public ActionResult Index(SignatureStartModel model) { byte[] toSignBytes, transferData; SignatureAlgorithm signatureAlg; try { // Verify if the userfile exists and get its absolute path. string userfilePath; if (!StorageMock.TryGetFile(model.UserFile, out userfilePath)) { return(HttpNotFound()); } // Decode the user's certificate. var cert = PKCertificate.Decode(model.CertContent); // Get an instance of the PadesSigner class. var padesSigner = new PadesSigner(); // Set the file to be signed. padesSigner.SetPdfToSign(userfilePath); // Set the signer certificate. padesSigner.SetSigningCertificate(cert); // Set the signature policy. padesSigner.SetPolicy(GetSignaturePolicy()); // Set a visual representation for the signature. padesSigner.SetVisualRepresentation(PadesVisualElements.GetVisualRepresentationForPkiSdk(cert)); // Generate the "to-sign-bytes". This method also yields the signature algorithm that must // be used on the client-side, based on the signature policy, as well as the "transfer data", // a byte-array that will be needed on the next step. toSignBytes = padesSigner.GetToSignBytes(out signatureAlg, out transferData); } catch (ValidationException ex) { // Some of the operations above may throw a ValidationException, for instance if the certificate // encoding cannot be read or if the certificate is expired. ModelState.AddModelError("", ex.ValidationResults.ToString()); return(View()); } // On the next step (Complete action), we'll need once again some information: // - The thumbprint of the selected certificate. // - The "transfer data" used to validate the signature in complete action. Its content is stored in // a temporary file (with extension .bin) to be shared with the Complete action. // - The "to-sign-hash" (digest of the "to-sign-bytes") to be signed. (see signature-complete-form.js) // - The OID of the digest algorithm to be used during the signature operation. // We'll store these values on TempData, which is a dictionary shared between actions. TempData["SignatureCompleteModel"] = new SignatureCompleteModel() { CertThumb = model.CertThumb, TransferDataFileId = StorageMock.Store(transferData, ".bin"), ToSignHash = signatureAlg.DigestAlgorithm.ComputeHash(toSignBytes), DigestAlgorithmOid = signatureAlg.DigestAlgorithm.Oid }; return(RedirectToAction("Complete", new { userfile = model.UserFile })); }
public IHttpActionResult Start(SignatureStartRequest request) { byte[] toSignBytes, transferData; SignatureAlgorithm signatureAlg; try { // Decode the user's certificate var cert = PKCertificate.Decode(request.Certificate); // Instantiate a PadesSigner class var padesSigner = new PadesSigner(); // Set the PDF to sign, which in the case of this example is a fixed sample document if (!string.IsNullOrEmpty(request.FileId)) { padesSigner.SetPdfToSign(Storage.GetFile(request.FileId)); } else { padesSigner.SetPdfToSign(Storage.GetSampleDocContent()); } // Set the signer certificate padesSigner.SetSigningCertificate(cert); // Set the signature policy padesSigner.SetPolicy(getSignaturePolicy()); // Set the signature's visual representation options (optional) padesSigner.SetVisualRepresentation(getVisualRepresentation(cert)); // Generate the "to-sign-bytes". This method also yields the signature algorithm that must // be used on the client-side, based on the signature policy, as well as the "transfer data", // a byte-array that will be needed on the next step. toSignBytes = padesSigner.GetToSignBytes(out signatureAlg, out transferData); } catch (ValidationException ex) { // Some of the operations above may throw a ValidationException, for instance if the certificate // encoding cannot be read or if the certificate is expired. return(new ResponseMessageResult(Request.CreateResponse(HttpStatusCode.BadRequest, new ValidationErrorModel(ex.ValidationResults)))); } // Create response with some informations that we'll use on Complete action and on client-side. var response = new SignatureStartResponse() { // The "transfer data" for PDF signatures can be as large as the original PDF itself. Therefore, we mustn't use a hidden field // on the page to store it. Here we're using our storage mock (see file Classes\Storage.cs) to simulate storing the transfer data // on a database and saving on a hidden field on the page only the ID that can be used later to retrieve it. Another option would // be to store the transfer data on the Session dictionary. TransferDataFileId = Storage.StoreFile(transferData), // Send to the javascript the "to sign hash" of the document (digest of the "to-sign-bytes") and the digest algorithm that must // be used on the signature algorithm computation ToSignBytes = toSignBytes, DigestAlgorithmOid = signatureAlg.DigestAlgorithm.Oid }; return(Ok(response)); }
static void Main(string[] args) { // This is a TRIAL token. It will expire at 31/08/2020. PkiConfig.LoadLicense(Convert.FromBase64String("AxAAIIy8jc59Q0q95BZrL57K5hEAUEtJIFN1aXRlIFNhbXBsZXMIAAD0Ze31HdgICACAXwryrU7YCAAAAAAAAAQAfwAAAAABL2+ls7EW5LHD/tEetd49d0JpmU7pXEjhH0pU1ZSp5qjvKxL8c8PZz6ODTf68+lfQtXkKaRlQH6hu7VTSU3fvhCmZovDB5ruKqJPn+MQRDBbS8Wkr/meVo9LBS+3NFOky+EY43ebFoFxTbVZl2lCjb0DuskJiZGuHOBJ1v2XpGdKCmh1c1LmMvpc+OPegzNuMCXoEzSN9DdRtKnDzRxvOnvPglCX9+oV89LWsmVzonRp1a+tluqa8Ron9pFdHI9cWBElcXpmwXbKbmP0Sy5yYbYpE+rYsNgD5sV/FwF8uOxGWA0/mRWLZlO3OcGWoYo7qBBDmCUApAcRmZR3tXqhELQ==")); var connection = new ConnectionBuilder() .WithLogging() .Build(); // "List Certificates" operation. connection.On <string, List <CertificateModel> >("list-certs", _ => { var store = WindowsCertificateStore.LoadPersonalCurrentUser(); return(store.GetCertificatesWithKey().Select(c => new CertificateModel(c.Certificate)).ToList()); }); // "Sign a PDF" operation. connection.On <SignatureRequestModel, string>("sign-pdf", request => { var signer = new PadesSigner(); var store = WindowsCertificateStore.LoadPersonalCurrentUser(); var signingCert = store.GetCertificatesWithKey().First(c => c.Certificate.ThumbprintSHA256.SequenceEqual(request.CertThumb)); signer.SetSigningCertificate(signingCert); signer.SetPdfToSign(request.FileToSign); var trustArbitrator = new LinkedTrustArbitrator(TrustArbitrators.PkiBrazil, TrustArbitrators.Windows); // For development purposes, we also trust in Lacuna Software's test certificates. var lacunaRoot = Lacuna.Pki.PKCertificate.Decode(Convert.FromBase64String("MIIGGTCCBAGgAwIBAgIBATANBgkqhkiG9w0BAQ0FADBfMQswCQYDVQQGEwJCUjETMBEGA1UECgwKSUNQLUJyYXNpbDEdMBsGA1UECwwUTGFjdW5hIFNvZnR3YXJlIC0gTFMxHDAaBgNVBAMME0xhY3VuYSBSb290IFRlc3QgdjEwHhcNMTUwMTE2MTk1MjQ1WhcNMjUwMTE2MTk1MTU1WjBfMQswCQYDVQQGEwJCUjETMBEGA1UECgwKSUNQLUJyYXNpbDEdMBsGA1UECwwUTGFjdW5hIFNvZnR3YXJlIC0gTFMxHDAaBgNVBAMME0xhY3VuYSBSb290IFRlc3QgdjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCDm5ey0c4ij8xnDnV2EBATjJbZjteEh8BBiGtVx4dWpXbWQ6hEw8E28UyLsF6lCM2YjQge329g7hMANnrnrNCvH1ny4VbhHMe4eStiik/GMTzC79PYS6BNfsMsS6+W18a45eyi/2qTIHhJYN8xS4/7pAjrVpjL9dubALdiwr26I3a4S/h9vD2iKJ1giWnHU74ckVp6BiRXrz2ox5Ps7p420VbVU6dTy7QR2mrhAus5va9VeY1LjvCH9S9uSf6kt+HP1Kj7hlOOlcnluXmuD/IN68/CQeC+dLOr0xKmDvYv7GWluXhxpUZmh6NaLzSGzGNACobOezKmby06s4CvsmMKQuZrTx113+vJkYSgI2mBN5v8LH60DzuvIhMvDLWPZCwfnyGCNHBwBbdgzBWjsfuSFJyaKdJLmpu5OdWNOLjvexqEC9VG83biYr+8XMiWl8gUW8SFqEpNoLJ59nwsRf/R5R96XTnG3mdVugcyjR9xe/og1IgJFf9Op/cBgCjNR/UAr+nizHO3Q9LECnu1pbTtGZguGDMABc+/CwKyxirwlRpiu9DkdBlNRgdd5IgDkcgFkTjmA41ytU0LOIbxpKHn9/gZCevq/8CyMa61kgjzg1067BTslex2xUZm44oVGrEdx5kg/Hz1Xydg4DHa4qlG61XsTDJhM84EvnJr3ZTYOwIDAQABo4HfMIHcMDwGA1UdIAQ1MDMwMQYFYEwBAQAwKDAmBggrBgEFBQcCARYaaHR0cDovL2xhY3VuYXNvZnR3YXJlLmNvbS8wOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NhdGVzdC5sYWN1bmFzb2Z0d2FyZS5jb20vY3Jscy9yb290MB8GA1UdIwQYMBaAFPtdXjCI7ZOfGUg8mrCoEw9z9zywMB0GA1UdDgQWBBT7XV4wiO2TnxlIPJqwqBMPc/c8sDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQ0FAAOCAgEAN/b8hNGhBrWiuE67A8kmom1iRUl4b8FAA8PUmEocbFv/BjLpp2EPoZ0C+I1xWT5ijr4qcujIMsjOCosmv0M6bzYvn+3TnbzoZ3tb0aYUiX4ZtjoaTYR1fXFhC7LJTkCN2phYdh4rvMlLXGcBI7zA5+Ispm5CwohcGT3QVWun2zbrXFCIigRrd3qxRbKLxIZYS0KW4X2tetRMpX6DPr3MiuT3VSO3WIRG+o5Rg09L9QNXYQ74l2+1augJJpjGYEWPKzHVKVJtf1fj87HN/3pZ5Hr2oqDvVUIUGFRj7BSel9BgcgVaWqmgTMSEvQWmjq0KJpeqWbYcXXw8lunuJoENEItv+Iykv3NsDfNXgS+8dXSzTiV1ZfCdfAjbalzcxGn522pcCceTyc/iiUT72I3+3BfRKaMGMURu8lbUMxd/38Xfut3Kv5sLFG0JclqD1rhI15W4hmvb5bvol+a/WAYT277jwdBO8BVSnJ2vvBUzH9KAw6pAJJBCGw/1dZkegLMFibXdEzjAW4z7wyx2c5+cmXzE/2SFV2cO3mJAtpaO99uwLvj3Y3quMBuIhDGD0ReDXNAniXXXVPfE96NUcDF2Dq2g8kj+EmxPy6PGZ15p1XZO1yiqsGEVreIXqgcU1tPUv8peNYb6jHTHuUyXGTzbsamGZFEDsLG7NRxg0eZWP1w=")); // COMMENT the line below before production release trustArbitrator.Add(new TrustedRoots(lacunaRoot)); signer.SetPolicy(PadesPoliciesForGeneration.GetPadesBasic(trustArbitrator)); signer.ComputeSignature(); byte[] signedPdf = signer.GetPadesSignature(); var tempLocation = Path.GetTempFileName(); File.WriteAllBytes(tempLocation, signedPdf); return(tempLocation); }); // Acknowledges that the connection is running. connection.On <string, string>("ping", argument => "pong"); // wait for incoming requests connection.Listen(); }
protected void SubmitCertificateButton_Click(object sender, EventArgs e) { byte[] toSignBytes, transferData; SignatureAlgorithm signatureAlg; try { // Decode the user's certificate. var cert = PKCertificate.Decode(Convert.FromBase64String(CertificateField.Value)); // Instantiate a PadesSigner class. var padesSigner = new PadesSigner(); // Set the PDF to sign, which in the case of this example is a fixed sample document. padesSigner.SetPdfToSign(Storage.GetSampleDocContent()); // Set the signer certificate. padesSigner.SetSigningCertificate(cert); // Set the signature policy. padesSigner.SetPolicy(getSignaturePolicy()); // Set the signature's visual representation options (optional). padesSigner.SetVisualRepresentation(getVisualRepresentation(cert)); // Generate the "to-sign-bytes". This method also yields the signature algorithm that must // be used on the client-side, based on the signature policy, as well as the "transfer data", // a byte-array that will be needed on the next step. toSignBytes = padesSigner.GetToSignBytes(out signatureAlg, out transferData); } catch (ValidationException ex) { // Some of the operations above may throw a ValidationException, for instance if the certificate // encoding cannot be read or if the certificate is expired. ex.ValidationResults.Errors.ForEach(ve => ModelState.AddModelError("", ve.ToString())); return; } // The "transfer data" for PDF signatures can be as large as the original PDF itself. Therefore, we // mustn't use a hidden field on the page to store it. Here we're using our storage mock // (see file Classes\Storage.cs) to simulate storing the transfer data on a database and saving on a // hidden field on the page only the ID that can be used later to retrieve it. Another option would // be to store the transfer data on the Session dictionary. TransferDataFileIdField.Value = Storage.StoreFile(transferData); // Send to the javascript the "to sign hash" of the document (digest of the "to-sign-bytes") and the // digest algorithm that must be used on the signature algorithm computation. ToSignHashField.Value = Convert.ToBase64String(signatureAlg.DigestAlgorithm.ComputeHash(toSignBytes)); DigestAlgorithmField.Value = signatureAlg.DigestAlgorithm.Oid; }
public ActionResult Start(BatchSignatureStartRequest request) { byte[] toSignBytes, transferData; SignatureAlgorithm signatureAlg; try { // Decode the user's certificate var cert = PKCertificate.Decode(request.CertContent); // Instantiate a PadesSigner class var padesSigner = new PadesSigner(); // Set the PDF to sign, which in the case of this example is one of the batch documents padesSigner.SetPdfToSign(StorageMock.GetBatchDocPath(request.Id)); // Set the signer certificate padesSigner.SetSigningCertificate(cert); // Set the signature policy. padesSigner.SetPolicy(GetSignaturePolicy()); // Set a visual representation for the signature. padesSigner.SetVisualRepresentation(PadesVisualElements.GetVisualRepresentationForPkiSdk(cert)); // Generate the "to-sign-bytes". This method also yields the signature algorithm that must // be used on the client-side, based on the signature policy, as well as the "transfer data", // a byte-array that will be needed on the next step. toSignBytes = padesSigner.GetToSignBytes(out signatureAlg, out transferData); } catch (ValidationException ex) { // Some of the operations above may throw a ValidationException, for instance if the certificate // encoding cannot be read or if the certificate is expired. return(new HttpStatusCodeResult(500, ex.ValidationResults.ToString())); } // For the next steps, we'll need once again some information: // - The "transfer data" filename. Its content is stored in a temporary file (with extension .bin) to // be shared with the Complete action. // - The "to-sign-hash" (digest of the "to-sign-bytes"). And the OID of the digest algorithm to be // used during the signature operation. this information is need in the signature computation with // Web PKI component. (see batch-signature-form.js) return(Json(new BatchSignatureStartResponse() { TransferDataFileId = StorageMock.Store(transferData, ".bin"), ToSignHash = signatureAlg.DigestAlgorithm.ComputeHash(toSignBytes), DigestAlgorithmOid = signatureAlg.DigestAlgorithm.Oid })); }
public void Sign() { if (string.IsNullOrEmpty(PdfPath)) { MessageBox.Show("Please choose a PDF file sign"); return; } if (!File.Exists(PdfPath)) { MessageBox.Show("File not found: " + PdfPath); return; } if (SelectedCertificate == null) { MessageBox.Show("Please choose a certificate to sign the PDF"); return; } if (Width <= 0 || Height <= 0 || Bottom <= 0 || Left <= 0) { MessageBox.Show("Please fill all coordinates with positive numbers"); return; } try { var signer = new PadesSigner(); // Instantiate the PDF signer signer.SetSigningCertificate(selectedCertificate.CertificateWithKey); // certificate with private key associated signer.SetPdfToSign(PdfPath); // PDF file path signer.SetPolicy(PadesPoliciesForGeneration.GetPadesBasic(App.GetTrustArbitrator())); // Basic signature policy with the selected trust arbitrator signer.SetVisualRepresentation(getVisualRepresentation(selectedCertificate.CertificateWithKey.Certificate)); // Signature visual representation signer.ComputeSignature(); // computes the signature byte[] signedPdf = signer.GetPadesSignature(); // return the signed PDF bytes // saving signed PDF file var savePath = getSaveFilePath(); if (!string.IsNullOrEmpty(savePath)) { File.WriteAllBytes(savePath, signedPdf); Process.Start(savePath); } } catch (ValidationException ex) { new ValidationResultsDialog("Validation failed", ex.ValidationResults).ShowDialog(); } catch (Exception ex) { MessageBox.Show($"Error while signing PDF\r\n\r\n{ex}"); } }
private static bool SignFile(string file, PKCertificateWithKey certWithKey, PadesPolicySpec policy, PadesVisualRepresentation2 visual, Metadata metadata, string outputDir, string outputName = null) { var documentoToSign = File.ReadAllBytes(file); if (metadata != null) { using (var buffer = new MemoryStream()) { using (var stream = new MemoryStream(documentoToSign)) { DoConvertToPdfA(stream, metadata, buffer); } documentoToSign = buffer.ToArray(); } } var signer = new PadesSigner(); signer.SetSigningCertificate(certWithKey); signer.SetPdfToSign(documentoToSign); signer.SetPolicy(policy); signer.SetVisualRepresentation(visual); signer.SetCertificateValidationConfigurator(ConfigureNoValidation); if (string.IsNullOrWhiteSpace(outputName)) { outputName = Path.GetFileName(file); } try { signer.ComputeSignature(); var signed = signer.GetPadesSignature(); File.WriteAllBytes(Path.Combine(outputDir, outputName), signed); } catch (Exception exception) { Log(exception.ToString(), file); return(false); } return(true); }
public ActionResult Start(SignatureStartModel model) { byte[] toSignBytes, transferData; SignatureAlgorithm signatureAlg; try { // Verify if the userfile exists and get its absolute path. string userfilePath; if (!StorageMock.TryGetFile(model.UserFile, out userfilePath)) { return(HttpNotFound()); } // Decode the user's certificate. var cert = PKCertificate.Decode(model.CertContent); // Get an instance of the PadesSigner class. var padesSigner = new PadesSigner(); // Set the file to be signed. padesSigner.SetPdfToSign(userfilePath); // REQUIRED! // Provide the signer's certificate. You must sign with a valid digital // certificate of a doctor, who was registered on CRM. In this sample, // we used a sample certificate stored on server to do the execute this // sample. padesSigner.SetSigningCertificate(cert); // REQUIRED! // Define the trust arbitrator, which will configure the signer to // some kind of certificate. In the case of this sample, only // ICP-Brasil certificates will be accepted in the defined standard. var trustArbitrator = new LinkedTrustArbitrator(TrustArbitrators.PkiBrazil); #if DEBUG // For development purposes, we also trust in Lacuna Software's test certificates. var lacunaRoot = Lacuna.Pki.PKCertificate.Decode(Convert.FromBase64String("MIIGGTCCBAGgAwIBAgIBATANBgkqhkiG9w0BAQ0FADBfMQswCQYDVQQGEwJCUjETMBEGA1UECgwKSUNQLUJyYXNpbDEdMBsGA1UECwwUTGFjdW5hIFNvZnR3YXJlIC0gTFMxHDAaBgNVBAMME0xhY3VuYSBSb290IFRlc3QgdjEwHhcNMTUwMTE2MTk1MjQ1WhcNMjUwMTE2MTk1MTU1WjBfMQswCQYDVQQGEwJCUjETMBEGA1UECgwKSUNQLUJyYXNpbDEdMBsGA1UECwwUTGFjdW5hIFNvZnR3YXJlIC0gTFMxHDAaBgNVBAMME0xhY3VuYSBSb290IFRlc3QgdjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCDm5ey0c4ij8xnDnV2EBATjJbZjteEh8BBiGtVx4dWpXbWQ6hEw8E28UyLsF6lCM2YjQge329g7hMANnrnrNCvH1ny4VbhHMe4eStiik/GMTzC79PYS6BNfsMsS6+W18a45eyi/2qTIHhJYN8xS4/7pAjrVpjL9dubALdiwr26I3a4S/h9vD2iKJ1giWnHU74ckVp6BiRXrz2ox5Ps7p420VbVU6dTy7QR2mrhAus5va9VeY1LjvCH9S9uSf6kt+HP1Kj7hlOOlcnluXmuD/IN68/CQeC+dLOr0xKmDvYv7GWluXhxpUZmh6NaLzSGzGNACobOezKmby06s4CvsmMKQuZrTx113+vJkYSgI2mBN5v8LH60DzuvIhMvDLWPZCwfnyGCNHBwBbdgzBWjsfuSFJyaKdJLmpu5OdWNOLjvexqEC9VG83biYr+8XMiWl8gUW8SFqEpNoLJ59nwsRf/R5R96XTnG3mdVugcyjR9xe/og1IgJFf9Op/cBgCjNR/UAr+nizHO3Q9LECnu1pbTtGZguGDMABc+/CwKyxirwlRpiu9DkdBlNRgdd5IgDkcgFkTjmA41ytU0LOIbxpKHn9/gZCevq/8CyMa61kgjzg1067BTslex2xUZm44oVGrEdx5kg/Hz1Xydg4DHa4qlG61XsTDJhM84EvnJr3ZTYOwIDAQABo4HfMIHcMDwGA1UdIAQ1MDMwMQYFYEwBAQAwKDAmBggrBgEFBQcCARYaaHR0cDovL2xhY3VuYXNvZnR3YXJlLmNvbS8wOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NhdGVzdC5sYWN1bmFzb2Z0d2FyZS5jb20vY3Jscy9yb290MB8GA1UdIwQYMBaAFPtdXjCI7ZOfGUg8mrCoEw9z9zywMB0GA1UdDgQWBBT7XV4wiO2TnxlIPJqwqBMPc/c8sDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQ0FAAOCAgEAN/b8hNGhBrWiuE67A8kmom1iRUl4b8FAA8PUmEocbFv/BjLpp2EPoZ0C+I1xWT5ijr4qcujIMsjOCosmv0M6bzYvn+3TnbzoZ3tb0aYUiX4ZtjoaTYR1fXFhC7LJTkCN2phYdh4rvMlLXGcBI7zA5+Ispm5CwohcGT3QVWun2zbrXFCIigRrd3qxRbKLxIZYS0KW4X2tetRMpX6DPr3MiuT3VSO3WIRG+o5Rg09L9QNXYQ74l2+1augJJpjGYEWPKzHVKVJtf1fj87HN/3pZ5Hr2oqDvVUIUGFRj7BSel9BgcgVaWqmgTMSEvQWmjq0KJpeqWbYcXXw8lunuJoENEItv+Iykv3NsDfNXgS+8dXSzTiV1ZfCdfAjbalzcxGn522pcCceTyc/iiUT72I3+3BfRKaMGMURu8lbUMxd/38Xfut3Kv5sLFG0JclqD1rhI15W4hmvb5bvol+a/WAYT277jwdBO8BVSnJ2vvBUzH9KAw6pAJJBCGw/1dZkegLMFibXdEzjAW4z7wyx2c5+cmXzE/2SFV2cO3mJAtpaO99uwLvj3Y3quMBuIhDGD0ReDXNAniXXXVPfE96NUcDF2Dq2g8kj+EmxPy6PGZ15p1XZO1yiqsGEVreIXqgcU1tPUv8peNYb6jHTHuUyXGTzbsamGZFEDsLG7NRxg0eZWP1w=")); trustArbitrator.Add(new TrustedRoots(lacunaRoot)); #endif // REQUIRED! // Use a policy accepted by ICP-Brasil. We use the trust arbitrator // defined above to configure the policy. padesSigner.SetPolicy(PadesPoliciesForGeneration.GetPadesBasic(trustArbitrator)); // REQUIRED! // Use a custom signature field name. This field MUST have the // "Emitente" keyword as the last keyword. padesSigner.SetCustomSignatureFieldName("Signature1 Emitente"); // REQUIRED! // Set Certification Level to not allow changes after signed. padesSigner.SetCertificationLevel(PadesCertificationLevel.CertifiedNoChangesAllowed); // Set a visual representation for the signature. padesSigner.SetVisualRepresentation(PadesVisualElements.GetVisualRepresentationForPkiSdk(cert)); // Generate the "to-sign-bytes". This method also yields the signature algorithm that must // be used on the client-side, based on the signature policy, as well as the "transfer data", // a byte-array that will be needed on the next step. toSignBytes = padesSigner.GetToSignBytes(out signatureAlg, out transferData); } catch (ValidationException ex) { // Some of the operations above may throw a ValidationException, for instance if the certificate // encoding cannot be read or if the certificate is expired. ModelState.AddModelError("", ex.ValidationResults.ToString()); return(View()); } // On the next step (Complete action), we'll need once again some information: // - The thumbprint of the selected certificate. // - The "transfer data" used to validate the signature in complete action. Its content is stored in // a temporary file (with extension .bin) to be shared with the Complete action. // - The "to-sign-hash" (digest of the "to-sign-bytes") to be signed. (see signature-complete-form.js) // - The OID of the digest algorithm to be used during the signature operation. // We'll store these values on TempData, which is a dictionary shared between actions. TempData["SignatureCompleteModel"] = new SignatureCompleteModel() { CertThumb = model.CertThumb, TransferDataFileId = StorageMock.Store(transferData, ".bin"), ToSignHash = signatureAlg.DigestAlgorithm.ComputeHash(toSignBytes), DigestAlgorithmOid = signatureAlg.DigestAlgorithm.Oid }; return(RedirectToAction("Complete", new { userfile = model.UserFile })); }
public IHttpActionResult Start(BatchSignatureStartRequest request) { byte[] toSignBytes, transferData; SignatureAlgorithm signatureAlg; try { // Decode the user's certificate var cert = PKCertificate.Decode(request.CertContent); // Instantiate a PadesSigner class var padesSigner = new PadesSigner(); // Set the PDF to sign, which in the case of this example is one of the batch documents padesSigner.SetPdfToSign(Storage.GetBatchDocContent(request.Id)); // Set the signer certificate padesSigner.SetSigningCertificate(cert); // Set the signature policy padesSigner.SetPolicy(getSignaturePolicy()); // Set the signature's visual representation options (this is optional). For more information, see // http://pki.lacunasoftware.com/Help/html/98095ec7-2742-4d1f-9709-681c684eb13b.htm var visual = new PadesVisualRepresentation2() { // Text of the visual representation Text = new PadesVisualText() { // Compose the message CustomText = $"Assinado digitalmente por {cert.SubjectDisplayName}", // Specify that the signing time should also be rendered IncludeSigningTime = true, // Optionally set the horizontal alignment of the text ('Left' or 'Right'), if not set the default is Left HorizontalAlign = PadesTextHorizontalAlign.Left }, // Background image of the visual representation Image = new PadesVisualImage() { // We'll use as background the image in Content/PdfStamp.png Content = Storage.GetPdfStampContent(), // Opacity is an integer from 0 to 100 (0 is completely transparent, 100 is completely opaque). Opacity = 50, // Align the image to the right HorizontalAlign = PadesHorizontalAlign.Right }, // Set the position of the visual representation Position = PadesVisualAutoPositioning.GetFootnote() }; padesSigner.SetVisualRepresentation(visual); // Generate the "to-sign-bytes". This method also yields the signature algorithm that must // be used on the client-side, based on the signature policy, as well as the "transfer data", // a byte-array that will be needed on the next step. toSignBytes = padesSigner.GetToSignBytes(out signatureAlg, out transferData); } catch (ValidationException ex) { // Some of the operations above may throw a ValidationException, for instance if the certificate // encoding cannot be read or if the certificate is expired. var message = Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.ValidationResults.ToString()); return(ResponseMessage(message)); } // For the next steps, we'll need once again some information: // - The "transfer data" filename. Its content is stored in a temporary file (with extension .bin) to // be shared with the Complete action. // - The "to-sign-hash" (digest of the "to-sign-bytes"). And the OID of the digest algorithm to be // used during the signature operation. this information is need in the signature computation with // Web PKI component. (see batch-signature-form.js) return(Ok(new BatchSignatureStartResponse() { TransferDataFileId = Storage.StoreFile(transferData, ".bin"), ToSignHash = signatureAlg.DigestAlgorithm.ComputeHash(toSignBytes), DigestAlgorithmOid = signatureAlg.DigestAlgorithm.Oid })); }
public async Task <IActionResult> Post([FromBody] SignatureRequest request) { // 1. Retrieve key using certId stored on your database. byte[] pkcs12; try { pkcs12 = await _azureKeyVaultStore.GetPkcs12Async(request.CertId); } catch (InvalidIdentifierException ex) { return(UnprocessableEntity(new ErrorModel() { Code = ErrorCodes.InvalidIdentifier, Message = ex.Message, })); } // 2. Open PKCS#12, verifying valid of the provided password. Pkcs12CertificateStore store; try { store = Pkcs12CertificateStore.Load(pkcs12, request.Pkcs12Password); } catch (IncorrectPinException ex) { return(UnprocessableEntity(new ErrorModel() { Code = ErrorCodes.InvalidPIN, Message = ex.Message, })); } // 3. Retrieve certification info (include its key). var certs = store.GetCertificatesWithKey(); if (!certs.Any()) { return(UnprocessableEntity(new ErrorModel() { Code = ErrorCodes.InvalidPkcs12, Message = "The provided PKCS#12 file is not valid", })); } var cert = certs.First(); // 4. Perform signature. var signer = new PadesSigner(); signer.SetSigningCertificate(cert); signer.SetPdfToSign(Path.Combine(_webHostEnvironment.ContentRootPath, "Resources", "SamplePdf.pdf")); signer.SetPolicy(PadesPoliciesForGeneration.GetPadesBasic()); signer.SetVisualRepresentation(GetVisualRepresentation(cert.Certificate)); signer.ComputeSignature(); byte[] signedPdf = signer.GetPadesSignature(); // 5. Store signature file. if (!System.IO.File.Exists(Path.Combine(_webHostEnvironment.ContentRootPath, "App_Data"))) { Directory.CreateDirectory(Path.Combine(_webHostEnvironment.ContentRootPath, "App_Data")); } var fileId = Guid.NewGuid() + ".pdf"; System.IO.File.WriteAllBytes(Path.Combine(_webHostEnvironment.ContentRootPath, "App_Data", fileId), signedPdf); return(Ok(new SignatureResponse() { FileId = fileId, })); }
/** * GET /PadesCloudOauthSdk/Complete * * This action will complete the authentication process and create a signature using a session * token returned by user. Also, we recover the parameter "customState" containing the id of the * file that will be signed. */ public async Task <ActionResult> Complete(string code, string state) { byte[] signatureContent; PKCertificateWithKey signingCertificate; try { // Get an instance of the TrustServiceManager class, responsible for communicating with PSCs // and handling the OAuth flow. var manager = Util.GetTrustServicesManager(); // Complete the authentication process, recovering the session info to be used on the // signature and the custom state (fileId). var completeAuthResult = await manager.CompleteAuthAsync(code, state); // Recover file to be sigend on custom state parameter. var userfile = completeAuthResult.CustomState; // Verify if the userfile exists and get its absolute path. string userfilePath; if (!StorageMock.TryGetFile(userfile, out userfilePath)) { return(HttpNotFound()); } // Get an instance of the PadesSigner class, responsible for receiving the signature elements // and performing the local signature. var signer = new PadesSigner(); // Set signature policy. signer.SetPolicy(GetSignaturePolicy()); // Set file to be signed. signer.SetPdfToSign(userfilePath); // Recover the interface for the cloud certificate to be passed to PadesSigner class. var certificatesWithKey = await completeAuthResult.GetCertificatesWithKeyAsync(); signingCertificate = certificatesWithKey.First(); signer.SetSigningCertificate(signingCertificate); // Set a visual representation for the signature. signer.SetVisualRepresentation(PadesVisualElements.GetVisualRepresentationForPkiSdk(signingCertificate.Certificate)); // Call ComputeSignature(), which does all the work, including validation of the signer's certificate and of the resulting signature signer.ComputeSignature(); // Get the signed PDF as an array of bytes signatureContent = signer.GetPadesSignature(); } catch (ValidationException ex) { // Some of the operations above may throw a ValidationException, for instance if the certificate // encoding cannot be read or if the certificate is expired. ModelState.AddModelError("", ex.ValidationResults.ToString()); return(View()); } return(View("SignatureInfo", new SignatureInfoModel() { // Store the signature file on the folder "App_Data/". // With this filename, it can show a link to download the signature file. File = StorageMock.Store(signatureContent, ".pdf"), SignerCertificate = signingCertificate.Certificate })); }
public ActionResult Index(SignatureStartModel model) { byte[] toSignBytes, transferData; SignatureAlgorithm signatureAlg; try { // Decode the user's certificate var cert = PKCertificate.Decode(model.CertContent); // Instantiate a PadesSigner class var padesSigner = new PadesSigner(); // Set the PDF to sign, which in the case of this example is a fixed sample document padesSigner.SetPdfToSign(Storage.GetSampleDocContent()); // Set the signer certificate padesSigner.SetSigningCertificate(cert); // Set the signature policy padesSigner.SetPolicy(getSignaturePolicy()); // Set the signature's visual representation options (this is optional). For more information, see // http://pki.lacunasoftware.com/Help/html/98095ec7-2742-4d1f-9709-681c684eb13b.htm var visual = new PadesVisualRepresentation2() { // Text of the visual representation Text = new PadesVisualText() { // Compose the message CustomText = String.Format("Assinado digitalmente por {0}", cert.SubjectDisplayName), // Specify that the signing time should also be rendered IncludeSigningTime = true, // Optionally set the horizontal alignment of the text ('Left' or 'Right'), if not set the default is Left HorizontalAlign = PadesTextHorizontalAlign.Left }, // Background image of the visual representation Image = new PadesVisualImage() { // We'll use as background the image in Content/PdfStamp.png Content = Storage.GetPdfStampContent(), // Opacity is an integer from 0 to 100 (0 is completely transparent, 100 is completely opaque). Opacity = 50, // Align the image to the right HorizontalAlign = PadesHorizontalAlign.Right }, // Set the position of the visual representation Position = PadesVisualAutoPositioning.GetFootnote() }; padesSigner.SetVisualRepresentation(visual); // Generate the "to-sign-bytes". This method also yields the signature algorithm that must // be used on the client-side, based on the signature policy, as well as the "transfer data", // a byte-array that will be needed on the next step. toSignBytes = padesSigner.GetToSignBytes(out signatureAlg, out transferData); } catch (ValidationException ex) { // Some of the operations above may throw a ValidationException, for instance if the certificate // encoding cannot be read or if the certificate is expired. ModelState.AddModelError("", ex.ValidationResults.ToString()); return(View()); } // On the next step (Complete action), we'll need once again some information: // - The content of the selected certificate only used to render the user's certificate information // after the signature is completed. It is no longer needed for the signature process. // - The thumbprint of the selected certificate. // - The "transfer data" used to validate the signature in complete action. // - The "to-sign-hash" (digest of the "to-sign-bytes") to be signed. (see signature-complete-form.js) // - The OID of the digest algorithm to be used during the signature operation. // We'll store these values on TempData, which is a dictionary shared between actions. TempData["SignatureCompleteModel"] = new SignatureCompleteModel() { CertContent = model.CertContent, CertThumb = model.CertThumb, TransferData = transferData, ToSignHash = signatureAlg.DigestAlgorithm.ComputeHash(toSignBytes), DigestAlgorithmOid = signatureAlg.DigestAlgorithm.Oid }; return(RedirectToAction("Complete")); }
private void startNextSignature() { // Increment the index of the document currently being signed. DocumentIndex += 1; // Check if we have reached the end of the batch, in which case we fill the hidden field // "ToSignHashField" with value "(end)", which signals to the javascript on batch-signature-form.js // that the process is completed and the page can be unblocked. if (DocumentIndex == DocumentIds.Count) { ToSignHashField.Value = "(end)"; return; } // Get the ID of the document currently being signed. var docId = DocumentIds[DocumentIndex]; byte[] toSignBytes, transferData; SignatureAlgorithm signatureAlg; try { // Decode the user's certificate. var cert = PKCertificate.Decode(Convert.FromBase64String(CertificateField.Value)); // Instantiate a PadesSigner class. var padesSigner = new PadesSigner(); // Set the PDF to sign. padesSigner.SetPdfToSign(Storage.GetBatchDocContent(docId)); // Set the signer certificate. padesSigner.SetSigningCertificate(cert); // Set the signature policy. padesSigner.SetPolicy(getSignaturePolicy()); // Set the signature's visual representation options (optional). padesSigner.SetVisualRepresentation(getVisualRepresentation(cert)); // Generate the "to-sign-bytes". This method also yields the signature algorithm that must // be used on the client-side, based on the signature policy, as well as the "transfer data", // a byte-array that will be needed on the next step. toSignBytes = padesSigner.GetToSignBytes(out signatureAlg, out transferData); } catch (ValidationException ex) { // One or more validations failed. We log the error, update the page with a summary of what // happened to this document and start the next signature. logger.Error(ex, "Validation error starting the signature of a batch document"); setValidationError(ex.ValidationResults); startNextSignature(); return; } catch (Exception ex) { // An error has occurred. We log the error, update the page with a summary of what happened to // this document and start the next signature. logger.Error(ex, "Error starting the signature of a batch document"); setError(ex.Message); startNextSignature(); return; } // The "transfer data" for PDF signatures can be as large as the original PDF itself. Therefore, we // mustn't use a hidden field on the page to store it. Here we're using our storage mock // (see file Classes\Storage.cs) to simulate storing the transfer data on a database and saving on a // hidden field on the page only the ID that can be used later to retrieve it. Another option would // be to store the transfer data on the Session dictionary. TransferDataFileIdField.Value = Storage.StoreFile(transferData); // Send to the javascript the "to sign hash" of the document (digest of the "to-sign-bytes") and the // digest algorithm that must be used on the signature algorithm computation ToSignHashField.Value = Convert.ToBase64String(signatureAlg.DigestAlgorithm.ComputeHash(toSignBytes)); DigestAlgorithmField.Value = signatureAlg.DigestAlgorithm.Oid; }
/** * This action is called after the form after the user press the button "Sign". This action will * receive the user's CPF and current password. */ public async Task <ActionResult> Authorize(string userfile, string cpf, string service, string password) { byte[] signatureContent; PKCertificateWithKey signingCertificate; try { // Process CPF, removing all formatting. var plainCpf = Regex.Replace(cpf, "/[.-]/", ""); // Get an instance of the TrustServiceManager class, responsible for communicating with PSCs // and handling the OAuth flow. var manager = Util.GetTrustServicesManager(); // Complete authentication using CPF and current password. The following method has three // sessionTypes: // - SINGLE_SIGNATURE: The returned token can only be used for one single signature request. // - MULTI_SIGNATURE: The returned token can only be used for one multi signature request. // - SIGNATURE_SESSION: The return token can only be used for one or more signature requests. var passwordAuthorizeResult = await manager.PasswordAuthorizeAsync(service, plainCpf, password, TrustServiceSessionTypes.SignatureSession); // Verify if the userfile exists and get its absolute path. string userfilePath; if (!StorageMock.TryGetFile(userfile, out userfilePath)) { return(HttpNotFound()); } // Get an instance of the PadesSigner class, responsible for receiving the signature elements // and performing the local signature. var signer = new PadesSigner(); // Set signature policy. signer.SetPolicy(GetSignaturePolicy()); // Set file to be signed. signer.SetPdfToSign(userfilePath); // Recover the interface for the cloud certificate to be passed to PadesSigner class. var certificatesWithKey = await passwordAuthorizeResult.GetCertificatesWithKeyAsync(); signingCertificate = certificatesWithKey.First(); signer.SetSigningCertificate(signingCertificate); // Set a visual representation for the signature. signer.SetVisualRepresentation(PadesVisualElements.GetVisualRepresentationForPkiSdk(signingCertificate.Certificate)); // Call ComputeSignature(), which does all the work, including validation of the signer's certificate and of the resulting signature signer.ComputeSignature(); // Get the signed PDF as an array of bytes signatureContent = signer.GetPadesSignature(); } catch (ValidationException ex) { // Some of the operations above may throw a ValidationException, for instance if the certificate // encoding cannot be read or if the certificate is expired. ModelState.AddModelError("", ex.ValidationResults.ToString()); return(View()); } return(View("SignatureInfo", new SignatureInfoModel() { // Store the signature file on the folder "App_Data/". // With this filename, it can show a link to download the signature file. File = StorageMock.Store(signatureContent, ".pdf"), SignerCertificate = signingCertificate.Certificate })); }