private static CryptographicAttributeObjectCollection CreateAttributeCollection(
X509Certificate2 certificate,
AsymmetricKeyParameter privateKey,
Action <Asn1EncodableVector> addAttributes)
{
var content = new CmsProcessableByteArray(new byte[0]);
var attributes = new Asn1EncodableVector();
addAttributes(attributes);
var signedAttributes = new AttributeTable(attributes);
var unsignedAttributes = new AttributeTable(DerSet.Empty);
var generator = new CmsSignedDataGenerator();
generator.AddSigner(
privateKey,
DotNetUtilities.FromX509Certificate(certificate),
Oids.Sha256,
signedAttributes,
unsignedAttributes);
var bcSignedCms = generator.Generate(content, encapsulate: true);
var signedCms = new SignedCms();
signedCms.Decode(bcSignedCms.GetEncoded());
return(signedCms.SignerInfos[0].SignedAttributes);
}
public async Task VerifyAsync_WithRevokedCountersignatureCertificate_ReturnsSuspect()
{
var testServer = await _fixture.GetSigningTestServerAsync();
var certificateAuthority = await _fixture.GetDefaultTrustedCertificateAuthorityAsync();
var issueCertificateOptions = IssueCertificateOptions.CreateDefaultForEndCertificate();
var bcCertificate = certificateAuthority.IssueCertificate(issueCertificateOptions);
var timestampService = await _fixture.GetDefaultTrustedTimestampServiceAsync();
using (var certificate = new X509Certificate2(bcCertificate.GetEncoded()))
{
certificate.PrivateKey = DotNetUtilities.ToRSA(issueCertificateOptions.KeyPair.Private as RsaPrivateCrtKeyParameters);
using (var test = await Test.CreateAuthorSignedRepositoryCountersignedPackageAsync(
_fixture.TrustedTestCertificate.Source.Cert,
certificate,
timestampService.Url,
timestampService.Url))
using (var packageReader = new PackageArchiveReader(test.PackageFile.FullName))
{
await certificateAuthority.OcspResponder.WaitForResponseExpirationAsync(bcCertificate);
certificateAuthority.Revoke(
bcCertificate,
RevocationReason.KeyCompromise,
DateTimeOffset.UtcNow.AddHours(-1));
var status = await _verifier.VerifyAsync(packageReader, CancellationToken.None);
Assert.Equal(SignatureVerificationStatus.Suspect, status);
}
}
}
static void Main(string[] args)
{
//All pdf files are fetched from a particular folder
string[] pdfFiles = Directory.GetFiles("PATH1", "*.pdf")
.Select(Path.GetFileName)
.ToArray();
string[] pdfpaths = Directory.GetFiles("PATH1", "*.pdf").ToArray();
string[] newfilepaths = new string[50];
int[] psn = new int[50];
string[] ski;
for (int i = 0; i < pdfFiles.Length; i++)
{
psn[i] = PSNumber(pdfFiles[i]);
string[] address = { @"PATH2", pdfFiles[i] };
newfilepaths[i] = Path.Combine(address);
}
ski = details(psn);
for (int i = 0; psn[i] != 0; i++)
{
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindBySubjectKeyIdentifier, ski[i], true);
X509Certificate2 digitalID = fcollection[0];
PdfReader reader = new PdfReader(pdfpaths[i]);
PdfStamper stamper = PdfStamper.CreateSignature(reader,
new FileStream(newfilepaths[i], FileMode.Create), '\0');
PdfSignatureAppearance sap = stamper.SignatureAppearance;
sap.SetVisibleSignature(new iTextSharp.text.Rectangle(100, 100, 250, 150), 1, null);
BcX509.X509Certificate bcCert = DotNetUtils.FromX509Certificate(digitalID);
var chain = new List <BcX509.X509Certificate> {
bcCert
};
var privatekey = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(digitalID.PrivateKey).Private;
IExternalSignature es = new PrivateKeySignature(privatekey, "SHA-256");
MakeSignature.SignDetached(sap, es, chain,
null, null, null, 0, CryptoStandard.CMS);
stamper.Close();
store.Close();
}
}
public override void EncodeAndSign(X509Certificate2 certificate, string filePath)
{
PdfReader Reader = new PdfReader(filePath);
PdfStamper Stamper = PdfStamper.CreateSignature(Reader, new FileStream(filePath + ".signed", FileMode.Create), '0');
PdfSignatureAppearance SAP = Stamper.SignatureAppearance;
BcX509.X509Certificate BouncyCertificate = DotNetUtils.FromX509Certificate(certificate);
var chain = new List <BcX509.X509Certificate> {
BouncyCertificate
};
IExternalSignature ES = new X509Certificate2Signature(certificate, DigestAlgorithms.SHA256);
MakeSignature.SignDetached(SAP, ES, chain, null, null, null, 0, CryptoStandard.CMS);
Stamper.Close();
Reader.Close();
File.Delete(filePath);
File.Move(filePath + ".signed", filePath);
}
public override bool VerifyFile(string filePath, ref List <KeyValuePair <X509Certificate2, bool> > verifiedCMS)
{
PdfReader Reader = new PdfReader(filePath);
AcroFields Fields = Reader.AcroFields;
List <String> Names = Fields.GetSignatureNames();
List <KeyValuePair <X509Certificate2, bool> > UsedCertificates = new List <KeyValuePair <X509Certificate2, bool> >();
bool Validation = false;
foreach (String Signature in Names)
{
PdfPKCS7 CMS = Fields.VerifySignature(Signature);
bool currentValidation = CMS.Verify();
UsedCertificates.Add(new KeyValuePair <X509Certificate2, bool>(new X509Certificate2(DotNetUtils.ToX509Certificate(CMS.SigningCertificate)), currentValidation));
//If one signature fails, so does the global validation of the file
if (!currentValidation)
{
Validation = false;
}
}
verifiedCMS = UsedCertificates;
return(Validation);
}
