private async Task listCertificatesWithKey()
{
var certificates = new List <PKCertificateWithKey>();
var modules = getPkcs11Modules();
await Task.Run(() => {
// list PKCS#11 certificates if any module set
if (modules.Any())
{
using (var p11Store = Pkcs11CertificateStore.Load(modules, new P11LoginProvider(true))) {
certificates.AddRange(p11Store.GetCertificatesWithKey());
}
}
// get all windows certificates that are not yet listed
certificates.AddRange(WindowsCertificateStore.LoadPersonalCurrentUser().GetCertificatesWithKey()
.FindAll(winc => !certificates.Select(c => c.Certificate).Contains(winc.Certificate)));
});
// clear any previous list
CertificatesCB.Items.Clear();
// populate
certificates.OrderBy(c => c.Certificate.SubjectDisplayName).ToList().ForEach(c => CertificatesCB.Items.Add(new ComboCertificate(c.Certificate)));
addLog($"{CertificatesCB.Items.Count} Certificates found");
if (CertificatesCB.Items.Count > 0)
{
CertificatesCB.SelectedItem = CertificatesCB.Items[0];
}
}
private async void signButtonClick(object sender, RoutedEventArgs e)
{
//var progressDialog = await this.ShowProgressAsync("Please wait...", "Signing");
Pkcs11CertificateStore p11Store = null;
addLog($"Signature process begin");
progressBar.Value = 10;
try {
var signatureStarter = new PadesSignatureStarter(restPkiClient)
{
// Set the unit of measurement used to edit the pdf marks and visual representations
MeasurementUnits = PadesMeasurementUnits.Centimeters,
// Set the signature policy
SignaturePolicyId = StandardPadesSignaturePolicies.Basic,
// Set a SecurityContext to be used to determine trust in the certificate chain
SecurityContextId = Guid.Parse("803517ad-3bbc-4169-b085-60053a8f6dbf"),
//SecurityContextId =StandardSecurityContexts.PkiBrazil,
// Note: this SecurityContext above accept unsecured certificates. You can create custom security context on the Rest PKI website.
// Set a visual representation for the signature
VisualRepresentation = createVisualRepresentation()
};
progressBar.Value = 15;
// If the user was redirected here by UploadController (signature with file uploaded by user), the "userfile" URL argument
// will contain the filename under the "App_Data" folder. Otherwise (signature with server file), we'll sign a sample
// document.
if (string.IsNullOrEmpty(FileToSign))
{
// Set the PDF to be signed as a byte array
signatureStarter.SetPdfToSign(Signer.Resources.SampleDocument);
}
else
{
// Set the path of the file to be signed
addLog($"file size {(new FileInfo(FileToSign).Length / 1024.0).ToString("0.00")} KBytes");
signatureStarter.SetPdfToSign(FileToSign);
}
/*
* Optionally, add marks to the PDF before signing. These differ from the signature visual representation in that
* they are actually changes done to the document prior to signing, not binded to any signature. Therefore, any number
* of marks can be added, for instance one per page, whereas there can only be one visual representation per signature.
* However, since the marks are in reality changes to the PDF, they can only be added to documents which have no previous
* signatures, otherwise such signatures would be made invalid by the changes to the document (see property
* PadesSignatureStarter.BypassMarksIfSigned). This problem does not occurr with signature visual representations.
*
* We have encapsulated this code in a method to include several possibilities depending on the argument passed.
* Experiment changing the argument to see different examples of PDF marks. Once you decide which is best for your case,
* you can place the code directly here.
*/
signatureStarter.PdfMarks.Add(PadesVisualElements.GetPdfMark(1));
// Call the StartWithWebPki() method, which initiates the signature. This yields the token, a 43-character
// case-sensitive URL-safe string, which identifies this signature process. We'll use this value to call the
// signWithRestPki() method on the Web PKI component (see javascript on the view) and also to complete the signature
// on the POST action below (this should not be mistaken with the API access token).
// Find selected certificate with key
// --------------------------------------------------------------
PKCertificateWithKey certWithKey = null;
var selectedThumbprint = (CertificatesCB.SelectedItem as ComboCertificate).Certificate.ThumbprintSHA256;
p11Store = Pkcs11CertificateStore.Load(getPkcs11Modules(), new P11LoginProvider());
// search on pkcs11 store
if (findCertificate(p11Store.GetCertificatesWithKey(), selectedThumbprint, out certWithKey))
{
}
else if (findCertificate(WindowsCertificateStore.LoadPersonalCurrentUser().GetCertificatesWithKey(), selectedThumbprint, out certWithKey))
{
}
else
{
throw new Exception("Selected certificate not found");
}
// --------------------------------------------------------------
signatureStarter.SetSignerCertificate(certWithKey.Certificate.EncodedValue);
progressBar.Value = 30;
addLog($"Step 1: Start Signature");
var sw = Stopwatch.StartNew();
Token = await signatureStarter.StartAsync();
sw.Stop();
addLog($"Step 1: Signature Started, elapsed {sw.Elapsed.TotalSeconds:N1}s");
progressBar.Value = 50;
addLog($"Signing with {certWithKey.Certificate.SubjectDisplayName}");
var signature = certWithKey.SignData(Lacuna.Pki.DigestAlgorithm.GetInstanceByOid(Token.DigestAlgorithmOid), Token.ToSignData);
addLog($"Signed");
progressBar.Value = 70;
var signatureFinisher = new PadesSignatureFinisher2(restPkiClient)
{
Token = Token.Token,
Signature = signature
};
sw = Stopwatch.StartNew();
// Call the Finish() method, which finalizes the signature process and returns a SignatureResult object
addLog($"Step 2: Finish Signature");
var signatureResult = await signatureFinisher.FinishAsync();
sw.Stop();
addLog($"Step 2: Signature Finished, elapsed {sw.Elapsed.TotalSeconds:N1}s");
SignedFile = System.IO.Path.Combine(Path.GetDirectoryName(FileToSign), Path.GetFileNameWithoutExtension(FileToSign) + "-signed" + Path.GetExtension(FileToSign));
signatureResult.WriteToFile(SignedFile);
//BusyIndicator.IsBusy = false;
progressBar.Value = 100;
OpenFileSignedBt.IsEnabled = true;
addLog($"File signed: {SignedFile}");
} catch (Exception ex) {
addLog(ex.ToString());
} finally {
if (p11Store != null)
{
p11Store.Dispose();
}
}
progressBar.Value = 0;
}
static void process(Options options)
{
PkiConfig.LoadLicense(Convert.FromBase64String(LicenseBase64));
var isTest = options.Test > 0;
var testCount = options.Test;
var documentsInputDir = options.SourceDir;
var signedDocumentsOutputDir = options.DestinationDir;
if (isTest)
{
Util.CheckTestDirectories(documentsInputDir, signedDocumentsOutputDir);
DeleteFiles(documentsInputDir, signedDocumentsOutputDir);
PdfGenerate(testCount, documentsInputDir);
}
else
{
if (!Directory.Exists(documentsInputDir) && string.IsNullOrWhiteSpace(options.File))
{
Console.WriteLine($"Error! The directory was not found: {documentsInputDir}");
return;
}
if (!Directory.Exists(signedDocumentsOutputDir) && string.IsNullOrWhiteSpace(options.File))
{
Directory.CreateDirectory(signedDocumentsOutputDir);
}
Console.WriteLine();
}
// Signer certificate
PKCertificateWithKey cert = null;
var store = Pkcs11CertificateStore.Load("eTPKCS11.dll", new StaticLoginProvider(options.Pin));
if (string.IsNullOrEmpty(options.CertThumbprint))
{
List <PKCertificateWithKey> certificates;
Console.WriteLine();
Console.WriteLine("Listing Certificates...");
if (string.IsNullOrEmpty(options.Pin))
{
certificates = WindowsCertificateStore.LoadPersonalCurrentUser().GetCertificatesWithKey();
}
else
{
certificates = store.GetCertificatesWithKey();
}
for (var i = 0; i < certificates.Count; i++)
{
Console.WriteLine($"[{i}] {certificates[i].Certificate.SubjectDisplayName} (Issued by {certificates[i].Certificate.IssuerDisplayName})");
}
Console.WriteLine();
Console.Write("Select the signer certificate: ");
var indexstring = Console.ReadLine();
if (!int.TryParse(indexstring, out var index))
{
Console.WriteLine($"Error! Invalid index: {indexstring}");
return;
}
cert = certificates[index];
}
else
{
var thumbprint = PkiUtil.DecodeHexString(options.CertThumbprint);
if (string.IsNullOrEmpty(options.Pin))
{
cert = WindowsCertificateStore.LoadPersonalCurrentUser().GetCertificatesWithKey().FirstOrDefault(c => c.Certificate.ThumbprintSHA1.SequenceEqual(thumbprint));
}
else
{
cert = store.GetCertificatesWithKey().FirstOrDefault(c => c.Certificate.ThumbprintSHA1.SequenceEqual(thumbprint));
}
if (cert == null)
{
Console.WriteLine($"Error! No certificate was found with thumbprint: {options.CertThumbprint}");
return;
}
}
Console.WriteLine($"Signer: {cert.Certificate.SubjectDisplayName} (thumbprint: {Util.ToHex(cert.Certificate.ThumbprintSHA1)})");
Metadata metadata = null;
if (!string.IsNullOrEmpty(options.Metadata) && Util.FileExists(options.Metadata))
{
try
{
var metadataContent = File.ReadAllBytes(options.Metadata);
var metadataJson = Encoding.UTF8.GetString(metadataContent);
metadata = JsonConvert.DeserializeObject <MetadataModel>(metadataJson).ToEntity();
}
catch (Exception ex)
{
Log(ex.ToString());
Console.WriteLine($"Error parsing metadata file: {ex}");
}
}
if (string.IsNullOrWhiteSpace(options.File))
{
Console.WriteLine("Getting things ready.");
Sign(cert, documentsInputDir, signedDocumentsOutputDir, options.Reprocess, options.VisualRep, metadata);
}
else
{
var visual = CreateVisualRepresentation(cert.Certificate, options.VisualRep, (metadata != null));
var policy = GetSignaturePolicy().GetPolicy(cert.Certificate);
policy.SignerSpecs.AttributeGeneration.EnableLtv = false;
if (!SignFile(options.File, cert, policy, visual, metadata, "", "Signed_" + options.File))
{
Console.WriteLine($"Error signing file");
return;
}
else
{
Console.WriteLine($"File successfully signed.");
}
}
store.Dispose();
}
