private static X509Certificate[] constructChain(Pkcs12Store pkcs12Store, string alias)
{
var certificateChains = pkcs12Store.GetCertificateChain(alias);
var chain = new X509Certificate[certificateChains.Length];
for (var k = 0; k < certificateChains.Length; ++k)
{
chain[k] = certificateChains[k].Certificate;
}
return(chain);
}
public Certificado(string rutaCompletaDelPfx, string claveDelPfx = null)
{
using (var file = File.OpenRead(rutaCompletaDelPfx))
{
var password = claveDelPfx?.ToCharArray() ?? new char[] { /* password en blanco */ };
var store = new Pkcs12Store(file, password);
var alias = GetCertificateAlias(store);
Key = store.GetKey(alias).Key;
Chain = store.GetCertificateChain(alias).Select(x => x.Certificate).ToArray();
}
}
static void Main(string[] args)
{
Parser.Default.ParseArguments <Options>(args).WithParsed <Options>(options =>
{
string keystore = options.SignatureCertificate;
char[] password = options.SignaturePassword.ToCharArray();
Pkcs12Store pkcs12Store = new Pkcs12Store(new FileStream(keystore, FileMode.Open, FileAccess.Read), password);
string keyAlias = null;
foreach (object alias in pkcs12Store.Aliases)
{
keyAlias = (string)alias;
if (pkcs12Store.IsKeyEntry(keyAlias))
{
break;
}
}
ICipherParameters key = pkcs12Store.GetKey(keyAlias).Key;
X509CertificateEntry[] certificateEntry = pkcs12Store.GetCertificateChain(keyAlias);
X509Certificate[] certificate = new X509Certificate[certificateEntry.Length];
for (int i = 0; i < certificateEntry.Length; ++i)
{
certificate[i] = certificateEntry[i].Certificate;
}
string srcPdf = options.SrcPdf;
string destPdf = System.IO.Path.GetTempFileName();
PdfReader pdfReader = new PdfReader(srcPdf);
PdfSigner pdfSigner = new PdfSigner(pdfReader, new FileStream(destPdf, FileMode.Create), new StampingProperties());
PdfSignatureAppearance appearance = pdfSigner.GetSignatureAppearance();
appearance
.SetLayer2Text(options.SignatureText)
.SetPageRect(new Rectangle(options.SignatureRectangleX, options.SignatureRectangleY, options.SignatureRectangleWidth, options.SignatureRectangleHeight))
.SetPageNumber(1);
pdfSigner.SetFieldName(options.SignatureName);
IExternalSignature privateKeySignature = new PrivateKeySignature(key, DigestAlgorithms.SHA256);
pdfSigner.SignDetached(privateKeySignature, certificate, null, null, null, 0, PdfSigner.CryptoStandard.CMS);
Console.WriteLine(destPdf);
});
}
public static void Main(String[] args)
{
Pkcs12Store store = new Pkcs12Store(new FileStream(KEYSTORE, FileMode.Open), PASSWORD);
String alias = "";
ICollection <X509Certificate> chain = new List <X509Certificate>();
// searching for private key
foreach (string al in store.Aliases)
{
if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate)
{
alias = al;
break;
}
}
AsymmetricKeyEntry pk = store.GetKey(alias);
foreach (X509CertificateEntry c in store.GetCertificateChain(alias))
{
chain.Add(c.Certificate);
}
RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters;
C2_09_SignatureTypes app = new C2_09_SignatureTypes();
app.Sign(SRC, String.Format(DEST, 1), chain, parameters, DigestAlgorithms.SHA256,
CryptoStandard.CMS, PdfSignatureAppearance.NOT_CERTIFIED, "Test 1", "Ghent");
app.Sign(SRC, String.Format(DEST, 2), chain, parameters, DigestAlgorithms.SHA512,
CryptoStandard.CMS, PdfSignatureAppearance.CERTIFIED_FORM_FILLING_AND_ANNOTATIONS, "Test 1", "Ghent");
app.Sign(SRC, String.Format(DEST, 3), chain, parameters, DigestAlgorithms.SHA256,
CryptoStandard.CADES, PdfSignatureAppearance.CERTIFIED_FORM_FILLING, "Test 1", "Ghent");
app.Sign(SRC, String.Format(DEST, 4), chain, parameters, DigestAlgorithms.RIPEMD160,
CryptoStandard.CADES, PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED, "Test 1", "Ghent");
app.AddWrongAnnotation(String.Format(DEST, 1), String.Format(DEST, "1_annotated_wrong"));
app.AddAnnotation(String.Format(DEST, 1), String.Format(DEST, "1_annotated"));
app.AddAnnotation(String.Format(DEST, 2), String.Format(DEST, "2_annotated"));
app.AddAnnotation(String.Format(DEST, 3), String.Format(DEST, "3_annotated"));
app.AddAnnotation(String.Format(DEST, 4), String.Format(DEST, "4_annotated"));
app.AddText(String.Format(DEST, 1), String.Format(DEST, "1_text"));
app.SignAgain(String.Format(DEST, 1), String.Format(DEST, "1_double"), chain, parameters, DigestAlgorithms.SHA256,
CryptoStandard.CMS, "Second signature test", "Ghent");
app.SignAgain(String.Format(DEST, 2), String.Format(DEST, "2_double"), chain, parameters, DigestAlgorithms.SHA256,
CryptoStandard.CMS, "Second signature test", "Ghent");
app.SignAgain(String.Format(DEST, 3), String.Format(DEST, "3_double"), chain, parameters, DigestAlgorithms.SHA256,
CryptoStandard.CMS, "Second signature test", "Ghent");
app.SignAgain(String.Format(DEST, 4), String.Format(DEST, "4_double"), chain, parameters, DigestAlgorithms.SHA256,
CryptoStandard.CMS, "Second signature test", "Ghent");
}
public Certificado(string caminhoPfx, string chavePfx = null)
{
using (var file = File.OpenRead(caminhoPfx)) {
var password = chavePfx.ToCharArray();
var store = new Pkcs12Store(file, password);
var alias = GetCertificateAlias(store);
Key = store.GetKey(alias).Key;
Console.Write(Key);
Chain = store.GetCertificateChain(alias).Select(x => x.Certificate).ToArray();
}
}
/// <summary>
/// 获取证书编号
/// </summary>
/// <param name="path">证书路径</param>
/// <param name="pwd">证书密码</param>
/// <returns></returns>
public static string GetCertId(string path, string pwd)
{
if (string.IsNullOrEmpty(_aliase))
{
GetPkcs12Store(path, pwd);
}
return _pkcs12Store
.GetCertificateChain(_aliase)[0]
.Certificate
.SerialNumber
.ToString();
}
public bool Open()
{
if ((filename == null) || (filename.Length == 0))
{
this.lastError = Resources.PKCS12_FILENAME_MISSING;
return(false);
}
if (!File.Exists(filename))
{
this.lastError = Resources.PKCS12_FILE_MISSING + filename;
return(false);
}
FileStream fs = new FileStream(filename, FileMode.Open);
store = new Pkcs12Store(fs, password.ToCharArray());
string alias = null;
foreach (string al in store.Aliases)
{
if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate)
{
alias = al;
break;
}
}
fs.Close();
key = store.GetKey(alias).Key;
X509CertificateEntry[] x = store.GetCertificateChain(alias);
chain = new X509Certificate[x.Length];
for (int k = 0; k < x.Length; ++k)
{
chain[k] = x[k].Certificate;
}
if (key == null)
{
this.lastError = Resources.INVALID_PKCS12_CERT_PRI_KEY_MISSING;
}
;
if (chain == null || chain.Length == 0)
{
this.lastError = Resources.INVALID_PKCS12_CERT_PUB_KEY_MISSING;
}
return(key != null && chain != null && chain.Length > 0);
}
public byte[] signPdfWithPfxFile(string pfxFile, string pinCode, string pdfFileName)
{
PfxSigner signer = new PfxSigner(SignatureAlg.RSA_SHA256.getName(), pfxFile, pinCode);
ECertificate signatureCertificate = signer.getSignersCertificate();
Pkcs12Store store = new Pkcs12Store(new FileStream(pfxFile, FileMode.Open), pinCode.ToCharArray());
String alias = "";
string dest = AppDomain.CurrentDomain.BaseDirectory + "\\tmp.pdf";
if (File.Exists(dest))
{
File.Delete(dest);
}
ICollection <Org.BouncyCastle.X509.X509Certificate> chain = new List <Org.BouncyCastle.X509.X509Certificate>();
// searching for private key
foreach (string al in store.Aliases)
{
if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate)
{
alias = al;
break;
}
}
AsymmetricKeyEntry pk = store.GetKey(alias);
foreach (X509CertificateEntry c in store.GetCertificateChain(alias))
{
chain.Add(c.Certificate);
}
RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters;
// Creating the reader and the stamper
PdfReader reader = new PdfReader(pdfFileName);
FileStream os = new FileStream(dest, FileMode.Create);
PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0');
// Creating the appearance
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.Reason = "";
appearance.Location = "";
//appearance.SetVisibleSignature(new Rectangle(36, 748, 144, 780), 1, "sig");//don't show rectangle on pdf
// Creating the signature
IExternalSignature pks = new PrivateKeySignature(parameters, DigestAlgorithms.SHA256);
MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, CryptoStandard.CADES);
byte[] buffer = File.ReadAllBytes(dest);
File.Delete(dest);
return(buffer);
}
public static void Main(String[] args)
{
DirectoryInfo directory = new DirectoryInfo(DEST);
directory.Create();
Properties properties = new Properties();
// Specify the correct path to the certificate
properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open, FileAccess.Read));
String path = properties.GetProperty("PRIVATE");
char[] pass = properties.GetProperty("PASSWORD").ToCharArray();
String tsaUrl = properties.GetProperty("TSAURL");
String tsaUser = properties.GetProperty("TSAUSERNAME");
String tsaPass = properties.GetProperty("TSAPASSWORD");
Pkcs12Store pk12 = new Pkcs12Store(new FileStream(path, FileMode.Open, FileAccess.Read), pass);
string alias = null;
foreach (var a in pk12.Aliases)
{
alias = ((string)a);
if (pk12.IsKeyEntry(alias))
{
break;
}
}
ICipherParameters pk = pk12.GetKey(alias).Key;
X509CertificateEntry[] ce = pk12.GetCertificateChain(alias);
X509Certificate[] chain = new X509Certificate[ce.Length];
for (int k = 0; k < ce.Length; ++k)
{
chain[k] = ce[k].Certificate;
}
IOcspClient ocspClient = new OcspClientBouncyCastle(null);
/* Create an instance of TSAClientBouncyCastle, an implementation of TSAClient.
* Pass the timestamp authority server url.
* Note that not all TSA would require user credentials.
*/
ITSAClient tsaClient = new TSAClientBouncyCastle(tsaUrl, tsaUser, tsaPass);
new C3_09_SignWithTSA().Sign(SRC, DEST + RESULT_FILES[0], chain, pk,
DigestAlgorithms.SHA256, PdfSigner.CryptoStandard.CMS,
"Test", "Ghent", null, ocspClient, tsaClient, 0);
}
public async Task <byte[]> Sign(byte[] source, SigningProperties signingProperties)
{
using (var inputStream = new MemoryStream(source))
using (var reader = new PdfReader(inputStream))
using (var outputStream = new MemoryStream())
{
var stampProps = new StampingProperties();
var signer = new PdfSigner(reader, outputStream, stampProps);
signer.SetCertificationLevel(PdfSigner.CERTIFIED_NO_CHANGES_ALLOWED);
var sap = signer.GetSignatureAppearance();
sap.SetLocation(signingProperties.Location);
sap.SetReason(signingProperties.Reason);
sap.SetReuseAppearance(false);
var certData = await s3Repository.GetDocument(signingProperties.Bucket, signingProperties.Key);
// code from https://stackoverflow.com/questions/12470498/how-to-read-the-pfx-file
using (var keyStream = new MemoryStream(certData))
{
var passphrase = signingProperties.Password;
if (signingProperties.KMSData != null)
{
// key is encrypted with KSM
var key = await kSMRepository.GetKey(signingProperties.KMSData);
passphrase = kSMRepository.DecryptData(passphrase, key);
}
var store = new Pkcs12Store(keyStream, signingProperties.Password.ToCharArray());
string alias = store.Aliases.OfType <string>().First(x => store.IsKeyEntry(x));
var privateKey = store.GetKey(alias).Key;
var keyChain = store.GetCertificateChain(alias)
.Select(x => x.Certificate).ToArray();
IExternalSignature externalSignature = new PrivateKeySignature(privateKey, DigestAlgorithms.SHA256);
signer.SignDetached(externalSignature, keyChain, null, null, null, 0, PdfSigner.CryptoStandard.CADES);
return(outputStream.ToArray());
}
}
}
public static void Main(String[] args)
{
DirectoryInfo directory = new DirectoryInfo(DEST);
directory.Create();
Pkcs12Store pk12 = new Pkcs12Store(new FileStream(KEYSTORE, FileMode.Open, FileAccess.Read), PASSWORD);
string alias = null;
foreach (var a in pk12.Aliases)
{
alias = ((string)a);
if (pk12.IsKeyEntry(alias))
{
break;
}
}
ICipherParameters pk = pk12.GetKey(alias).Key;
X509CertificateEntry[] ce = pk12.GetCertificateChain(alias);
X509Certificate[] chain = new X509Certificate[ce.Length];
for (int k = 0; k < ce.Length; ++k)
{
chain[k] = ce[k].Certificate;
}
ImageData image = ImageDataFactory.Create(IMG);
C2_07_SignatureAppearances app = new C2_07_SignatureAppearances();
String signatureName = "Signature1";
String location = "Ghent";
app.Sign(SRC, signatureName, DEST + RESULT_FILES[0], chain, pk,
DigestAlgorithms.SHA256, PdfSigner.CryptoStandard.CMS,
"Appearance 1", location, PdfSignatureAppearance.RenderingMode.DESCRIPTION, null);
app.Sign(SRC, signatureName, DEST + RESULT_FILES[1], chain, pk,
DigestAlgorithms.SHA256, PdfSigner.CryptoStandard.CMS,
"Appearance 2", location, PdfSignatureAppearance.RenderingMode.NAME_AND_DESCRIPTION, null);
app.Sign(SRC, signatureName, DEST + RESULT_FILES[2], chain, pk,
DigestAlgorithms.SHA256, PdfSigner.CryptoStandard.CMS,
"Appearance 3", location, PdfSignatureAppearance.RenderingMode.GRAPHIC_AND_DESCRIPTION, image);
app.Sign(SRC, signatureName, DEST + RESULT_FILES[3], chain, pk,
DigestAlgorithms.SHA256, PdfSigner.CryptoStandard.CMS,
"Appearance 4", location, PdfSignatureAppearance.RenderingMode.GRAPHIC, image);
}
private void RefreshStore()
{
_listItems.Clear();
foreach (String alias in _store.Aliases)
{
KeyStoreEntryType entryType;
if (_store.IsCertificateEntry(alias))
{
entryType = KeyStoreEntryType.TrustCertEntry;
}
else if (_store.IsKeyEntry(alias) && _store.GetCertificateChain(alias) != null &&
_store.GetCertificateChain(alias).Length != 0)
{
entryType = KeyStoreEntryType.KeyPairEntry;
}
else
{
entryType = KeyStoreEntryType.KeyEntry;
}
X509Certificate cert = _store.GetCertificate(alias).Certificate;
_listItems.Add(new ListItemEntry(entryType, alias, cert,
Repository.Instance.IsRevokedCertificate(cert.SerialNumber.ToString())));
}
}
public static void Main(String[] args)
{
DirectoryInfo directory = new DirectoryInfo(DEST);
directory.Create();
Properties properties = new Properties();
// Specify the correct path to the certificate
properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open, FileAccess.Read));
String path = properties.GetProperty("PRIVATE");
char[] pass = properties.GetProperty("PASSWORD").ToCharArray();
Pkcs12Store pk12 = new Pkcs12Store(new FileStream(path, FileMode.Open, FileAccess.Read), pass);
string alias = null;
foreach (var a in pk12.Aliases)
{
alias = ((string)a);
if (pk12.IsKeyEntry(alias))
{
break;
}
}
ICipherParameters pk = pk12.GetKey(alias).Key;
X509CertificateEntry[] ce = pk12.GetCertificateChain(alias);
X509Certificate[] chain = new X509Certificate[ce.Length];
for (int k = 0; k < ce.Length; ++k)
{
chain[k] = ce[k].Certificate;
}
/* Create a CrlClientOnline instance with specified Certificate Revocation List's URL.
* The exact URL for the CRL access point is specific for every CA provider.
* This one is specific for CAcert certificates.
*/
ICrlClient crlClient = new CrlClientOnline("https://crl.cacert.org/revoke.crl");
IList <ICrlClient> crlList = new List <ICrlClient>();
crlList.Add(crlClient);
new C3_04_SignWithCRLOnline().Sign(SRC, DEST + RESULT_FILES[0], chain, pk,
DigestAlgorithms.SHA256, PdfSigner.CryptoStandard.CMS,
"Test", "Ghent", crlList, null, null, 0);
}
private void processCert()
{
string alias = null;
Pkcs12Store pk12;
//First we'll read the certificate file
Stream fs;
if (this.path != null)
{
fs = new FileStream(this.Path, FileMode.Open, FileAccess.Read);
}
else
{
fs = new MemoryStream(this.rawData);
}
pk12 = new Pkcs12Store(fs, this.password.ToCharArray());
//then Iterate throught certificate entries to find the private key entry
foreach (string al in pk12.Aliases)
{
if (pk12.IsKeyEntry(al) && pk12.GetKey(al).Key.IsPrivate)
{
alias = al;
break;
}
}
//IEnumerator i = pk12.Aliases.GetEnumerator();
//while (i.MoveNext())
//{
// alias = ((string)i.Current);
// if (pk12.IsKeyEntry(alias))
// break;
//}
fs.Close();
this.akp = pk12.GetKey(alias).Key;
X509CertificateEntry[] ce = pk12.GetCertificateChain(alias);
this.chain = new Org.BouncyCastle.X509.X509Certificate[ce.Length];
for (int k = 0; k < ce.Length; ++k)
{
chain[k] = ce[k].Certificate;
}
//this.tsc = new TSAClientBouncyCastle("http://www.ca-soft.com/request.aspx", TSA_ACCNT, TSA_PASSW);
//this.tsc = new TSAClientBouncyCastle("http://www.ca-soft.com/request.aspx");
}
virtual public void XmlDSigRsaKS()
{
Directory.CreateDirectory(DestDir);
String filename = "xfa.signed.pdf";
String output = DestDir + filename;
MemoryStream ks = new MemoryStream();
using (FileStream reader = new FileStream(KEYSTORE, FileMode.Open)) {
byte[] buffer = new byte[reader.Length];
reader.Read(buffer, 0, (int)reader.Length);
ks.Write(buffer, 0, buffer.Length);
ks.Position = 0;
}
Pkcs12Store store = new Pkcs12Store(ks, PASSWORD.ToCharArray());
String alias = "";
List <X509Certificate> chain = new List <X509Certificate>();
// searching for private key
foreach (string al in store.Aliases)
{
if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate)
{
alias = al;
break;
}
}
AsymmetricKeyEntry pk = store.GetKey(alias);
foreach (X509CertificateEntry c in store.GetCertificateChain(alias))
{
chain.Add(c.Certificate);
}
RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters;
SignWithCertificate(Src, output, parameters, chain.ToArray(), DigestAlgorithms.SHA1);
String cmp = SaveXmlFromResult(output);
Assert.IsTrue(VerifySignature(cmp), "XmlDSig Verification");
Assert.IsTrue(CompareXmls(cmp, CmpDir + filename.Replace(".pdf", ".xml")));
}
public void SignDocument(SigningDocument signingDocument)
{
string KEYSTORE = $"{signingDocument.CertificatDestination}";
char[] PASSWORD = $"{signingDocument.Password}".ToCharArray();
Pkcs12Store pk12 = new Pkcs12Store(new FileStream(KEYSTORE,
FileMode.Open, FileAccess.Read), PASSWORD);
string alias = null;
foreach (object a in pk12.Aliases)
{
alias = ((string)a);
if (pk12.IsKeyEntry(alias))
{
break;
}
}
ICipherParameters pk = pk12.GetKey(alias).Key;
X509CertificateEntry[] ce = pk12.GetCertificateChain(alias);
Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[ce.Length];
for (int k = 0; k < ce.Length; ++k)
{
chain[k] = ce[k].Certificate;
}
var f = signingDocument.File.OpenReadStream();
string DEST = $"{signingDocument.destinationSave}\\Signed{signingDocument.File.FileName}";
PdfReader p = new PdfReader(f);
PdfSigner signer = new PdfSigner(p, new FileStream(DEST, FileMode.Create),
new StampingProperties());
PdfSignatureAppearance appearance = signer.GetSignatureAppearance();
appearance.SetLocation(signingDocument.Location)
.SetPageRect(new Rectangle(425, 0, 150, 75))
.SetPageNumber(1);
signer.SetFieldName("MyFieldName");
IExternalSignature pks = new PrivateKeySignature(pk, DigestAlgorithms.SHA256);
signer.SignDetached(pks, chain, null, null, null, 0, PdfSigner.CryptoStandard.CMS);
}
void LoadPkcs12(Stream stream, string password)
{
var pkcs12 = new Pkcs12Store(stream, password.ToCharArray());
bool hasPrivateKey = false;
foreach (string alias in pkcs12.Aliases)
{
if (!pkcs12.IsKeyEntry(alias))
{
continue;
}
var chain = pkcs12.GetCertificateChain(alias);
var key = pkcs12.GetKey(alias);
if (!key.Key.IsPrivate)
{
continue;
}
hasPrivateKey = true;
if (chain.Length == 0 || !CanSign(chain[0].Certificate))
{
continue;
}
CertificateChain = new X509CertificateChain();
Certificate = chain[0].Certificate;
PrivateKey = key.Key;
foreach (var entry in chain)
{
CertificateChain.Add(entry.Certificate);
}
return;
}
if (!hasPrivateKey)
{
throw new ArgumentException("The stream did not contain a private key.", nameof(stream));
}
throw new ArgumentException("The stream did not contain a certificate that could be used to create digital signatures.", nameof(stream));
}
public static void Main(String[] args)
{
DirectoryInfo directory = new DirectoryInfo(DEST);
directory.Create();
Properties properties = new Properties();
/* This properties file should contain a CAcert certificate that belongs to the user,
* according to the original sample purpose. However right now it contains a simple
* self-signed certificate in p12 format, which serves as a stub.
*/
properties.Load(new FileStream("../../../resources/encryption/signkey.properties",
FileMode.Open, FileAccess.Read));
// Get path to the p12 file
String path = properties.GetProperty("PRIVATE");
// Get a password
char[] pass = properties.GetProperty("PASSWORD").ToCharArray();
Pkcs12Store pk12 = new Pkcs12Store(new FileStream(path, FileMode.Open, FileAccess.Read), pass);
string alias = null;
foreach (var a in pk12.Aliases)
{
alias = ((string)a);
if (pk12.IsKeyEntry(alias))
{
break;
}
}
ICipherParameters pk = pk12.GetKey(alias).Key;
X509CertificateEntry[] ce = pk12.GetCertificateChain(alias);
X509Certificate[] chain = new X509Certificate[ce.Length];
for (int k = 0; k < ce.Length; ++k)
{
chain[k] = ce[k].Certificate;
}
new C3_01_SignWithCAcert().Sign(SRC, DEST + RESULT_FILES[0], chain, pk,
DigestAlgorithms.SHA256, PdfSigner.CryptoStandard.CMS,
"Test", "Ghent", null, null, null, 0);
}
public static void Main(String[] args)
{
DirectoryInfo directory = new DirectoryInfo(DEST);
directory.Create();
Pkcs12Store pk12 = new Pkcs12Store(new FileStream(KEYSTORE, FileMode.Open, FileAccess.Read), PASSWORD);
string alias = null;
foreach (var a in pk12.Aliases)
{
alias = ((string)a);
if (pk12.IsKeyEntry(alias))
{
break;
}
}
ICipherParameters pk = pk12.GetKey(alias).Key;
X509CertificateEntry[] ce = pk12.GetCertificateChain(alias);
X509Certificate[] chain = new X509Certificate[ce.Length];
for (int k = 0; k < ce.Length; ++k)
{
chain[k] = ce[k].Certificate;
}
C2_06_SignatureAppearance app = new C2_06_SignatureAppearance();
app.Sign1(SRC, "Signature1", DEST + RESULT_FILES[0], chain, pk,
DigestAlgorithms.SHA256, PdfSigner.CryptoStandard.CMS,
"Custom appearance example", "Ghent");
app.Sign2(SRC, "Signature1", DEST + RESULT_FILES[1], chain, pk,
DigestAlgorithms.SHA256, PdfSigner.CryptoStandard.CMS,
"Custom appearance example", "Ghent");
app.Sign3(SRC, "Signature1", DEST + RESULT_FILES[2], chain, pk,
DigestAlgorithms.SHA256, PdfSigner.CryptoStandard.CMS,
"Custom appearance example", "Ghent");
app.Sign4(SRC, "Signature1", DEST + RESULT_FILES[3], chain, pk,
DigestAlgorithms.SHA256, PdfSigner.CryptoStandard.CMS,
"Custom appearance example", "Ghent");
}
public static void Main(String[] args)
{
DirectoryInfo directory = new DirectoryInfo(DEST);
directory.Create();
Properties properties = new Properties();
// Specify the correct path to the certificate
properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open, FileAccess.Read));
String path = properties.GetProperty("PRIVATE");
char[] pass = properties.GetProperty("PASSWORD").ToCharArray();
Pkcs12Store pk12 = new Pkcs12Store(new FileStream(path, FileMode.Open, FileAccess.Read), pass);
string alias = null;
foreach (var a in pk12.Aliases)
{
alias = ((string)a);
if (pk12.IsKeyEntry(alias))
{
break;
}
}
ICipherParameters pk = pk12.GetKey(alias).Key;
X509CertificateEntry[] ce = pk12.GetCertificateChain(alias);
X509Certificate[] chain = new X509Certificate[ce.Length];
for (int k = 0; k < ce.Length; ++k)
{
chain[k] = ce[k].Certificate;
}
/* Create an instance of OcspClientBouncyCastle, an implementation of OcspClient.
* In the current sample it is not needed to verify the OCSP response,
* that is why null is passed as verifier parameter.
*/
IOcspClient ocspClient = new OcspClientBouncyCastle(null);
new C3_07_SignWithOCSP().Sign(SRC, DEST + RESULT_FILES[0], chain, pk,
DigestAlgorithms.SHA256, PdfSigner.CryptoStandard.CMS,
"Test", "Ghent", null, ocspClient, null, 0);
}
void LoadPkcs12(Stream stream, string password)
{
var pkcs12 = new Pkcs12Store(stream, password.ToCharArray());
foreach (string alias in pkcs12.Aliases)
{
if (!pkcs12.IsKeyEntry(alias))
{
continue;
}
var chain = pkcs12.GetCertificateChain(alias);
var key = pkcs12.GetKey(alias);
if (!key.Key.IsPrivate || chain.Length == 0)
{
continue;
}
var flags = chain[0].Certificate.GetKeyUsageFlags();
if (flags != X509KeyUsageFlags.None && (flags & SecureMimeContext.DigitalSignatureKeyUsageFlags) == 0)
{
continue;
}
CheckCertificateCanBeUsedForSigning(chain[0].Certificate);
CertificateChain = new X509CertificateChain();
Certificate = chain[0].Certificate;
PrivateKey = key.Key;
foreach (var entry in chain)
{
CertificateChain.Add(entry.Certificate);
}
break;
}
if (PrivateKey == null)
{
throw new ArgumentException("The stream did not contain a private key.", "stream");
}
}
/// <summary>
/// Imports certificates and private keys from the specified stream.
/// </summary>
/// <remarks>
/// <para>Imports certificates and private keys from the specified pkcs12 stream.</para>
/// </remarks>
/// <param name="stream">The stream to import.</param>
/// <param name="password">The password to unlock the stream.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="stream"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="password"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="System.IO.IOException">
/// An error occurred reading the stream.
/// </exception>
public void Import(Stream stream, string password)
{
if (stream == null)
{
throw new ArgumentNullException(nameof(stream));
}
if (password == null)
{
throw new ArgumentNullException(nameof(password));
}
var pkcs12 = new Pkcs12Store(stream, password.ToCharArray());
foreach (string alias in pkcs12.Aliases)
{
if (pkcs12.IsKeyEntry(alias))
{
var chain = pkcs12.GetCertificateChain(alias);
var entry = pkcs12.GetKey(alias);
for (int i = 0; i < chain.Length; i++)
{
if (unique.Add(chain[i].Certificate))
{
certs.Add(chain[i].Certificate);
}
}
if (entry.Key.IsPrivate)
{
keys.Add(chain[0].Certificate, entry.Key);
}
}
else if (pkcs12.IsCertificateEntry(alias))
{
var entry = pkcs12.GetCertificate(alias);
if (unique.Add(entry.Certificate))
{
certs.Add(entry.Certificate);
}
}
}
}
/// <summary>
///
/// </summary>
/// <param name="certificate"></param>
/// <param name="certPwd"></param>
/// <returns></returns>
public static UnionPayCertificate GetSignCertificate(string certificate, string certPwd)
{
FileStream fs = null;
var Certificate = new UnionPayCertificate();
try
{
fs = new FileStream(certificate, FileMode.Open, FileAccess.Read);
var store = new Pkcs12Store(fs, certPwd.ToCharArray());
var alias = string.Empty;
foreach (string n in store.Aliases)
{
if (store.IsKeyEntry(n))
{
alias = n;
}
}
var chain = store.GetCertificateChain(alias);
var cert = chain[0].Certificate;
Certificate.key = store.GetKey(alias).Key;
Certificate.cert = cert;
Certificate.certId = cert.SerialNumber.ToString();
//return new UnionPayCertificate
//{
// key = store.GetKey(alias).Key,
// cert = cert,
// certId = cert.SerialNumber.ToString()
//};
}
catch (Exception e)
{
throw new Exception(e.Message);
}
finally
{
if (fs != null)
{
fs.Close();
}
}
return(Certificate);
}
/// <summary>
/// Electronically signs the PDF of agreement report.
/// </summary>
/// <param name="id">Employee's ID.</param>
/// <param name="pfxPath">Path of PFX file.</param>
/// <param name="password">Password to open PFX.</param>
public static void SignPDF(int id, string pfxPath, char[] password)
{
ICipherParameters privateKey;
X509Certificate[] chain;
using (var fileStream = new FileStream(pfxPath, FileMode.Open, FileAccess.Read)) {
var pk12 = new Pkcs12Store(fileStream, password);
string alias = null;
foreach (object a in pk12.Aliases)
{
alias = a as string;
if (pk12.IsKeyEntry(alias))
{
break;
}
}
privateKey = pk12.GetKey(alias).Key;
var certificate = pk12.GetCertificateChain(alias);
chain = new X509Certificate[certificate.Length];
for (int k = 0; k < certificate.Length; ++k)
{
chain[k] = certificate[k].Certificate;
}
}
using (var reader = new PdfReader(ReportGenerator.GetReportPath(id)))
using (var fileStream = new FileStream(ReportGenerator.GetReportPath(id, "_SIGNED"), FileMode.Create)) {
var signer = new PdfSigner(reader, fileStream, new StampingProperties());
int lastPage;
using (var r = new PdfReader(ReportGenerator.GetReportPath(id)))
using (var document = new PdfDocument(r)) {
lastPage = document.GetNumberOfPages();
}
var appearance = signer.GetSignatureAppearance()
.SetReason("Me comprometo al uso responsable del software especificado en este documento.")
.SetPageRect(new Rectangle(100, 1000, 200, 100))
.SetPageNumber(lastPage);
signer.SetFieldName("MyFieldName");
var pks = new PrivateKeySignature(privateKey, DigestAlgorithms.SHA256);
signer.SignDetached(pks, chain, null, null, null, 0, PdfSigner.CryptoStandard.CMS);
}
}
public static void Main(String[] args)
{
DirectoryInfo directory = new DirectoryInfo(DEST);
directory.Create();
Properties properties = new Properties();
// Specify the correct path to the certificate
properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open, FileAccess.Read));
String path = properties.GetProperty("PRIVATE");
char[] pass = properties.GetProperty("PASSWORD").ToCharArray();
Pkcs12Store pk12 = new Pkcs12Store(new FileStream(path, FileMode.Open, FileAccess.Read), pass);
string alias = null;
foreach (var a in pk12.Aliases)
{
alias = ((string)a);
if (pk12.IsKeyEntry(alias))
{
break;
}
}
ICipherParameters pk = pk12.GetKey(alias).Key;
X509CertificateEntry[] ce = pk12.GetCertificateChain(alias);
X509Certificate[] chain = new X509Certificate[ce.Length];
for (int k = 0; k < ce.Length; ++k)
{
chain[k] = ce[k].Certificate;
}
IList <ICrlClient> crlList = new List <ICrlClient>();
// Add the default implementation of the CrlClientOnline
crlList.Add(new CrlClientOnline());
new C3_03_SignWithCRLDefaultImp().Sign(SRC, DEST + RESULT_FILES[0], chain, pk,
DigestAlgorithms.SHA256, PdfSigner.CryptoStandard.CMS,
"Test", "Ghent", crlList, null, null, 0);
}
/// <summary>
/// 初始化签名证书
/// </summary>
/// <param name="certPath">证书路径</param>
/// <param name="certPwd">密码</param>
private static void InitSignCert(string certPath, string certPwd)
{
Log.Info("读取签名证书……,地址:" + certPath);
FileStream fileStream = null;
try
{
if (File.Exists(certPath))
{
Cert signCert = new Cert();
using (fileStream = new FileStream(certPath, FileMode.Open))
{
Pkcs12Store store = new Pkcs12Store(fileStream, certPwd.ToCharArray());
string pName = null;
foreach (string n in store.Aliases)
{
if (store.IsKeyEntry(n))
{
pName = n;
//break;
}
}
signCert.AsymmetricKey = store.GetKey(pName).Key;
X509CertificateEntry[] chain = store.GetCertificateChain(pName);
signCert.X509Certificate = chain[0].Certificate;
signCert.CertId = signCert.X509Certificate.SerialNumber.ToString();
SignCerts[certPath] = signCert;
}
Log.Info("签名证书读取成功,序列号:" + signCert.CertId);
}
}
finally
{
if (fileStream != null)
{
fileStream.Close();
}
}
}
private static void initSignCert(string certPath, string certPwd)
{
log.Info("读取签名证书:" + certPath);
FileStream fileStream = null;
try
{
fileStream = new FileStream(certPath, FileMode.Open, FileAccess.Read);
Pkcs12Store store = new Pkcs12Store(fileStream, certPwd.ToCharArray());
string pName = null;
foreach (string n in store.Aliases)
{
if (store.IsKeyEntry(n))
{
pName = n;
//break;
}
}
Cert signCert = new Cert();
signCert.key = store.GetKey(pName).Key;
X509CertificateEntry[] chain = store.GetCertificateChain(pName);
signCert.cert = chain[0].Certificate;
signCert.certId = signCert.cert.SerialNumber.ToString();
signCerts[certPath] = signCert;
log.Info("签名证书读取成功,序列号:" + signCert.certId);
}
catch (Exception e)
{
log.Error("签名证书读取失败,异常:" + e);
}
finally
{
if (fileStream != null)
{
fileStream.Close();
}
}
}
public void XadesBesRsaPackage()
{
Directory.CreateDirectory(DestDir);
String filename = "xfa.signed.bes.package.pdf";
String output = DestDir + filename;
MemoryStream ks = new MemoryStream();
using (FileStream reader = new FileStream(KEYSTORE, FileMode.Open)) {
byte[] buffer = new byte[reader.Length];
reader.Read(buffer, 0, (int)reader.Length);
ks.Write(buffer, 0, buffer.Length);
ks.Position = 0;
}
Pkcs12Store store = new Pkcs12Store(ks, PASSWORD.ToCharArray());
String alias = "";
List <X509Certificate> chain = new List <X509Certificate>();
// searching for private key
foreach (string al in store.Aliases)
{
if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate)
{
alias = al;
break;
}
}
AsymmetricKeyEntry pk = store.GetKey(alias);
foreach (X509CertificateEntry c in store.GetCertificateChain(alias))
{
chain.Add(c.Certificate);
}
RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters;
SignBesPackage(Src, output, XfaXpathConstructor.XdpPackage.Template, parameters, chain.ToArray(), DigestAlgorithms.SHA1);
String cmp = SaveXmlFromResult(output);
}
static void LoadPkcs12(string path, string password, out List <X509Certificate> certificates, out AsymmetricKeyParameter privateKey)
{
certificates = null;
privateKey = null;
using (var stream = File.OpenRead(path)) {
var pkcs12 = new Pkcs12Store(stream, password.ToCharArray());
foreach (string alias in pkcs12.Aliases)
{
if (!pkcs12.IsKeyEntry(alias))
{
continue;
}
var chain = pkcs12.GetCertificateChain(alias);
var key = pkcs12.GetKey(alias);
if (!key.Key.IsPrivate || chain.Length == 0)
{
continue;
}
var flags = chain[0].Certificate.GetKeyUsageFlags();
if (flags != X509KeyUsageFlags.None && (flags & SecureMimeContext.DigitalSignatureKeyUsageFlags) == 0)
{
continue;
}
certificates = new List <X509Certificate> ();
certificates.Add(chain[0].Certificate);
privateKey = key.Key;
foreach (var entry in chain)
{
certificates.Add(entry.Certificate);
}
return;
}
}
}
public static void Main(String[] args)
{
Properties properties = new Properties();
properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open));
String path = properties["PRIVATE"];
char[] pass = properties["PASSWORD"].ToCharArray();
String tsaUrl = properties["TSAURL"];
String tsaUser = properties["TSAUSERNAME"];
String tsaPass = properties["TSAPASSWORD"];
Pkcs12Store ks = new Pkcs12Store();
ks.Load(new FileStream(path, FileMode.Open), pass);
String alias = "";
foreach (string al in ks.Aliases)
{
if (ks.IsKeyEntry(al) && ks.GetKey(al).Key.IsPrivate)
{
alias = al;
break;
}
}
AsymmetricKeyParameter pk = ks.GetKey(alias).Key;
IList <X509Certificate> chain = new List <X509Certificate>();
foreach (X509CertificateEntry entry in ks.GetCertificateChain(alias))
{
chain.Add(entry.Certificate);
}
IOcspClient ocspClient = new OcspClientBouncyCastle();
TSAClientBouncyCastle tsaClient = new TSAClientBouncyCastle(tsaUrl, tsaUser, tsaPass);
tsaClient.SetTSAInfo(new TSAInfoTimeStampLogger());
C3_01_SignWithCAcert.Sign(DEST, chain, pk, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Test",
"Ghent",
null, ocspClient, tsaClient, 0);
Console.ReadKey();
}
