in verOks)
{
verification.Add(verOk);
}
}
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.BouncyCastle.Operator.OperatorCreationException"/>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
public virtual bool VerifyAuthorizedOCSPResponderTest(DateTime ocspResponderCertStartDate, DateTime ocspResponderCertEndDate
, DateTime checkDate)
{
X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(certsSrc + "intermediateRsa.p12"
, password)[0];
ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(certsSrc + "intermediateRsa.p12", password,
password);
String checkCertFileName = certsSrc + "signCertRsaWithChain.p12";
X509Certificate checkCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[
0];
RsaKeyPairGenerator keyGen = SignTestPortUtil.BuildRSA2048KeyPairGenerator();
AsymmetricCipherKeyPair key = keyGen.GenerateKeyPair();
ICipherParameters ocspRespPrivateKey = key.Private;
AsymmetricKeyParameter ocspRespPublicKey = key.Public;
TestCertificateBuilder certBuilder = new TestCertificateBuilder(ocspRespPublicKey, caCert, caPrivateKey, "CN=iTextTestOCSPResponder, OU=test, O=iText"
);
certBuilder.SetStartDate(ocspResponderCertStartDate);
certBuilder.SetEndDate(ocspResponderCertEndDate);
X509Certificate ocspResponderCert = certBuilder.BuildAuthorizedOCSPResponderCert();
TestOcspResponseBuilder builder = new TestOcspResponseBuilder(ocspResponderCert, ocspRespPrivateKey);
TestOcspClient ocspClient = new TestOcspClient().AddBuilderForCertIssuer(caCert, builder);
byte[] basicOcspRespBytes = ocspClient.GetEncoded(checkCert, caCert, null);
Asn1Object var2 = Asn1Object.FromByteArray(basicOcspRespBytes);
BasicOcspResp basicOCSPResp = new BasicOcspResp(BasicOcspResponse.GetInstance(var2));
OCSPVerifier ocspVerifier = new OCSPVerifier(null, null);
return(ocspVerifier.Verify(basicOCSPResp, checkCert, caCert, checkDate));
}
public static void AssinaComCertificado(List <ICrlClient> crlList, string FileName, string SignFileName, CertSimples cert, int X, int Y, int Pagina, int Rotation, bool AddTimeStamper = true, string urlTimeStamper = "https://freetsa.org/tsr", string timeStampUser = "", string timeStampPass = "", string Reason = "Assinatura Digital", bool AplicaPolitica = false, string MyDigestAlgorithm = "SHA-256", string Contact = "", string Location = "Indústrias Nucleares do Brasil S/A - INB", string Creator = "Assinador da INB", TipoAssinatura Tipo = TipoAssinatura.Normal, string Cargo = "", string CREACRM = "")
{
string SourcePdfFileName = FileName;
string DestPdfFileName = SignFileName;
int Largura = 140;
int Altura = 63;
PdfReader pdfReader = new PdfReader(SourcePdfFileName);
FileStream signedPdf = new FileStream(DestPdfFileName, FileMode.Create, FileAccess.ReadWrite);
StampingProperties osp = new StampingProperties();
osp.UseAppendMode();
PdfSigner objStamper = new PdfSigner(pdfReader, signedPdf, osp);
ITSAClient tsaClient = null;
IOcspClient ocspClient = null;
ConfiguraAparencia(objStamper, cert, X, Y, Largura, Altura, Pagina, Rotation, Contact, Reason, Location, Creator, Tipo);
Org.BouncyCastle.X509.X509Certificate vert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(cert.Certificado);
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] Arraychain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(cert.Certificado.RawData) };
X509CertificateParser objCP = new X509CertificateParser();
RSACryptoServiceProvider rsa;
RSACryptoServiceProvider Provider;
IExternalSignature externalSignature;
if (cert.Certificado.PrivateKey is RSACryptoServiceProvider)
{
rsa = (RSACryptoServiceProvider)cert.Certificado.PrivateKey;
Provider = (RSACryptoServiceProvider)cert.Certificado.PrivateKey;
externalSignature = new AsymmetricAlgorithmSignature(Provider, MyDigestAlgorithm);
}
else
{
//RETIRAR ESSA PARTE PARA IMPLEMENTAR OS DEMAIS MÉTODOS, OLHANDO OUTROS TIPOS DE CERTIFICADO
rsa = (RSACryptoServiceProvider)cert.Certificado.PrivateKey;
Provider = (RSACryptoServiceProvider)cert.Certificado.PrivateKey;
externalSignature = new AsymmetricAlgorithmSignature(Provider, MyDigestAlgorithm);
}
if (AddTimeStamper)
{
tsaClient = new TSAClientBouncyCastle(urlTimeStamper, timeStampUser, timeStampPass);
}
OCSPVerifier ocspVerifier = new OCSPVerifier(null, null);
ocspClient = new OcspClientBouncyCastle(ocspVerifier);
if (AplicaPolitica)
{
SignaturePolicyInfo spi = getPolitica();
objStamper.SignDetached(externalSignature, Arraychain, crlList, ocspClient, tsaClient, 0, PdfSigner.CryptoStandard.CADES, spi);
}
else
{
objStamper.SignDetached(externalSignature, Arraychain, crlList, ocspClient, tsaClient, 0, PdfSigner.CryptoStandard.CADES);
}
try { signedPdf.Flush(); }
catch { }
try { signedPdf.Close(); } catch { };
pdfReader.Close();
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
private bool VerifyTest(TestOcspResponseBuilder rootRsaOcspBuilder, String checkCertFileName, DateTime checkDate
)
{
X509Certificate checkCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[
0];
X509Certificate rootCert = rootRsaOcspBuilder.GetIssuerCert();
TestOcspClient ocspClient = new TestOcspClient().AddBuilderForCertIssuer(rootCert, rootRsaOcspBuilder);
byte[] basicOcspRespBytes = ocspClient.GetEncoded(checkCert, rootCert, null);
Asn1Object var2 = Asn1Object.FromByteArray(basicOcspRespBytes);
BasicOcspResp basicOCSPResp = new BasicOcspResp(BasicOcspResponse.GetInstance(var2));
OCSPVerifier ocspVerifier = new OCSPVerifier(null, null);
return(ocspVerifier.Verify(basicOCSPResp, checkCert, rootCert, checkDate));
}
private static void CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert,
DateTime date)
{
IList <BasicOcspResp> ocsps = new List <BasicOcspResp>();
if (pkcs7.GetOcsp() != null)
{
ocsps.Add(pkcs7.GetOcsp());
}
// Check if the OCSP responses in the list were valid for the certificate on a specific date.
OCSPVerifier ocspVerifier = new OCSPVerifier(null, ocsps);
IList <VerificationOK> verification = ocspVerifier.Verify(signCert, issuerCert, date);
// If that list is empty, we can’t verify using OCSP, and we need to look for CRLs.
if (verification.Count == 0)
{
IList <X509Crl> crls = new List <X509Crl>();
if (pkcs7.GetCRLs() != null)
{
foreach (X509Crl crl in pkcs7.GetCRLs())
{
crls.Add((X509Crl)crl);
}
}
// Check if the CRLs in the list were valid on a specific date.
CRLVerifier crlVerifier = new CRLVerifier(null, crls);
IList <VerificationOK> verificationOks = crlVerifier.Verify(signCert, issuerCert, date);
foreach (VerificationOK verOK in verificationOks)
{
verification.Add(verOK);
}
}
if (verification.Count == 0)
{
OUT_STREAM.WriteLine("The signing certificate couldn't be verified");
}
else
{
foreach (VerificationOK v in verification)
{
OUT_STREAM.WriteLine(v);
}
}
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
private bool VerifyTest(TestOcspResponseBuilder builder)
{
String caCertFileName = certsSrc + "rootRsa.p12";
String checkCertFileName = certsSrc + "signCertRsa01.p12";
X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
X509Certificate checkCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[
0];
TestOcspClient ocspClient = new TestOcspClient(builder, caPrivateKey);
byte[] basicOcspRespBytes = ocspClient.GetEncoded(checkCert, caCert, null);
Asn1Object var2 = Asn1Object.FromByteArray(basicOcspRespBytes);
BasicOcspResp basicOCSPResp = new BasicOcspResp(BasicOcspResponse.GetInstance(var2));
OCSPVerifier ocspVerifier = new OCSPVerifier(null, null);
return(ocspVerifier.Verify(basicOCSPResp, checkCert, caCert, DateTimeUtil.GetCurrentUtcTime()));
}
protected void SignDocumentSignature(string filePath, ElectronicSignatureInfoDTO signatureInfo)
{
PdfSigner pdfSigner = new PdfSigner(new PdfReader(SRC), new FileStream(filePath, FileMode.Create),
new StampingProperties());
pdfSigner.SetCertificationLevel(PdfSigner.CERTIFIED_NO_CHANGES_ALLOWED);
// Set the name indicating the field to be signed.
// The field can already be present in the document but shall not be signed
pdfSigner.SetFieldName("signature");
ImageData clientSignatureImage = ImageDataFactory.Create(IMAGE_PATH);
// If you create new signature field (or use SetFieldName(System.String) with
// the name that doesn't exist in the document or don't specify it at all) then
// the signature is invisible by default.
PdfSignatureAppearance signatureAppearance = pdfSigner.GetSignatureAppearance();
signatureAppearance.SetRenderingMode(PdfSignatureAppearance.RenderingMode.GRAPHIC);
signatureAppearance.SetReason("");
signatureAppearance.SetLocationCaption("");
signatureAppearance.SetSignatureGraphic(clientSignatureImage);
signatureAppearance.SetPageNumber(signatureInfo.PageNumber);
signatureAppearance.SetPageRect(new Rectangle(signatureInfo.Left, signatureInfo.Bottom,
25, 25));
char[] password = "******".ToCharArray();
IExternalSignature pks = GetPrivateKeySignature(CERT_PATH, password);
X509Certificate[] chain = GetCertificateChain(CERT_PATH, password);
OCSPVerifier ocspVerifier = new OCSPVerifier(null, null);
OcspClientBouncyCastle ocspClient = new OcspClientBouncyCastle(ocspVerifier);
List <ICrlClient> crlClients = new List <ICrlClient>(new[] { new CrlClientOnline() });
// Sign the document using the detached mode, CMS or CAdES equivalent.
// This method closes the underlying pdf document, so the instance
// of PdfSigner cannot be used after this method call
pdfSigner.SignDetached(pks, chain, crlClients, ocspClient, null, 0,
PdfSigner.CryptoStandard.CMS);
}
private IOcspClient BuildOcspClient()
{
var verifier = new OCSPVerifier(null, null);
return(new OcspClientBouncyCastle(verifier));
}
public static void AssinaComCertificado(List <ICrlClient> crlList, byte[] File, out byte[] SignFile, CertSimples cert, int X, int Y, int Pagina, int Rotation, bool AddTimeStamper = true, string urlTimeStamper = "https://freetsa.org/tsr", string timeStampUser = "", string timeStampPass = "", string Reason = "Assinatura Digital", bool AplicaPolitica = false, string MyDigestAlgorithm = "SHA-256", string Contact = "", string Location = "Indústrias Nucleares do Brasil S/A - INB", string Creator = "Assinador da INB", TipoAssinatura Tipo = TipoAssinatura.Normal, string Cargo = "", string CREACRM = "")
{
int Largura = 140;
int Altura = 63;
MemoryStream ArquivoOrigem = new MemoryStream(File);
PdfReader pdfReader = new PdfReader(ArquivoOrigem);
MemoryStream signedPdf = new MemoryStream();
StampingProperties osp = new StampingProperties();
osp.UseAppendMode();
PdfSigner objStamper = new PdfSigner(pdfReader, signedPdf, osp);
ITSAClient tsaClient = null;
IOcspClient ocspClient = null;
ConfiguraAparencia(objStamper, cert, X, Y, Largura, Altura, Pagina, Rotation, Contact, Reason, Location, Creator, Tipo, Cargo, CREACRM);
Org.BouncyCastle.X509.X509Certificate vert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(cert.Certificado);
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] Arraychain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(cert.Certificado.RawData) };
X509CertificateParser objCP = new X509CertificateParser();
RSACryptoServiceProvider rsa;
RSACryptoServiceProvider Provider;
IExternalSignature externalSignature;
if (cert.Certificado.PrivateKey is RSACryptoServiceProvider)
{
rsa = (RSACryptoServiceProvider)cert.Certificado.PrivateKey;
Provider = (RSACryptoServiceProvider)cert.Certificado.PrivateKey;
externalSignature = new AsymmetricAlgorithmSignature(Provider, MyDigestAlgorithm);
}
else
{
RSA rsaTeste = cert.Certificado.GetRSAPrivateKey();
rsa = (RSACryptoServiceProvider)cert.Certificado.PrivateKey;
Provider = (RSACryptoServiceProvider)cert.Certificado.PrivateKey;
externalSignature = new AsymmetricAlgorithmSignature(Provider, MyDigestAlgorithm);
}
if (AddTimeStamper)
{
tsaClient = new TSAClientBouncyCastle(urlTimeStamper, timeStampUser, timeStampPass);
}
OCSPVerifier ocspVerifier = new OCSPVerifier(null, null);
ocspClient = new OcspClientBouncyCastle(ocspVerifier);
if (AplicaPolitica)
{
SignaturePolicyInfo spi = getPolitica();
objStamper.SignDetached(externalSignature, Arraychain, crlList, ocspClient, tsaClient, 0, PdfSigner.CryptoStandard.CADES, spi);
}
else
{
objStamper.SignDetached(externalSignature, Arraychain, crlList, ocspClient, tsaClient, 0, PdfSigner.CryptoStandard.CADES);
}
try
{
SignFile = signedPdf.ToArray();
try
{
signedPdf.Close();
signedPdf.Dispose();
}
catch { }
}
catch (Exception ex)
{
SignFile = null;
throw ex;
}
try
{
signedPdf.Close();
}
catch (Exception ex) { }
pdfReader.Close();
}
