public static void addLTV(String src, String dest, IOcspClient ocsp, ICrlClient crl, ITSAClient itsaClient)
{
PdfReader reader = new PdfReader(src);
PdfWriter writer = new PdfWriter(dest);
PdfDocument pdfDoc = new PdfDocument(reader, writer, new StampingProperties().UseAppendMode());
LtvVerification v = new LtvVerification(pdfDoc);
SignatureUtil signatureUtil = new SignatureUtil(pdfDoc);
IList <string> names = signatureUtil.GetSignatureNames();
String sigName = names[names.Count - 1];
PdfPKCS7 pkcs7 = signatureUtil.ReadSignatureData(sigName);
if (pkcs7.IsTsp())
{
v.AddVerification(sigName, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN,
LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO);
}
else
{
foreach (var name in names)
{
v.AddVerification(name, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN,
LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO);
}
}
v.Merge();
pdfDoc.Close();
}
public void AddLtv(String src, String dest, IOcspClient ocsp, ICrlClient crl, ITSAClient tsa)
{
PdfReader r = new PdfReader(src);
FileStream fos = new FileStream(dest, FileMode.Create);
PdfStamper stp = PdfStamper.CreateSignature(r, fos, '\0', null, true);
LtvVerification v = stp.LtvVerification;
AcroFields fields = stp.AcroFields;
List <String> names = fields.GetSignatureNames();
String sigName = names[names.Count - 1];
PdfPKCS7 pkcs7 = fields.VerifySignature(sigName);
if (pkcs7.IsTsp)
{
v.AddVerification(sigName, ocsp, crl, LtvVerification.CertificateOption.SIGNING_CERTIFICATE, LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO);
}
else
{
foreach (String name in names)
{
v.AddVerification(name, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN, LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO);
}
}
PdfSignatureAppearance sap = stp.SignatureAppearance;
LtvTimestamp.Timestamp(sap, tsa, null);
}
public static void AssinaComCertificado(List <ICrlClient> crlList, string FileName, string SignFileName, CertSimples cert, int X, int Y, int Pagina, int Rotation, bool AddTimeStamper = true, string urlTimeStamper = "https://freetsa.org/tsr", string timeStampUser = "", string timeStampPass = "", string Reason = "Assinatura Digital", bool AplicaPolitica = false, string MyDigestAlgorithm = "SHA-256", string Contact = "", string Location = "Indústrias Nucleares do Brasil S/A - INB", string Creator = "Assinador da INB", TipoAssinatura Tipo = TipoAssinatura.Normal, string Cargo = "", string CREACRM = "")
{
string SourcePdfFileName = FileName;
string DestPdfFileName = SignFileName;
int Largura = 140;
int Altura = 63;
PdfReader pdfReader = new PdfReader(SourcePdfFileName);
FileStream signedPdf = new FileStream(DestPdfFileName, FileMode.Create, FileAccess.ReadWrite);
StampingProperties osp = new StampingProperties();
osp.UseAppendMode();
PdfSigner objStamper = new PdfSigner(pdfReader, signedPdf, osp);
ITSAClient tsaClient = null;
IOcspClient ocspClient = null;
ConfiguraAparencia(objStamper, cert, X, Y, Largura, Altura, Pagina, Rotation, Contact, Reason, Location, Creator, Tipo);
Org.BouncyCastle.X509.X509Certificate vert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(cert.Certificado);
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] Arraychain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(cert.Certificado.RawData) };
X509CertificateParser objCP = new X509CertificateParser();
RSACryptoServiceProvider rsa;
RSACryptoServiceProvider Provider;
IExternalSignature externalSignature;
if (cert.Certificado.PrivateKey is RSACryptoServiceProvider)
{
rsa = (RSACryptoServiceProvider)cert.Certificado.PrivateKey;
Provider = (RSACryptoServiceProvider)cert.Certificado.PrivateKey;
externalSignature = new AsymmetricAlgorithmSignature(Provider, MyDigestAlgorithm);
}
else
{
//RETIRAR ESSA PARTE PARA IMPLEMENTAR OS DEMAIS MÉTODOS, OLHANDO OUTROS TIPOS DE CERTIFICADO
rsa = (RSACryptoServiceProvider)cert.Certificado.PrivateKey;
Provider = (RSACryptoServiceProvider)cert.Certificado.PrivateKey;
externalSignature = new AsymmetricAlgorithmSignature(Provider, MyDigestAlgorithm);
}
if (AddTimeStamper)
{
tsaClient = new TSAClientBouncyCastle(urlTimeStamper, timeStampUser, timeStampPass);
}
OCSPVerifier ocspVerifier = new OCSPVerifier(null, null);
ocspClient = new OcspClientBouncyCastle(ocspVerifier);
if (AplicaPolitica)
{
SignaturePolicyInfo spi = getPolitica();
objStamper.SignDetached(externalSignature, Arraychain, crlList, ocspClient, tsaClient, 0, PdfSigner.CryptoStandard.CADES, spi);
}
else
{
objStamper.SignDetached(externalSignature, Arraychain, crlList, ocspClient, tsaClient, 0, PdfSigner.CryptoStandard.CADES);
}
try { signedPdf.Flush(); }
catch { }
try { signedPdf.Close(); } catch { };
pdfReader.Close();
}
public void Sign(String src, String dest,
ICollection<X509Certificate> chain, X509Certificate2 pk,
String digestAlgorithm, CryptoStandard subfilter,
String reason, String location,
ICollection<ICrlClient> crlList,
IOcspClient ocspClient,
ITSAClient tsaClient,
int estimatedSize) {
// Creating the reader and the stamper
PdfReader reader = null;
PdfStamper stamper = null;
FileStream os = null;
try {
reader = new PdfReader(src);
os = new FileStream(dest, FileMode.Create);
stamper = PdfStamper.CreateSignature(reader, os, '\0');
// Creating the appearance
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.Reason = reason;
appearance.Location = location;
appearance.SetVisibleSignature(new Rectangle(36, 748, 144, 780), 1, "sig");
// Creating the signature
IExternalSignature pks = new X509Certificate2Signature(pk, digestAlgorithm);
MakeSignature.SignDetached(appearance, pks, chain, crlList, ocspClient, tsaClient, estimatedSize,
subfilter);
}
finally {
if (reader != null)
reader.Close();
if (stamper != null)
stamper.Close();
if (os != null)
os.Close();
}
}
/**
* Signs the document using the detached mode, CMS or CAdES equivalent.
* @param sap the PdfSignatureAppearance
* @param externalSignature the interface providing the actual signing
* @param chain the certificate chain
* @param crlList the CRL list
* @param ocspClient the OCSP client
* @param tsaClient the Timestamp client
* @param provider the provider or null
* @param estimatedSize the reserved size for the signature. It will be estimated if 0
* @param cades true to sign CAdES equivalent PAdES-BES, false to sign CMS
* @throws DocumentException
* @throws IOException
* @throws GeneralSecurityException
* @throws NoSuchAlgorithmException
* @throws Exception
*/
public static void SignDetached(PdfSignatureAppearance sap, IExternalSignature externalSignature, ICollection<X509Certificate> chain, ICollection<ICrlClient> crlList, IOcspClient ocspClient,
ITSAClient tsaClient, int estimatedSize, CryptoStandard sigtype) {
List<X509Certificate> certa = new List<X509Certificate>(chain);
ICollection<byte[]> crlBytes = null;
int i = 0;
while (crlBytes == null && i < certa.Count)
crlBytes = ProcessCrl(certa[i++], crlList);
if (estimatedSize == 0) {
estimatedSize = 8192;
if (crlBytes != null) {
foreach (byte[] element in crlBytes) {
estimatedSize += element.Length + 10;
}
}
if (ocspClient != null)
estimatedSize += 4192;
if (tsaClient != null)
estimatedSize += 4192;
}
sap.Certificate = certa[0];
if(sigtype == CryptoStandard.CADES)
sap.AddDeveloperExtension(PdfDeveloperExtension.ESIC_1_7_EXTENSIONLEVEL2);
PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, sigtype == CryptoStandard.CADES ? PdfName.ETSI_CADES_DETACHED : PdfName.ADBE_PKCS7_DETACHED);
dic.Reason = sap.Reason;
dic.Location = sap.Location;
dic.SignatureCreator = sap.SignatureCreator;
dic.Contact = sap.Contact;
dic.Date = new PdfDate(sap.SignDate); // time-stamp will over-rule this
sap.CryptoDictionary = dic;
Dictionary<PdfName, int> exc = new Dictionary<PdfName, int>();
exc[PdfName.CONTENTS] = estimatedSize * 2 + 2;
sap.PreClose(exc);
String hashAlgorithm = externalSignature.GetHashAlgorithm();
PdfPKCS7 sgn = new PdfPKCS7(null, chain, hashAlgorithm, false);
IDigest messageDigest = DigestUtilities.GetDigest(hashAlgorithm);
Stream data = sap.GetRangeStream();
byte[] hash = DigestAlgorithms.Digest(data, hashAlgorithm);
DateTime cal = DateTime.Now;
byte[] ocsp = null;
if (chain.Count >= 2 && ocspClient != null) {
ocsp = ocspClient.GetEncoded(certa[0], certa[1], null);
}
byte[] sh = sgn.getAuthenticatedAttributeBytes(hash, cal, ocsp, crlBytes, sigtype);
byte[] extSignature = externalSignature.Sign(sh);
sgn.SetExternalDigest(extSignature, null, externalSignature.GetEncryptionAlgorithm());
byte[] encodedSig = sgn.GetEncodedPKCS7(hash, cal, tsaClient, ocsp, crlBytes, sigtype);
if (estimatedSize < encodedSig.Length)
throw new IOException("Not enough space");
byte[] paddedSig = new byte[estimatedSize];
System.Array.Copy(encodedSig, 0, paddedSig, 0, encodedSig.Length);
PdfDictionary dic2 = new PdfDictionary();
dic2.Put(PdfName.CONTENTS, new PdfString(paddedSig).SetHexWriting(true));
sap.Close(dic2);
}
public void Sign(String src, String dest, X509Certificate[] chain, ICipherParameters pk,
String digestAlgorithm, PdfSigner.CryptoStandard subfilter, String reason, String location,
ICollection <ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize)
{
PdfReader reader = new PdfReader(src);
PdfSigner signer = new PdfSigner(reader, new FileStream(dest, FileMode.Create), new StampingProperties());
// Create the signature appearance
Rectangle rect = new Rectangle(36, 648, 200, 100);
PdfSignatureAppearance appearance = signer.GetSignatureAppearance();
appearance
.SetReason(reason)
.SetLocation(location)
// Specify if the appearance before field is signed will be used
// as a background for the signed field. The "false" value is the default value.
.SetReuseAppearance(false)
.SetPageRect(rect)
.SetPageNumber(1);
signer.SetFieldName("sig");
IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm);
// Sign the document using the detached mode, CMS or CAdES equivalent.
signer.SignDetached(pks, chain, crlList, ocspClient, tsaClient, estimatedSize, subfilter);
}
static void addLTVToStream(Stream source, Stream destination, IOcspClient ocsp, ICrlClient crl,
LtvVerification.Level timestampLevel, LtvVerification.Level signatureLevel)
{
PdfDocument pdfDoc = new PdfDocument(new PdfReader(source),
new PdfWriter(destination),
new StampingProperties().UseAppendMode());
LtvVerification v = new LtvVerification(pdfDoc);
SignatureUtil signatureUtil = new SignatureUtil(pdfDoc);
IList <string> names = signatureUtil.GetSignatureNames();
String sigName = names[(names.Count - 1)];
PdfPKCS7 pkcs7 = signatureUtil.ReadSignatureData(sigName);
if (pkcs7.IsTsp())
{
v.AddVerification(sigName, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN,
timestampLevel, LtvVerification.CertificateInclusion.YES);
}
else
{
foreach (String name in names)
{
v.AddVerification(name, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN,
signatureLevel, LtvVerification.CertificateInclusion.YES);
}
}
v.Merge();
pdfDoc.Close();
}
public static bool SignHashed(string Source, string Target, SysX509.X509Certificate2 Certificate, string Reason, string Location, bool AddVisibleSign, bool AddTimeStamp, string strTSA)
{
PdfReader objReader = null;
PdfStamper objStamper = null;
try
{
X509CertificateParser objCP = new Org.BouncyCastle.X509.X509CertificateParser();
X509Certificate[] objChain = new X509Certificate[] { objCP.ReadCertificate(Certificate.RawData) };
IList <ICrlClient> crlList = new List <ICrlClient>();
crlList.Add(new CrlClientOnline(objChain));
objReader = new PdfReader(Source);
objStamper = PdfStamper.CreateSignature(objReader, new FileStream(Target, FileMode.Create), '\0', null, true);
// Creamos la apariencia
PdfSignatureAppearance signatureAppearance = objStamper.SignatureAppearance;
signatureAppearance.Reason = "Inforegistro, S.L.";
//signatureAppearance.Location = Location;
// Custom signature appearance text
var font = FontFactory.GetFont("Times New Roman", 11, iTextSharp.text.Font.BOLDITALIC, BaseColor.DARK_GRAY);
signatureAppearance.Layer2Font = font;
signatureAppearance.Layer2Text = "Firmado digitalmente por \r\nInforegistro, S.L.\r\nFecha " + DateTime.Now.ToShortDateString();
var rectangle = new Rectangle(350, 30, 500, 120);
// Si está la firma visible:
if (AddVisibleSign)
{
signatureAppearance.SetVisibleSignature(rectangle, 2, "Inforegistro");
}
ITSAClient tsaClient = null;
IOcspClient ocspClient = null;
// Creating the signature
IExternalSignature externalSignature = new X509Certificate2Signature(Certificate, "SHA-1");
MakeSignature.SignDetached(signatureAppearance, externalSignature, objChain, crlList, ocspClient, tsaClient, 0, CryptoStandard.CMS);
return(File.Exists(Target));
}
catch (Exception ex)
{
throw ex;
}
finally
{
if (objReader != null)
{
objReader.Close();
}
if (objStamper != null)
{
objStamper.Close();
}
}
}
public AzureKeyVaultSigner(AzureKeyVaultClient keyVaultClient, string certificateIdentifier, string keyId, string keyVaultUri, ITsaClient tsaClient = null,
IOcspClient ocspClient = null, ICrlClient crlClient = null,
PdfSignatureProfile profile = PdfSignatureProfile.Pdf) : base(tsaClient, ocspClient, crlClient, profile)
{
this.keyVaultClient = keyVaultClient;
this.keyId = keyId;
// Get certificate (without a public key) from Azure Key Vault storage
// or create a new one at runtime
// You can get the whole certificate chain here
certificateChain = new byte[][] { keyVaultClient.GetCertificateData(keyVaultUri, certificateIdentifier) };
}
/// <summary>
/// Firma un documento PDF
/// </summary>
/// <param name="Source">Path del PDF a firmar</param>
/// <param name="Target">Path del PDF firmado</param>
/// <param name="Certificate">Certificado para realizar la firma</param>
/// <param name="Reason">Motivo</param>
/// <param name="Location">Ubicación</param>
/// <param name="AddVisibleSign">Indica si la firma es visible dentro del documento</param>
/// <param name="AddTimeStamp">Indica si se va a añadir sello de tiempo en el documento</param>
/// <param name="strTSA">TSA del sello de tiempo</param>
public static void SignHashed(string Source, string Target, SysX509.X509Certificate2 Certificate, string Reason, string Location, bool AddVisibleSign, bool AddTimeStamp, string strTSA)
{
X509CertificateParser objCP = new X509CertificateParser();
X509Certificate[] objChain = new X509Certificate[] { objCP.ReadCertificate(Certificate.RawData) };
//IList<ICrlClient> crlList = new List<ICrlClient>();
//crlList.Add(new CrlClientOnline(objChain));
PdfReader objReader = new PdfReader(Source);
PdfStamper objStamper = PdfStamper.CreateSignature(objReader, new FileStream(Target, FileMode.Create), '\0', null, true);
// Creamos la apariencia
PdfSignatureAppearance signatureAppearance = objStamper.SignatureAppearance;
signatureAppearance.Reason = Reason;
signatureAppearance.Location = Location;
// Si está la firma visible:
if (AddVisibleSign)
{
signatureAppearance.SetVisibleSignature(new Rectangle(100, 100, 300, 200), 1, null); //signatureAppearance.SetVisibleSignature(new Rectangle(100, 100, 250, 150), objReader.NumberOfPages, "Signature");
}
ITSAClient tsaClient = null;
IOcspClient ocspClient = null;
// Si se ha añadido el sello de tiempo
if (AddTimeStamp)
{
// ocspClient = new OcspClientBouncyCastle();
tsaClient = new TSAClientBouncyCastle(strTSA);
}
// Creating the signature
// IExternalSignature externalSignature = new X509Certificate2Signature(Certificate, "SHA-1");
// MakeSignature.SignDetached(signatureAppearance, externalSignature, objChain, crlList, ocspClient, tsaClient, 0, CryptoStandard.CMS);
if (objReader != null)
{
objReader.Close();
}
if (objStamper != null)
{
objStamper.Close();
}
}
/**
* Call this method to have LTV information added to the {@link PdfStamper}
* given in the constructor.
*/
public void enable(IOcspClient ocspClient, ICrlClient crlClient)
{
AcroFields fields = pdfStamper.AcroFields;
bool encrypted = pdfStamper.Reader.IsEncrypted();
List <String> names = fields.GetSignatureNames();
foreach (String name in names)
{
PdfPKCS7 pdfPKCS7 = fields.VerifySignature(name);
PdfDictionary signatureDictionary = fields.GetSignatureDictionary(name);
X509Certificate certificate = pdfPKCS7.SigningCertificate;
addLtvForChain(certificate, ocspClient, crlClient, getSignatureHashKey(signatureDictionary, encrypted));
}
outputDss();
}
/// <summary>
///
/// </summary>
/// <param name="src"></param>
/// <param name="dest"></param>
/// <param name="ocsp"></param>
/// <param name="crl"></param>
private static void AddLtv(byte[] src, String dest, IOcspClient ocsp, ICrlClient crl)
{
var r = new PdfReader(src);
var fos = new FileStream(dest, FileMode.Create);
var stp = new PdfStamper(r, fos, '\0', true);
LtvVerification v = stp.LtvVerification;
AcroFields fields = stp.AcroFields;
List<String> names = fields.GetSignatureNames();
String sigName = names[names.Count - 1];
PdfPKCS7 pkcs7 = fields.VerifySignature(sigName);
if (pkcs7.IsTsp)
v.AddVerification(sigName, ocsp, crl, LtvVerification.CertificateOption.SIGNING_CERTIFICATE, LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO);
else
foreach (String name in names)
v.AddVerification(name, ocsp, crl, LtvVerification.CertificateOption.WHOLE_CHAIN, LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO);
stp.Close();
}
//
// the actual LTV enabling methods
//
void addLtvForChain(X509Certificate certificate, IOcspClient ocspClient, ICrlClient crlClient, PdfName key)
{
if (seenCertificates.Contains(certificate))
{
return;
}
seenCertificates.Add(certificate);
ValidationData validationData = new ValidationData();
while (certificate != null)
{
// Console.WriteLine(certificate.SubjectDN);
X509Certificate issuer = getIssuerCertificate(certificate);
validationData.certs.Add(certificate.GetEncoded());
byte[] ocspResponse = ocspClient.GetEncoded(certificate, issuer, null);
if (ocspResponse != null)
{
// Console.WriteLine(" with OCSP response");
validationData.ocsps.Add(ocspResponse);
X509Certificate ocspSigner = getOcspSignerCertificate(ocspResponse);
////if (ocspSigner != null)
////{
//// Console.WriteLine(" signed by {0}\n", ocspSigner.SubjectDN);
////}
addLtvForChain(ocspSigner, ocspClient, crlClient, getOcspHashKey(ocspResponse));
}
else
{
ICollection <byte[]> crl = crlClient.GetEncoded(certificate, null);
if (crl != null && crl.Count > 0)
{
//Console.WriteLine(" with {0} CRLs\n", crl.Count);
foreach (byte[] crlBytes in crl)
{
validationData.crls.Add(crlBytes);
addLtvForChain(null, ocspClient, crlClient, getCrlHashKey(crlBytes));
}
}
}
certificate = issuer;
}
validated[key] = validationData;
}
public void Sign(String src, String dest,
ICollection <X509Certificate> chain, X509Certificate2 pk,
String digestAlgorithm, CryptoStandard subfilter,
String reason, String location,
ICollection <ICrlClient> crlList,
IOcspClient ocspClient,
ITSAClient tsaClient,
int estimatedSize)
{
// Creating the reader and the stamper
PdfReader reader = null;
PdfStamper stamper = null;
FileStream os = null;
try {
reader = new PdfReader(src);
os = new FileStream(dest, FileMode.Create);
stamper = PdfStamper.CreateSignature(reader, os, '\0');
// Creating the appearance
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.Reason = reason;
appearance.Location = location;
appearance.SetVisibleSignature(new Rectangle(36, 748, 144, 780), 1, "sig");
// Creating the signature
IExternalSignature pks = new X509Certificate2Signature(pk, digestAlgorithm);
MakeSignature.SignDetached(appearance, pks, chain, crlList, ocspClient, tsaClient, estimatedSize,
subfilter);
}
finally {
if (reader != null)
{
reader.Close();
}
if (stamper != null)
{
stamper.Close();
}
if (os != null)
{
os.Close();
}
}
}
private static byte[] AddPdfSignatureField(byte[] src,
ICollection <Org.BouncyCastle.X509.X509Certificate> chain, X509Certificate2 pk,
string digestAlgorithm, CryptoStandard subfilter,
string reason, string location,
ICollection <ICrlClient> crlList,
IOcspClient ocspClient,
ITSAClient tsaClient,
int estimatedSize, int page, Rectangle rectangle, string signatureFieldName)
{
// Creating the reader and the stamper
PdfReader reader = null;
PdfStamper stamper = null;
var os = new MemoryStream();
try
{
reader = new PdfReader(src);
stamper = PdfStamper.CreateSignature(reader, os, '\0');
// Creating the appearance
var appearance = stamper.SignatureAppearance;
appearance.Reason = reason;
appearance.Location = location;
appearance.SetVisibleSignature(rectangle, page, signatureFieldName);
// Creating the signature
IExternalSignature pks = new X509Certificate2Signature(pk, digestAlgorithm);
MakeSignature.SignDetached(appearance, pks, chain, crlList, ocspClient, tsaClient, estimatedSize,
subfilter);
return(os.ToArray());
}
finally
{
if (reader != null)
{
reader.Close();
}
if (stamper != null)
{
stamper.Close();
}
}
}
private void MontarEstruturaCertificacao(X509Certificate2 certificate)
{
this.chain = this.GetChain(certificate);
foreach (var cadeia in this.chain)
{
Log.Application.Debug(cadeia.ToString());
}
Log.Application.Debug("Conseguiu pegar valor da cadeia? " + this.chain != null);
this.ocspClient = new OcspClientBouncyCastle(null);
this.crlList = new List <ICrlClient>
{
new CrlClientOnline(this.chain)
};
this.tsaClient = this.GetTsaClient(this.chain);
Log.Application.Debug("Conseguiu pegar valor da autoridade de tempo? " + this.tsaClient != null);
}
/**
* Add verification for a particular signature
* @param signatureName the signature to validate (it may be a timestamp)
* @param ocsp the interface to get the OCSP
* @param crl the interface to get the CRL
* @param certOption
* @param level the validation options to include
* @param certInclude
* @return true if a validation was generated, false otherwise
* @throws Exception
*/
virtual public bool AddVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, CertificateOption certOption, Level level, CertificateInclusion certInclude) {
if (used)
throw new InvalidOperationException(MessageLocalization.GetComposedMessage("verification.already.output"));
PdfPKCS7 pk = acroFields.VerifySignature(signatureName);
LOGGER.Info("Adding verification for " + signatureName);
X509Certificate[] xc = pk.Certificates;
X509Certificate cert;
X509Certificate signingCert = pk.SigningCertificate;
ValidationData vd = new ValidationData();
for (int k = 0; k < xc.Length; ++k) {
cert = xc[k];
LOGGER.Info("Certificate: " + cert.SubjectDN);
if (certOption == CertificateOption.SIGNING_CERTIFICATE
&& !cert.Equals(signingCert)) {
continue;
}
byte[] ocspEnc = null;
if (ocsp != null && level != Level.CRL) {
ocspEnc = ocsp.GetEncoded(cert, GetParent(cert, xc), null);
if (ocspEnc != null) {
vd.ocsps.Add(BuildOCSPResponse(ocspEnc));
LOGGER.Info("OCSP added");
}
}
if (crl != null && (level == Level.CRL || level == Level.OCSP_CRL || (level == Level.OCSP_OPTIONAL_CRL && ocspEnc == null))) {
ICollection<byte[]> cims = crl.GetEncoded(xc[k], null);
if (cims != null) {
foreach (byte[] cim in cims) {
bool dup = false;
foreach (byte[] b in vd.crls) {
if (Arrays.AreEqual(b, cim)) {
dup = true;
break;
}
}
if (!dup) {
vd.crls.Add(cim);
LOGGER.Info("CRL added");
}
}
}
}
if (certInclude == CertificateInclusion.YES) {
vd.certs.Add(xc[k].GetEncoded());
}
}
if (vd.crls.Count == 0 && vd.ocsps.Count == 0)
return false;
validated[GetSignatureHashKey(signatureName)] = vd;
return true;
}
private void addVerificationInfo(IOcspClient ocspClient, LtvVerification verification, CrlClientOnline crl, String name)
{
verification.AddVerification(name, ocspClient, crl, LtvVerification.CertificateOption.WHOLE_CHAIN, LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.YES);
}
/**
* Signs the document using the detached mode, CMS or CAdES equivalent.
* @param sap the PdfSignatureAppearance
* @param externalSignature the interface providing the actual signing
* @param chain the certificate chain
* @param crlList the CRL list
* @param ocspClient the OCSP client
* @param tsaClient the Timestamp client
* @param provider the provider or null
* @param estimatedSize the reserved size for the signature. It will be estimated if 0
* @param cades true to sign CAdES equivalent PAdES-BES, false to sign CMS
* @throws DocumentException
* @throws IOException
* @throws GeneralSecurityException
* @throws NoSuchAlgorithmException
* @throws Exception
*/
public static void SignDetached(PdfSignatureAppearance sap, IExternalSignature externalSignature, ICollection <X509Certificate> chain, ICollection <ICrlClient> crlList, IOcspClient ocspClient,
ITSAClient tsaClient, int estimatedSize, CryptoStandard sigtype)
{
List <X509Certificate> certa = new List <X509Certificate>(chain);
ICollection <byte[]> crlBytes = null;
int i = 0;
while (crlBytes == null && i < certa.Count)
{
crlBytes = ProcessCrl(certa[i++], crlList);
}
if (estimatedSize == 0)
{
estimatedSize = 8192;
if (crlBytes != null)
{
foreach (byte[] element in crlBytes)
{
estimatedSize += element.Length + 10;
}
}
if (ocspClient != null)
{
estimatedSize += 4192;
}
if (tsaClient != null)
{
estimatedSize += 4192;
}
}
sap.Certificate = certa[0];
PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, sigtype == CryptoStandard.CADES ? PdfName.ETSI_CADES_DETACHED : PdfName.ADBE_PKCS7_DETACHED);
dic.Reason = sap.Reason;
dic.Location = sap.Location;
dic.Contact = sap.Contact;
dic.Date = new PdfDate(sap.SignDate); // time-stamp will over-rule this
sap.CryptoDictionary = dic;
Dictionary <PdfName, int> exc = new Dictionary <PdfName, int>();
exc[PdfName.CONTENTS] = estimatedSize * 2 + 2;
sap.PreClose(exc);
String hashAlgorithm = externalSignature.GetHashAlgorithm();
PdfPKCS7 sgn = new PdfPKCS7(null, chain, hashAlgorithm, false);
IDigest messageDigest = DigestUtilities.GetDigest(hashAlgorithm);
Stream data = sap.GetRangeStream();
byte[] hash = DigestAlgorithms.Digest(data, hashAlgorithm);
DateTime cal = DateTime.Now;
byte[] ocsp = null;
if (chain.Count >= 2 && ocspClient != null)
{
ocsp = ocspClient.GetEncoded(certa[0], certa[1], null);
}
byte[] sh = sgn.getAuthenticatedAttributeBytes(hash, cal, ocsp, crlBytes, sigtype);
byte[] extSignature = externalSignature.Sign(sh);
sgn.SetExternalDigest(extSignature, null, externalSignature.GetEncryptionAlgorithm());
byte[] encodedSig = sgn.GetEncodedPKCS7(hash, cal, tsaClient, ocsp, crlBytes, sigtype);
if (estimatedSize + 2 < encodedSig.Length)
{
throw new IOException("Not enough space");
}
byte[] paddedSig = new byte[estimatedSize];
System.Array.Copy(encodedSig, 0, paddedSig, 0, encodedSig.Length);
PdfDictionary dic2 = new PdfDictionary();
dic2.Put(PdfName.CONTENTS, new PdfString(paddedSig).SetHexWriting(true));
sap.Close(dic2);
}
public static void GetCertificateProperties(string thumbprint, out IList <X509Certificate> chain, out X509Certificate2 pk, out IOcspClient ocspClient, out ITSAClient tsaClient, out IList <ICrlClient> crlList)
{
GetPK(thumbprint, out chain, out pk);
ocspClient = new OcspClientBouncyCastle();
tsaClient = null;
for (int i = 0; i < chain.Count; i++)
{
X509Certificate cert = chain[i];
String tsaUrl = CertificateUtil.GetTSAURL(cert);
if (tsaUrl != null)
{
tsaClient = new TSAClientBouncyCastle(tsaUrl);
break;
}
}
crlList = new List <ICrlClient>();
crlList.Add(new CrlClientOnline(chain));
}
/**
* Add verification for a particular signature
* @param signatureName the signature to validate (it may be a timestamp)
* @param ocsp the interface to get the OCSP
* @param crl the interface to get the CRL
* @param certOption
* @param level the validation options to include
* @param certInclude
* @return true if a validation was generated, false otherwise
* @throws Exception
*/
public bool AddVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, CertificateOption certOption, Level level, CertificateInclusion certInclude)
{
if (used)
{
throw new InvalidOperationException(MessageLocalization.GetComposedMessage("verification.already.output"));
}
PdfPKCS7 pk = acroFields.VerifySignature(signatureName);
LOGGER.Info("Adding verification for " + signatureName);
X509Certificate[] xc = pk.Certificates;
X509Certificate cert;
X509Certificate signingCert = pk.SigningCertificate;
ValidationData vd = new ValidationData();
for (int k = 0; k < xc.Length; ++k)
{
cert = xc[k];
LOGGER.Info("Certificate: " + cert.SubjectDN);
if (certOption == CertificateOption.SIGNING_CERTIFICATE &&
!cert.Equals(signingCert))
{
continue;
}
byte[] ocspEnc = null;
if (ocsp != null && level != Level.CRL)
{
ocspEnc = ocsp.GetEncoded(cert, GetParent(cert, xc), null);
if (ocspEnc != null)
{
vd.ocsps.Add(BuildOCSPResponse(ocspEnc));
LOGGER.Info("OCSP added");
}
}
if (crl != null && (level == Level.CRL || level == Level.OCSP_CRL || (level == Level.OCSP_OPTIONAL_CRL && ocspEnc == null)))
{
ICollection <byte[]> cims = crl.GetEncoded(xc[k], null);
if (cims != null)
{
foreach (byte[] cim in cims)
{
bool dup = false;
foreach (byte[] b in vd.crls)
{
if (Arrays.AreEqual(b, cim))
{
dup = true;
break;
}
}
if (!dup)
{
vd.crls.Add(cim);
LOGGER.Info("CRL added");
}
}
}
}
if (certInclude == CertificateInclusion.YES)
{
vd.certs.Add(xc[k].GetEncoded());
}
}
if (vd.crls.Count == 0 && vd.ocsps.Count == 0)
{
return(false);
}
validated[GetSignatureHashKey(signatureName)] = vd;
return(true);
}
/// <summary>
///
/// </summary>
/// <param name="input"></param>
/// <param name="chain"></param>
/// <param name="pks"></param>
/// <param name="subfilter"></param>
/// <param name="reason"></param>
/// <param name="location"></param>
/// <param name="crlList"></param>
/// <param name="ocspClient"></param>
/// <param name="tsaClient"></param>
/// <param name="estimatedSize"></param>
/// <returns></returns>
private static byte[] SignDocument(String input,
ICollection<Org.BouncyCastle.X509.X509Certificate> chain,
IExternalSignature pks,
CryptoStandard subfilter,
String reason, String location,
ICollection<ICrlClient> crlList,
IOcspClient ocspClient,
ITSAClient tsaClient,
int estimatedSize)
{
using (var stream = new MemoryStream())
{
// Creating the reader and the stamper
PdfReader reader = null;
PdfStamper stamper = null;
try
{
reader = new PdfReader(input);
stamper = PdfStamper.CreateSignature(reader, stream, '\0');
// Creating the appearance
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.Reason = reason;
appearance.Location = location;
//appearance.SetVisibleSignature(new Rectangle(36, 748, 144, 780), 1, "sig");
// Creating the signature
MakeSignature.SignDetached(appearance, pks, chain, crlList, ocspClient, tsaClient, estimatedSize, subfilter);
}
finally
{
reader?.Close();
stamper?.Close();
}
return stream.GetBuffer();
}
}
/**
* Add verification for a particular signature
* @param signatureName the signature to validate (it may be a timestamp)
* @param ocsp the interface to get the OCSP
* @param crl the interface to get the CRL
* @param certOption
* @param level the validation options to include
* @param certInclude
* @return true if a validation was generated, false otherwise
* @throws Exception
*/
public bool AddVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, CertificateOption certOption, Level level, CertificateInclusion certInclude) {
if (used)
throw new InvalidOperationException(MessageLocalization.GetComposedMessage("verification.already.output"));
PdfPKCS7 pk = acroFields.VerifySignature(signatureName);
X509Certificate[] xc = pk.SignCertificateChain;
ValidationData vd = new ValidationData();
for (int k = 0; k < xc.Length; ++k) {
byte[] ocspEnc = null;
if (ocsp != null && level != Level.CRL && k < xc.Length - 1) {
ocspEnc = ocsp.GetEncoded(xc[k], xc[k + 1], null);
if (ocspEnc != null)
vd.ocsps.Add(BuildOCSPResponse(ocspEnc));
}
if (crl != null && (level == Level.CRL || level == Level.OCSP_CRL || (level == Level.OCSP_OPTIONAL_CRL && ocspEnc == null))) {
byte[] cim = crl.GetEncoded(xc[k], null);
if (cim != null) {
bool dup = false;
foreach (byte[] b in vd.crls) {
if (Arrays.AreEqual(b, cim)) {
dup = true;
break;
}
}
if (!dup)
vd.crls.Add(cim);
}
}
if (certOption == CertificateOption.SIGNING_CERTIFICATE)
break;
}
if (vd.crls.Count == 0 && vd.ocsps.Count == 0)
return false;
if (certInclude == CertificateInclusion.YES) {
foreach (X509Certificate c in xc) {
vd.certs.Add(c.GetEncoded());
}
}
validated[GetSignatureHashKey(signatureName)] = vd;
return true;
}
/// <summary>Signs the document using the detached mode, CMS or CAdES equivalent.</summary>
/// <remarks>
/// Signs the document using the detached mode, CMS or CAdES equivalent.
/// <br /><br />
/// NOTE: This method closes the underlying pdf document. This means, that current instance
/// of PdfSigner cannot be used after this method call.
/// </remarks>
/// <param name="externalSignature">the interface providing the actual signing</param>
/// <param name="chain">the certificate chain</param>
/// <param name="crlList">the CRL list</param>
/// <param name="ocspClient">the OCSP client</param>
/// <param name="tsaClient">the Timestamp client</param>
/// <param name="externalDigest">an implementation that provides the digest</param>
/// <param name="estimatedSize">the reserved size for the signature. It will be estimated if 0</param>
/// <param name="sigtype">Either Signature.CMS or Signature.CADES</param>
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
public virtual void SignDetached(IExternalSignature externalSignature, X509Certificate[] chain, ICollection
<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize, PdfSigner.CryptoStandard
sigtype)
{
if (closed)
{
throw new PdfException(PdfException.ThisInstanceOfPdfSignerAlreadyClosed);
}
ICollection <byte[]> crlBytes = null;
int i = 0;
while (crlBytes == null && i < chain.Length)
{
crlBytes = ProcessCrl(chain[i++], crlList);
}
if (estimatedSize == 0)
{
estimatedSize = 8192;
if (crlBytes != null)
{
foreach (byte[] element in crlBytes)
{
estimatedSize += element.Length + 10;
}
}
if (ocspClient != null)
{
estimatedSize += 4192;
}
if (tsaClient != null)
{
estimatedSize += 4192;
}
}
PdfSignatureAppearance appearance = GetSignatureAppearance();
appearance.SetCertificate(chain[0]);
if (sigtype == PdfSigner.CryptoStandard.CADES)
{
AddDeveloperExtension(PdfDeveloperExtension.ESIC_1_7_EXTENSIONLEVEL2);
}
PdfSignature dic = new PdfSignature(PdfName.Adobe_PPKLite, sigtype == PdfSigner.CryptoStandard.CADES ? PdfName
.ETSI_CAdES_DETACHED : PdfName.Adbe_pkcs7_detached);
dic.SetReason(appearance.GetReason());
dic.SetLocation(appearance.GetLocation());
dic.SetSignatureCreator(appearance.GetSignatureCreator());
dic.SetContact(appearance.GetContact());
dic.SetDate(new PdfDate(GetSignDate()));
// time-stamp will over-rule this
cryptoDictionary = dic;
IDictionary <PdfName, int?> exc = new Dictionary <PdfName, int?>();
exc[PdfName.Contents] = estimatedSize * 2 + 2;
PreClose(exc);
String hashAlgorithm = externalSignature.GetHashAlgorithm();
PdfPKCS7 sgn = new PdfPKCS7((ICipherParameters)null, chain, hashAlgorithm, false);
Stream data = GetRangeStream();
byte[] hash = DigestAlgorithms.Digest(data, SignUtils.GetMessageDigest(hashAlgorithm));
byte[] ocsp = null;
if (chain.Length >= 2 && ocspClient != null)
{
ocsp = ocspClient.GetEncoded((X509Certificate)chain[0], (X509Certificate)chain[1], null);
}
byte[] sh = sgn.GetAuthenticatedAttributeBytes(hash, ocsp, crlBytes, sigtype);
byte[] extSignature = externalSignature.Sign(sh);
sgn.SetExternalDigest(extSignature, null, externalSignature.GetEncryptionAlgorithm());
byte[] encodedSig = sgn.GetEncodedPKCS7(hash, tsaClient, ocsp, crlBytes, sigtype);
if (estimatedSize < encodedSig.Length)
{
throw new System.IO.IOException("Not enough space");
}
byte[] paddedSig = new byte[estimatedSize];
System.Array.Copy(encodedSig, 0, paddedSig, 0, encodedSig.Length);
PdfDictionary dic2 = new PdfDictionary();
dic2.Put(PdfName.Contents, new PdfString(paddedSig).SetHexWriting(true));
Close(dic2);
closed = true;
}
/**
* Add verification for a particular signature
* @param signatureName the signature to validate (it may be a timestamp)
* @param ocsp the interface to get the OCSP
* @param crl the interface to get the CRL
* @param certOption
* @param level the validation options to include
* @param certInclude
* @return true if a validation was generated, false otherwise
* @throws Exception
*/
public bool AddVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, CertificateOption certOption, Level level, CertificateInclusion certInclude)
{
if (used)
{
throw new InvalidOperationException(MessageLocalization.GetComposedMessage("verification.already.output"));
}
PdfPKCS7 pk = acroFields.VerifySignature(signatureName);
X509Certificate[] xc = pk.SignCertificateChain;
ValidationData vd = new ValidationData();
for (int k = 0; k < xc.Length; ++k)
{
byte[] ocspEnc = null;
if (ocsp != null && level != Level.CRL && k < xc.Length - 1)
{
ocspEnc = ocsp.GetEncoded(xc[k], xc[k + 1], null);
if (ocspEnc != null)
{
vd.ocsps.Add(BuildOCSPResponse(ocspEnc));
}
}
if (crl != null && (level == Level.CRL || level == Level.OCSP_CRL || (level == Level.OCSP_OPTIONAL_CRL && ocspEnc == null)))
{
ICollection <byte[]> cims = crl.GetEncoded((X509Certificate)xc[k], null);
if (cims != null)
{
foreach (byte[] cim in cims)
{
bool dup = false;
foreach (byte[] b in vd.crls)
{
if (Arrays.AreEqual(b, cim))
{
dup = true;
break;
}
}
if (!dup)
{
vd.crls.Add(cim);
}
}
}
}
if (certOption == CertificateOption.SIGNING_CERTIFICATE)
{
break;
}
}
if (vd.crls.Count == 0 && vd.ocsps.Count == 0)
{
return(false);
}
if (certInclude == CertificateInclusion.YES)
{
foreach (X509Certificate c in xc)
{
vd.certs.Add(c.GetEncoded());
}
}
validated[GetSignatureHashKey(signatureName)] = vd;
return(true);
}
/// <summary>Add verification for a particular signature.</summary>
/// <param name="signatureName">the signature to validate (it may be a timestamp)</param>
/// <param name="ocsp">the interface to get the OCSP</param>
/// <param name="crl">the interface to get the CRL</param>
/// <param name="certOption">options as to how many certificates to include</param>
/// <param name="level">the validation options to include</param>
/// <param name="certInclude">certificate inclusion options</param>
/// <returns>true if a validation was generated, false otherwise</returns>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
/// <exception cref="System.IO.IOException"/>
public virtual bool AddVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, LtvVerification.CertificateOption
certOption, LtvVerification.Level level, LtvVerification.CertificateInclusion certInclude)
{
if (used)
{
throw new InvalidOperationException(PdfException.VerificationAlreadyOutput);
}
PdfPKCS7 pk = sgnUtil.VerifySignature(signatureName);
LOGGER.Info("Adding verification for " + signatureName);
X509Certificate[] xc = pk.GetCertificates();
X509Certificate cert;
X509Certificate signingCert = pk.GetSigningCertificate();
LtvVerification.ValidationData vd = new LtvVerification.ValidationData();
for (int k = 0; k < xc.Length; ++k)
{
cert = (X509Certificate)xc[k];
LOGGER.Info("Certificate: " + cert.SubjectDN);
if (certOption == LtvVerification.CertificateOption.SIGNING_CERTIFICATE && !cert.Equals(signingCert))
{
continue;
}
byte[] ocspEnc = null;
if (ocsp != null && level != LtvVerification.Level.CRL)
{
ocspEnc = ocsp.GetEncoded(cert, GetParent(cert, xc), null);
if (ocspEnc != null)
{
vd.ocsps.Add(BuildOCSPResponse(ocspEnc));
LOGGER.Info("OCSP added");
}
}
if (crl != null && (level == LtvVerification.Level.CRL || level == LtvVerification.Level.OCSP_CRL || (level
== LtvVerification.Level.OCSP_OPTIONAL_CRL && ocspEnc == null)))
{
ICollection <byte[]> cims = crl.GetEncoded(cert, null);
if (cims != null)
{
foreach (byte[] cim in cims)
{
bool dup = false;
foreach (byte[] b in vd.crls)
{
if (JavaUtil.ArraysEquals(b, cim))
{
dup = true;
break;
}
}
if (!dup)
{
vd.crls.Add(cim);
LOGGER.Info("CRL added");
}
}
}
}
if (certInclude == LtvVerification.CertificateInclusion.YES)
{
vd.certs.Add(cert.GetEncoded());
}
}
if (vd.crls.Count == 0 && vd.ocsps.Count == 0)
{
return(false);
}
validated.Put(GetSignatureHashKey(signatureName), vd);
return(true);
}
/**
* Signs the document using the detached mode, CMS or CAdES equivalent.
* @param sap the PdfSignatureAppearance
* @param externalSignature the interface providing the actual signing
* @param chain the certificate chain
* @param crlList the CRL list
* @param ocspClient the OCSP client
* @param tsaClient the Timestamp client
* @param provider the provider or null
* @param estimatedSize the reserved size for the signature. It will be estimated if 0
* @param cades true to sign CAdES equivalent PAdES-BES, false to sign CMS
* @throws DocumentException
* @throws IOException
* @throws GeneralSecurityException
* @throws NoSuchAlgorithmException
* @throws Exception
*/
public static void SignDetached(PdfSignatureAppearance sap, IExternalSignature externalSignature,
ICollection <X509Certificate> chain, ICollection <ICrlClient> crlList, IOcspClient ocspClient,
ITSAClient tsaClient, int estimatedSize, CryptoStandard sigtype)
{
SignDetached(sap, externalSignature, chain, crlList, ocspClient, tsaClient, estimatedSize, sigtype, (SignaturePolicyIdentifier)null);
}
private static void CreateSignature(SigningCertificates signingCertificates, PdfSignatureAppearance signatureAppearance, ICollection<ICrlClient> clrClients, IOcspClient oscpClient)
{
IExternalSignature externalSignature = new X509Certificate2Signature(signingCertificates.X509Certificate2, "SHA-1");
MakeSignature.SignDetached(signatureAppearance, externalSignature, signingCertificates.FinalChain, clrClients, oscpClient, null, 0, CryptoStandard.CMS);
}
private static void CreateSignature(SigningCertificates signingCertificates, PdfSignatureAppearance signatureAppearance, ICollection <ICrlClient> clrClients, IOcspClient oscpClient)
{
IExternalSignature externalSignature = new X509Certificate2Signature(signingCertificates.X509Certificate2, "SHA-1");
MakeSignature.SignDetached(signatureAppearance, externalSignature, signingCertificates.FinalChain, clrClients, oscpClient, null, 0, CryptoStandard.CMS);
}
// metodo principal para el procesamiento de pdfs (firma digital adjuntos metadatos)
public string SignPdf(
SignRenderingMode signRenderingMode,
Funciones.Archivos.Pdf.Dtos.PdfSign.PdfSignRequestDto jsonToProcess,
string path)
{
try
{
//var json = File.ReadAllText(path);
//var jsonToProcess = JsonConvert
//.DeserializeObject<Funciones.Archivos.Pdf.Dtos.PdfSign.PdfSignRequestDto>(json.Replace("<EOF>", ""));
_target = jsonToProcess.outPath;
_fs = GetPdfStreamFormUrlOrBase64(jsonToProcess.dataUriBase64PdfToSign);
// conversor de certificados
var objCP = new BcX509.X509CertificateParser();
var crlList = new List <ICrlClient>();
// buscar el certificado por numero serial
var certificate = SearchCertificate(jsonToProcess.certificateSerialNumber);
if (certificate == null)
{
return("No se encontraron certificados para el serial: " + jsonToProcess.certificateSerialNumber);
}
// definicion del certificado operable
var objChain = new BcX509.X509Certificate[] { objCP.ReadCertificate(certificate.RawData) };
crlList.Add(new CrlClientOnline(objChain));
//TODO: habilitar la estampa cronologica (Error) (verificar tsa Timestamping Authority)
// agregamos la estampa cronologica
#region estampa cronologica
ITSAClient tsaClient = null;
IOcspClient ocspClient = null;
if (jsonToProcess.addTimeStamp)
{
ocspClient = new OcspClientBouncyCastle();
//CertificateUtil.getTSAURL(Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certificate));
tsaClient = new TSAClientBouncyCastle(jsonToProcess.urlTSA);
}
#endregion estampa cronologica
// cargue del pdf al lector de itextsharp
var _pdfReader = new PdfReader(_fs);
// cargue an memoria del pdf
using (var _wfs = new MemoryStream())
{
// creacion de la firma a partir del lector itextsharp y el pdf en memoria
using (var objStamper = PdfStamper.CreateSignature(_pdfReader, _wfs, '\0', null, true))
{
// Procesar adjuntos
var attachmentIndex = 1;
(jsonToProcess.dataUriBase64ListOfPdfToAttach as List <FileToAttachDto>).ForEach(
(item) =>
{
//TODO: verificar si no se va a necesitar
if (!item.pathOrDataUriBase64.StartsWith("data:"))
{
var pfs = PdfFileSpecification.FileEmbedded(objStamper.Writer, item.fileDescription, attachmentIndex + "_" + item.fileDescription + ".pdf", null, true);
objStamper.Writer.AddFileAttachment("Adjunto número: " + attachmentIndex, pfs);
}
else
{
try
{
var x = StreamToByteArray(GetPdfStreamFormUrlOrBase64(item.pathOrDataUriBase64));
var pfs = PdfFileSpecification.FileEmbedded(
objStamper.Writer,
item.fileDescription + ".pdf",
item.fileDescription + ".pdf",
x,
true,
item.mimeType,
null
);
objStamper.Writer.AddFileAttachment("Adjunto número: " + attachmentIndex, pfs);
//.AddFileAttachment("adjunto número: " + attachmentIndex, x, "adjunto_" + attachmentIndex + ".pdf", "adjunto " + attachmentIndex);
}
catch (Exception exce)
{
Console.WriteLine(exce.StackTrace);
}
}
attachmentIndex++;
});
// definicion de la apariencia de la firma
var signatureAppearance = objStamper.SignatureAppearance;
// definicion del enum itextsharp a partir del enum parametro local
var mode = Enum.Parse(typeof(RenderingMode), signRenderingMode.ToString());
signatureAppearance.SignatureRenderingMode = (RenderingMode)mode;
signatureAppearance.Reason = jsonToProcess.reasonToSign;
signatureAppearance.Location = jsonToProcess.locationDescription;
// agregar marca visual de firma digital
#region agregar marca visual firma digital
if (jsonToProcess.addVisibleSignMark)
{
// definicion de imagen desde ruta o base64
signatureAppearance.SignatureGraphic = GetImageFormUrlOrBase64(jsonToProcess.dataUriBase64SignImage);
// definicion de la firma digital visible
signatureAppearance.SetVisibleSignature(
new Rectangle(jsonToProcess.visibleSignMarkWidth, jsonToProcess.visibleSignMarkHeight, jsonToProcess.xVisibleSignMarkPosition, jsonToProcess.yVisibleSignMarkPosition),
_pdfReader.NumberOfPages,
jsonToProcess.visibleSignText);
}
#endregion agregar marca visual firma digital
// Agregar propiedades extendidas
objStamper.MoreInfo = (jsonToProcess.metadata as List <MetadataDto>).ToDictionary(x => x.key, x => x.value);
//TODO: verificar si no es necesario la utilizacion de XMP manual (actualmente funciona)
#region xmp implementacion manual
/* objStamper.Writer.CreateXmpMetadata();
* var xmp = objStamper.Writer.XmpMetadata;
*
*
* //XMP metadatos
* IXmpMeta xmp;
* using (var stream = File.OpenRead(@"C:\Users\danie\OneDrive\Escritorio\xmpMetadata.xml"))
* xmp = XmpMetaFactory.Parse(stream);
*
* foreach (var property in xmp.Properties)
* {
* Console.WriteLine($"Path={property.Path} Namespace={property.Namespace} Value={property.Value}");
* }
*
* var serializeOptions = new SerializeOptions();
* serializeOptions.UsePlainXmp = true;
* var newMetadata = XmpMetaFactory.SerializeToBuffer(xmp, serializeOptions);
* objStamper.XmpMetadata = newMetadata;*/
#endregion xmp implementacion manual
// Firmar digitalmente
var externalSignature = new X509Certificate2Signature(certificate, jsonToProcess.certificateHashAlgorithm);
MakeSignature.SignDetached(signatureAppearance, externalSignature, objChain, crlList, ocspClient, tsaClient, 0, CryptoStandard.CMS);
}
var pdfFileTocreate = jsonToProcess.outPath.Replace("json", "pdf");
System.IO.File.WriteAllBytes(pdfFileTocreate, _wfs.ToArray());
Process.Start(pdfFileTocreate);
return(Convert.ToBase64String(_wfs.ToArray()));
}
}
catch (Exception exce)
{
WriteToFile(exce.StackTrace);
WriteToFile(exce.Message);
return(exce.Message);
}
}
public void Sign(String src, String dest,
ICollection <X509Certificate> chain, X509Certificate2 pk,
String digestAlgorithm, CryptoStandard subfilter,
String reason, String location,
ICollection <ICrlClient> crlList,
IOcspClient ocspClient,
ITSAClient tsaClient,
int estimatedSize, int RowIdx, int RowHeight, int x, int y, int NameWidth, int DateWidth,
String RevIndex, String RevStep, String Reason, String Name, String Date)
{
// Creating the reader and the stamper
PdfReader reader = null;
PdfStamper stamper = null;
FileStream os = null;
try
{
reader = new PdfReader(src);
os = new FileStream(dest, FileMode.Create);
// os = new FileStream(dest, FileMode.Create, FileAccess.Write);
//Activate MultiSignatures
stamper = PdfStamper.CreateSignature(reader, os, '\0', null, true);
//To disable Multi signatures uncomment this line : every new signature will invalidate older ones !
//stamper = PdfStamper.CreateSignature(reader, os, '\0');
// Creating the appearance
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
Rectangle rectangle = new Rectangle(x, y + RowIdx * RowHeight, x + NameWidth + DateWidth, y + (RowIdx + 1) * RowHeight);
appearance.SetVisibleSignature(rectangle, 1, "Revision " + RevIndex + "|" + RevStep);
appearance.Reason = "marked as changed";
appearance.Location = location;
appearance.Layer2Text = "Signed on " + DateTime.Now;
appearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.DESCRIPTION;
PdfTemplate n2 = appearance.GetLayer(2);
Font font = new Font();
font.SetColor(255, 0, 0);
font.Size = 10;
ColumnText ct1 = new ColumnText(n2);
ct1.SetSimpleColumn(new Phrase(Name, font), 0, 0, NameWidth, rectangle.Height, 15, Element.ALIGN_LEFT);
ct1.Go();
ColumnText ct2 = new ColumnText(n2);
ct2.SetSimpleColumn(new Phrase(Date, font), NameWidth, 0, rectangle.Width, rectangle.Height, 15, Element.ALIGN_LEFT);
ct2.Go();
//n2.ConcatCTM(1, 0, 0, -1, 0, 0);
//n2.SaveState();
// Creating the signature
IExternalSignature pks = new X509Certificate2Signature(pk, digestAlgorithm);
MakeSignature.SignDetached(appearance, pks, chain, crlList, ocspClient, tsaClient, estimatedSize, subfilter);
}
catch (Exception ex)
{
Console.WriteLine("GMA: " + ex.Message);
}
finally
{
if (reader != null)
{
reader.Close();
}
if (stamper != null)
{
stamper.Close();
}
if (os != null)
{
os.Close();
}
}
}
public static void AssinaComCertificado(List <ICrlClient> crlList, byte[] File, out byte[] SignFile, CertSimples cert, int X, int Y, int Pagina, int Rotation, bool AddTimeStamper = true, string urlTimeStamper = "https://freetsa.org/tsr", string timeStampUser = "", string timeStampPass = "", string Reason = "Assinatura Digital", bool AplicaPolitica = false, string MyDigestAlgorithm = "SHA-256", string Contact = "", string Location = "Indústrias Nucleares do Brasil S/A - INB", string Creator = "Assinador da INB", TipoAssinatura Tipo = TipoAssinatura.Normal, string Cargo = "", string CREACRM = "")
{
int Largura = 140;
int Altura = 63;
MemoryStream ArquivoOrigem = new MemoryStream(File);
PdfReader pdfReader = new PdfReader(ArquivoOrigem);
MemoryStream signedPdf = new MemoryStream();
StampingProperties osp = new StampingProperties();
osp.UseAppendMode();
PdfSigner objStamper = new PdfSigner(pdfReader, signedPdf, osp);
ITSAClient tsaClient = null;
IOcspClient ocspClient = null;
ConfiguraAparencia(objStamper, cert, X, Y, Largura, Altura, Pagina, Rotation, Contact, Reason, Location, Creator, Tipo, Cargo, CREACRM);
Org.BouncyCastle.X509.X509Certificate vert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(cert.Certificado);
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] Arraychain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(cert.Certificado.RawData) };
X509CertificateParser objCP = new X509CertificateParser();
RSACryptoServiceProvider rsa;
RSACryptoServiceProvider Provider;
IExternalSignature externalSignature;
if (cert.Certificado.PrivateKey is RSACryptoServiceProvider)
{
rsa = (RSACryptoServiceProvider)cert.Certificado.PrivateKey;
Provider = (RSACryptoServiceProvider)cert.Certificado.PrivateKey;
externalSignature = new AsymmetricAlgorithmSignature(Provider, MyDigestAlgorithm);
}
else
{
RSA rsaTeste = cert.Certificado.GetRSAPrivateKey();
rsa = (RSACryptoServiceProvider)cert.Certificado.PrivateKey;
Provider = (RSACryptoServiceProvider)cert.Certificado.PrivateKey;
externalSignature = new AsymmetricAlgorithmSignature(Provider, MyDigestAlgorithm);
}
if (AddTimeStamper)
{
tsaClient = new TSAClientBouncyCastle(urlTimeStamper, timeStampUser, timeStampPass);
}
OCSPVerifier ocspVerifier = new OCSPVerifier(null, null);
ocspClient = new OcspClientBouncyCastle(ocspVerifier);
if (AplicaPolitica)
{
SignaturePolicyInfo spi = getPolitica();
objStamper.SignDetached(externalSignature, Arraychain, crlList, ocspClient, tsaClient, 0, PdfSigner.CryptoStandard.CADES, spi);
}
else
{
objStamper.SignDetached(externalSignature, Arraychain, crlList, ocspClient, tsaClient, 0, PdfSigner.CryptoStandard.CADES);
}
try
{
SignFile = signedPdf.ToArray();
try
{
signedPdf.Close();
signedPdf.Dispose();
}
catch { }
}
catch (Exception ex)
{
SignFile = null;
throw ex;
}
try
{
signedPdf.Close();
}
catch (Exception ex) { }
pdfReader.Close();
}
