public override IDictionary <DerObjectIdentifier, Asn1Encodable> GetSignedAttributes(SignatureParameters parameters) { var signedAttrs = base.GetSignedAttributes(parameters); Attribute policy; SignaturePolicyIdentifier sigPolicy; switch (parameters.SignaturePolicy) { case SignaturePolicy.EXPLICIT: { sigPolicy = new SignaturePolicyIdentifier( new SignaturePolicyId(new DerObjectIdentifier(parameters.SignaturePolicyID), new OtherHashAlgAndValue(new AlgorithmIdentifier(new DerObjectIdentifier(DigestAlgorithm.GetByName(parameters.SignaturePolicyHashAlgo).OID)), new DerOctetString(parameters.SignaturePolicyHashValue)))); policy = new Attribute(PkcsObjectIdentifiers.IdAAEtsSigPolicyID, new DerSet(sigPolicy)); signedAttrs.Add(PkcsObjectIdentifiers.IdAAEtsSigPolicyID, policy); break; } case SignaturePolicy.IMPLICIT: { sigPolicy = new SignaturePolicyIdentifier(); policy = new Attribute(PkcsObjectIdentifiers.IdAAEtsSigPolicyID, new DerSet(sigPolicy)); signedAttrs.Add(PkcsObjectIdentifiers.IdAAEtsSigPolicyID, policy); break; } case SignaturePolicy.NO_POLICY: { break; } } return(signedAttrs); }
/// <summary> /// Método para crear el atributo que contiene la información sobre la politica de firma /// </summary> /// <param name="parameters"></param> /// <returns></returns> private BcCms.Attribute MakeSignaturePolicyAttribute(SignatureParameters parameters) { SignaturePolicyIdentifier sigPolicy = new SignaturePolicyIdentifier(new SignaturePolicyId(new DerObjectIdentifier (parameters.SignaturePolicyInfo.PolicyIdentifier), new OtherHashAlgAndValue(new AlgorithmIdentifier(parameters.SignaturePolicyInfo.PolicyDigestAlgorithm.Oid), new DerOctetString(System.Convert.FromBase64String(parameters.SignaturePolicyInfo.PolicyHash))))); return(new BcCms.Attribute(PkcsObjectIdentifiers.IdAAEtsSigPolicyID, new DerSet(sigPolicy))); }
//internal override IDictionary<DerObjectIdentifier, Asn1Encodable> GetSignedAttributes internal override IDictionary GetSignedAttributes (SignatureParameters parameters) { try { //IDictionary<DerObjectIdentifier, Asn1Encodable> signedAttrs = base.GetSignedAttributes(parameters); IDictionary signedAttrs = base.GetSignedAttributes(parameters); Attribute policy = null; SignaturePolicyIdentifier sigPolicy = null; switch (parameters.SignaturePolicy) { case SignaturePolicy.EXPLICIT: { sigPolicy = new SignaturePolicyIdentifier(new SignaturePolicyId(new DerObjectIdentifier (parameters.SignaturePolicyID), new OtherHashAlgAndValue(new AlgorithmIdentifier (DigestAlgorithm.GetByName(parameters.SignaturePolicyHashAlgo).GetOid()), new DerOctetString(parameters.SignaturePolicyHashValue)))); policy = new Attribute(PkcsObjectIdentifiers.IdAAEtsSigPolicyID, new DerSet(sigPolicy )); signedAttrs.Add(PkcsObjectIdentifiers.IdAAEtsSigPolicyID, policy); break; } case SignaturePolicy.IMPLICIT: { sigPolicy = new SignaturePolicyIdentifier(); //sigPolicy.IsSignaturePolicyImplied(); TODO jbonilla - validar policy = new Attribute(PkcsObjectIdentifiers.IdAAEtsSigPolicyID, new DerSet(sigPolicy )); signedAttrs.Add(PkcsObjectIdentifiers.IdAAEtsSigPolicyID, policy); break; } case SignaturePolicy.NO_POLICY: { break; } } return(signedAttrs); } catch (NoSuchAlgorithmException ex) { throw new ProfileException(ex.Message); } }
public virtual void PadesEpesProfileTest01() { String notExistingSignaturePolicyOid = "2.16.724.631.3.1.124.2.29.9"; DerObjectIdentifier asn1PolicyOid = DerObjectIdentifier.GetInstance(new DerObjectIdentifier(notExistingSignaturePolicyOid )); AlgorithmIdentifier hashAlg = new AlgorithmIdentifier(new DerObjectIdentifier(DigestAlgorithms.GetAllowedDigest ("SHA1"))); // indicate that the policy hash value is not known; see ETSI TS 101 733 V2.2.1, 5.8.1 byte[] zeroSigPolicyHash = new byte[] { 0 }; DerOctetString hash = new DerOctetString(zeroSigPolicyHash); SignaturePolicyId signaturePolicyId = new SignaturePolicyId(asn1PolicyOid, new OtherHashAlgAndValue(hashAlg , hash)); SignaturePolicyIdentifier sigPolicyIdentifier = new SignaturePolicyIdentifier(signaturePolicyId); SignApproval(certsSrc + "signCertRsa01.p12", destinationFolder + "padesEpesProfileTest01.pdf", sigPolicyIdentifier ); BasicCheckSignedDoc(destinationFolder + "padesEpesProfileTest01.pdf", "Signature1"); }
public virtual void ToSignaturePolicyIdentifierTest() { SignaturePolicyIdentifier actual = new SignaturePolicyInfo(POLICY_IDENTIFIER, POLICY_HASH, POLICY_DIGEST_ALGORITHM , POLICY_URI).ToSignaturePolicyIdentifier(); DerIA5String deria5String = new DerIA5String(POLICY_URI); SigPolicyQualifierInfo sigPolicyQualifierInfo = new SigPolicyQualifierInfo(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdSpqEtsUri , deria5String); DerOctetString derOctetString = new DerOctetString(POLICY_HASH); String algId = DigestAlgorithms.GetAllowedDigest(POLICY_DIGEST_ALGORITHM); DerObjectIdentifier asn1ObjectIdentifier = new DerObjectIdentifier(algId); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(asn1ObjectIdentifier); OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(algorithmIdentifier, derOctetString); DerObjectIdentifier derObjectIdentifier = new DerObjectIdentifier(POLICY_IDENTIFIER); DerObjectIdentifier derObjectIdentifierInstance = DerObjectIdentifier.GetInstance(derObjectIdentifier); SignaturePolicyId signaturePolicyId = new SignaturePolicyId(derObjectIdentifierInstance, otherHashAlgAndValue , SignUtils.CreateSigPolicyQualifiers(sigPolicyQualifierInfo)); SignaturePolicyIdentifier expected = new SignaturePolicyIdentifier(signaturePolicyId); NUnit.Framework.Assert.AreEqual(expected.ToAsn1Object(), actual.ToAsn1Object()); }
internal virtual SignaturePolicyIdentifier ToSignaturePolicyIdentifier() { String algId = DigestAlgorithms.GetAllowedDigest(this.policyDigestAlgorithm); if (algId == null || algId.Length == 0) { throw new ArgumentException("Invalid policy hash algorithm"); } SignaturePolicyIdentifier signaturePolicyIdentifier = null; SigPolicyQualifierInfo spqi = null; if (this.policyUri != null && this.policyUri.Length > 0) { spqi = new SigPolicyQualifierInfo(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdSpqEtsUri, new DerIA5String (this.policyUri)); } signaturePolicyIdentifier = new SignaturePolicyIdentifier(new SignaturePolicyId(DerObjectIdentifier.GetInstance (new DerObjectIdentifier(this.policyIdentifier.Replace("urn:oid:", ""))), new OtherHashAlgAndValue(new AlgorithmIdentifier(new DerObjectIdentifier(algId)), new DerOctetString(this.policyHash)), SignUtils.CreateSigPolicyQualifiers (spqi))); return(signaturePolicyIdentifier); }
protected internal SignaturePolicyIdentifier ToSignaturePolicyIdentifier() { string algId = DigestAlgorithms.GetAllowedDigests(this.PolicyDigestAlgorithm); if (string.IsNullOrEmpty(algId)) { throw new ArgumentException("Invalid policy hash algorithm"); } SignaturePolicyIdentifier signaturePolicyIdentifier = null; SigPolicyQualifierInfo spqi = null; if (!string.IsNullOrEmpty(this.PolicyUri)) { spqi = new SigPolicyQualifierInfo(PkcsObjectIdentifiers.IdSpqEtsUri, new DerIA5String(this.PolicyUri)); } signaturePolicyIdentifier = new SignaturePolicyIdentifier(new SignaturePolicyId( DerObjectIdentifier.GetInstance(new DerObjectIdentifier(this.PolicyIdentifier.Replace("urn:oid:", ""))), new OtherHashAlgAndValue(new AlgorithmIdentifier(algId), new DerOctetString(this.PolicyHash)), spqi)); return(signaturePolicyIdentifier); }
private void SignApproval(String signCertFileName, String outFileName, SignaturePolicyIdentifier sigPolicyInfo ) { String srcFileName = sourceFolder + "helloWorldDoc.pdf"; X509Certificate[] signChain = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password); ICipherParameters signPrivateKey = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password); IExternalSignature pks = new PrivateKeySignature(signPrivateKey, DigestAlgorithms.SHA256); PdfSigner signer = new PdfSigner(new PdfReader(srcFileName), new FileStream(outFileName, FileMode.Create), new StampingProperties()); signer.SetFieldName("Signature1"); signer.GetSignatureAppearance().SetPageRect(new Rectangle(50, 650, 200, 100)).SetReason("Test").SetLocation ("TestCity").SetLayer2Text("Approval test signature.\nCreated by iText7."); if (sigPolicyInfo == null) { signer.SignDetached(pks, signChain, null, null, null, 0, PdfSigner.CryptoStandard.CADES); } else { signer.SignDetached(pks, signChain, null, null, null, 0, PdfSigner.CryptoStandard.CADES, sigPolicyInfo); } }
/** * Signs the document using the detached mode, CMS or CAdES equivalent. * @param sap the PdfSignatureAppearance * @param externalSignature the interface providing the actual signing * @param chain the certificate chain * @param crlList the CRL list * @param ocspClient the OCSP client * @param tsaClient the Timestamp client * @param provider the provider or null * @param estimatedSize the reserved size for the signature. It will be estimated if 0 * @param cades true to sign CAdES equivalent PAdES-BES, false to sign CMS * @param signaturePolicy the signature policy (for EPES signatures) * @throws DocumentException * @throws IOException * @throws GeneralSecurityException * @throws NoSuchAlgorithmException * @throws Exception */ public static void SignDetached(PdfSignatureAppearance sap, IExternalSignature externalSignature, ICollection <X509Certificate> chain, ICollection <ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize, CryptoStandard sigtype, SignaturePolicyIdentifier signaturePolicy) { List <X509Certificate> certa = new List <X509Certificate>(chain); ICollection <byte[]> crlBytes = null; int i = 0; while (crlBytes == null && i < certa.Count) { crlBytes = ProcessCrl(certa[i++], crlList); } if (estimatedSize == 0) { estimatedSize = 8192; if (crlBytes != null) { foreach (byte[] element in crlBytes) { estimatedSize += element.Length + 10; } } if (ocspClient != null) { estimatedSize += 4192; } if (tsaClient != null) { estimatedSize += 4192; } } sap.Certificate = certa[0]; if (sigtype == CryptoStandard.CADES) { sap.AddDeveloperExtension(PdfDeveloperExtension.ESIC_1_7_EXTENSIONLEVEL2); } PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, sigtype == CryptoStandard.CADES ? PdfName.ETSI_CADES_DETACHED : PdfName.ADBE_PKCS7_DETACHED); dic.Reason = sap.Reason; dic.Location = sap.Location; dic.SignatureCreator = sap.SignatureCreator; dic.Contact = sap.Contact; dic.Date = new PdfDate(sap.SignDate); // time-stamp will over-rule this sap.CryptoDictionary = dic; Dictionary <PdfName, int> exc = new Dictionary <PdfName, int>(); exc[PdfName.CONTENTS] = estimatedSize * 2 + 2; sap.PreClose(exc); String hashAlgorithm = externalSignature.GetHashAlgorithm(); PdfPKCS7 sgn = new PdfPKCS7(null, chain, hashAlgorithm, false); if (signaturePolicy != null) { sgn.SetSignaturePolicy(signaturePolicy); } IDigest messageDigest = DigestUtilities.GetDigest(hashAlgorithm); Stream data = sap.GetRangeStream(); byte[] hash = DigestAlgorithms.Digest(data, hashAlgorithm); byte[] ocsp = null; if (chain.Count >= 2 && ocspClient != null) { ocsp = ocspClient.GetEncoded(certa[0], certa[1], null); } byte[] sh = sgn.getAuthenticatedAttributeBytes(hash, ocsp, crlBytes, sigtype); byte[] extSignature = externalSignature.Sign(sh); sgn.SetExternalDigest(extSignature, null, externalSignature.GetEncryptionAlgorithm()); byte[] encodedSig = sgn.GetEncodedPKCS7(hash, tsaClient, ocsp, crlBytes, sigtype); if (estimatedSize < encodedSig.Length) { throw new IOException("Not enough space"); } byte[] paddedSig = new byte[estimatedSize]; System.Array.Copy(encodedSig, 0, paddedSig, 0, encodedSig.Length); PdfDictionary dic2 = new PdfDictionary(); dic2.Put(PdfName.CONTENTS, new PdfString(paddedSig).SetHexWriting(true)); sap.Close(dic2); }
public virtual void SetSignaturePolicy(SignaturePolicyIdentifier signaturePolicy);