public void FindSigningCertificate()
{
var slot = SmartCardUtils.SaferFindSlot(@"C:\Program Files (x86)\EAC MW klient\pkcs11_x86.dll", "Sig_ZEP");
using (var session = PkcsSession.StartNewSession(slot, "200860"))
{
var signingCertificate = SmartCardUtils.FindSigningCertificate(session, "Certifikat k podpisovemu klucu");
Assert.IsNotNull(signingCertificate);
var certificateChain = SmartCardUtils.GetCertificateChain(signingCertificate);
Assert.IsNotEmpty(certificateChain);
}
}
public void SignPdf(string inputPdfPath, string signedPdfPath, string tokenPin)
{
// Pkcs11RsaSignature can't find a private key by certificate label, only by certificate id.
var signingCertificateId = this.FindSigningCertificateId(tokenPin, this.ckaLabel);
var pkcs11RsaSignature = SmartCardUtils.SaferCreateSignature(this.pkcsLibPath, this.tokenLabel, tokenPin, signingCertificateId);
if (pkcs11RsaSignature == null)
{
throw new InvalidOperationException("Smart card read error.");
}
try
{
var rawSigningCertificate = pkcs11RsaSignature.SaferGetSigningCertificate();
var signingCertificate = SmartCardUtils.ParseCertificate(rawSigningCertificate);
var signatureAuthor = GetCertificateCn(signingCertificate.Subject);
var certificateChain = SmartCardUtils.GetCertificateChain(signingCertificate);
var certPath = CertUtils.BuildCertPath(rawSigningCertificate, certificateChain.Select(v => v.RawData).ToList());
using (var pdfReader = new PdfReader(inputPdfPath))
{
using (var outputStream = new FileStream(signedPdfPath, FileMode.Create))
{
// Create PdfStamper that applies extra content to the PDF document
using (var pdfStamper = PdfStamper.CreateSignature(pdfReader, outputStream, '\0', Path.GetTempFileName(), true))
{
pdfStamper.SignatureAppearance.SignatureCreator = signatureAuthor;
pdfStamper.SignatureAppearance.SignDate = DateTime.Now;
// Sign PDF document
MakeSignature.SignDetached(pdfStamper.SignatureAppearance, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES);
}
}
}
}
finally
{
pkcs11RsaSignature.Dispose();
}
}