private void CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert, DateTime date) { IList <BasicOcspResp> ocsps = new List <BasicOcspResp>(); if (pkcs7.GetOcsp() != null) { ocsps.Add(pkcs7.GetOcsp()); } OCSPVerifier ocspVerifier = new OCSPVerifier(null, ocsps); IList <VerificationOK> verification = ocspVerifier.Verify(signCert, issuerCert, date); if (verification.Count == 0) { IList <X509Crl> crls = new List <X509Crl>(); if (pkcs7.GetCRLs() != null) { foreach (X509Crl crl in pkcs7.GetCRLs()) { crls.Add((X509Crl)crl); } } CRLVerifier crlVerifier = new CRLVerifier(null, crls); var verOks = crlVerifier.Verify(signCert, issuerCert, date); foreach (VerificationOK verOk in verOks) { verification.Add(verOk); } } }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Org.BouncyCastle.Operator.OperatorCreationException"/> /// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/> public virtual bool VerifyAuthorizedOCSPResponderTest(DateTime ocspResponderCertStartDate, DateTime ocspResponderCertEndDate , DateTime checkDate) { X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(certsSrc + "intermediateRsa.p12" , password)[0]; ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(certsSrc + "intermediateRsa.p12", password, password); String checkCertFileName = certsSrc + "signCertRsaWithChain.p12"; X509Certificate checkCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[ 0]; RsaKeyPairGenerator keyGen = SignTestPortUtil.BuildRSA2048KeyPairGenerator(); AsymmetricCipherKeyPair key = keyGen.GenerateKeyPair(); ICipherParameters ocspRespPrivateKey = key.Private; AsymmetricKeyParameter ocspRespPublicKey = key.Public; TestCertificateBuilder certBuilder = new TestCertificateBuilder(ocspRespPublicKey, caCert, caPrivateKey, "CN=iTextTestOCSPResponder, OU=test, O=iText" ); certBuilder.SetStartDate(ocspResponderCertStartDate); certBuilder.SetEndDate(ocspResponderCertEndDate); X509Certificate ocspResponderCert = certBuilder.BuildAuthorizedOCSPResponderCert(); TestOcspResponseBuilder builder = new TestOcspResponseBuilder(ocspResponderCert, ocspRespPrivateKey); TestOcspClient ocspClient = new TestOcspClient().AddBuilderForCertIssuer(caCert, builder); byte[] basicOcspRespBytes = ocspClient.GetEncoded(checkCert, caCert, null); Asn1Object var2 = Asn1Object.FromByteArray(basicOcspRespBytes); BasicOcspResp basicOCSPResp = new BasicOcspResp(BasicOcspResponse.GetInstance(var2)); OCSPVerifier ocspVerifier = new OCSPVerifier(null, null); return(ocspVerifier.Verify(basicOCSPResp, checkCert, caCert, checkDate)); }
public static void AssinaComCertificado(List <ICrlClient> crlList, string FileName, string SignFileName, CertSimples cert, int X, int Y, int Pagina, int Rotation, bool AddTimeStamper = true, string urlTimeStamper = "https://freetsa.org/tsr", string timeStampUser = "", string timeStampPass = "", string Reason = "Assinatura Digital", bool AplicaPolitica = false, string MyDigestAlgorithm = "SHA-256", string Contact = "", string Location = "Indústrias Nucleares do Brasil S/A - INB", string Creator = "Assinador da INB", TipoAssinatura Tipo = TipoAssinatura.Normal, string Cargo = "", string CREACRM = "") { string SourcePdfFileName = FileName; string DestPdfFileName = SignFileName; int Largura = 140; int Altura = 63; PdfReader pdfReader = new PdfReader(SourcePdfFileName); FileStream signedPdf = new FileStream(DestPdfFileName, FileMode.Create, FileAccess.ReadWrite); StampingProperties osp = new StampingProperties(); osp.UseAppendMode(); PdfSigner objStamper = new PdfSigner(pdfReader, signedPdf, osp); ITSAClient tsaClient = null; IOcspClient ocspClient = null; ConfiguraAparencia(objStamper, cert, X, Y, Largura, Altura, Pagina, Rotation, Contact, Reason, Location, Creator, Tipo); Org.BouncyCastle.X509.X509Certificate vert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(cert.Certificado); Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate[] Arraychain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(cert.Certificado.RawData) }; X509CertificateParser objCP = new X509CertificateParser(); RSACryptoServiceProvider rsa; RSACryptoServiceProvider Provider; IExternalSignature externalSignature; if (cert.Certificado.PrivateKey is RSACryptoServiceProvider) { rsa = (RSACryptoServiceProvider)cert.Certificado.PrivateKey; Provider = (RSACryptoServiceProvider)cert.Certificado.PrivateKey; externalSignature = new AsymmetricAlgorithmSignature(Provider, MyDigestAlgorithm); } else { //RETIRAR ESSA PARTE PARA IMPLEMENTAR OS DEMAIS MÉTODOS, OLHANDO OUTROS TIPOS DE CERTIFICADO rsa = (RSACryptoServiceProvider)cert.Certificado.PrivateKey; Provider = (RSACryptoServiceProvider)cert.Certificado.PrivateKey; externalSignature = new AsymmetricAlgorithmSignature(Provider, MyDigestAlgorithm); } if (AddTimeStamper) { tsaClient = new TSAClientBouncyCastle(urlTimeStamper, timeStampUser, timeStampPass); } OCSPVerifier ocspVerifier = new OCSPVerifier(null, null); ocspClient = new OcspClientBouncyCastle(ocspVerifier); if (AplicaPolitica) { SignaturePolicyInfo spi = getPolitica(); objStamper.SignDetached(externalSignature, Arraychain, crlList, ocspClient, tsaClient, 0, PdfSigner.CryptoStandard.CADES, spi); } else { objStamper.SignDetached(externalSignature, Arraychain, crlList, ocspClient, tsaClient, 0, PdfSigner.CryptoStandard.CADES); } try { signedPdf.Flush(); } catch { } try { signedPdf.Close(); } catch { }; pdfReader.Close(); }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/> private bool VerifyTest(TestOcspResponseBuilder rootRsaOcspBuilder, String checkCertFileName, DateTime checkDate ) { X509Certificate checkCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[ 0]; X509Certificate rootCert = rootRsaOcspBuilder.GetIssuerCert(); TestOcspClient ocspClient = new TestOcspClient().AddBuilderForCertIssuer(rootCert, rootRsaOcspBuilder); byte[] basicOcspRespBytes = ocspClient.GetEncoded(checkCert, rootCert, null); Asn1Object var2 = Asn1Object.FromByteArray(basicOcspRespBytes); BasicOcspResp basicOCSPResp = new BasicOcspResp(BasicOcspResponse.GetInstance(var2)); OCSPVerifier ocspVerifier = new OCSPVerifier(null, null); return(ocspVerifier.Verify(basicOCSPResp, checkCert, rootCert, checkDate)); }
private static void CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert, DateTime date) { IList <BasicOcspResp> ocsps = new List <BasicOcspResp>(); if (pkcs7.GetOcsp() != null) { ocsps.Add(pkcs7.GetOcsp()); } // Check if the OCSP responses in the list were valid for the certificate on a specific date. OCSPVerifier ocspVerifier = new OCSPVerifier(null, ocsps); IList <VerificationOK> verification = ocspVerifier.Verify(signCert, issuerCert, date); // If that list is empty, we can’t verify using OCSP, and we need to look for CRLs. if (verification.Count == 0) { IList <X509Crl> crls = new List <X509Crl>(); if (pkcs7.GetCRLs() != null) { foreach (X509Crl crl in pkcs7.GetCRLs()) { crls.Add((X509Crl)crl); } } // Check if the CRLs in the list were valid on a specific date. CRLVerifier crlVerifier = new CRLVerifier(null, crls); IList <VerificationOK> verificationOks = crlVerifier.Verify(signCert, issuerCert, date); foreach (VerificationOK verOK in verificationOks) { verification.Add(verOK); } } if (verification.Count == 0) { OUT_STREAM.WriteLine("The signing certificate couldn't be verified"); } else { foreach (VerificationOK v in verification) { OUT_STREAM.WriteLine(v); } } }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/> private bool VerifyTest(TestOcspResponseBuilder builder) { String caCertFileName = certsSrc + "rootRsa.p12"; String checkCertFileName = certsSrc + "signCertRsa01.p12"; X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0]; ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password); X509Certificate checkCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[ 0]; TestOcspClient ocspClient = new TestOcspClient(builder, caPrivateKey); byte[] basicOcspRespBytes = ocspClient.GetEncoded(checkCert, caCert, null); Asn1Object var2 = Asn1Object.FromByteArray(basicOcspRespBytes); BasicOcspResp basicOCSPResp = new BasicOcspResp(BasicOcspResponse.GetInstance(var2)); OCSPVerifier ocspVerifier = new OCSPVerifier(null, null); return(ocspVerifier.Verify(basicOCSPResp, checkCert, caCert, DateTimeUtil.GetCurrentUtcTime())); }
protected void SignDocumentSignature(string filePath, ElectronicSignatureInfoDTO signatureInfo) { PdfSigner pdfSigner = new PdfSigner(new PdfReader(SRC), new FileStream(filePath, FileMode.Create), new StampingProperties()); pdfSigner.SetCertificationLevel(PdfSigner.CERTIFIED_NO_CHANGES_ALLOWED); // Set the name indicating the field to be signed. // The field can already be present in the document but shall not be signed pdfSigner.SetFieldName("signature"); ImageData clientSignatureImage = ImageDataFactory.Create(IMAGE_PATH); // If you create new signature field (or use SetFieldName(System.String) with // the name that doesn't exist in the document or don't specify it at all) then // the signature is invisible by default. PdfSignatureAppearance signatureAppearance = pdfSigner.GetSignatureAppearance(); signatureAppearance.SetRenderingMode(PdfSignatureAppearance.RenderingMode.GRAPHIC); signatureAppearance.SetReason(""); signatureAppearance.SetLocationCaption(""); signatureAppearance.SetSignatureGraphic(clientSignatureImage); signatureAppearance.SetPageNumber(signatureInfo.PageNumber); signatureAppearance.SetPageRect(new Rectangle(signatureInfo.Left, signatureInfo.Bottom, 25, 25)); char[] password = "******".ToCharArray(); IExternalSignature pks = GetPrivateKeySignature(CERT_PATH, password); X509Certificate[] chain = GetCertificateChain(CERT_PATH, password); OCSPVerifier ocspVerifier = new OCSPVerifier(null, null); OcspClientBouncyCastle ocspClient = new OcspClientBouncyCastle(ocspVerifier); List <ICrlClient> crlClients = new List <ICrlClient>(new[] { new CrlClientOnline() }); // Sign the document using the detached mode, CMS or CAdES equivalent. // This method closes the underlying pdf document, so the instance // of PdfSigner cannot be used after this method call pdfSigner.SignDetached(pks, chain, crlClients, ocspClient, null, 0, PdfSigner.CryptoStandard.CMS); }
private IOcspClient BuildOcspClient() { var verifier = new OCSPVerifier(null, null); return(new OcspClientBouncyCastle(verifier)); }
public static void AssinaComCertificado(List <ICrlClient> crlList, byte[] File, out byte[] SignFile, CertSimples cert, int X, int Y, int Pagina, int Rotation, bool AddTimeStamper = true, string urlTimeStamper = "https://freetsa.org/tsr", string timeStampUser = "", string timeStampPass = "", string Reason = "Assinatura Digital", bool AplicaPolitica = false, string MyDigestAlgorithm = "SHA-256", string Contact = "", string Location = "Indústrias Nucleares do Brasil S/A - INB", string Creator = "Assinador da INB", TipoAssinatura Tipo = TipoAssinatura.Normal, string Cargo = "", string CREACRM = "") { int Largura = 140; int Altura = 63; MemoryStream ArquivoOrigem = new MemoryStream(File); PdfReader pdfReader = new PdfReader(ArquivoOrigem); MemoryStream signedPdf = new MemoryStream(); StampingProperties osp = new StampingProperties(); osp.UseAppendMode(); PdfSigner objStamper = new PdfSigner(pdfReader, signedPdf, osp); ITSAClient tsaClient = null; IOcspClient ocspClient = null; ConfiguraAparencia(objStamper, cert, X, Y, Largura, Altura, Pagina, Rotation, Contact, Reason, Location, Creator, Tipo, Cargo, CREACRM); Org.BouncyCastle.X509.X509Certificate vert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(cert.Certificado); Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate[] Arraychain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(cert.Certificado.RawData) }; X509CertificateParser objCP = new X509CertificateParser(); RSACryptoServiceProvider rsa; RSACryptoServiceProvider Provider; IExternalSignature externalSignature; if (cert.Certificado.PrivateKey is RSACryptoServiceProvider) { rsa = (RSACryptoServiceProvider)cert.Certificado.PrivateKey; Provider = (RSACryptoServiceProvider)cert.Certificado.PrivateKey; externalSignature = new AsymmetricAlgorithmSignature(Provider, MyDigestAlgorithm); } else { RSA rsaTeste = cert.Certificado.GetRSAPrivateKey(); rsa = (RSACryptoServiceProvider)cert.Certificado.PrivateKey; Provider = (RSACryptoServiceProvider)cert.Certificado.PrivateKey; externalSignature = new AsymmetricAlgorithmSignature(Provider, MyDigestAlgorithm); } if (AddTimeStamper) { tsaClient = new TSAClientBouncyCastle(urlTimeStamper, timeStampUser, timeStampPass); } OCSPVerifier ocspVerifier = new OCSPVerifier(null, null); ocspClient = new OcspClientBouncyCastle(ocspVerifier); if (AplicaPolitica) { SignaturePolicyInfo spi = getPolitica(); objStamper.SignDetached(externalSignature, Arraychain, crlList, ocspClient, tsaClient, 0, PdfSigner.CryptoStandard.CADES, spi); } else { objStamper.SignDetached(externalSignature, Arraychain, crlList, ocspClient, tsaClient, 0, PdfSigner.CryptoStandard.CADES); } try { SignFile = signedPdf.ToArray(); try { signedPdf.Close(); signedPdf.Dispose(); } catch { } } catch (Exception ex) { SignFile = null; throw ex; } try { signedPdf.Close(); } catch (Exception ex) { } pdfReader.Close(); }