public void testSignSimpleDsaSha256()
{
string testFileName = @"..\..\..\resources\circles.pdf";
string storePath = @"..\..\..\..\simple\keystore\test1234.p12";
char[] storePass = "******".ToCharArray();
string storeAlias = "DSAkey";
Pkcs12Store pkcs12 = new Pkcs12Store(new FileStream(storePath, FileMode.Open, FileAccess.Read), storePass);
AsymmetricKeyParameter key = pkcs12.GetKey(storeAlias).Key;
X509CertificateEntry[] chainEntries = pkcs12.GetCertificateChain(storeAlias);
X509Certificate[] chain = new X509Certificate[chainEntries.Length];
for (int i = 0; i < chainEntries.Length; i++)
{
chain[i] = chainEntries[i].Certificate;
}
PrivateKeySignatureContainer signature = new PrivateKeySignatureContainer(key, chain, "SHA256withDSA");
using (PdfReader pdfReader = new PdfReader(testFileName))
using (FileStream result = File.Create("circles-DSASHA256-BC-signed-simple.pdf"))
{
PdfSigner pdfSigner = new PdfSigner(pdfReader, result, new StampingProperties().UseAppendMode());
pdfSigner.SignExternalContainer(signature, 8192);
}
}
public void testSignSimpleContainerECDsa()
{
string testFileName = @"..\..\..\resources\circles.pdf";
string storePath = @"..\..\..\..\simple\keystore\test1234.p12";
string storePass = "******";
string storeAlias = "ECDSAkey";
SystemCertificates.X509Certificate2Collection pkcs12 = new SystemCertificates.X509Certificate2Collection();
pkcs12.Import(storePath, storePass, SystemCertificates.X509KeyStorageFlags.DefaultKeySet);
SystemCertificates.X509Certificate2 certificate = null;
foreach (SystemCertificates.X509Certificate2 aCertificate in pkcs12)
{
if (storeAlias.Equals(aCertificate.FriendlyName, StringComparison.InvariantCultureIgnoreCase))
{
certificate = aCertificate;
break;
}
}
Assert.NotNull(certificate, "Key with alias {0} not found.", storeAlias);
X509Certificate2SignatureContainer signature = new X509Certificate2SignatureContainer(certificate, signer => {
signer.DigestAlgorithm = Oid.FromFriendlyName("SHA512", OidGroup.HashAlgorithm);
});
using (PdfReader pdfReader = new PdfReader(testFileName))
using (FileStream result = File.Create("circles-ECDSA-signed-simple-container.pdf"))
{
PdfSigner pdfSigner = new PdfSigner(pdfReader, result, new StampingProperties().UseAppendMode());
pdfSigner.SignExternalContainer(signature, 8192);
}
}
public virtual void CalcHashOnDocCreationThenDeferredSignTest01()
{
String input = sourceFolder + "helloWorldDoc.pdf";
String outFileName = destinationFolder + "calcHashOnDocCreationThenDeferredSignTest01.pdf";
String cmpFileName = sourceFolder + "cmp_calcHashOnDocCreationThenDeferredSignTest01.pdf";
// pre-calculate hash on creating pre-signed PDF
String sigFieldName = "DeferredSignature1";
PdfName filter = PdfName.Adobe_PPKLite;
PdfName subFilter = PdfName.Adbe_pkcs7_detached;
int estimatedSize = 8192;
PdfReader reader = new PdfReader(input);
MemoryStream baos = new MemoryStream();
PdfSigner signer = new PdfSigner(reader, baos, new StampingProperties());
signer.SetCertificationLevel(PdfSigner.CERTIFIED_NO_CHANGES_ALLOWED);
PdfSignatureAppearance appearance = signer.GetSignatureAppearance();
appearance.SetLayer2Text("Signature field which signing is deferred.").SetPageRect(new Rectangle(36, 600,
200, 100)).SetPageNumber(1);
signer.SetFieldName(sigFieldName);
SignDeferredTest.DigestCalcBlankSigner external = new SignDeferredTest.DigestCalcBlankSigner(filter, subFilter
);
signer.SignExternalContainer(external, estimatedSize);
byte[] docBytesHash = external.GetDocBytesHash();
byte[] preSignedBytes = baos.ToArray();
// sign the hash
String signCertFileName = certsSrc + "signCertRsa01.p12";
X509Certificate[] signChain = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password);
ICipherParameters signPrivateKey = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password);
byte[] cmsSignature = SignDocBytesHash(docBytesHash, signPrivateKey, signChain);
// fill the signature to the presigned document
SignDeferredTest.ReadySignatureSigner extSigContainer = new SignDeferredTest.ReadySignatureSigner(cmsSignature
);
PdfDocument docToSign = new PdfDocument(new PdfReader(new MemoryStream(preSignedBytes)));
FileStream outStream = new FileStream(outFileName, FileMode.Create);
PdfSigner.SignDeferred(docToSign, sigFieldName, outStream, extSigContainer);
docToSign.Close();
outStream.Dispose();
// validate result
PadesSigTest.BasicCheckSignedDoc(outFileName, sigFieldName);
NUnit.Framework.Assert.IsNull(new CompareTool().CompareVisually(outFileName, cmpFileName, destinationFolder
, null));
}
public static byte[] EmptySignature()
{
byte[] Hash = null;
PdfReader reader = new PdfReader(src);
using (FileStream fout = new FileStream(temp, FileMode.Create))
{
StampingProperties sp = new StampingProperties();
sp.UseAppendMode();
PdfSigner pdfSigner = new PdfSigner(reader, fout, sp);
pdfSigner.SetFieldName("Signature");
PdfSignatureAppearance appearance = pdfSigner.GetSignatureAppearance();
appearance.SetPageNumber(1);
appearance.SetPageRect(new Rectangle(100, 100));
appearance.SetLocation("Varazdin");
SHA256 sha = new SHA256CryptoServiceProvider();
String hashAlgorithm = DigestAlgorithms.SHA256;
var externalSignature = new ExternalHashingSignatureContainer(PdfName.Adobe_PPKLite,
PdfName.Adbe_pkcs7_detached);
pdfSigner.SignExternalContainer(externalSignature, 8192);
digest = externalSignature.Hash;
var base64digest = Convert.ToBase64String(digest);
}
PdfReader readerFout = new PdfReader(temp);
FileStream destPdf = new FileStream(dest, FileMode.Create);
PdfSigner pdfSigner2 = new PdfSigner(readerFout, destPdf, new StampingProperties());
var hashBase65 = Convert.ToBase64String(digest);
string signedBase64Hash = String.Empty;
byte[] signedHash = ConvertToBytes(signedBase64Hash);
var container = new MyExternalSignatureContainer(signedHash, GetChains(), Hash);
pdfSigner2.SignExternalContainer(container, 8192);
return(Hash);
}
/// <summary>
/// Method that creates a temporary pdf for calating the hash that must be sent to AMA for signing
/// </summary>
/// <param name="signingInformation">Information about the signature and its appearance</param>
/// <returns>Information with the hashes required for signing and completing the retrieved signature injection</returns>
public HashesForSigning CreateTemporaryPdfForSigning(SigningInformation signingInformation)
{
var pdfSigner = new PdfSigner(new PdfReader(signingInformation.PathToPdf),
new FileStream(signingInformation.PathToIntermediaryPdf, FileMode.Create),
new StampingProperties());
pdfSigner.SetFieldName(_signatureFieldname);
var appearance = pdfSigner.GetSignatureAppearance();
appearance.SetPageRect(new Rectangle(10,
750,
150,
50))
.SetPageNumber(signingInformation.PageNumber)
.SetLayer2FontSize(6f)
.SetReason(signingInformation.Reason)
.SetLocation(signingInformation.Location)
.SetLayer2Text(BuildVisibleInformation(signingInformation.Reason, signingInformation.Location))
.SetCertificate(_userCertificateChain[0]);
if (signingInformation.Logo != null)
{
appearance.SetRenderingMode(PdfSignatureAppearance.RenderingMode.GRAPHIC_AND_DESCRIPTION)
.SetSignatureGraphic(signingInformation.Logo);
}
var crlBytesList = GetCrlByteList();
var ocspBytesList = GetOcspBytesList();
var container = new PrefareForAmaSigningContainer(_userCertificateChain, crlBytesList, ocspBytesList);
pdfSigner.SignExternalContainer(container, EstimateContainerSize(crlBytesList)); // add size for timestamp in signature
return(new HashesForSigning(container.HashToBeSignedByAma, container.NakedHash));
}
public virtual void PrepareDocForSignDeferredTest()
{
String input = sourceFolder + "helloWorldDoc.pdf";
String output = destinationFolder + "newTemplateForSignDeferred.pdf";
String sigFieldName = "DeferredSignature1";
PdfName filter = PdfName.Adobe_PPKLite;
PdfName subFilter = PdfName.Adbe_pkcs7_detached;
int estimatedSize = 8192;
PdfReader reader = new PdfReader(input);
PdfSigner signer = new PdfSigner(reader, new FileStream(output, FileMode.Create), new StampingProperties()
);
PdfSignatureAppearance appearance = signer.GetSignatureAppearance();
appearance.SetLayer2Text("Signature field which signing is deferred.").SetPageRect(new Rectangle(36, 600,
200, 100)).SetPageNumber(1);
signer.SetFieldName(sigFieldName);
IExternalSignatureContainer external = new ExternalBlankSignatureContainer(filter, subFilter);
signer.SignExternalContainer(external, estimatedSize);
// validate result
ValidateTemplateForSignedDeferredResult(output, sigFieldName, filter, subFilter, estimatedSize);
}
/// <summary>
/// Methods which returns base64 digested PDF.
/// </summary>
/// <param name="unsignedPdf">Path to pdf which needs to be signed</param>
/// <param name="tempPdf">Path to temporary pdf</param>
/// <param name="signatureFieldName">Name of field</param>
/// <returns></returns>
public static string GetBytesToSign(string unsignedPdf, string tempPdf, string signatureFieldName)
{
if (File.Exists(tempPdf))
{
File.Delete(tempPdf);
}
using (PdfReader reader = new PdfReader(unsignedPdf))
{
using (FileStream os = File.OpenWrite(tempPdf))
{
StampingProperties sp = new StampingProperties();
sp.UseAppendMode();
PdfSigner pdfSigner = new PdfSigner(reader, os, sp);
pdfSigner.SetFieldName(signatureFieldName);
PdfSignatureAppearance appearance = pdfSigner.GetSignatureAppearance();
appearance.SetPageNumber(1);
appearance.SetPageRect(new Rectangle(100, 100));
appearance.SetLocation("Varazdin");
//Creating container for emty signature, with atrivute where digest is calculated.
//ExternalHashingSignatureContainer external = new ExternalHashingSignatureContainer(PdfName.Adobe_PPKLite, PdfName.Adbe_pkcs7_detached);
//pdfSigner.SignExternalContainer(external, 8192);
//hash = external.Hash;
//Creating container for empty signature.
IExternalSignatureContainer external = new ExternalBlankSignatureContainer(PdfName.Adobe_PPKLite, PdfName.Adbe_x509_rsa_sha1);
pdfSigner.SignExternalContainer(external, 8192);
//Digest from created new temporary PDF with empty space for signature.
FileStream oso = File.OpenRead(temp);
hash = DigestAlgorithms.Digest(oso, DigestAlgorithms.SHA256);
return(Convert.ToBase64String(hash));
}
}
}
public void testSignSimpleEcdsaExternal()
{
string testFileName = @"..\..\..\resources\circles.pdf";
string keyId = "alias/SigningExamples-ECC_NIST_P256";
Func <System.Collections.Generic.List <string>, string> selector = list => list.Find(name => name.StartsWith("ECDSA_SHA_256"));
System.Security.Cryptography.X509Certificates.X509Certificate2 certificate2 = CertificateUtils.generateSelfSignedCertificate(
keyId,
"CN=AWS KMS PDF Signing Test ECDSA,OU=mkl tests,O=mkl",
selector
);
X509Certificate certificate = new X509Certificate(X509CertificateStructure.GetInstance(certificate2.RawData));
AwsKmsSignatureContainer signature = new AwsKmsSignatureContainer(certificate, keyId, selector);
using (PdfReader pdfReader = new PdfReader(testFileName))
using (FileStream result = File.Create("circles-aws-kms-signed-simple-ECDSA-External.pdf"))
{
PdfSigner pdfSigner = new PdfSigner(pdfReader, result, new StampingProperties().UseAppendMode());
pdfSigner.SignExternalContainer(signature, 8192);
}
}
public void EmptySignature(String src, String dest, String fieldname, X509Certificate[] chain)
{
PdfReader reader = new PdfReader(src);
PdfSigner signer = new PdfSigner(reader, new FileStream(dest, FileMode.Create), new StampingProperties());
PdfSignatureAppearance appearance = signer.GetSignatureAppearance();
appearance
.SetPageRect(new Rectangle(36, 748, 200, 100))
.SetPageNumber(1)
.SetCertificate(chain[0]);
signer.SetFieldName(fieldname);
/* ExternalBlankSignatureContainer constructor will create the PdfDictionary for the signature
* information and will insert the /Filter and /SubFilter values into this dictionary.
* It will leave just a blank placeholder for the signature that is to be inserted later.
*/
IExternalSignatureContainer external = new ExternalBlankSignatureContainer(PdfName.Adobe_PPKLite,
PdfName.Adbe_pkcs7_detached);
// Sign the document using an external container
// 8192 is the size of the empty signature placeholder.
signer.SignExternalContainer(external, 8192);
}
public static byte[] SignPDFStream(MemoryStream source, string rootPath)
{
collection = new X509Certificate2Collection();
collection.Import(GsConfig.GetSslCertificatePath(rootPath), GsConfig.KeyPassword,
X509KeyStorageFlags.DefaultKeySet);
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
//get JSON access token
JObject access = Login(baseURL, GsConfig.ApiKey, GsConfig.ApiSecret);
//get JSON with id/certificate/ocsp response
JObject identity = Identity(baseURL, access);
String cert = (String)identity.GetValue("signing_cert");
String id = (String)identity.GetValue("id");
String oc1 = (String)identity.GetValue("ocsp_response");
JObject path = CertificatePath(baseURL, access);
String ca = (String)path.GetValue("path");
//Create Certificate chain
X509Certificate[] chain = CreateChain(cert, ca);
//create empty signature
PdfReader reader = new PdfReader(source);
byte[] fileArray = null;
using (MemoryStream os = new MemoryStream()) {
PdfSigner stamper = new PdfSigner(reader, os, new StampingProperties());
PdfSignatureAppearance appearance = stamper.GetSignatureAppearance();
appearance.SetPageRect(new Rectangle(0, 0, 0, 0));
stamper.SetFieldName(fieldName);
IExternalSignatureContainer external = new ExternalBlankSignatureContainer(PdfName.Adobe_PPKLite,
PdfName.Adbe_pkcs7_detached);
stamper.SignExternalContainer(external, 8192);
fileArray = os.ToArray();
}
using (var tempStream = new MemoryStream(fileArray)) {
PdfReader tempReader = new PdfReader(tempStream);
byte[] oc2 = Convert.FromBase64String(oc1);
OcspResp ocspResp = new OcspResp(oc2);
IExternalSignatureContainer gsContainer = new MyExternalSignatureContainer(id, access, chain, ocspResp);
using (MemoryStream destination = new MemoryStream()) {
PdfSigner signer = new PdfSigner(tempReader, destination, new StampingProperties());
PdfSigner.SignDeferred(signer.GetDocument(), fieldName, destination, gsContainer);
fileArray = destination.ToArray();
}
}
using (MemoryStream LTV = new MemoryStream())
using (var newSource = new MemoryStream(fileArray)) {
addLTVToStream(newSource, LTV, new OcspClientBouncyCastle(null),
new CrlClientOnline(), LtvVerification.Level.OCSP_CRL,
LtvVerification.Level.OCSP_CRL);
return(LTV.ToArray());
}
}