/// <summary>
/// 支付网关入口
/// </summary>
/// <returns></returns>
public JsonResult Geteway(PayRequest payRequest)
{
try
{
this._log.Info("pay-----------------------");
this._log.Info("pay.request:{0}", JsonConvert.SerializeObject(payRequest));
//1 请求参数校验,
ValidateUtil.Validate(payRequest, null);
// 2 client-app签名校验
var checkSign = SignatureUtil.BuildMD5Sign(payRequest.toDic(), "CC73A89B-E4A4-4E84-9434-4619FE2B523A");
SignatureUtil.CheckMD5Sign(payRequest.Sign, checkSign);
// 执行请求
var routeData = _route.Find(payRequest.Method);
var payAgent = Activator.CreateInstance(routeData.AgentType);
var resultObj = routeData.AgentMethod.Invoke(payAgent, new object[] { payRequest });
var dic = resultObj.ToKeyValueDic();
var resultString = JsonConvert.SerializeObject(resultObj);
this._log.Info("pay.response:{0}", resultString);
return(Json(new { success = true, data = dic }));
}
catch (Exception ex)
{
this._log.Info("pay.response.failed:{0}", ex.Message);
return(Json(new { success = false, message = ex.Message }));
}
}
public void TestSignAndValidateNotTrusted()
{
GenericCredentialVault vault = new GenericCredentialVault();
//Add test certificate to vault
X509Certificate2 newCert = new X509Certificate2(AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "\\Resources\\oces2\\PP\\FOCES_gyldig.p12", "Test1234");
var cert2 = new X509Certificate2(AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "\\Resources\\oces2\\PP\\VOCES_gyldig.p12", "Test1234");
cert2.FriendlyName = vault.ALIAS_SYSTEM;
vault.AddTrustedCertificate(cert2);
var ass = AssertionMaker.MakeAssertionForSTS(newCert);
var signedAss = SealUtilities.SignAssertion(ass, newCert);
var signedXml = Serialize(signedAss);
try
{
SignatureUtil.Validate(signedXml.Root, null, vault, true, true);
}
catch (Exception e)
{
//Assert.IsInstanceOfType(e, typeof(ModelException));
}
}
static void addLTVToStream(Stream source, Stream destination, IOcspClient ocsp, ICrlClient crl,
LtvVerification.Level timestampLevel, LtvVerification.Level signatureLevel)
{
PdfDocument pdfDoc = new PdfDocument(new PdfReader(source),
new PdfWriter(destination),
new StampingProperties().UseAppendMode());
LtvVerification v = new LtvVerification(pdfDoc);
SignatureUtil signatureUtil = new SignatureUtil(pdfDoc);
IList <string> names = signatureUtil.GetSignatureNames();
String sigName = names[(names.Count - 1)];
PdfPKCS7 pkcs7 = signatureUtil.ReadSignatureData(sigName);
if (pkcs7.IsTsp())
{
v.AddVerification(sigName, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN,
timestampLevel, LtvVerification.CertificateInclusion.YES);
}
else
{
foreach (String name in names)
{
v.AddVerification(name, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN,
signatureLevel, LtvVerification.CertificateInclusion.YES);
}
}
v.Merge();
pdfDoc.Close();
}
public static void addLTV(String src, String dest, IOcspClient ocsp, ICrlClient crl, ITSAClient itsaClient)
{
PdfReader reader = new PdfReader(src);
PdfWriter writer = new PdfWriter(dest);
PdfDocument pdfDoc = new PdfDocument(reader, writer, new StampingProperties().UseAppendMode());
LtvVerification v = new LtvVerification(pdfDoc);
SignatureUtil signatureUtil = new SignatureUtil(pdfDoc);
IList <string> names = signatureUtil.GetSignatureNames();
String sigName = names[names.Count - 1];
PdfPKCS7 pkcs7 = signatureUtil.ReadSignatureData(sigName);
if (pkcs7.IsTsp())
{
v.AddVerification(sigName, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN,
LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO);
}
else
{
foreach (var name in names)
{
v.AddVerification(name, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN,
LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO);
}
}
v.Merge();
pdfDoc.Close();
}
private void InternalValidateSignature(Federation.Federation federation, ICredentialVault vault, bool checkTrust = true)
{
if (AuthenticationLevel.Level < AuthenticationLevel.VocesTrustedSystem.Level)
{
throw new ModelException("AuthenticationLevel does not support signature");
}
if (Xassertion == null)
{
throw new ModelException("Assertion not initialized");
}
if (!SealUtilities.CheckAssertionSignature(Xassertion))
{
throw new ModelException("IDCard is not signed!");
}
if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckTrust"))
{
checkTrust = ConfigurationManager.AppSettings["CheckTrust"].ToLower().Equals("true");
}
if (checkTrust)
{
var checkCrl = true;
if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckCrl"))
{
checkCrl = ConfigurationManager.AppSettings["CheckCrl"].ToLower().Equals("true");
}
//Check that Signature is in credentialVault and that no certificate in chain is revoked
if (!SignatureUtil.Validate(Xassertion, federation, vault, checkTrust, checkCrl))
{
throw new ModelException("Signature on IdCard could not be validated");
}
}
}
public void OnActionExecuting(ActionExecutingContext context)
{
string signature = context.HttpContext.Request.Headers["signature"];
string timestamp = context.HttpContext.Request.Headers["timestamp"];
string nonce = context.HttpContext.Request.Headers["nonce"];
if (string.IsNullOrEmpty(signature) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce))
{
context.Result = new ContentResult()
{
Content = "Resource unavailable - header should not be set"
};
}
else
{
bool check = SignatureUtil.CheckSignature(signature, timestamp, nonce);
if (!check)
{
context.Result = new ContentResult()
{
Content = "Resource unavailable - invalidated signature"
};
}
}
}
public virtual void TestISAValidPdf()
{
String filePath = sourceFolder + "isaValidPdf.pdf";
String signatureName = "Signature1";
PdfDocument document = new PdfDocument(new PdfReader(filePath));
SignatureUtil sigUtil = new SignatureUtil(document);
PdfPKCS7 pdfPKCS7 = sigUtil.ReadSignatureData(signatureName);
NUnit.Framework.Assert.IsTrue(pdfPKCS7.VerifySignatureIntegrityAndAuthenticity());
NUnit.Framework.Assert.IsFalse(sigUtil.SignatureCoversWholeDocument(signatureName));
String textFromPage = PdfTextExtractor.GetTextFromPage(document.GetPage(1));
// We are working with the latest revision of the document, that's why we should get amended page text.
// However Signature shall be marked as not covering the complete document, indicating its invalidity
// for the current revision.
NUnit.Framework.Assert.AreEqual("This is manipulated malicious text, ha-ha!", textFromPage);
NUnit.Framework.Assert.AreEqual(2, sigUtil.GetTotalRevisions());
NUnit.Framework.Assert.AreEqual(1, sigUtil.GetRevision(signatureName));
Stream sigInputStream = sigUtil.ExtractRevision(signatureName);
PdfDocument sigRevDocument = new PdfDocument(new PdfReader(sigInputStream));
SignatureUtil sigRevUtil = new SignatureUtil(sigRevDocument);
PdfPKCS7 sigRevSignatureData = sigRevUtil.ReadSignatureData(signatureName);
NUnit.Framework.Assert.IsTrue(sigRevSignatureData.VerifySignatureIntegrityAndAuthenticity());
NUnit.Framework.Assert.IsTrue(sigRevUtil.SignatureCoversWholeDocument(signatureName));
sigRevDocument.Close();
document.Close();
}
public async Task <IssueVoucherResult> IssueVoucher(string batchKey, string privateKey, string accessToken, string environment)
{
Object data = new { };
string compactJson = SignatureUtil.GenerateCompactJson(data);
string encode = Encode.Base64Encode(compactJson);
string method = "post";
string nonceStr = RandomString.GenerateRandomString(32);
string requestUrl = "";
if (environment == "sandbox")
{
requestUrl = String.Concat(Url.SandBoxOpen, "/v3/voucher-batch/" + batchKey + "/issue");
}
else if (environment == "production")
{
requestUrl = String.Concat(Url.ProductionOpen, "/v3/voucher-batch/" + batchKey + "/issue");
}
string signType = "sha256";
string timestamp = Convert.ToString((Int32)(DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1))).TotalSeconds);
Signature signature = new Signature();
string signatureResult = "";
signatureResult = signature.GenerateSignature(null, method, nonceStr, privateKey, requestUrl, signType, timestamp, environment);
signatureResult = "sha256 " + signatureResult;
IssueVoucherResult result = new IssueVoucherResult();
try
{
var content = JsonConvert.SerializeObject(data);
var buffer = System.Text.Encoding.UTF8.GetBytes(content);
var byteContent = new ByteArrayContent(buffer);
byteContent.Headers.ContentType = new MediaTypeHeaderValue("application/json");
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
client.DefaultRequestHeaders.Add("X-Nonce-Str", nonceStr);
client.DefaultRequestHeaders.Add("X-Signature", signatureResult);
client.DefaultRequestHeaders.Add("X-Timestamp", timestamp);
var response = await client.PostAsync(requestUrl, byteContent);
var responseStr = await response.Content.ReadAsStringAsync();
if (response.IsSuccessStatusCode)
{
var jsonAsString = await response.Content.ReadAsStringAsync();
result = JsonConvert.DeserializeObject <IssueVoucherResult>(jsonAsString);
}
else
{
result = JsonConvert.DeserializeObject <IssueVoucherResult>(response.Content.ReadAsStringAsync().Result);
}
}
catch (Exception ex)
{
Console.WriteLine("Error", ex.Message);
}
return(result);
}
private void AdicionarLtv(string pdfPrimeiraAssinatura, SingInfo singInfo)
{
var inicioCarimbo = DateTime.Now;
var stamping = new StampingProperties();
stamping.UseAppendMode();
PdfDocument pdfDoc = new PdfDocument(
new PdfReader(pdfPrimeiraAssinatura),
new PdfWriter(singInfo.TargetPdf));
LtvVerification v = new LtvVerification(pdfDoc);
SignatureUtil signatureUtil = new SignatureUtil(pdfDoc);
var names = signatureUtil.GetSignatureNames();
var sigName = names[names.Count - 1];
var pkcs7 = signatureUtil.VerifySignature(sigName);
if (pkcs7.IsTsp())
{
v.AddVerification(
sigName,
this.ocspClient,
new CrlClientOnline(this.cadeiaTempo.ToArray()),
LtvVerification.CertificateOption.SIGNING_CERTIFICATE,
LtvVerification.Level.OCSP_CRL,
LtvVerification.CertificateInclusion.YES);
}
else
{
foreach (var name in names)
{
v.AddVerification(
name,
this.ocspClient,
new CrlClientOnline(this.cadeiaTempo.ToArray()),
LtvVerification.CertificateOption.WHOLE_CHAIN,
LtvVerification.Level.OCSP_CRL,
LtvVerification.CertificateInclusion.NO);
}
}
pdfDoc.Close();
Console.WriteLine("Aplicando timestamp........");
PdfReader r = new PdfReader(pdfPrimeiraAssinatura);
PdfSigner pdfSigner = new PdfSigner(r, new FileStream(singInfo.TargetPdf, FileMode.Create), stamping);
pdfSigner.Timestamp(this.tsaClient, null);
var fimCarimbo = DateTime.Now;
var tempoCarimbo = fimCarimbo.Subtract(inicioCarimbo);
Console.WriteLine("Tempo Carimbo: {0}ms", tempoCarimbo.TotalMilliseconds);
}
internal static void BasicCheckSignedDoc(String filePath, String signatureName)
{
PdfDocument outDocument = new PdfDocument(new PdfReader(filePath));
SignatureUtil sigUtil = new SignatureUtil(outDocument);
PdfPKCS7 signatureData = sigUtil.ReadSignatureData(signatureName);
NUnit.Framework.Assert.IsTrue(signatureData.VerifySignatureIntegrityAndAuthenticity());
outDocument.Close();
}
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
/// <exception cref="System.IO.IOException"/>
internal static void BasicCheckSignedDoc(String filePath, String signatureName)
{
PdfDocument outDocument = new PdfDocument(new PdfReader(filePath));
SignatureUtil sigUtil = new SignatureUtil(outDocument);
PdfPKCS7 pdfPKCS7 = sigUtil.VerifySignature(signatureName);
NUnit.Framework.Assert.IsTrue(pdfPKCS7.Verify());
outDocument.Close();
}
private ICollection <string> ObterSignatureFieldName(byte[] fileBytes)
{
using PdfReader pdfReader = new PdfReader(new MemoryStream(fileBytes));
using PdfDocument pdfDocument = new PdfDocument(pdfReader);
SignatureUtil signUtil = new SignatureUtil(pdfDocument);
var assinaturas = signUtil.GetSignatureNames();
return(assinaturas);
}
private void VerifySignaturesForDocument(String documentPath)
{
PdfReader reader = new PdfReader(documentPath);
PdfDocument pdfDoc = new PdfDocument(new PdfReader(documentPath));
SignatureUtil signUtil = new SignatureUtil(pdfDoc);
IList <String> names = signUtil.GetSignatureNames();
VerifySignatures(signUtil, names);
reader.Close();
}
public PdfPKCS7 VerifySignature(SignatureUtil signUtil, String name)
{
PdfPKCS7 pkcs7 = signUtil.ReadSignatureData(name);
Console.Out.WriteLine("Signature covers whole document: " + signUtil.SignatureCoversWholeDocument(name));
Console.Out.WriteLine("Document revision: " + signUtil.GetRevision(name) + " of "
+ signUtil.GetTotalRevisions());
Console.Out.WriteLine("Integrity check OK? " + pkcs7.VerifySignatureIntegrityAndAuthenticity());
return(pkcs7);
}
public virtual void TestSWA01()
{
String filePath = sourceFolder + "siwa.pdf";
String signatureName = "Signature1";
PdfDocument document = new PdfDocument(new PdfReader(filePath));
SignatureUtil sigUtil = new SignatureUtil(document);
PdfPKCS7 pdfPKCS7 = sigUtil.ReadSignatureData(signatureName);
NUnit.Framework.Assert.IsTrue(pdfPKCS7.VerifySignatureIntegrityAndAuthenticity());
NUnit.Framework.Assert.IsFalse(sigUtil.SignatureCoversWholeDocument(signatureName));
document.Close();
}
public PdfPKCS7 VerifySignature(SignatureUtil signUtil, String name)
{
PdfPKCS7 pkcs7 = GetSignatureData(signUtil, name);
X509Certificate[] certs = pkcs7.GetSignCertificateChain();
// Timestamp is a secure source of signature creation time,
// because it's based on Time Stamping Authority service.
DateTime cal = pkcs7.GetTimeStampDate();
// If there is no timestamp, use the current date
if (TimestampConstants.UNDEFINED_TIMESTAMP_DATE == cal)
{
cal = new DateTime();
}
// Check if the certificate chain, presented in the PDF, can be verified against
// the created key store.
IList <VerificationException> errors = CertificateVerification.VerifyCertificates(certs, ks, cal);
if (errors.Count == 0)
{
OUT_STREAM.WriteLine("Certificates verified against the KeyStore");
}
else
{
OUT_STREAM.WriteLine(errors);
}
// Find out if certificates were valid on the signing date, and if they are still valid today
for (int i = 0; i < certs.Length; i++)
{
X509Certificate cert = (X509Certificate)certs[i];
OUT_STREAM.WriteLine("=== Certificate " + i + " ===");
ShowCertificateInfo(cert, cal.ToUniversalTime());
}
// Take the signing certificate
X509Certificate signCert = (X509Certificate)certs[0];
// Take the certificate of the issuer of that certificate (or null if it was self-signed).
X509Certificate issuerCert = (certs.Length > 1 ? (X509Certificate)certs[1] : null);
OUT_STREAM.WriteLine("=== Checking validity of the document at the time of signing ===");
CheckRevocation(pkcs7, signCert, issuerCert, cal.ToUniversalTime());
OUT_STREAM.WriteLine("=== Checking validity of the document today ===");
CheckRevocation(pkcs7, signCert, issuerCert, new DateTime());
return(pkcs7);
}
public void VerifySignatures(String path)
{
PdfDocument pdfDoc = new PdfDocument(new PdfReader(path));
SignatureUtil signUtil = new SignatureUtil(pdfDoc);
IList <String> names = signUtil.GetSignatureNames();
OUT_STREAM.WriteLine(path);
foreach (String name in names)
{
OUT_STREAM.WriteLine("===== " + name + " =====");
VerifySignature(signUtil, name);
}
}
private bool SignAndValidate(X509Certificate2 cert, bool checkTrust, bool checkRevoked)
{
GenericCredentialVault vault = new GenericCredentialVault();
cert.FriendlyName = vault.ALIAS_SYSTEM;
vault.AddTrustedCertificate(cert);
var ass = AssertionMaker.MakeAssertionForSTS(cert);
var signedAss = SealUtilities.SignAssertion(ass, cert);
var signedXml = Serialize(signedAss);
return(SignatureUtil.Validate(signedXml.Root, null, vault, checkTrust, checkRevoked));
}
private HttpWebRequest buildRequest(Dictionary <object, object> context, RequestInputModel Params)
{
Config Config = (Config)context[Constant.CONFIG_CONTEXT_KEY];
string zone = (string)context[Constant.PARAM_KEY_REQUEST_ZONE];
Dictionary <object, object> paramsQuery = ParamInvokeUtil.getRequestParams(Params, Constant.PARAM_TYPE_QUERY);
Dictionary <object, object> paramsBody = ParamInvokeUtil.getRequestParams(Params, Constant.PARAM_TYPE_BODY);
Dictionary <object, object> paramsHeaders = ParamInvokeUtil.getRequestParams(Params, Constant.PARAM_TYPE_HEADER);
paramsHeaders.Add("action", context["action"]);
if (paramsHeaders.ContainsKey("zone"))
{
paramsHeaders["zone"] = zone;
}
else
{
paramsHeaders.Add("zone", zone);
}
if (context.ContainsKey(Constant.PARAM_KEY_USER_AGENT))
{
paramsHeaders.Add(Constant.PARAM_KEY_USER_AGENT, context[Constant.PARAM_KEY_USER_AGENT]);
}
String requestApi = (String)context[Constant.PARAM_KEY_REQUEST_APINAME];
//string FileBody = GetBodyFile(context[Constant.PARAM_KEY_OBJECT_NAME].ToString()).ToString();
string method = (string)context[Constant.PARAM_KEY_REQUEST_METHOD];
string requestPath = Config.getHost() + Config.getUri();
string singedUrl =
SignatureUtil.getURL(
Config.getAccessKey(),
Config.getAccessSecret(),
method,
requestPath,
paramsQuery,
paramsHeaders);
singedUrl = Config.getProtocol() + "://" + singedUrl;
logger.Info(singedUrl);
//System.Console.WriteLine(singedUrl);
HttpWebRequest request =
HttpRequestClient.getInstance()
.buildCloudRequest(method, paramsBody, singedUrl, paramsHeaders);
return(request);
}
public virtual void InspectSignatures(String path)
{
PdfDocument pdfDoc = new PdfDocument(new PdfReader(path));
PdfAcroForm form = PdfAcroForm.GetAcroForm(pdfDoc, false);
SignaturePermissions perms = null;
SignatureUtil signUtil = new SignatureUtil(pdfDoc);
IList <String> names = signUtil.GetSignatureNames();
Console.WriteLine(path);
foreach (String name in names)
{
Console.Out.WriteLine("===== " + name + " =====");
perms = InspectSignature(pdfDoc, signUtil, form, name, perms);
}
}
private void VerifySignatures(SignatureUtil signUtil, IList <String> names)
{
foreach (String name in names)
{
PdfPKCS7 pkcs7 = signUtil.ReadSignatureData(name);
// verify signature integrity
if (!pkcs7.VerifySignatureIntegrityAndAuthenticity())
{
AddError(String.Format("\"{0}\" signature integrity is invalid\n", name));
}
VerifyCertificates(pkcs7);
}
}
static void Verify()
{
String digestAlgorithm = "";
String encryptionAlgorithm = "";
DateTime signDate;
bool verifyTimeStamp = false;
Org.BouncyCastle.X509.X509Certificate signCert;
bool revokeStatus = false;
bool isTSP = false;
PdfDocument pdfDocument = new PdfDocument(new PdfReader("c:\\temp\\valid signed contract.pdf"));
// Checks that signature is genuine and the document was not modified.
Boolean genuineAndWasNotModified = false;
String signatureFieldName = "Signature1";
SignatureUtil signatureUtil = new SignatureUtil(pdfDocument);
try
{
PdfPKCS7 signature1 = signatureUtil.ReadSignatureData(signatureFieldName);
if (signature1 != null)
{
genuineAndWasNotModified = signature1.VerifySignatureIntegrityAndAuthenticity();
digestAlgorithm = signature1.GetDigestAlgorithm();
encryptionAlgorithm = signature1.GetEncryptionAlgorithm();
signDate = signature1.GetTimeStampDate();
verifyTimeStamp = signature1.VerifyTimestampImprint();
signDate = signature1.GetSignDate();
signCert = signature1.GetSigningCertificate();
isTSP = signature1.IsTsp();
revokeStatus = signature1.IsRevocationValid();
}
}
catch (iText.Signatures.VerificationException issue)
{
issue.
}
catch (Exception ignored)
{
// ignoring exceptions,
// we are only interested in signatures that are passing the check successfully
}
pdfDocument.Close();
}
static void coversAllDocument()
{
PdfDocument pdfDocument = new PdfDocument(new PdfReader("c:\\temp\\valid signed contract.pdf"));
String signatureFieldName = "Signature1";
SignatureUtil signatureUtil = new SignatureUtil(pdfDocument);
Boolean completeDocumentIsSigned = signatureUtil.SignatureCoversWholeDocument(signatureFieldName);
if (!completeDocumentIsSigned)
{
// handle PDF file which contains NOT signed data
}
pdfDocument.Close();
}
private static string getSignedUrl(
string serviceUrl,
string zone,
string bucketName,
Dictionary <object, object> paramsQuery,
string requestSuffixPath)
{
if ("".Equals(bucketName) || bucketName == null)
{
return(SignatureUtil.generateQSURL(paramsQuery, serviceUrl + requestSuffixPath));
}
else
{
string storRequestUrl = serviceUrl.Replace("://", "://" + zone + ".");
return(SignatureUtil.generateQSURL(
paramsQuery, storRequestUrl.Replace("://", "://" + bucketName + ".") + requestSuffixPath));
}
}
/// <summary>
/// Execute WeChatPay API request implementation
/// </summary>
/// <typeparam name="TModel"></typeparam>
/// <typeparam name="TResponse"></typeparam>
/// <param name="request"></param>
/// <returns></returns>
public async Task <TResponse> ExecuteAsync <TModel, TResponse>(BaseRequest <TModel, TResponse> request)
{
BuildParams(request);
//var reqsign= request.GetStringValue("sign");
string result = await HttpUtil.PostAsync(request.RequestUrl, request.ToXml());
request.FromXml(result);
var baseResponse = (BaseResponse)(object)request.ToObject <TResponse>();
baseResponse.Raw = result;
var repsign = request.GetStringValue("sign");
if (string.IsNullOrEmpty(repsign) && !SignatureUtil.VerifyData(request, repsign))
{
_logger.LogError("Signature verification failed:{0}", result);
throw new FreePayException("Signature verification failed.");
}
return((TResponse)(object)baseResponse);
}
private void signature(String path, Dictionary <String, Object> parameters, RequestPolicy requestPolicy, ClientPolicy clientPolicy)
{
if (!requestPolicy.UseSignture)
{
return;
}
if (clientPolicy.AppKey == null ||
clientPolicy.SecretKey == null)
{
return;
}
byte[] sign = SignatureUtil.hmacSha1(path, parameters, clientPolicy.SecretKey);
String signStr = SignatureUtil.toHex(sign);
if (signStr != null)
{
parameters.Add("_aop_signature", signStr);
}
}
/// <summary>
/// Checks the signature on the <see cref="OioWsTrustRequest"/> and whether the signing certificate is trusted.
/// </summary>
/// <param name="vault">The CredentialVault containing trusted certificates used to check trust for the <see cref="OioWsTrustRequest"/>.</param>
public void ValidateSignatureAndTrust(ICredentialVault vault)
{
var checkTrust = false;
if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckTrust"))
{
checkTrust = ConfigurationManager.AppSettings["CheckTrust"].ToLower().Equals("true");
}
var checkCrl = false;
if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckCrl"))
{
checkCrl = ConfigurationManager.AppSettings["CheckCrl"].ToLower().Equals("true");
}
if (!SignatureUtil.Validate(dom, null, vault, checkTrust, checkCrl))
{
throw new ModelBuildException("Liberty signature could not be validated");
}
}
public static List <FileDetailsModel> InspectSignatures(String path)
{
List <FileDetailsModel> fileModelList = new List <FileDetailsModel>();
PdfDocument pdfDoc = new PdfDocument(new PdfReader(path));
PdfAcroForm form = PdfAcroForm.GetAcroForm(pdfDoc, false);
SignaturePermissions perms = null;
SignatureUtil signUtil = new SignatureUtil(pdfDoc);
IList <String> names = signUtil.GetSignatureNames();
foreach (String name in names)
{
FileDetailsModel fileModel = new FileDetailsModel();
logger.Error("===== " + name + " =====");
fileModel.Signature = name;
(perms, fileModel) = InspectSignature(fileModel, pdfDoc, signUtil, form, name, perms);
fileModelList.Add(fileModel);
}
return(fileModelList);
}
public virtual void InspectSignatures(String path)
{
Console.WriteLine("\n\n");
PdfDocument pdfDoc = new PdfDocument(new PdfReader(path));
PdfAcroForm form = PdfAcroForm.GetAcroForm(pdfDoc, false);
SignaturePermissions perms = null;
SignatureUtil signUtil = new SignatureUtil(pdfDoc);
IList <String> names = signUtil.GetSignatureNames();
Console.WriteLine(path);
foreach (String name in names)
{
Console.Out.WriteLine("===== " + name + " =====");
perms = InspectSignature(pdfDoc, signUtil, form, name, perms);
}
PdfAConformanceLevel conformanceLevel = pdfDoc.GetReader().GetPdfAConformanceLevel();
string conformance = conformanceLevel == null ? string.Empty : conformanceLevel.GetConformance();
string part = conformanceLevel == null ? string.Empty : conformanceLevel.GetPart();
Console.Out.WriteLine($"Document conformance: {conformance}/{part}");
GetMetaInfo(pdfDoc);
}
public bool HasDigitalSignature(MemoryStream memoryStream)
{
memoryStream.Seek(0, SeekOrigin.Begin);
using (PdfReader pdfReader = new PdfReader(memoryStream))
using (PdfDocument pdfDocument = new PdfDocument(pdfReader))
{
SignatureUtil signUtil = new SignatureUtil(pdfDocument);
var assinaturas = signUtil.GetSignatureNames();
pdfDocument.Close();
pdfReader.Close();
if (assinaturas?.Count >= 1)
{
return(true);
}
else
{
return(false);
}
}
}
