public static bool SignPDF(X509Certificate2 signature, string sourceDocument, string destinationPath)
{
if (signature == null)
{
return(false);
}
PdfReader reader = new PdfReader(sourceDocument);
using (FileStream fout = new FileStream(destinationPath, FileMode.Create, FileAccess.ReadWrite))
{
using (PdfStamper stamper = PdfStamper.CreateSignature(reader, fout, '\0'))
{
// digital signature
var pk = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(signature.PrivateKey).Private;
IExternalSignature es = new PrivateKeySignature(pk, "SHA-256");
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new[] { cp.ReadCertificate(signature.RawData) };
try
{
MakeSignature.SignDetached(stamper.SignatureAppearance, es, chain, null, null, null, 0, CryptoStandard.CMS);
}
catch (CryptographicException ex)
{
return(false);
}
stamper.Close();
}
}
return(true);
}
//Sample from: http://www.rahulsingla.com/blog/2012/09/digitally-sign-and-verify-pdf-documents-in-c-using-itextsharp-5-3-x-library
// http://stackoverflow.com/questions/14997118/how-do-i-sign-a-pdf-document-using-a-certificate-from-the-windows-cert-store
/// <summary>
/// Signs a PDF document using iTextSharp library
/// </summary>
/// <param name="certSubjectName">Cerificate subject (prefix) in local certStore.</param>
/// <param name="sourceDocument">The path of the source pdf document which is to be signed</param>
/// <param name="destinationPath">The path at which the signed pdf document should be generated</param>
/// <param name="reason">String describing the reason for signing, would be embedded as part of the signature</param>
/// <param name="location">Location where the document was signed, would be embedded as part of the signature</param>
/// <param name="allowInvalidCertificate">Allows also usage of invalid certificate from store.</param>
public static byte[] SignPdf(string certSubjectName, byte[] sourceDocument, string reason, string location, bool allowInvalidCertificate)
{
try
{
// reader and stamper
using (PdfReader reader = new PdfReader(sourceDocument))
{
using (MemoryStream fout = new MemoryStream())
{
PdfStamper stamper = PdfStamper.CreateSignature(reader, fout, '\0');
// appearance
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.Reason = reason;
appearance.Location = location;
// digital signature
ICollection <Org.BouncyCastle.X509.X509Certificate> certChain;
IExternalSignature es = ResolveExternalSignatureFromCertStore(certSubjectName, allowInvalidCertificate, out certChain);
MakeSignature.SignDetached(appearance, es, certChain, null, null, null, 0, CryptoStandard.CMS);
stamper.Close();
return(fout.ToArray());
}
}
}
catch (Exception ex)
{
System.Diagnostics.Trace.TraceError("Exception during pdf sign: {0}", ex.Message);
throw;
}
}
private void sign(X509Certificate2 cert, String imput, String output)
{
string SourcePdfFileName = imput;
string DestPdfFileName = output;
string requerente = "";
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(cert.RawData) };
IExternalSignature externalSignature = new X509Certificate2Signature(cert, "SHA-1");
PdfReader pdfReader = new PdfReader(SourcePdfFileName);
FileStream signedPdf = new FileStream(DestPdfFileName, FileMode.Create); //the output pdf file
PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, signedPdf, '\0');
PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance;
requerente = cert.Subject.Replace("CN=", "").Replace("OU=", "").Replace("DC=", "").Replace("O=", "").Replace("C=", "");
signatureAppearance.SetVisibleSignature(new iTextSharp.text.Rectangle(250, 30, 550, 80), 1, "Signature");
signatureAppearance.Layer2Text = "Assinado de forma digital por " + requerente + Environment.NewLine + "Dados:" + DateTime.Now;
string pathImage = Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), "assinatura.png");
var image = iTextSharp.text.Image.GetInstance(pathImage);
signatureAppearance.SignatureGraphic = image;
//signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.DESCRIPTION;
signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.GRAPHIC_AND_DESCRIPTION;
//signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.DESCRIPTION;
MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, null, 0, CryptoStandard.CMS);
}
public static byte[] SignPDFBytes(X509Certificate2 signatureCert, byte[] pdf)
{
byte[] result;
MemoryStream ms = new MemoryStream();
PdfReader reader = new PdfReader(pdf);
using (PdfStamper signer = PdfStamper.CreateSignature(reader, ms, '\0'))
{
// digital signature
var pk = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(signatureCert.PrivateKey).Private;
IExternalSignature es = new PrivateKeySignature(pk, "SHA-256");
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new[] { cp.ReadCertificate(signatureCert.RawData) };
try
{
MakeSignature.SignDetached(signer.SignatureAppearance, es, chain, null, null, null, 0, CryptoStandard.CMS);
result = ms.ToArray();
}
catch (CryptographicException ex)
{
throw;
}
signer.Close();
}
return(result);
}
private void addTsa(PdfSignatureAppearance signAppearance)
{
var es = new PrivateKeySignature(_asymmetricKeyParameter, "SHA-256");
var tsc = new TSAClientBouncyCastle(SignatureData.TsaClient.Url, SignatureData.TsaClient.UserName, SignatureData.TsaClient.Password);
MakeSignature.SignDetached(signAppearance, es, _chain, null, null, tsc, 0, CryptoStandard.CMS);
}
public byte[] Sign(byte[] pdf, SignInformation signInfo)
{
PdfReader document = new PdfReader(pdf);
MemoryStream stream = new MemoryStream();
PdfStamper pdfStamper = PdfStamper.CreateSignature(document, stream, '\0');
PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance;
signatureAppearance.Reason = signInfo.reason; //Reason
signatureAppearance.Location = signInfo.location; //Location
signatureAppearance.CertificationLevel = signInfo.certifyLevel;
signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.DESCRIPTION; //Rendering mode
IExternalSignature signature = new RSAProviderPrivateKey(signInfo.cert, signInfo.hashAlgorithm);
try
{
//Do signing
MakeSignature.SignDetached(signatureAppearance, signature, signInfo.chain, null, null, null, 0, signInfo.sigType);
}
catch (Exception e)
{
throw new Exception("Cannot sign the PDF file.", e);
}
return(stream.ToArray());
}
private void signDetached(PdfSignatureAppearance signAppearance)
{
signAppearance.CertificationLevel = PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED;
var es = new PrivateKeySignature(_asymmetricKeyParameter, "SHA-256");
MakeSignature.SignDetached(signAppearance, es, _chain, null, null, null, 0, CryptoStandard.CMS);
}
public void sign(X509Certificate2 cert, String filename, String imageName, String output)
{
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] {
cp.ReadCertificate(cert.RawData)
};
IExternalSignature externalSignature = new X509Certificate2Signature(cert, "SHA-1");
PdfReader pdfReader = new PdfReader(filename);
FileStream signedPdf = new FileStream(output, FileMode.Create);
PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, signedPdf, '\0');
PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance;
Image img = Image.GetInstance(imageName);
img.Alignment = iTextSharp.text.Image.UNDERLYING;
signatureAppearance.SignatureGraphic = img;
signatureAppearance.Acro6Layers = true;
int x = Convert.ToInt32(xTextBox.Text);
int y = Convert.ToInt32(yTextBox.Text);
int w = Convert.ToInt32(widthTextBox.Text);
int h = Convert.ToInt32(heightTextBox.Text);
signatureAppearance.SetVisibleSignature(new iTextSharp.text.Rectangle(x, y, w, h), pdfReader.NumberOfPages, "Signature");
signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.GRAPHIC_AND_DESCRIPTION;
MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, null, 0, CryptoStandard.CMS);
}
public void Sign(String keystore, String src, String name, String dest)
{
Pkcs12Store store = new Pkcs12Store(new FileStream(keystore, FileMode.Open), PASSWORD);
String alias = "";
ICollection <X509Certificate> chain = new List <X509Certificate>();
// searching for private key
foreach (string al in store.Aliases)
{
if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate)
{
alias = al;
break;
}
}
AsymmetricKeyEntry pk = store.GetKey(alias);
foreach (X509CertificateEntry c in store.GetCertificateChain(alias))
{
chain.Add(c.Certificate);
}
RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters;
PdfReader reader = new PdfReader(src);
FileStream os = new FileStream(dest, FileMode.Create);
PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0', null, true);
// Creating the appearance
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.SetVisibleSignature(name);
// Creating the signature
IExternalSignature pks = new PrivateKeySignature(parameters, "SHA-256");
MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, CryptoStandard.CMS);
}
/// <summary>
/// Signs a PDF document using iTextSharp library
/// </summary>
/// <param name="sourceDocument">The path of the source pdf document which is to be signed</param>
/// <param name="reason">String describing the reason for signing, would be embedded as part of the signature</param>
/// <param name="location">Location where the document was signed, would be embedded as part of the signature</param>
public static byte[] SignPdfFile(byte[] sourceDocument, string reason, string location)
{
var cert = DigitalSignature.GetStoreCertificate();
var cp = new Org.BouncyCastle.X509.X509CertificateParser();
var pdfCert = cp.ReadCertificate(cert.RawData);
var certChain = new[] { pdfCert };
// reader and stamper
PdfReader reader = new PdfReader(sourceDocument);
using (MemoryStream fout = new MemoryStream())
{
using (PdfStamper stamper = PdfStamper.CreateSignature(reader, fout, '\0'))
{
// appearance
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.Reason = reason;
appearance.Location = location;
var rect = reader.GetPageSize(1);
appearance.SetVisibleSignature(new Rectangle(rect.Width - 128, rect.Height - 78, rect.Width - 10, rect.Height - 20), 1, null);
// digital signature
IExternalSignature es = new X509Certificate2Signature(cert, "SHA1");
MakeSignature.SignDetached(appearance, es, certChain, null, null, null, 0, CryptoStandard.CMS);
stamper.Close();
}
return(fout.ToArray());
}
}
public void Sign(String src, String name, String dest, ICollection <X509Certificate> chain, ICipherParameters pk,
String digestAlgorithm, CryptoStandard subfilter, String reason, String location,
String contact, DateTime signDate, String fullName)
{
// Creating the reader and the stamper
PdfReader reader = new PdfReader(src);
FileStream os = new FileStream(dest, FileMode.Create);
PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0');
// Creating the appearance
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.Reason = reason;
appearance.Location = location;
appearance.SetVisibleSignature(name);
appearance.Contact = contact;
appearance.SignDate = signDate;
MySignatureEvent eEvent = new MySignatureEvent();
eEvent.FullName = fullName;
appearance.SignatureEvent = eEvent;
// Creating the signature
IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm);
MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, subfilter);
}
public void Pkcs11RsaSignatureReuseTest()
{
using (Pkcs11RsaSignature pkcs11RsaSignature = new Pkcs11RsaSignature(_libraryPath, _tokenSerial, _tokenLabel, _pin, _ckaLabel, _ckaId, _hashAlgorithm))
{
byte[] signingCertificate = pkcs11RsaSignature.GetSigningCertificate();
List <byte[]> otherCertificates = pkcs11RsaSignature.GetAllCertificates();
ICollection <X509Certificate> certPath = CertUtils.BuildCertPath(signingCertificate, otherCertificates);
for (int i = 0; i < 100; i++)
{
string unsignedPdfPath = GetTempDocPath();
string signedPdfPath = GetTempDocPath();
try
{
GenerateRandomPdf(unsignedPdfPath);
using (PdfReader pdfReader = new PdfReader(unsignedPdfPath))
using (FileStream outputStream = new FileStream(signedPdfPath, FileMode.Create))
using (PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, outputStream, '\0', GetTempDocPath(), true))
MakeSignature.SignDetached(pdfStamper.SignatureAppearance, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES);
Assert.IsTrue(1 == VerifySignatureIntegrity(signedPdfPath));
}
finally
{
File.Delete(unsignedPdfPath);
File.Delete(signedPdfPath);
}
}
}
}
private String calculateSigningContent(X509Certificate2 cert)
{
byte[] sh = null;
try
{
Org.BouncyCastle.X509.X509Certificate[] chain = GetCertChain(cert);
sgn = new PdfPKCS7(null, chain, "SHA-256", true);
hashValue = HashFile(sap.GetRangeStream());
List <ICrlClient> crlList = new List <ICrlClient>();
crlList.Add(new CrlClientOnline(chain));
ICollection <byte[]> crlBytes = null;
int i = 0;
while (crlBytes == null && i < chain.Length)
{
crlBytes = MakeSignature.ProcessCrl(chain[i++], null);
}
sh = sgn.getAuthenticatedAttributeBytes(hashValue, null, crlBytes /*crlbyte*/, CryptoStandard.CADES);
}
catch (Exception ex)
{
if (document != null)
{
document.Close();
}
if (pdfStamper != null)
{
pdfStamper.Close();
}
throw new Exception("getHash : " + ex.Message, ex);
}
return(System.Convert.ToBase64String(sh));
}
public Stream SignPDF(Stream pdfstream, Certificate certificate)
{
pdfstream.Requires(nameof(pdfstream)).IsNotNull();
certificate.Requires(nameof(certificate)).IsNotNull();
var chain = certificate.Chain;
var parameters = certificate.Parameters;
IExternalSignature pks = new PrivateKeySignature(parameters, DigestAlgorithms.SHA256);
using (PdfReader reader = new PdfReader(pdfstream))
{
if (reader.IsEncrypted())
{
throw new Exception("[PDFEncryptedException] Target PDF is encrypted or owned, unlock PDF and try again.");
}
var outputpdf = new MemoryStream();
using (PdfStamper st = PdfStamper.CreateSignature(reader, outputpdf, '\0', "tmp.pdf", true))
{
PdfSignatureAppearance appearance = st.SignatureAppearance;
appearance.SignDate = DateTime.Now;
appearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.NAME_AND_DESCRIPTION;
MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, CryptoStandard.CMS);
var mb = outputpdf.ToArray();
return(new MemoryStream(mb));
}
}
}
public void SignWithThisCert(X509Certificate2 cert, Stream Archivo, string URLDocumento)
{
string DestPdfFileName = URLDocumento;
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(cert.RawData) };
IExternalSignature externalSignature = new X509Certificate2Signature(cert, "SHA-1");
Archivo.Flush(); // Don't know if this is necessary
Archivo.Position = 0;
PdfReader pdfReader = new PdfReader(Archivo);
FileStream signedPdf = new FileStream(DestPdfFileName, FileMode.Create); //the output pdf file
PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, signedPdf, '\0');
PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance;
//here set signatureAppearance at your will
signatureAppearance.Reason = ConfigurationManager.AppSettings["firma_RazonInversionista"].ToString();
signatureAppearance.Location = ConfigurationManager.AppSettings["firma_Ubicacion"].ToString();
signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.DESCRIPTION;
MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, null, 0, CryptoStandard.CMS);
//MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, null, 0, CryptoStandard.CADES);
signedPdf.Close();
//signedPdf = new FileStream(DestPdfFileName, FileMode.Open);
//return signedPdf;
}
public void Sign(string inputPath, string outPath, string imagePath, bool visible = true)
{
X509Store store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(store.Certificates, null, null, X509SelectionFlag.SingleSelection);
X509Certificate2 cert = sel[0];
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] {
cp.ReadCertificate(cert.RawData)
};
IExternalSignature externalSignature = new X509Certificate2Signature(cert, "SHA-1");
PdfReader pdfReader = new PdfReader(inputPath);
var signedPdf = new FileStream(outPath, FileMode.Create);
var pdfStamper = PdfStamper.CreateSignature(pdfReader, signedPdf, '\0');
PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance;
if (imagePath != null && imagePath != string.Empty)
{
signatureAppearance.SignatureGraphic = Image.GetInstance(imagePath);
}
signatureAppearance.SetVisibleSignature(new Rectangle(100, 100, 250, 150), pdfReader.NumberOfPages, "Signature");
signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.GRAPHIC_AND_DESCRIPTION;
MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, null, 0, CryptoStandard.CMS);
Process.Start(outPath);
}
public bool signCertificate(string DocumentPath, string CertificateSavePath, Stream privateKeyStream, string keyPassword)
{
try
{
Pkcs12Store pk12 = new Pkcs12Store(privateKeyStream, keyPassword.ToCharArray());
privateKeyStream.Dispose();
//then Iterate throught certificate entries to find the private key entry
string alias = null;
foreach (string tAlias in pk12.Aliases)
{
if (pk12.IsKeyEntry(tAlias))
{
alias = tAlias;
break;
}
}
var pk = pk12.GetKey(alias).Key;
// reader and stamper
PdfReader reader = new PdfReader(DocumentPath);
int PageCount = reader.NumberOfPages;
using (FileStream fout = new FileStream(CertificateSavePath, FileMode.Create, FileAccess.ReadWrite))
{
using (PdfStamper stamper = PdfStamper.CreateSignature(reader, fout, '\0', null, true))
{
// appearance
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
//appearance.Image = new iTextSharp.text.pdf.PdfImage();
//appearance.Reason = reason;
// appearance.Location = location;
appearance.SetVisibleSignature(new iTextSharp.text.Rectangle(220, 165, 420, 250), PageCount, "Icsi-Vendor");//.IsInvisible();//s
//220,165, 435, 310
//lly - gose up llx - is width 210,245,495,620 500, 300, 297, 200
//iTextSharp.text.Image watermark = iTextSharp.text.Image.GetInstance(SignatureIMGPath);
//appearance.Image = watermark;
//appearance.Image.ScaleToFit(70, 70);
////appearance.Image.Alignment=100;
//appearance.Image.SetAbsolutePosition(100, 100);
//appearance.GetAppearance().AddImage(watermark);
//digital signature
IExternalSignature es = new PrivateKeySignature(pk, "SHA-256");
MakeSignature.SignDetached(appearance, es, new Org.BouncyCastle.X509.X509Certificate[] { pk12.GetCertificate(alias).Certificate }, null, null, null, 0, CryptoStandard.CMS);
stamper.Close();
}
}
return(true);
}
catch (Exception Ex)
{
ErrorLog.LogError(Ex);
return(false);
}
}
public async Task DigitallySign(int idDocument, string userId, string password, byte[] certificateData, string reason, string location)
{
var document = await dbContext
.Documents
.FirstAsync(it => it.IdDocument == idDocument);
var lastState = await dbContext.DocumentStates.Include(it => it.DocumentData).Where(it => it.IdDocument == idDocument).LastAsync();
var unsignedData = ((DocumentDataUpload)lastState.DocumentData).Data;
var store = new Pkcs12Store(new MemoryStream(certificateData), password.ToCharArray());
var alias = string.Empty;
foreach (string al in store.Aliases)
{
if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate)
{
alias = al;
break;
}
}
var pk = store.GetKey(alias);
var chain = new List <X509Certificate>();
foreach (X509CertificateEntry c in store.GetCertificateChain(alias))
{
chain.Add(c.Certificate);
}
var certificate = new System.Security.Cryptography.X509Certificates.X509Certificate(certificateData, password);
var signedPdfData = new MemoryStream();
using (var reader = new PdfReader(unsignedData))
{
var stp = PdfStamper.CreateSignature(reader, signedPdfData, '\0');
stp.SignatureAppearance.Reason = reason;
stp.SignatureAppearance.Location = location;
stp.SignatureAppearance.SetVisibleSignature(new Rectangle(36, 748, 144, 780), 1, null);
var es = new PrivateKeySignature(pk.Key as RsaPrivateCrtKeyParameters, DigestAlgorithms.SHA256);
MakeSignature.SignDetached(stp.SignatureAppearance, es, chain, null, null, null, 0, CryptoStandard.CMS);
stp.Close();
}
dbContext.Entry(lastState).State = EntityState.Detached;
lastState.IdDocumentState = 0;
lastState.IdDocumentData = 0;
lastState.StatusDate = DateTime.Now;
lastState.IsDigitallySigned = true;
lastState.Version = GetNextVersion(lastState.Version, lastState.DocumentStatus);
lastState.DocumentData = new DocumentDataUpload {
Data = signedPdfData.ToArray()
};
dbContext.DocumentStates.Add(lastState);
}
public void CreateSignature(String src, String dest, String fieldname, AsymmetricKeyEntry pk,
IList <X509Certificate> chain)
{
PdfReader reader = new PdfReader(src);
FileStream os = new FileStream(dest, FileMode.Create);
IExternalSignatureContainer external = new MyExternalSignatureContainer(pk, chain);
MakeSignature.SignDeferred(reader, fieldname, os, external);
}
private void SignDocumentSigningBlock(ICollection <X509Certificate> chain, ICipherParameters pk, string block, PdfSignatureAppearance appearance, PdfStamper stamper, byte[] signatureImage)
{
appearance.SetVisibleSignature(block);
SignDocumentSigningBlockWithImage(signatureImage, appearance);
SignDocumentSigningBlockWithText(appearance, chain.First());
IExternalSignature externalSignature = new PrivateKeySignature(pk, "SHA-256");
MakeSignature.SignDetached(appearance, externalSignature, chain, null, null, new TSAClientBouncyCastle("http://services.globaltrustfinder.com/adss/tsa"), 104000, CryptoStandard.CMS);
}
public static bool SignHashed(string Source, string Target, SysX509.X509Certificate2 Certificate, string Reason, string Location, bool AddVisibleSign, bool AddTimeStamp, string strTSA)
{
PdfReader objReader = null;
PdfStamper objStamper = null;
try
{
X509CertificateParser objCP = new Org.BouncyCastle.X509.X509CertificateParser();
X509Certificate[] objChain = new X509Certificate[] { objCP.ReadCertificate(Certificate.RawData) };
IList <ICrlClient> crlList = new List <ICrlClient>();
crlList.Add(new CrlClientOnline(objChain));
objReader = new PdfReader(Source);
objStamper = PdfStamper.CreateSignature(objReader, new FileStream(Target, FileMode.Create), '\0', null, true);
// Creamos la apariencia
PdfSignatureAppearance signatureAppearance = objStamper.SignatureAppearance;
signatureAppearance.Reason = "Inforegistro, S.L.";
//signatureAppearance.Location = Location;
// Custom signature appearance text
var font = FontFactory.GetFont("Times New Roman", 11, iTextSharp.text.Font.BOLDITALIC, BaseColor.DARK_GRAY);
signatureAppearance.Layer2Font = font;
signatureAppearance.Layer2Text = "Firmado digitalmente por \r\nInforegistro, S.L.\r\nFecha " + DateTime.Now.ToShortDateString();
var rectangle = new Rectangle(350, 30, 500, 120);
// Si está la firma visible:
if (AddVisibleSign)
{
signatureAppearance.SetVisibleSignature(rectangle, 2, "Inforegistro");
}
ITSAClient tsaClient = null;
IOcspClient ocspClient = null;
// Creating the signature
IExternalSignature externalSignature = new X509Certificate2Signature(Certificate, "SHA-1");
MakeSignature.SignDetached(signatureAppearance, externalSignature, objChain, crlList, ocspClient, tsaClient, 0, CryptoStandard.CMS);
return(File.Exists(Target));
}
catch (Exception ex)
{
throw ex;
}
finally
{
if (objReader != null)
{
objReader.Close();
}
if (objStamper != null)
{
objStamper.Close();
}
}
}
public string Execute(SingInfo singInfo)
{
var certificate = this.certificadoA3.Obter();
this.cadeiaTempo = this.certificadoA3.CadeiaCertificadoTempo();
this.MontarEstruturaCertificacao(certificate);
var pdfAux = Path.Combine(
Path.GetDirectoryName(singInfo.SourcePdf),
Path.GetFileNameWithoutExtension(singInfo.SourcePdf) + "-aux.pdf");
using (var reader = new PdfReader(singInfo.SourcePdf))
{
using (var os = new FileStream(pdfAux, FileMode.Create))
{
var stamper = PdfAStamper.CreateSignature(reader, os, '\0', PdfAConformanceLevel.PDF_A_2A);
var appearance = stamper.SignatureAppearance;
var caminhoFonte2 = @"C:\Windows\Fonts\cour.ttf";
appearance.Layer2Font = FontFactory.GetFont(caminhoFonte2, BaseFont.WINANSI, BaseFont.EMBEDDED, 8);
appearance.Reason = singInfo.SignatureReason;
appearance.Contact = singInfo.SignatureContact;
appearance.Location = singInfo.SignatureLocation;
appearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.DESCRIPTION;
var pks = new X509Certificate2Signature(certificate, DigestAlgorithms.SHA256);
MakeSignature.SignDetached(
appearance,
pks,
this.chain,
this.crlList,
this.ocspClient,
this.tsaClient,
EstimatedSize,
CryptoStandard.CMS);
}
}
using (var reader = new PdfReader(pdfAux))
{
using (var os = new FileStream(singInfo.TargetPdf, FileMode.Create))
{
var stamper = PdfStamper.CreateSignature(reader, os, '\0', null, true);
var appearance = stamper.SignatureAppearance;
this.AdicionarLtv(stamper, appearance);
}
}
this.RemoverArquivoTemporario(pdfAux);
return(singInfo.TargetPdf);
}
public string AddSignature(string PathSource, string PathTarget, string CertPath, string CertPass, int lx = 100, int ly = 100, int ux = 250, int uy = 150, int page = 1, bool Visible = true)
{
try
{
Org.BouncyCastle.Crypto.AsymmetricKeyParameter Akp = null;
Org.BouncyCastle.X509.X509Certificate[] Chain = null;
string alias = null;
Org.BouncyCastle.Pkcs.Pkcs12Store pk12;
pk12 = new Org.BouncyCastle.Pkcs.Pkcs12Store(new System.IO.FileStream(CertPath, System.IO.FileMode.Open, System.IO.FileAccess.Read), CertPass.ToCharArray());
IEnumerable aliases = pk12.Aliases;
foreach (string aliasTemp in aliases)
{
alias = aliasTemp;
if (pk12.IsKeyEntry(alias))
{
break;
}
}
Akp = pk12.GetKey(alias).Key;
Org.BouncyCastle.Pkcs.X509CertificateEntry[] ce = pk12.GetCertificateChain(alias);
Chain = new Org.BouncyCastle.X509.X509Certificate[ce.Length];
for (int k = 0; k < ce.Length; ++k)
{
Chain[k] = ce[k].Certificate;
}
iTextSharp.text.pdf.PdfReader reader = new iTextSharp.text.pdf.PdfReader(PathSource);
iTextSharp.text.pdf.PdfStamper st = iTextSharp.text.pdf.PdfStamper.CreateSignature(reader, new System.IO.FileStream(PathTarget, System.IO.FileMode.Create, System.IO.FileAccess.Write), '\0', null, true);
iTextSharp.text.pdf.PdfSignatureAppearance sap = st.SignatureAppearance;
if (Visible == true)
{
page = (page <1 || page> reader.NumberOfPages) ? 1 : page;
sap.SetVisibleSignature(new iTextSharp.text.Rectangle(lx, ly, ux, uy), page, null);
}
sap.CertificationLevel = iTextSharp.text.pdf.PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED;
// digital signature - http://itextpdf.com/examples/iia.php?id=222
IExternalSignature es = new PrivateKeySignature(Akp, "SHA-256"); // "BC"
MakeSignature.SignDetached(sap, es, new X509Certificate[] { pk12.GetCertificate(alias).Certificate }, null, null, null, 0, CryptoStandard.CMS);
st.Close();
return("");
}
catch (Exception e)
{
return(e.Message);
}
}
public byte[] SignWithLTVEnable(byte[] pdf, SignInformation signInfo)
{
PdfReader document = new PdfReader(pdf);
MemoryStream stream = new MemoryStream();
//PdfStamper pdfStamper = new PdfStamper(document, stream, '0');
PdfStamper pdfStamper = PdfStamper.CreateSignature(document, stream, '\0');
PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance;
signatureAppearance.Reason = signInfo.reason; //Reason
signatureAppearance.Location = signInfo.location; //Location
signatureAppearance.CertificationLevel = signInfo.certifyLevel;
signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.DESCRIPTION; //Rendering mode
IExternalSignature signature = new RSAProviderPrivateKey(signInfo.cert, signInfo.hashAlgorithm);
bool isTsaConnected = false;
for (int retry = 0; retry < 5; retry++)
{
try
{
//int hash = tsaClient.GetHashCode();
string testString = "test";
byte[] digest;
using (System.Security.Cryptography.SHA256Managed sha256 = new System.Security.Cryptography.SHA256Managed())
{
digest = sha256.ComputeHash(Encoding.UTF8.GetBytes(testString));
}
signInfo.tsaClient.GetTimeStampToken(digest);
isTsaConnected = true;
break;
}
catch (Exception e)
{
Console.WriteLine(e.StackTrace);
}
Console.WriteLine("retry " + (retry + 1));
}
if (signInfo.tsaClient != null && signInfo.crlList != null && isTsaConnected)
{
try
{
//Do signing
MakeSignature.SignDetached(signatureAppearance, signature, signInfo.chain, signInfo.crlList, null, signInfo.tsaClient, 0, signInfo.sigType);
}
catch (Exception e)
{
throw new Exception("Cannot sign the PDF file.", e);
}
}
return(stream.ToArray());
}
private void signPDF(int llx, int lly, int urx, int ury)
{
// Do something interesting with unsigned PDF document
FileInfo unsignedPdfInfo = new FileInfo(unsignedPdfPath);
//Assert.IsTrue(unsignedPdfInfo.Length > 0);
// Specify path to the unmanaged PCKS#11 library
string libraryPath = @"C:\Windows\System32\cvP11.dll";
// Specify serial number of the token that contains signing key. May be null if tokenLabel is specified.
string tokenSerial = @"910e21b0da172e34";
// Specify label of of the token that contains signing key. May be null if tokenSerial is specified
string tokenLabel = @"SuisseID";
// Specify PIN for the token
string pin = "091011";
// Specify label (value of CKA_LABEL attribute) of the private key used for signing. May be null if ckaId is specified.
string ckaLabel = null;
// Specify hex encoded string with identifier (value of CKA_ID attribute) of the private key used for signing. May be null if ckaLabel is specified.
string ckaId = "6D808CE0BF9C368FB0AD28E24366F646BA0B3F67";
// Specify hash algorihtm used for the signature creation
HashAlgorithm hashAlgorithm = HashAlgorithm.SHA256;
// Create instance of Pkcs11Signature class that allows iText to create PKCS#1 v1.5 RSA signature with the private key stored on PKCS#11 compatible device
using (Pkcs11RsaSignature pkcs11RsaSignature = new Pkcs11RsaSignature(libraryPath, tokenSerial, tokenLabel, pin, ckaLabel, ckaId, HashAlgorithm.SHA256))
{
// When signing certificate is stored on the token it can be usually read with GetSigningCertificate() method
byte[] signingCertificate = pkcs11RsaSignature.GetSigningCertificate();
// All certificates stored on the token can be usually read with GetAllCertificates() method
List <byte[]> otherCertificates = pkcs11RsaSignature.GetAllCertificates();
// Build certification path for the signing certificate
ICollection <Org.BouncyCastle.X509.X509Certificate> certPath = CertUtils.BuildCertPath(signingCertificate, otherCertificates);
// Read unsigned PDF document
using (PdfReader pdfReader = new PdfReader(unsignedPdfPath))
{
// Create output stream for signed PDF document
using (FileStream outputStream = new FileStream(signedPdfPath, FileMode.Create))
{
// Create PdfStamper that applies extra content to the PDF document
using (PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, outputStream, '\0', Path.GetTempFileName(), true))
{
// Sign PDF document
PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance;
signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.GRAPHIC_AND_DESCRIPTION;
signatureAppearance.SignatureGraphic = iTextSharp.text.Image.GetInstance("logo_sign.png");
signatureAppearance.SetVisibleSignature(new iTextSharp.text.Rectangle((float)llx, (float)lly, (float)urx, (float)ury), 1, null);
MakeSignature.SignDetached(pdfStamper.SignatureAppearance, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES);
//MakeSignature.SignDetached(pdfStamper.SignatureAppearance, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES);
}
}
}
}
// Do something interesting with the signed PDF document
FileInfo signedPdfInfo = new FileInfo(signedPdfPath);
//Assert.IsTrue(signedPdfInfo.Length > signedPdfPath.Length);
}
public static void DigitalSign()
{
PdfReader reader = new PdfReader(@"C:\workspace\PDFDigitalSign\Resource\Result1.pdf");
using (FileStream fout = new FileStream(@"C:\workspace\PDFDigitalSign\Resource\Result2.pdf", FileMode.Create, FileAccess.ReadWrite))
{
// appearance
PdfStamper stamper = PdfStamper.CreateSignature(reader, fout, '\0', null, true);
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
//appearance.Reason = SignReason;
//appearance.Location = SignLocation;
appearance.SignDate = DateTime.Now.Date;
appearance.SetVisibleSignature(new iTextSharp.text.Rectangle(100, 100, 50 + 200, 50 + 100), 1, null);//.IsInvisible
// Custom text and background image
appearance.Image = iTextSharp.text.Image.GetInstance(@"C:\workspace\PDFDigitalSign\Resource\sign2.png");
appearance.ImageScale = 0.6f;
appearance.Image.Alignment = 300;
appearance.Acro6Layers = true;
StringBuilder buf = new StringBuilder();
buf.Append("Digitally Signed by ");
String name = "Sidd";
buf.Append(name).Append('\n');
buf.Append("Date: ").Append(DateTime.Now.ToString("dd-MM-yyyy HH:mm:ss zzz"));
string text = buf.ToString();
appearance.Layer2Text = text;
var pk12 = new Pkcs12Store(new System.IO.FileStream(@"C:\workspace\PDFDigitalSign\Resource\certificate.pfx", System.IO.FileMode.Open, System.IO.FileAccess.Read), "12345678".ToCharArray());
string alias = null;
foreach (string tAlias in pk12.Aliases)
{
if (pk12.IsKeyEntry(tAlias))
{
alias = tAlias;
break;
}
}
var pk = pk12.GetKey(alias).Key;
//digital signature
IExternalSignature es = new PrivateKeySignature(pk, "SHA-256");
MakeSignature.SignDetached(appearance, es, new Org.BouncyCastle.X509.X509Certificate[] { pk12.GetCertificate(alias).Certificate }, null, null, null, 0, CryptoStandard.CMS);
stamper.Close();
}
}
public byte[] signPdfWithPfxFile(string pfxFile, string pinCode, string pdfFileName)
{
PfxSigner signer = new PfxSigner(SignatureAlg.RSA_SHA256.getName(), pfxFile, pinCode);
ECertificate signatureCertificate = signer.getSignersCertificate();
Pkcs12Store store = new Pkcs12Store(new FileStream(pfxFile, FileMode.Open), pinCode.ToCharArray());
String alias = "";
string dest = AppDomain.CurrentDomain.BaseDirectory + "\\tmp.pdf";
if (File.Exists(dest))
{
File.Delete(dest);
}
ICollection <Org.BouncyCastle.X509.X509Certificate> chain = new List <Org.BouncyCastle.X509.X509Certificate>();
// searching for private key
foreach (string al in store.Aliases)
{
if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate)
{
alias = al;
break;
}
}
AsymmetricKeyEntry pk = store.GetKey(alias);
foreach (X509CertificateEntry c in store.GetCertificateChain(alias))
{
chain.Add(c.Certificate);
}
RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters;
// Creating the reader and the stamper
PdfReader reader = new PdfReader(pdfFileName);
FileStream os = new FileStream(dest, FileMode.Create);
PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0');
// Creating the appearance
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.Reason = "";
appearance.Location = "";
//appearance.SetVisibleSignature(new Rectangle(36, 748, 144, 780), 1, "sig");//don't show rectangle on pdf
// Creating the signature
IExternalSignature pks = new PrivateKeySignature(parameters, DigestAlgorithms.SHA256);
MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, CryptoStandard.CADES);
byte[] buffer = File.ReadAllBytes(dest);
File.Delete(dest);
return(buffer);
}
public void EmptySignature(String src, String dest, String fieldname, IList <X509Certificate> chain)
{
PdfReader reader = new PdfReader(src);
FileStream os = new FileStream(dest, FileMode.Create);
PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0');
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.SetVisibleSignature(new Rectangle(36, 748, 144, 780), 1, fieldname);
appearance.Certificate = chain[0];
IExternalSignatureContainer external = new ExternalBlankSignatureContainer(PdfName.ADOBE_PPKLITE,
PdfName.ADBE_PKCS7_DETACHED);
MakeSignature.SignExternalContainer(appearance, external, 8192);
}
public bool signSupportingDoc(string RefID, string DocumentPath, string CertificateSavePath, Stream privateKeyStream, string keyPassword)
{
try
{
Pkcs12Store pk12 = new Pkcs12Store(privateKeyStream, keyPassword.ToCharArray());
privateKeyStream.Dispose();
//then Iterate throught certificate entries to find the private key entry
string alias = null;
foreach (string tAlias in pk12.Aliases)
{
if (pk12.IsKeyEntry(tAlias))
{
alias = tAlias;
break;
}
}
var pk = pk12.GetKey(alias).Key;
// reader and stamper
PdfReader reader = new PdfReader(DocumentPath);
int PageCount = reader.NumberOfPages;
using (FileStream fout = new FileStream(CertificateSavePath, FileMode.Create, FileAccess.ReadWrite))
{
using (PdfStamper stamper = PdfStamper.CreateSignature(reader, fout, '\0', null, true))
{
// appearance
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
//appearance.Image = new iTextSharp.text.pdf.PdfImage();
appearance.Reason = "Sign Request (Ref : " + RefID + ")";
// appearance.Location = location; (0, 0, 320, 72) Lower left conner
appearance.SetVisibleSignature(new iTextSharp.text.Rectangle(600, 0, 400, 72), PageCount, "Icsi-Vendor");
//digital signature
IExternalSignature es = new PrivateKeySignature(pk, "SHA-256");
MakeSignature.SignDetached(appearance, es, new Org.BouncyCastle.X509.X509Certificate[] { pk12.GetCertificate(alias).Certificate }, null, null, null, 0, CryptoStandard.CMS);
stamper.Close();
}
}
return(true);
}
catch (Exception Ex)
{
ErrorLog.LogError(Ex);
return(false);
}
}
static void Main()
{
var reader = new PdfReader(Inpdf);
var stamper = PdfStamper.CreateSignature(reader, new FileStream(Outpdf, FileMode.Create, FileAccess.Write), '\0', null, true);
var appearance = stamper.SignatureAppearance;
appearance.Reason = "Testing";
appearance.Location = "Location string here";
appearance.CertificationLevel = PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED;
var cryptoBits = DoLocal(); //
//cryptoBits = DoKeyVault();
MakeSignature.SignDetached(appearance, cryptoBits.Item1, cryptoBits.Item2, null, null, null, 0, CryptoStandard.CMS);
}
