public virtual void LtvEnabledSingleSignatureTest01() { String signCertFileName = certsSrc + "signCertRsaWithChain.p12"; String tsaCertFileName = certsSrc + "tsCertRsa.p12"; String intermediateCertFileName = certsSrc + "intermediateRsa.p12"; String caCertFileName = certsSrc + "rootRsa.p12"; String srcFileName = sourceFolder + "helloWorldDoc.pdf"; String ltvFileName = destinationFolder + "ltvEnabledSingleSignatureTest01.pdf"; X509Certificate[] tsaChain = Pkcs12FileHelper.ReadFirstChain(tsaCertFileName, password); ICipherParameters tsaPrivateKey = Pkcs12FileHelper.ReadFirstKey(tsaCertFileName, password, password); X509Certificate intermediateCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(intermediateCertFileName , password)[0]; ICipherParameters intermediatePrivateKey = Pkcs12FileHelper.ReadFirstKey(intermediateCertFileName, password , password); X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0]; ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password); TestTsaClient testTsa = new TestTsaClient(JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey); TestOcspClient testOcspClient = new TestOcspClient().AddBuilderForCertIssuer(intermediateCert, intermediatePrivateKey ).AddBuilderForCertIssuer(caCert, caPrivateKey); X509Certificate[] signChain = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password); ICipherParameters signPrivateKey = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password); IExternalSignature pks = new PrivateKeySignature(signPrivateKey, DigestAlgorithms.SHA256); PdfSigner signer = new PdfSigner(new PdfReader(srcFileName), new FileStream(ltvFileName, FileMode.Create), new StampingProperties()); signer.SetFieldName("Signature1"); signer.SignDetached(pks, signChain, null, testOcspClient, testTsa, 0, PdfSigner.CryptoStandard.CADES); PadesSigTest.BasicCheckSignedDoc(destinationFolder + "ltvEnabledSingleSignatureTest01.pdf", "Signature1"); }
public virtual void LtvEnabledTest01() { String tsaCertFileName = certsSrc + "tsCertRsa.p12"; String caCertFileName = certsSrc + "rootRsa.p12"; String srcFileName = sourceFolder + "signedDoc.pdf"; String ltvFileName = destinationFolder + "ltvEnabledTest01.pdf"; String ltvTsFileName = destinationFolder + "ltvEnabledTsTest01.pdf"; X509Certificate[] tsaChain = Pkcs12FileHelper.ReadFirstChain(tsaCertFileName, password); ICipherParameters tsaPrivateKey = Pkcs12FileHelper.ReadFirstKey(tsaCertFileName, password, password); X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0]; ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password); TestTsaClient testTsa = new TestTsaClient(JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey); TestOcspClient testOcspClient = new TestOcspClient().AddBuilderForCertIssuer(caCert, caPrivateKey); TestCrlClient testCrlClient = new TestCrlClient(caCert, caPrivateKey); PdfDocument document = new PdfDocument(new PdfReader(srcFileName), new PdfWriter(ltvFileName), new StampingProperties ().UseAppendMode()); LtvVerification ltvVerification = new LtvVerification(document); ltvVerification.AddVerification("Signature1", testOcspClient, testCrlClient, LtvVerification.CertificateOption .SIGNING_CERTIFICATE, LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.YES); ltvVerification.Merge(); document.Close(); PdfSigner signer = new PdfSigner(new PdfReader(ltvFileName), new FileStream(ltvTsFileName, FileMode.Create ), new StampingProperties().UseAppendMode()); signer.Timestamp(testTsa, "timestampSig1"); BasicCheckLtvDoc("ltvEnabledTsTest01.pdf", "timestampSig1"); }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Org.BouncyCastle.Operator.OperatorCreationException"/> /// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/> public virtual bool VerifyAuthorizedOCSPResponderTest(DateTime ocspResponderCertStartDate, DateTime ocspResponderCertEndDate , DateTime checkDate) { X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(certsSrc + "intermediateRsa.p12" , password)[0]; ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(certsSrc + "intermediateRsa.p12", password, password); String checkCertFileName = certsSrc + "signCertRsaWithChain.p12"; X509Certificate checkCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[ 0]; RsaKeyPairGenerator keyGen = SignTestPortUtil.BuildRSA2048KeyPairGenerator(); AsymmetricCipherKeyPair key = keyGen.GenerateKeyPair(); ICipherParameters ocspRespPrivateKey = key.Private; AsymmetricKeyParameter ocspRespPublicKey = key.Public; TestCertificateBuilder certBuilder = new TestCertificateBuilder(ocspRespPublicKey, caCert, caPrivateKey, "CN=iTextTestOCSPResponder, OU=test, O=iText" ); certBuilder.SetStartDate(ocspResponderCertStartDate); certBuilder.SetEndDate(ocspResponderCertEndDate); X509Certificate ocspResponderCert = certBuilder.BuildAuthorizedOCSPResponderCert(); TestOcspResponseBuilder builder = new TestOcspResponseBuilder(ocspResponderCert, ocspRespPrivateKey); TestOcspClient ocspClient = new TestOcspClient().AddBuilderForCertIssuer(caCert, builder); byte[] basicOcspRespBytes = ocspClient.GetEncoded(checkCert, caCert, null); Asn1Object var2 = Asn1Object.FromByteArray(basicOcspRespBytes); BasicOcspResp basicOCSPResp = new BasicOcspResp(BasicOcspResponse.GetInstance(var2)); OCSPVerifier ocspVerifier = new OCSPVerifier(null, null); return(ocspVerifier.Verify(basicOCSPResp, checkCert, caCert, checkDate)); }
private void AddLtvInfo(String src, String dest, String sigName, TestOcspClient testOcspClient, TestCrlClient testCrlClient) { PdfDocument document = new PdfDocument(new PdfReader(src), new PdfWriter(dest), new StampingProperties().UseAppendMode ()); LtvVerification ltvVerification = new LtvVerification(document); ltvVerification.AddVerification(sigName, testOcspClient, testCrlClient, LtvVerification.CertificateOption. WHOLE_CHAIN, LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.YES); ltvVerification.Merge(); document.Close(); }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/> private bool VerifyTest(TestOcspResponseBuilder rootRsaOcspBuilder, String checkCertFileName, DateTime checkDate ) { X509Certificate checkCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[ 0]; X509Certificate rootCert = rootRsaOcspBuilder.GetIssuerCert(); TestOcspClient ocspClient = new TestOcspClient().AddBuilderForCertIssuer(rootCert, rootRsaOcspBuilder); byte[] basicOcspRespBytes = ocspClient.GetEncoded(checkCert, rootCert, null); Asn1Object var2 = Asn1Object.FromByteArray(basicOcspRespBytes); BasicOcspResp basicOCSPResp = new BasicOcspResp(BasicOcspResponse.GetInstance(var2)); OCSPVerifier ocspVerifier = new OCSPVerifier(null, null); return(ocspVerifier.Verify(basicOCSPResp, checkCert, rootCert, checkDate)); }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/> private bool VerifyTest(TestOcspResponseBuilder builder) { String caCertFileName = certsSrc + "rootRsa.p12"; String checkCertFileName = certsSrc + "signCertRsa01.p12"; X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0]; ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password); X509Certificate checkCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[ 0]; TestOcspClient ocspClient = new TestOcspClient(builder, caPrivateKey); byte[] basicOcspRespBytes = ocspClient.GetEncoded(checkCert, caCert, null); Asn1Object var2 = Asn1Object.FromByteArray(basicOcspRespBytes); BasicOcspResp basicOCSPResp = new BasicOcspResp(BasicOcspResponse.GetInstance(var2)); OCSPVerifier ocspVerifier = new OCSPVerifier(null, null); return(ocspVerifier.Verify(basicOCSPResp, checkCert, caCert, DateTimeUtil.GetCurrentUtcTime())); }
public virtual void AddLtvInfo() { String caCertFileName = certsSrc + "rootRsa.p12"; String interCertFileName = certsSrc + "intermediateRsa.p12"; String srcFileName = sourceFolder + "signedTwice.pdf"; String ltvFileName = destinationFolder + "ltvEnabledTest01.pdf"; String ltvFileName2 = destinationFolder + "ltvEnabledTest02.pdf"; X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0]; ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password); X509Certificate interCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(interCertFileName, password)[ 0]; ICipherParameters interPrivateKey = Pkcs12FileHelper.ReadFirstKey(interCertFileName, password, password); TestOcspClient testOcspClient = new TestOcspClient().AddBuilderForCertIssuer(interCert, interPrivateKey).AddBuilderForCertIssuer (caCert, caPrivateKey); TestCrlClient testCrlClient = new TestCrlClient(caCert, caPrivateKey); AddLtvInfo(srcFileName, ltvFileName, "Signature1", testOcspClient, testCrlClient); AddLtvInfo(ltvFileName, ltvFileName2, "Signature2", testOcspClient, testCrlClient); PdfReader reader = new PdfReader(ltvFileName2); PdfDocument document = new PdfDocument(reader); PdfDictionary catalogDictionary = document.GetCatalog().GetPdfObject(); PdfDictionary dssDictionary = catalogDictionary.GetAsDictionary(PdfName.DSS); PdfDictionary vri = dssDictionary.GetAsDictionary(PdfName.VRI); NUnit.Framework.Assert.IsNotNull(vri); NUnit.Framework.Assert.AreEqual(2, vri.Size()); PdfArray ocsps = dssDictionary.GetAsArray(PdfName.OCSPs); NUnit.Framework.Assert.IsNotNull(ocsps); NUnit.Framework.Assert.AreEqual(5, ocsps.Size()); PdfArray certs = dssDictionary.GetAsArray(PdfName.Certs); NUnit.Framework.Assert.IsNotNull(certs); NUnit.Framework.Assert.AreEqual(5, certs.Size()); PdfArray crls = dssDictionary.GetAsArray(PdfName.CRLs); NUnit.Framework.Assert.IsNotNull(crls); NUnit.Framework.Assert.AreEqual(2, crls.Size()); }
public virtual void AddLtvInfo() { String tsaCertFileName = certsSrc + "tsCertRsa.p12"; String caCertFileName = certsSrc + "rootRsa.p12"; String srcFileName = sourceFolder + "signedDoc.pdf"; String ltvFileName = destinationFolder + "ltvEnabledTest01.pdf"; String ltvFileName2 = destinationFolder + "ltvEnabledTest02.pdf"; X509Certificate[] tsaChain = Pkcs12FileHelper.ReadFirstChain(tsaCertFileName, password); ICipherParameters tsaPrivateKey = Pkcs12FileHelper.ReadFirstKey(tsaCertFileName, password, password); X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0]; ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password); TestTsaClient testTsa = new TestTsaClient(iText.IO.Util.JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey); TestOcspClient testOcspClient = new TestOcspClient(caCert, caPrivateKey); TestCrlClient testCrlClient = new TestCrlClient(caCert, caPrivateKey); AddLtvInfo(srcFileName, ltvFileName, "sig", testOcspClient, testCrlClient); AddLtvInfo(ltvFileName, ltvFileName2, "sig2", testOcspClient, testCrlClient); PdfReader reader = new PdfReader(ltvFileName2); PdfDocument document = new PdfDocument(reader); PdfDictionary catalogDictionary = document.GetCatalog().GetPdfObject(); PdfDictionary dssDictionary = catalogDictionary.GetAsDictionary(PdfName.DSS); PdfDictionary vri = dssDictionary.GetAsDictionary(PdfName.VRI); NUnit.Framework.Assert.IsNotNull(vri); NUnit.Framework.Assert.AreEqual(2, vri.Size()); PdfArray ocsps = dssDictionary.GetAsArray(PdfName.OCSPs); NUnit.Framework.Assert.IsNotNull(ocsps); NUnit.Framework.Assert.AreEqual(2, ocsps.Size()); PdfArray certs = dssDictionary.GetAsArray(PdfName.Certs); NUnit.Framework.Assert.IsNotNull(certs); NUnit.Framework.Assert.AreEqual(2, certs.Size()); PdfArray crls = dssDictionary.GetAsArray(PdfName.CRLs); NUnit.Framework.Assert.IsNotNull(crls); NUnit.Framework.Assert.AreEqual(1, crls.Size()); }
public virtual void PadesSignatureLevelLTTest01() { String outFileName = destinationFolder + "padesSignatureLevelLTTest01.pdf"; String srcFileName = sourceFolder + "signedPAdES-T.pdf"; String tsaCertFileName = certsSrc + "tsCertRsa.p12"; String caCertFileName = certsSrc + "rootRsa.p12"; X509Certificate[] tsaChain = Pkcs12FileHelper.ReadFirstChain(tsaCertFileName, password); ICipherParameters tsaPrivateKey = Pkcs12FileHelper.ReadFirstKey(tsaCertFileName, password, password); X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0]; ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password); ICrlClient crlClient = new TestCrlClient(caCert, caPrivateKey); TestOcspClient ocspClient = new TestOcspClient().AddBuilderForCertIssuer(caCert, caPrivateKey); TestTsaClient testTsa = new TestTsaClient(JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey); PdfDocument document = new PdfDocument(new PdfReader(srcFileName), new PdfWriter(outFileName), new StampingProperties ().UseAppendMode()); LtvVerification ltvVerification = new LtvVerification(document); ltvVerification.AddVerification("Signature1", ocspClient, crlClient, LtvVerification.CertificateOption.SIGNING_CERTIFICATE , LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.YES); ltvVerification.Merge(); document.Close(); BasicCheckDssDict("padesSignatureLevelLTTest01.pdf"); }