Ejemplo n.º 1
0
        /// <exception cref="System.IO.IOException"/>
        /// <exception cref="Org.BouncyCastle.Operator.OperatorCreationException"/>
        /// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
        public virtual bool VerifyAuthorizedOCSPResponderTest(DateTime ocspResponderCertStartDate, DateTime ocspResponderCertEndDate
                                                              , DateTime checkDate)
        {
            X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(certsSrc + "intermediateRsa.p12"
                                                                                      , password)[0];
            ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(certsSrc + "intermediateRsa.p12", password,
                                                                           password);
            String          checkCertFileName = certsSrc + "signCertRsaWithChain.p12";
            X509Certificate checkCert         = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[
                0];
            RsaKeyPairGenerator     keyGen             = SignTestPortUtil.BuildRSA2048KeyPairGenerator();
            AsymmetricCipherKeyPair key                = keyGen.GenerateKeyPair();
            ICipherParameters       ocspRespPrivateKey = key.Private;
            AsymmetricKeyParameter  ocspRespPublicKey  = key.Public;
            TestCertificateBuilder  certBuilder        = new TestCertificateBuilder(ocspRespPublicKey, caCert, caPrivateKey, "CN=iTextTestOCSPResponder, OU=test, O=iText"
                                                                                    );

            certBuilder.SetStartDate(ocspResponderCertStartDate);
            certBuilder.SetEndDate(ocspResponderCertEndDate);
            X509Certificate         ocspResponderCert = certBuilder.BuildAuthorizedOCSPResponderCert();
            TestOcspResponseBuilder builder           = new TestOcspResponseBuilder(ocspResponderCert, ocspRespPrivateKey);
            TestOcspClient          ocspClient        = new TestOcspClient().AddBuilderForCertIssuer(caCert, builder);

            byte[]        basicOcspRespBytes = ocspClient.GetEncoded(checkCert, caCert, null);
            Asn1Object    var2          = Asn1Object.FromByteArray(basicOcspRespBytes);
            BasicOcspResp basicOCSPResp = new BasicOcspResp(BasicOcspResponse.GetInstance(var2));
            OCSPVerifier  ocspVerifier  = new OCSPVerifier(null, null);

            return(ocspVerifier.Verify(basicOCSPResp, checkCert, caCert, checkDate));
        }
Ejemplo n.º 2
0
        public virtual void LtvEnabledSingleSignatureTest01()
        {
            String signCertFileName         = certsSrc + "signCertRsaWithChain.p12";
            String tsaCertFileName          = certsSrc + "tsCertRsa.p12";
            String intermediateCertFileName = certsSrc + "intermediateRsa.p12";
            String caCertFileName           = certsSrc + "rootRsa.p12";
            String srcFileName = sourceFolder + "helloWorldDoc.pdf";
            String ltvFileName = destinationFolder + "ltvEnabledSingleSignatureTest01.pdf";

            X509Certificate[] tsaChain         = Pkcs12FileHelper.ReadFirstChain(tsaCertFileName, password);
            ICipherParameters tsaPrivateKey    = Pkcs12FileHelper.ReadFirstKey(tsaCertFileName, password, password);
            X509Certificate   intermediateCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(intermediateCertFileName
                                                                                                  , password)[0];
            ICipherParameters intermediatePrivateKey = Pkcs12FileHelper.ReadFirstKey(intermediateCertFileName, password
                                                                                     , password);
            X509Certificate   caCert         = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
            ICipherParameters caPrivateKey   = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
            TestTsaClient     testTsa        = new TestTsaClient(JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey);
            TestOcspClient    testOcspClient = new TestOcspClient().AddBuilderForCertIssuer(intermediateCert, intermediatePrivateKey
                                                                                            ).AddBuilderForCertIssuer(caCert, caPrivateKey);

            X509Certificate[]  signChain      = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password);
            ICipherParameters  signPrivateKey = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password);
            IExternalSignature pks            = new PrivateKeySignature(signPrivateKey, DigestAlgorithms.SHA256);
            PdfSigner          signer         = new PdfSigner(new PdfReader(srcFileName), new FileStream(ltvFileName, FileMode.Create),
                                                              new StampingProperties());

            signer.SetFieldName("Signature1");
            signer.SignDetached(pks, signChain, null, testOcspClient, testTsa, 0, PdfSigner.CryptoStandard.CADES);
            PadesSigTest.BasicCheckSignedDoc(destinationFolder + "ltvEnabledSingleSignatureTest01.pdf", "Signature1");
        }
Ejemplo n.º 3
0
        public virtual void LtvEnabledTest01()
        {
            String tsaCertFileName = certsSrc + "tsCertRsa.p12";
            String caCertFileName  = certsSrc + "rootRsa.p12";
            String srcFileName     = sourceFolder + "signedDoc.pdf";
            String ltvFileName     = destinationFolder + "ltvEnabledTest01.pdf";
            String ltvTsFileName   = destinationFolder + "ltvEnabledTsTest01.pdf";

            X509Certificate[] tsaChain       = Pkcs12FileHelper.ReadFirstChain(tsaCertFileName, password);
            ICipherParameters tsaPrivateKey  = Pkcs12FileHelper.ReadFirstKey(tsaCertFileName, password, password);
            X509Certificate   caCert         = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
            ICipherParameters caPrivateKey   = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
            TestTsaClient     testTsa        = new TestTsaClient(JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey);
            TestOcspClient    testOcspClient = new TestOcspClient().AddBuilderForCertIssuer(caCert, caPrivateKey);
            TestCrlClient     testCrlClient  = new TestCrlClient(caCert, caPrivateKey);
            PdfDocument       document       = new PdfDocument(new PdfReader(srcFileName), new PdfWriter(ltvFileName), new StampingProperties
                                                                   ().UseAppendMode());
            LtvVerification ltvVerification = new LtvVerification(document);

            ltvVerification.AddVerification("Signature1", testOcspClient, testCrlClient, LtvVerification.CertificateOption
                                            .SIGNING_CERTIFICATE, LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.YES);
            ltvVerification.Merge();
            document.Close();
            PdfSigner signer = new PdfSigner(new PdfReader(ltvFileName), new FileStream(ltvTsFileName, FileMode.Create
                                                                                        ), new StampingProperties().UseAppendMode());

            signer.Timestamp(testTsa, "timestampSig1");
            BasicCheckLtvDoc("ltvEnabledTsTest01.pdf", "timestampSig1");
        }
Ejemplo n.º 4
0
        public virtual void ValidOcspTest01()
        {
            X509Certificate         caCert       = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
            ICipherParameters       caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
            TestOcspResponseBuilder builder      = new TestOcspResponseBuilder(caCert, caPrivateKey);

            NUnit.Framework.Assert.IsTrue(VerifyTest(builder));
        }
Ejemplo n.º 5
0
        public virtual void InvalidRevokedOcspTest01()
        {
            X509Certificate         caCert       = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
            ICipherParameters       caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
            TestOcspResponseBuilder builder      = new TestOcspResponseBuilder(caCert, caPrivateKey);

            builder.SetCertificateStatus(new RevokedStatus(DateTimeUtil.GetCurrentUtcTime().AddDays(-20), Org.BouncyCastle.Asn1.X509.CrlReason.KeyCompromise
                                                           ));
            NUnit.Framework.Assert.IsFalse(VerifyTest(builder));
        }
Ejemplo n.º 6
0
        public virtual void ExpiredIssuerCertTest01()
        {
            X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(certsSrc + "intermediateExpiredCert.p12"
                                                                                      , password)[0];
            ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(certsSrc + "intermediateExpiredCert.p12", password
                                                                           , password);
            TestOcspResponseBuilder builder = new TestOcspResponseBuilder(caCert, caPrivateKey);

            NUnit.Framework.Assert.IsTrue(VerifyTest(builder, certsSrc + "signCertRsaWithExpiredChain.p12", caCert.NotBefore
                                                     ));
        }
Ejemplo n.º 7
0
        public virtual void InvalidOutdatedOcspTest01()
        {
            X509Certificate         caCert       = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
            ICipherParameters       caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
            TestOcspResponseBuilder builder      = new TestOcspResponseBuilder(caCert, caPrivateKey);
            DateTime thisUpdate = DateTimeUtil.GetCurrentTime().AddDays(-30);
            DateTime nextUpdate = DateTimeUtil.GetCurrentTime().AddDays(-15);

            builder.SetThisUpdate(thisUpdate);
            builder.SetNextUpdate(nextUpdate);
            NUnit.Framework.Assert.IsFalse(VerifyTest(builder));
        }
        public virtual void PadesSignatureLevelLTATest01()
        {
            String outFileName     = destinationFolder + "padesSignatureLevelLTATest01.pdf";
            String srcFileName     = sourceFolder + "signedPAdES-LT.pdf";
            String tsaCertFileName = certsSrc + "tsCertRsa.p12";

            X509Certificate[] tsaChain      = Pkcs12FileHelper.ReadFirstChain(tsaCertFileName, password);
            ICipherParameters tsaPrivateKey = Pkcs12FileHelper.ReadFirstKey(tsaCertFileName, password, password);
            PdfSigner         signer        = new PdfSigner(new PdfReader(srcFileName), new FileStream(outFileName, FileMode.Create),
                                                            new StampingProperties().UseAppendMode());
            TestTsaClient testTsa = new TestTsaClient(JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey);

            signer.Timestamp(testTsa, "timestampSig1");
            PadesSigTest.BasicCheckSignedDoc(destinationFolder + "padesSignatureLevelLTATest01.pdf", "timestampSig1");
        }
Ejemplo n.º 9
0
        public virtual void TimestampTest01()
        {
            String tsaCertFileName = certsSrc + "tsCertRsa.p12";
            String srcFileName     = sourceFolder + "helloWorldDoc.pdf";
            String outFileName     = destinationFolder + "timestampTest01.pdf";

            X509Certificate[] tsaChain      = Pkcs12FileHelper.ReadFirstChain(tsaCertFileName, password);
            ICipherParameters tsaPrivateKey = Pkcs12FileHelper.ReadFirstKey(tsaCertFileName, password, password);
            PdfSigner         signer        = new PdfSigner(new PdfReader(srcFileName), new FileStream(outFileName, FileMode.Create),
                                                            false);
            TestTsaClient testTsa = new TestTsaClient(iText.IO.Util.JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey);

            signer.Timestamp(testTsa, "timestampSig1");
            PadesSigTest.BasicCheckSignedDoc(destinationFolder + "timestampTest01.pdf", "timestampSig1");
        }
Ejemplo n.º 10
0
        public virtual void SignEncryptedDoc02()
        {
            String          fileName = "encrypted_cert.pdf";
            String          src      = sourceFolder + fileName;
            String          dest     = destinationFolder + "signed_" + fileName;
            X509Certificate cert     = CryptoUtil.ReadPublicCertificate(new FileStream(sourceFolder + "test.cer", FileMode.Open
                                                                                       , FileAccess.Read));
            ICipherParameters privateKey = Pkcs12FileHelper.ReadFirstKey(sourceFolder + "test.p12", password, password
                                                                         );
            PdfReader reader = new PdfReader(src, new ReaderProperties().SetPublicKeySecurityParams(cert, privateKey));
            PdfSigner signer = new PdfSigner(reader, new FileStream(dest, FileMode.Create), true);
            // Creating the signature
            IExternalSignature pks = new PrivateKeySignature(pk, DigestAlgorithms.SHA256);

            signer.SignDetached(pks, chain, null, null, null, 0, PdfSigner.CryptoStandard.CADES);
        }
Ejemplo n.º 11
0
        public virtual void CalcHashOnDocCreationThenDeferredSignTest01()
        {
            String input       = sourceFolder + "helloWorldDoc.pdf";
            String outFileName = destinationFolder + "calcHashOnDocCreationThenDeferredSignTest01.pdf";
            String cmpFileName = sourceFolder + "cmp_calcHashOnDocCreationThenDeferredSignTest01.pdf";
            // pre-calculate hash on creating pre-signed PDF
            String       sigFieldName  = "DeferredSignature1";
            PdfName      filter        = PdfName.Adobe_PPKLite;
            PdfName      subFilter     = PdfName.Adbe_pkcs7_detached;
            int          estimatedSize = 8192;
            PdfReader    reader        = new PdfReader(input);
            MemoryStream baos          = new MemoryStream();
            PdfSigner    signer        = new PdfSigner(reader, baos, new StampingProperties());

            signer.SetCertificationLevel(PdfSigner.CERTIFIED_NO_CHANGES_ALLOWED);
            PdfSignatureAppearance appearance = signer.GetSignatureAppearance();

            appearance.SetLayer2Text("Signature field which signing is deferred.").SetPageRect(new Rectangle(36, 600,
                                                                                                             200, 100)).SetPageNumber(1);
            signer.SetFieldName(sigFieldName);
            SignDeferredTest.DigestCalcBlankSigner external = new SignDeferredTest.DigestCalcBlankSigner(filter, subFilter
                                                                                                         );
            signer.SignExternalContainer(external, estimatedSize);
            byte[] docBytesHash   = external.GetDocBytesHash();
            byte[] preSignedBytes = baos.ToArray();
            // sign the hash
            String signCertFileName = certsSrc + "signCertRsa01.p12";

            X509Certificate[] signChain      = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password);
            ICipherParameters signPrivateKey = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password);

            byte[] cmsSignature = SignDocBytesHash(docBytesHash, signPrivateKey, signChain);
            // fill the signature to the presigned document
            SignDeferredTest.ReadySignatureSigner extSigContainer = new SignDeferredTest.ReadySignatureSigner(cmsSignature
                                                                                                              );
            PdfDocument docToSign = new PdfDocument(new PdfReader(new MemoryStream(preSignedBytes)));
            FileStream  outStream = new FileStream(outFileName, FileMode.Create);

            PdfSigner.SignDeferred(docToSign, sigFieldName, outStream, extSigContainer);
            docToSign.Close();
            outStream.Dispose();
            // validate result
            PadesSigTest.BasicCheckSignedDoc(outFileName, sigFieldName);
            NUnit.Framework.Assert.IsNull(new CompareTool().CompareVisually(outFileName, cmpFileName, destinationFolder
                                                                            , null));
        }
Ejemplo n.º 12
0
        /// <exception cref="System.IO.IOException"/>
        /// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
        private bool VerifyTest(TestOcspResponseBuilder builder)
        {
            String            caCertFileName    = certsSrc + "rootRsa.p12";
            String            checkCertFileName = certsSrc + "signCertRsa01.p12";
            X509Certificate   caCert            = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
            ICipherParameters caPrivateKey      = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
            X509Certificate   checkCert         = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[
                0];
            TestOcspClient ocspClient = new TestOcspClient(builder, caPrivateKey);

            byte[]        basicOcspRespBytes = ocspClient.GetEncoded(checkCert, caCert, null);
            Asn1Object    var2          = Asn1Object.FromByteArray(basicOcspRespBytes);
            BasicOcspResp basicOCSPResp = new BasicOcspResp(BasicOcspResponse.GetInstance(var2));
            OCSPVerifier  ocspVerifier  = new OCSPVerifier(null, null);

            return(ocspVerifier.Verify(basicOCSPResp, checkCert, caCert, DateTimeUtil.GetCurrentUtcTime()));
        }
        public virtual void SequentialSignOfFileWithAnnots()
        {
            String signCertFileName = certsSrc + "signCertRsa01.p12";
            String outFileName      = destinationFolder + "sequentialSignOfFileWithAnnots.pdf";
            String srcFileName      = sourceFolder + "signedWithAnnots.pdf";

            X509Certificate[]  signChain      = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password);
            ICipherParameters  signPrivateKey = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password);
            IExternalSignature pks            = new PrivateKeySignature(signPrivateKey, DigestAlgorithms.SHA256);
            String             signatureName  = "Signature2";
            PdfSigner          signer         = new PdfSigner(new PdfReader(srcFileName), new FileStream(outFileName, FileMode.Create),
                                                              new StampingProperties().UseAppendMode());

            signer.SetFieldName(signatureName);
            signer.GetSignatureAppearance().SetPageRect(new Rectangle(50, 350, 200, 100)).SetReason("Test").SetLocation
                ("TestCity").SetLayer2Text("Approval test signature.\nCreated by iText7.");
            signer.SignDetached(pks, signChain, null, null, null, 0, PdfSigner.CryptoStandard.CADES);
            PadesSigTest.BasicCheckSignedDoc(outFileName, signatureName);
        }
Ejemplo n.º 14
0
        /// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
        /// <exception cref="System.IO.IOException"/>
        private bool VerifyTest(TestCrlBuilder crlBuilder)
        {
            String            caCertFileName    = certsSrc + "rootRsa.p12";
            X509Certificate   caCert            = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
            ICipherParameters caPrivateKey      = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
            String            checkCertFileName = certsSrc + "signCertRsa01.p12";
            X509Certificate   checkCert         = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[
                0];
            TestCrlClient        crlClient          = new TestCrlClient(crlBuilder, caPrivateKey);
            ICollection <byte[]> crlBytesCollection = crlClient.GetEncoded(checkCert, null);
            bool verify = false;

            foreach (byte[] crlBytes in crlBytesCollection)
            {
                X509Crl     crl      = (X509Crl)SignTestPortUtil.ParseCrlFromStream(new MemoryStream(crlBytes));
                CRLVerifier verifier = new CRLVerifier(null, null);
                verify = verifier.Verify(crl, checkCert, caCert, DateTimeUtil.GetCurrentUtcTime());
                break;
            }
            return(verify);
        }
Ejemplo n.º 15
0
        public virtual void AddLtvInfo()
        {
            String tsaCertFileName = certsSrc + "tsCertRsa.p12";
            String caCertFileName  = certsSrc + "rootRsa.p12";
            String srcFileName     = sourceFolder + "signedDoc.pdf";
            String ltvFileName     = destinationFolder + "ltvEnabledTest01.pdf";
            String ltvFileName2    = destinationFolder + "ltvEnabledTest02.pdf";

            X509Certificate[] tsaChain       = Pkcs12FileHelper.ReadFirstChain(tsaCertFileName, password);
            ICipherParameters tsaPrivateKey  = Pkcs12FileHelper.ReadFirstKey(tsaCertFileName, password, password);
            X509Certificate   caCert         = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
            ICipherParameters caPrivateKey   = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
            TestTsaClient     testTsa        = new TestTsaClient(iText.IO.Util.JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey);
            TestOcspClient    testOcspClient = new TestOcspClient(caCert, caPrivateKey);
            TestCrlClient     testCrlClient  = new TestCrlClient(caCert, caPrivateKey);

            AddLtvInfo(srcFileName, ltvFileName, "sig", testOcspClient, testCrlClient);
            AddLtvInfo(ltvFileName, ltvFileName2, "sig2", testOcspClient, testCrlClient);
            PdfReader     reader            = new PdfReader(ltvFileName2);
            PdfDocument   document          = new PdfDocument(reader);
            PdfDictionary catalogDictionary = document.GetCatalog().GetPdfObject();
            PdfDictionary dssDictionary     = catalogDictionary.GetAsDictionary(PdfName.DSS);
            PdfDictionary vri = dssDictionary.GetAsDictionary(PdfName.VRI);

            NUnit.Framework.Assert.IsNotNull(vri);
            NUnit.Framework.Assert.AreEqual(2, vri.Size());
            PdfArray ocsps = dssDictionary.GetAsArray(PdfName.OCSPs);

            NUnit.Framework.Assert.IsNotNull(ocsps);
            NUnit.Framework.Assert.AreEqual(2, ocsps.Size());
            PdfArray certs = dssDictionary.GetAsArray(PdfName.Certs);

            NUnit.Framework.Assert.IsNotNull(certs);
            NUnit.Framework.Assert.AreEqual(2, certs.Size());
            PdfArray crls = dssDictionary.GetAsArray(PdfName.CRLs);

            NUnit.Framework.Assert.IsNotNull(crls);
            NUnit.Framework.Assert.AreEqual(1, crls.Size());
        }
Ejemplo n.º 16
0
        public virtual void AddLtvInfo()
        {
            String            caCertFileName    = certsSrc + "rootRsa.p12";
            String            interCertFileName = certsSrc + "intermediateRsa.p12";
            String            srcFileName       = sourceFolder + "signedTwice.pdf";
            String            ltvFileName       = destinationFolder + "ltvEnabledTest01.pdf";
            String            ltvFileName2      = destinationFolder + "ltvEnabledTest02.pdf";
            X509Certificate   caCert            = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
            ICipherParameters caPrivateKey      = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
            X509Certificate   interCert         = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(interCertFileName, password)[
                0];
            ICipherParameters interPrivateKey = Pkcs12FileHelper.ReadFirstKey(interCertFileName, password, password);
            TestOcspClient    testOcspClient  = new TestOcspClient().AddBuilderForCertIssuer(interCert, interPrivateKey).AddBuilderForCertIssuer
                                                    (caCert, caPrivateKey);
            TestCrlClient testCrlClient = new TestCrlClient(caCert, caPrivateKey);

            AddLtvInfo(srcFileName, ltvFileName, "Signature1", testOcspClient, testCrlClient);
            AddLtvInfo(ltvFileName, ltvFileName2, "Signature2", testOcspClient, testCrlClient);
            PdfReader     reader            = new PdfReader(ltvFileName2);
            PdfDocument   document          = new PdfDocument(reader);
            PdfDictionary catalogDictionary = document.GetCatalog().GetPdfObject();
            PdfDictionary dssDictionary     = catalogDictionary.GetAsDictionary(PdfName.DSS);
            PdfDictionary vri = dssDictionary.GetAsDictionary(PdfName.VRI);

            NUnit.Framework.Assert.IsNotNull(vri);
            NUnit.Framework.Assert.AreEqual(2, vri.Size());
            PdfArray ocsps = dssDictionary.GetAsArray(PdfName.OCSPs);

            NUnit.Framework.Assert.IsNotNull(ocsps);
            NUnit.Framework.Assert.AreEqual(5, ocsps.Size());
            PdfArray certs = dssDictionary.GetAsArray(PdfName.Certs);

            NUnit.Framework.Assert.IsNotNull(certs);
            NUnit.Framework.Assert.AreEqual(5, certs.Size());
            PdfArray crls = dssDictionary.GetAsArray(PdfName.CRLs);

            NUnit.Framework.Assert.IsNotNull(crls);
            NUnit.Framework.Assert.AreEqual(2, crls.Size());
        }
        public virtual void SecondSignOfTaggedDocTest()
        {
            String signCertFileName = certsSrc + "signCertRsa01.p12";
            String outFileName      = destinationFolder + "secondSignOfTagged.pdf";
            String srcFileName      = sourceFolder + "taggedAndSignedDoc.pdf";

            X509Certificate[]  signChain      = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password);
            ICipherParameters  signPrivateKey = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password);
            IExternalSignature pks            = new PrivateKeySignature(signPrivateKey, DigestAlgorithms.SHA256);
            String             signatureName  = "Signature2";
            PdfSigner          signer         = new PdfSigner(new PdfReader(srcFileName), new FileStream(outFileName, FileMode.Create),
                                                              new StampingProperties().UseAppendMode());
            PdfDocument document = signer.GetDocument();

            document.GetWriter().SetCompressionLevel(CompressionConstants.NO_COMPRESSION);
            signer.SetFieldName(signatureName);
            PdfSignatureAppearance appearance = signer.GetSignatureAppearance();

            appearance.SetPageNumber(1);
            signer.GetSignatureAppearance().SetPageRect(new Rectangle(50, 550, 200, 100)).SetReason("Test2").SetLocation
                ("TestCity2").SetLayer2Text("Approval test signature #2.\nCreated by iText7.");
            signer.SignDetached(pks, signChain, null, null, null, 0, PdfSigner.CryptoStandard.CADES);
            PadesSigTest.BasicCheckSignedDoc(outFileName, "Signature1");
            PadesSigTest.BasicCheckSignedDoc(outFileName, "Signature2");
            using (PdfDocument twiceSigned = new PdfDocument(new PdfReader(outFileName))) {
                using (PdfDocument resource = new PdfDocument(new PdfReader(srcFileName))) {
                    float resourceStrElemNumber = resource.GetStructTreeRoot().GetPdfObject().GetAsArray(PdfName.K).GetAsDictionary
                                                      (0).GetAsArray(PdfName.K).Size();
                    float outStrElemNumber = twiceSigned.GetStructTreeRoot().GetPdfObject().GetAsArray(PdfName.K).GetAsDictionary
                                                 (0).GetAsArray(PdfName.K).Size();
                    // Here we assert the amount of objects in StructTreeRoot in resource file and twice signed file
                    // as the original signature validation failed by Adobe because of struct tree change. If the fix
                    // would make this tree unchanged, then the assertion should be adjusted with comparing the tree of
                    // objects in StructTreeRoot to ensure that it won't be changed.
                    NUnit.Framework.Assert.AreNotEqual(resourceStrElemNumber, outStrElemNumber);
                }
            }
        }
Ejemplo n.º 18
0
        private void SignApproval(String signCertFileName, String outFileName, SignaturePolicyIdentifier sigPolicyInfo
                                  )
        {
            String srcFileName = sourceFolder + "helloWorldDoc.pdf";

            X509Certificate[]  signChain      = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password);
            ICipherParameters  signPrivateKey = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password);
            IExternalSignature pks            = new PrivateKeySignature(signPrivateKey, DigestAlgorithms.SHA256);
            PdfSigner          signer         = new PdfSigner(new PdfReader(srcFileName), new FileStream(outFileName, FileMode.Create),
                                                              new StampingProperties());

            signer.SetFieldName("Signature1");
            signer.GetSignatureAppearance().SetPageRect(new Rectangle(50, 650, 200, 100)).SetReason("Test").SetLocation
                ("TestCity").SetLayer2Text("Approval test signature.\nCreated by iText7.");
            if (sigPolicyInfo == null)
            {
                signer.SignDetached(pks, signChain, null, null, null, 0, PdfSigner.CryptoStandard.CADES);
            }
            else
            {
                signer.SignDetached(pks, signChain, null, null, null, 0, PdfSigner.CryptoStandard.CADES, sigPolicyInfo);
            }
        }
Ejemplo n.º 19
0
        public virtual void DeferredHashCalcAndSignTest01()
        {
            String srcFileName      = sourceFolder + "templateForSignCMSDeferred.pdf";
            String outFileName      = destinationFolder + "deferredHashCalcAndSignTest01.pdf";
            String cmpFileName      = sourceFolder + "cmp_deferredHashCalcAndSignTest01.pdf";
            String signCertFileName = certsSrc + "signCertRsa01.p12";

            X509Certificate[]           signChain       = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password);
            ICipherParameters           signPrivateKey  = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password);
            IExternalSignatureContainer extSigContainer = new SignDeferredTest.CmsDeferredSigner(signPrivateKey, signChain
                                                                                                 );
            String      sigFieldName = "DeferredSignature1";
            PdfDocument docToSign    = new PdfDocument(new PdfReader(srcFileName));
            FileStream  outStream    = new FileStream(outFileName, FileMode.Create);

            PdfSigner.SignDeferred(docToSign, sigFieldName, outStream, extSigContainer);
            docToSign.Close();
            outStream.Dispose();
            // validate result
            PadesSigTest.BasicCheckSignedDoc(outFileName, sigFieldName);
            NUnit.Framework.Assert.IsNull(new CompareTool().CompareVisually(outFileName, cmpFileName, destinationFolder
                                                                            , null));
        }
        public virtual void PadesSignatureLevelTTest01()
        {
            String outFileName      = destinationFolder + "padesSignatureLevelTTest01.pdf";
            String srcFileName      = sourceFolder + "helloWorldDoc.pdf";
            String signCertFileName = certsSrc + "signCertRsa01.p12";
            String tsaCertFileName  = certsSrc + "tsCertRsa.p12";

            X509Certificate[]  signRsaChain      = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password);
            ICipherParameters  signRsaPrivateKey = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password);
            IExternalSignature pks = new PrivateKeySignature(signRsaPrivateKey, DigestAlgorithms.SHA256);

            X509Certificate[] tsaChain      = Pkcs12FileHelper.ReadFirstChain(tsaCertFileName, password);
            ICipherParameters tsaPrivateKey = Pkcs12FileHelper.ReadFirstKey(tsaCertFileName, password, password);
            PdfSigner         signer        = new PdfSigner(new PdfReader(srcFileName), new FileStream(outFileName, FileMode.Create),
                                                            new StampingProperties());

            signer.SetFieldName("Signature1");
            signer.GetSignatureAppearance().SetPageRect(new Rectangle(50, 650, 200, 100)).SetReason("Test").SetLocation
                ("TestCity").SetLayer2Text("Approval test signature.\nCreated by iText7.");
            TestTsaClient testTsa = new TestTsaClient(JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey);

            signer.SignDetached(pks, signRsaChain, null, null, testTsa, 0, PdfSigner.CryptoStandard.CADES);
            PadesSigTest.BasicCheckSignedDoc(destinationFolder + "padesSignatureLevelTTest01.pdf", "Signature1");
        }
        public virtual void PadesSignatureLevelLTTest01()
        {
            String outFileName     = destinationFolder + "padesSignatureLevelLTTest01.pdf";
            String srcFileName     = sourceFolder + "signedPAdES-T.pdf";
            String tsaCertFileName = certsSrc + "tsCertRsa.p12";
            String caCertFileName  = certsSrc + "rootRsa.p12";

            X509Certificate[] tsaChain      = Pkcs12FileHelper.ReadFirstChain(tsaCertFileName, password);
            ICipherParameters tsaPrivateKey = Pkcs12FileHelper.ReadFirstKey(tsaCertFileName, password, password);
            X509Certificate   caCert        = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
            ICipherParameters caPrivateKey  = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
            ICrlClient        crlClient     = new TestCrlClient(caCert, caPrivateKey);
            TestOcspClient    ocspClient    = new TestOcspClient().AddBuilderForCertIssuer(caCert, caPrivateKey);
            TestTsaClient     testTsa       = new TestTsaClient(JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey);
            PdfDocument       document      = new PdfDocument(new PdfReader(srcFileName), new PdfWriter(outFileName), new StampingProperties
                                                                  ().UseAppendMode());
            LtvVerification ltvVerification = new LtvVerification(document);

            ltvVerification.AddVerification("Signature1", ocspClient, crlClient, LtvVerification.CertificateOption.SIGNING_CERTIFICATE
                                            , LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.YES);
            ltvVerification.Merge();
            document.Close();
            BasicCheckDssDict("padesSignatureLevelLTTest01.pdf");
        }
Ejemplo n.º 22
0
 public virtual void Init()
 {
     pk    = Pkcs12FileHelper.ReadFirstKey(keystorePath, password, password);
     chain = Pkcs12FileHelper.ReadFirstChain(keystorePath, password);
 }