private static void ValidSignatureDate(PdfPkcs7 pkcs7) { if (pkcs7.SignDate == null && pkcs7.SignDate <= DateTime.Now) { throw new Exception("A assinatura digital deste documento possui uma data de assinatura inválida." + message); } }
/// <summary> /// Sets the crypto information to sign. /// </summary> /// <param name="privKey">the private key</param> /// <param name="certChain">the certificate chain</param> /// <param name="crlList">the certificate revocation list. It can be null </param> public void SetSignInfo(ICipherParameters privKey, X509Certificate[] certChain, object[] crlList) { Pkcs = new PdfPkcs7(privKey, certChain, crlList, HashAlgorithm, PdfName.AdbePkcs7Sha1.Equals(Get(PdfName.Subfilter))); Pkcs.SetExternalDigest(_externalDigest, _externalRsAdata, _digestEncryptionAlgorithm); if (PdfName.AdbeX509RsaSha1.Equals(Get(PdfName.Subfilter))) { MemoryStream bout = new MemoryStream(); for (int k = 0; k < certChain.Length; ++k) { byte[] tmp = certChain[k].GetEncoded(); bout.Write(tmp, 0, tmp.Length); } Cert = bout.ToArray(); Contents = Pkcs.GetEncodedPkcs1(); } else { Contents = Pkcs.GetEncodedPkcs7(); } name = PdfPkcs7.GetSubjectFields(Pkcs.SigningCertificate).GetField("CN"); if (name != null) { Put(PdfName.Name, new PdfString(name, TEXT_UNICODE)); } Pkcs = new PdfPkcs7(privKey, certChain, crlList, HashAlgorithm, PdfName.AdbePkcs7Sha1.Equals(Get(PdfName.Subfilter))); Pkcs.SetExternalDigest(_externalDigest, _externalRsAdata, _digestEncryptionAlgorithm); }
private static void ValidDigitalCertificate(CertificadoDigital cert, PdfPkcs7 pkcs7) { bool timestampImprint = pkcs7.VerifyTimestampImprint(); if (!timestampImprint && !cert.PeriodoValido) { throw new Exception("Este documento possui uma assinatura ICPBrasil inválida."); } }
private static void IsDocumentUnadulterated(PdfPkcs7 pkcs7) { try { pkcs7.Verify(); } catch { throw new Exception("Este documento teve seu conteúdo alterado, portanto sua assinatura tornou-se inválida." + message); } }
private async Task <IEnumerable <CertificadoDigital> > SignatureValidation(byte[] file, bool ignoreExpired = false) { PdfReader reader = new PdfReader(file); DocumentoPossuiAssinaturaDigital(reader); var digitalCertificateList = new List <CertificadoDigital>(); var signatureNameList = reader.AcroFields.GetSignatureNames(); foreach (string signatureName in signatureNameList) { PdfPkcs7 pkcs7 = reader.AcroFields.VerifySignature(signatureName); // validação do certificado via outbound var messages = await OnlineChainValidation( pkcs7.SigningCertificate.GetEncoded(), ignoreExpired ); if (!string.IsNullOrWhiteSpace(messages)) { throw new Exception(messages); } CertificadoDigital cert = new CertificadoDigital(pkcs7); // validations ValidCertificateChain(cert); if (!ignoreExpired) { ValidDigitalCertificate(cert, pkcs7); } ValidSignatureType(cert); ValidSignatureDate(pkcs7); IsDocumentUnadulterated(pkcs7); // cpf-cnpj, name, signature's date PessoaFisica pessoaFisica = cert.PessoaJuridica?.Responsavel ?? cert.PessoaFisica; string pessoa = $"{pessoaFisica.Nome.ToUpper()}"; if (cert.PessoaJuridica != null) { pessoa += $" ({cert.PessoaJuridica.RazaoSocial.ToUpper()})"; } digitalCertificateList.Add(cert); } return(digitalCertificateList); }
public async Task <bool> ValidateDigitalSignatures(byte[] file) { try { PdfReader reader = new PdfReader(file); // ordenar a lista de assinaturas var orderedSignatureNames = GetOrderedSignatureNames(reader); // ordernar as posições das tabelas de referência cruzada List <int> XrefByteOffsetOrdered = reader.XrefByteOffset.Cast <int>().ToList(); XrefByteOffsetOrdered.Sort(); var assinaramTodoDocumentoSN = reader.SignaturesCoverWholeDocument().Cast <string>().ToList(); List <KeyValuePair <string, string> > naoAssinaramTodoDocumento = new List <KeyValuePair <string, string> >(); List <KeyValuePair <string, string> > assinaramTodoDocumento = new List <KeyValuePair <string, string> >(); foreach (string signatureName in orderedSignatureNames) { PdfPkcs7 pkcs7 = reader.AcroFields.VerifySignature(signatureName); var messages = await OnlineChainValidation(pkcs7.SigningCertificate.GetEncoded()); if (!string.IsNullOrWhiteSpace(messages)) { throw new Exception(messages); } CertificadoDigital cert = new CertificadoDigital(pkcs7.SigningCertificate.GetEncoded()); // validations ValidCertificateChain(cert); ValidDigitalCertificate(cert, pkcs7); ValidSignatureType(cert); ValidSignatureDate(pkcs7); IsDocumentUnadulterated(pkcs7); // cpf-cnpj, name, signature's date PessoaFisica pessoaFisica = cert.PessoaJuridica?.Responsavel ?? cert.PessoaFisica; string pessoa = $"{pessoaFisica.Nome.ToUpper()}"; if (cert.PessoaJuridica != null) { pessoa += $" ({cert.PessoaJuridica.RazaoSocial.ToUpper()})"; } if (!assinaramTodoDocumentoSN.Contains(signatureName)) { naoAssinaramTodoDocumento.Add(new KeyValuePair <string, string>(pessoa, signatureName)); } else { assinaramTodoDocumento.Add(new KeyValuePair <string, string>(pessoa, signatureName)); } } // Deixar apenas a última assinatura de cada pessoa/cnpj var distinctSignersList = RemoverAssinaturasDuplicadas(assinaramTodoDocumento); var distinctNaoAssinaramTodoDocumento = RemoverAssinaturasDuplicadas(naoAssinaramTodoDocumento); TodosAssinaramDocumentoPorInteiro(distinctNaoAssinaramTodoDocumento); return(true); } catch (Exception e) { throw new Exception($"Ocorreu um erro: {e.Message}"); } }
private void CompletionPdf(byte[] invoiceMemoryStream, List <FileStream> attachmentFiles, string fileName) { var reader = new PdfReader(invoiceMemoryStream); var document = new Document(reader.GetPageSizeWithRotation(1)); var pdfMerge = new MemoryStream(); var pdfCopyProvider = new PdfCopy(document, pdfMerge); document.Open(); var pages = new List <PdfImportedPage>(); GetAllPages(reader, pdfCopyProvider, pages); foreach (var attachmentReader in attachmentFiles.Select(attachmentFile => new PdfReader(attachmentFile))) { GetAllPages(attachmentReader, pdfCopyProvider, pages); attachmentReader.Close(); } foreach (var pdfImportedPage in pages) { pdfCopyProvider.AddPage(pdfImportedPage); } document.Close(); reader.Close(); pdfCopyProvider.Close(); pdfMerge.Seek(0, SeekOrigin.Begin); var readerWithoutSign = new PdfReader(pdfMerge); var finalOutput = new FileStream(fileName, FileMode.Create, FileAccess.Write); var tsa = new TsaClientBouncyCastle("https://freetsa.org/tsr"); int contentEstimated = (int)pdfMerge.Length; var st = PdfStamper.CreateSignature(readerWithoutSign, finalOutput, '\0', null, true); var sap = st.SignatureAppearance; var cert = new Cert("EFZ.pfx", "Lea10985"); sap.SetCrypto(cert.Akp, cert.Chain, null, PdfSignatureAppearance.SelfSigned); sap.Reason = "Archived digital signature"; sap.Contact = "EFZ"; sap.Location = "EFZ"; sap.CertificationLevel = PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED; sap.SetCrypto(null, cert.Chain, null, PdfSignatureAppearance.VerisignSigned); var dic = new PdfSignature(PdfName.AdobePpklite, PdfName.AdbePkcs7Detached); dic.Put(PdfName.TYPE, PdfName.Stamp); dic.Reason = sap.Reason; dic.Location = sap.Location; dic.Contact = sap.Contact; dic.Date = new PdfDate(sap.SignDate); sap.CryptoDictionary = dic; var exc = new Dictionary <PdfName, int>(); exc[PdfName.Contents] = contentEstimated * 2 + 2; sap.PreClose(new Hashtable(exc)); var sgn = new PdfPkcs7(cert.Akp, cert.Chain, null, "SHA1", false); var data = sap.RangeStream; var messageDigest = DigestUtilities.GetDigest("SHA1"); byte[] buf = new byte[8192]; int n; while ((n = data.Read(buf, 0, buf.Length)) > 0) { messageDigest.BlockUpdate(buf, 0, n); } byte[] tsImprint = new byte[messageDigest.GetDigestSize()]; messageDigest.DoFinal(tsImprint, 0); var cal = DateTime.UtcNow; byte[] tsToken = tsa.GetTimeStampToken(null, tsImprint); byte[] ocsp = null; if (cert.Chain.Length >= 2) { String url = PdfPkcs7.GetOcspurl(cert.Chain[0]); if (url != null && url.Length > 0) { ocsp = new OcspClientBouncyCastle(cert.Chain[0], cert.Chain[1], url).GetEncoded(); } } byte[] sh = sgn.GetAuthenticatedAttributeBytes(tsImprint, cal, ocsp); sgn.Update(sh, 0, sh.Length); byte[] encodedSig = sgn.GetEncodedPkcs7(tsImprint, cal, tsa, ocsp); if (contentEstimated + 2 < encodedSig.Length) { throw new Exception("Not enough space"); } byte[] paddedSig = new byte[contentEstimated]; Array.Copy(encodedSig, 0, paddedSig, 0, encodedSig.Length); var dic2 = new PdfDictionary(); dic2.Put(PdfName.Contents, new PdfString(paddedSig).SetHexWriting(true)); sap.Close(dic2); finalOutput.Close(); finalOutput.Dispose(); }
/// <summary> /// Get RFC 3161 timeStampToken. /// Method may return null indicating that timestamp should be skipped. /// @throws Exception - TSA request failed /// @see com.lowagie.text.pdf.TSAClient#getTimeStampToken(com.lowagie.text.pdf.PdfPKCS7, byte[]) /// </summary> /// <param name="caller">PdfPKCS7 - calling PdfPKCS7 instance (in case caller needs it)</param> /// <param name="imprint">byte[] - data imprint to be time-stamped</param> /// <returns>byte[] - encoded, TSA signed data of the timeStampToken</returns> public byte[] GetTimeStampToken(PdfPkcs7 caller, byte[] imprint) { return(GetTimeStampToken(imprint)); }