public void Sign(String src, String dest, X509Certificate[] chain, ICipherParameters pk,
String digestAlgorithm, PdfSigner.CryptoStandard subfilter, String reason, String location,
ICollection <ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize)
{
PdfReader reader = new PdfReader(src);
PdfSigner signer = new PdfSigner(reader, new FileStream(dest, FileMode.Create), new StampingProperties());
// Create the signature appearance
Rectangle rect = new Rectangle(36, 648, 200, 100);
PdfSignatureAppearance appearance = signer.GetSignatureAppearance();
appearance
.SetReason(reason)
.SetLocation(location)
// Specify if the appearance before field is signed will be used
// as a background for the signed field. The "false" value is the default value.
.SetReuseAppearance(false)
.SetPageRect(rect)
.SetPageNumber(1);
signer.SetFieldName("sig");
IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm);
// Sign the document using the detached mode, CMS or CAdES equivalent.
signer.SignDetached(pks, chain, crlList, ocspClient, tsaClient, estimatedSize, subfilter);
}
private void addTsa(PdfSignatureAppearance signAppearance)
{
var es = new PrivateKeySignature(_asymmetricKeyParameter, "SHA-256");
var tsc = new TSAClientBouncyCastle(SignatureData.TsaClient.Url, SignatureData.TsaClient.UserName, SignatureData.TsaClient.Password);
MakeSignature.SignDetached(signAppearance, es, _chain, null, null, tsc, 0, CryptoStandard.CMS);
}
public static bool SignPDF(X509Certificate2 signature, string sourceDocument, string destinationPath)
{
if (signature == null)
{
return(false);
}
PdfReader reader = new PdfReader(sourceDocument);
using (FileStream fout = new FileStream(destinationPath, FileMode.Create, FileAccess.ReadWrite))
{
using (PdfStamper stamper = PdfStamper.CreateSignature(reader, fout, '\0'))
{
// digital signature
var pk = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(signature.PrivateKey).Private;
IExternalSignature es = new PrivateKeySignature(pk, "SHA-256");
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new[] { cp.ReadCertificate(signature.RawData) };
try
{
MakeSignature.SignDetached(stamper.SignatureAppearance, es, chain, null, null, null, 0, CryptoStandard.CMS);
}
catch (CryptographicException ex)
{
return(false);
}
stamper.Close();
}
}
return(true);
}
public virtual void SignEncryptedDoc01()
{
String fileName = "encrypted.pdf";
String src = sourceFolder + fileName;
String dest = destinationFolder + "signed_" + fileName;
String fieldName = "Signature1";
byte[] ownerPass = "******".GetBytes();
PdfReader reader = new PdfReader(src, new ReaderProperties().SetPassword(ownerPass));
PdfSigner signer = new PdfSigner(reader, new FileStream(dest, FileMode.Create), true);
// Creating the appearance
PdfSignatureAppearance appearance = signer.GetSignatureAppearance().SetReason("Test1").SetLocation("TestCity"
);
signer.SetFieldName(fieldName);
// Creating the signature
IExternalSignature pks = new PrivateKeySignature(pk, DigestAlgorithms.SHA256);
signer.SignDetached(pks, chain, null, null, null, 0, PdfSigner.CryptoStandard.CADES);
LtvVerifier verifier = new LtvVerifier(new PdfDocument(new PdfReader(dest, new ReaderProperties().SetPassword
(ownerPass))));
verifier.SetVerifyRootCertificate(false);
verifier.Verify(null);
}
public void Sign(String src, String name, String dest, ICollection <X509Certificate> chain, ICipherParameters pk,
String digestAlgorithm, CryptoStandard subfilter, String reason, String location,
String contact, DateTime signDate, String fullName)
{
// Creating the reader and the stamper
PdfReader reader = new PdfReader(src);
FileStream os = new FileStream(dest, FileMode.Create);
PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0');
// Creating the appearance
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.Reason = reason;
appearance.Location = location;
appearance.SetVisibleSignature(name);
appearance.Contact = contact;
appearance.SignDate = signDate;
MySignatureEvent eEvent = new MySignatureEvent();
eEvent.FullName = fullName;
appearance.SignatureEvent = eEvent;
// Creating the signature
IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm);
MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, subfilter);
}
virtual protected void SignWithKeyInfo(String src, String dest, ICipherParameters pk,
AsymmetricAlgorithm publicKey, String digestAlgorithm)
{
// Creating the reader and the stamper
PdfReader reader = new PdfReader(src);
FileStream os = new FileStream(dest, FileMode.Create);
PdfStamper stamper = PdfStamper.createXmlSignature(reader, os);
// Creating the appearance
XmlSignatureAppearance appearance = stamper.XmlSignatureAppearance;
//Set XfaXmlLocator to control getting and setting Document
appearance.SetXmlLocator(new XfaXmlLocator(stamper));
// Creating the signature
IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm);
KeyInfoClause keyInfo;
if (publicKey is DSA)
{
keyInfo = new DSAKeyValue((DSA)publicKey);
}
else if (publicKey is RSA)
{
keyInfo = new RSAKeyValue((RSA)publicKey);
}
else
{
throw new ArgumentException("Invalid public key algorithm", "publicKey");
}
MakeXmlSignature.SignXmlDSig(appearance, pks, keyInfo);
}
public void Sign(String keystore, String src, String name, String dest)
{
Pkcs12Store store = new Pkcs12Store(new FileStream(keystore, FileMode.Open), PASSWORD);
String alias = "";
ICollection <X509Certificate> chain = new List <X509Certificate>();
// searching for private key
foreach (string al in store.Aliases)
{
if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate)
{
alias = al;
break;
}
}
AsymmetricKeyEntry pk = store.GetKey(alias);
foreach (X509CertificateEntry c in store.GetCertificateChain(alias))
{
chain.Add(c.Certificate);
}
RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters;
PdfReader reader = new PdfReader(src);
FileStream os = new FileStream(dest, FileMode.Create);
PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0', null, true);
// Creating the appearance
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.SetVisibleSignature(name);
// Creating the signature
IExternalSignature pks = new PrivateKeySignature(parameters, "SHA-256");
MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, CryptoStandard.CMS);
}
private void signDetached(PdfSignatureAppearance signAppearance)
{
signAppearance.CertificationLevel = PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED;
var es = new PrivateKeySignature(_asymmetricKeyParameter, "SHA-256");
MakeSignature.SignDetached(signAppearance, es, _chain, null, null, null, 0, CryptoStandard.CMS);
}
public void Sign(String src, String name, String dest, X509Certificate[] chain,
ICipherParameters pk, String digestAlgorithm, PdfSigner.CryptoStandard subfilter,
String reason, String location, PdfSignatureAppearance.RenderingMode renderingMode, ImageData image)
{
PdfReader reader = new PdfReader(src);
PdfSigner signer = new PdfSigner(reader, new FileStream(dest, FileMode.Create), new StampingProperties());
// Create the signature appearance
PdfSignatureAppearance appearance = signer.GetSignatureAppearance();
appearance.SetReason(reason);
appearance.SetLocation(location);
// This name corresponds to the name of the field that already exists in the document.
signer.SetFieldName(name);
appearance.SetLayer2Text("Signed on " + DateTime.Now);
// Set the rendering mode for this signature.
appearance.SetRenderingMode(renderingMode);
// Set the Image object to render when the rendering mode is set to RenderingMode.GRAPHIC
// or RenderingMode.GRAPHIC_AND_DESCRIPTION.
appearance.SetSignatureGraphic(image);
PrivateKeySignature pks = new PrivateKeySignature(pk, digestAlgorithm);
// Sign the document using the detached mode, CMS or CAdES equivalent.
signer.SignDetached(pks, chain, null, null, null, 0, subfilter);
}
public byte[] SignHash(string hexhash, string password)
{
byte[] hash = StringToByteArray(hexhash);
Pkcs12Store store = new Pkcs12Store(getCertificate(), password.ToCharArray());
String alias = "";
foreach (string al in store.Aliases)
{
if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate)
{
alias = al;
break;
}
}
AsymmetricKeyEntry pk = store.GetKey(alias);
X509CertificateEntry[] chain = store.GetCertificateChain(alias);
List <Org.BouncyCastle.X509.X509Certificate> c = new List <Org.BouncyCastle.X509.X509Certificate>();
foreach (X509CertificateEntry en in chain)
{
c.Add(en.Certificate);
}
PrivateKeySignature signature = new PrivateKeySignature(pk.Key, "SHA256");
String hashAlgorithm = signature.GetHashAlgorithm();
PdfPKCS7 sgn = new PdfPKCS7(null, c, hashAlgorithm, false);
DateTime signingTime = DateTime.Now;
byte[] sh = sgn.getAuthenticatedAttributeBytes(hash, null, null, CryptoStandard.CMS);
byte[] extSignature = signature.Sign(sh);
sgn.SetExternalDigest(extSignature, null, signature.GetEncryptionAlgorithm());
return(sgn.GetEncodedPKCS7(hash, null, null, null, CryptoStandard.CMS));
}
public void Sign(String src, String dest, X509Certificate[] chain, ICipherParameters pk,
String digestAlgorithm, PdfSigner.CryptoStandard subfilter,
int certificationLevel, String reason, String location)
{
PdfReader reader = new PdfReader(src);
PdfSigner signer = new PdfSigner(reader, new FileStream(dest, FileMode.Create), new StampingProperties());
// Create the signature appearance
PdfSignatureAppearance appearance = signer.GetSignatureAppearance();
appearance.SetReason(reason);
appearance.SetLocation(location);
Rectangle rect = new Rectangle(36, 648, 200, 100);
appearance.SetPageRect(rect).SetPageNumber(1);
signer.SetFieldName("sig");
/* Set the document's certification level. This parameter defines if changes are allowed
* after the applying of the signature.
*/
signer.SetCertificationLevel(certificationLevel);
PrivateKeySignature pks = new PrivateKeySignature(pk, digestAlgorithm);
// Sign the document using the detached mode, CMS or CAdES equivalent.
signer.SignDetached(pks, chain, null, null, null, 0, subfilter);
}
public static void Sign(string fileName, string signedFileName, string reason, string location,
string privateKeyFileName, string certFileName, string password)
{
PdfReader reader = new PdfReader(fileName);
PdfWriter write = new PdfWriter(signedFileName);
PdfSigner signer = new PdfSigner(reader, write, false);
PdfSignatureAppearance appearance = signer.GetSignatureAppearance();
appearance.SetReason(reason);
appearance.SetLocation(location);
appearance.SetReuseAppearance(false);
Rectangle rect = new Rectangle(36, 648, 200, 100);
appearance.SetPageRect(rect);
appearance.SetPageNumber(1);
signer.SetFieldName("sig");
IExternalSignature pks = new PrivateKeySignature(ReadPrivateKey(privateKeyFileName, password), GetEncryptionAlgorithm());
X509CertificateParser parser = new X509CertificateParser();
X509Certificate cert = LoadCertificate(certFileName);
X509Certificate[] chain = new X509Certificate[1];
chain[0] = cert;
PdfSigner.CryptoStandard subfilter = GetSubFilter();
signer.SignDetached(pks, chain, null, null, null, 0, subfilter);
}
public void testSignSimpleECDsa()
{
string testFileName = @"..\..\..\resources\circles.pdf";
string storePath = @"..\..\..\..\simple\keystore\test1234.p12";
char[] storePass = "******".ToCharArray();
string storeAlias = "ECDSAkey";
Pkcs12Store pkcs12 = new Pkcs12Store(new FileStream(storePath, FileMode.Open, FileAccess.Read), storePass);
AsymmetricKeyParameter key = pkcs12.GetKey(storeAlias).Key;
X509CertificateEntry[] chainEntries = pkcs12.GetCertificateChain(storeAlias);
X509Certificate[] chain = new X509Certificate[chainEntries.Length];
for (int i = 0; i < chainEntries.Length; i++)
{
chain[i] = chainEntries[i].Certificate;
}
PrivateKeySignature signature = new PrivateKeySignature(key, "SHA512");
using (PdfReader pdfReader = new PdfReader(testFileName))
using (FileStream result = File.Create("circles-ECDSA-BC-signed-simple.pdf"))
{
PdfSigner pdfSigner = new PdfSigner(pdfReader, result, new StampingProperties().UseAppendMode());
ITSAClient tsaClient = null;
pdfSigner.SignDetached(signature, chain, null, null, tsaClient, 0, PdfSigner.CryptoStandard.CMS);
}
}
public virtual void LtvEnabledSingleSignatureTest01()
{
String signCertFileName = certsSrc + "signCertRsaWithChain.p12";
String tsaCertFileName = certsSrc + "tsCertRsa.p12";
String intermediateCertFileName = certsSrc + "intermediateRsa.p12";
String caCertFileName = certsSrc + "rootRsa.p12";
String srcFileName = sourceFolder + "helloWorldDoc.pdf";
String ltvFileName = destinationFolder + "ltvEnabledSingleSignatureTest01.pdf";
X509Certificate[] tsaChain = Pkcs12FileHelper.ReadFirstChain(tsaCertFileName, password);
ICipherParameters tsaPrivateKey = Pkcs12FileHelper.ReadFirstKey(tsaCertFileName, password, password);
X509Certificate intermediateCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(intermediateCertFileName
, password)[0];
ICipherParameters intermediatePrivateKey = Pkcs12FileHelper.ReadFirstKey(intermediateCertFileName, password
, password);
X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
TestTsaClient testTsa = new TestTsaClient(JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey);
TestOcspClient testOcspClient = new TestOcspClient().AddBuilderForCertIssuer(intermediateCert, intermediatePrivateKey
).AddBuilderForCertIssuer(caCert, caPrivateKey);
X509Certificate[] signChain = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password);
ICipherParameters signPrivateKey = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password);
IExternalSignature pks = new PrivateKeySignature(signPrivateKey, DigestAlgorithms.SHA256);
PdfSigner signer = new PdfSigner(new PdfReader(srcFileName), new FileStream(ltvFileName, FileMode.Create),
new StampingProperties());
signer.SetFieldName("Signature1");
signer.SignDetached(pks, signChain, null, testOcspClient, testTsa, 0, PdfSigner.CryptoStandard.CADES);
PadesSigTest.BasicCheckSignedDoc(destinationFolder + "ltvEnabledSingleSignatureTest01.pdf", "Signature1");
}
protected internal virtual void Sign(String src, String name, String dest, X509Certificate[] chain, ICipherParameters
pk, String digestAlgorithm, PdfSigner.CryptoStandard subfilter, String reason, String location, Rectangle
rectangleForNewField, bool setReuseAppearance, bool isAppendMode, int certificationLevel, float?fontSize
)
{
PdfReader reader = new PdfReader(src);
StampingProperties properties = new StampingProperties();
if (isAppendMode)
{
properties.UseAppendMode();
}
PdfSigner signer = new PdfSigner(reader, new FileStream(dest, FileMode.Create), properties);
signer.SetCertificationLevel(certificationLevel);
PdfFont font = PdfFontFactory.CreateFont(FONT, "WinAnsi", true);
// Creating the appearance
PdfSignatureAppearance appearance = signer.GetSignatureAppearance().SetReason(reason).SetLocation(location
).SetLayer2Font(font).SetReuseAppearance(setReuseAppearance);
if (rectangleForNewField != null)
{
appearance.SetPageRect(rectangleForNewField);
}
if (fontSize != null)
{
appearance.SetLayer2FontSize((float)fontSize);
}
signer.SetFieldName(name);
// Creating the signature
IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm);
signer.SignDetached(pks, chain, null, null, null, 0, subfilter);
}
public void Sign2(String src, String name, String dest, X509Certificate[] chain,
ICipherParameters pk, String digestAlgorithm, PdfSigner.CryptoStandard subfilter,
String reason, String location)
{
PdfReader reader = new PdfReader(src);
PdfSigner signer = new PdfSigner(reader, new FileStream(dest, FileMode.Create), new StampingProperties());
PdfSignatureAppearance appearance = signer.GetSignatureAppearance();
appearance.SetReason(reason);
appearance.SetLocation(location);
signer.SetFieldName(name);
// Creating the appearance for layer 2
PdfFormXObject n2 = appearance.GetLayer2();
// Custom text, custom font, and right-to-left writing
// Characters: لورانس العرب
Text text = new Text("\u0644\u0648\u0631\u0627\u0646\u0633 \u0627\u0644\u0639\u0631\u0628");
text.SetFont(PdfFontFactory.CreateFont("../../../resources/font/NotoNaskhArabic-Regular.ttf",
PdfEncodings.IDENTITY_H, true));
text.SetBaseDirection(BaseDirection.RIGHT_TO_LEFT);
new Canvas(n2, signer.GetDocument()).Add(new Paragraph(text).SetTextAlignment(TextAlignment.RIGHT));
IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm);
signer.SignDetached(pks, chain, null, null, null, 0, subfilter);
}
public void Sign1(String src, String name, String dest, X509Certificate[] chain,
ICipherParameters pk, String digestAlgorithm, PdfSigner.CryptoStandard subfilter,
String reason, String location)
{
PdfReader reader = new PdfReader(src);
PdfSigner signer = new PdfSigner(reader, new FileStream(dest, FileMode.Create), new StampingProperties());
// Create the signature appearance
PdfSignatureAppearance appearance = signer.GetSignatureAppearance();
appearance
.SetReason(reason)
.SetLocation(location);
// This name corresponds to the name of the field that already exists in the document.
signer.SetFieldName(name);
// Set the custom text and a custom font
appearance.SetLayer2Text("This document was signed by Bruno Specimen");
appearance.SetLayer2Font(PdfFontFactory.CreateFont(StandardFonts.TIMES_ROMAN));
IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm);
// Sign the document using the detached mode, CMS or CAdES equivalent.
signer.SignDetached(pks, chain, null, null, null, 0, subfilter);
}
public Stream SignPDF(Stream pdfstream, Certificate certificate)
{
pdfstream.Requires(nameof(pdfstream)).IsNotNull();
certificate.Requires(nameof(certificate)).IsNotNull();
var chain = certificate.Chain;
var parameters = certificate.Parameters;
IExternalSignature pks = new PrivateKeySignature(parameters, DigestAlgorithms.SHA256);
using (PdfReader reader = new PdfReader(pdfstream))
{
if (reader.IsEncrypted())
{
throw new Exception("[PDFEncryptedException] Target PDF is encrypted or owned, unlock PDF and try again.");
}
var outputpdf = new MemoryStream();
using (PdfStamper st = PdfStamper.CreateSignature(reader, outputpdf, '\0', "tmp.pdf", true))
{
PdfSignatureAppearance appearance = st.SignatureAppearance;
appearance.SignDate = DateTime.Now;
appearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.NAME_AND_DESCRIPTION;
MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, CryptoStandard.CMS);
var mb = outputpdf.ToArray();
return(new MemoryStream(mb));
}
}
}
public void Sign(String keystore, String src, String name, String dest)
{
Pkcs12Store pk12 = new Pkcs12Store(new FileStream(keystore, FileMode.Open, FileAccess.Read), PASSWORD);
string alias = null;
foreach (var a in pk12.Aliases)
{
alias = ((string)a);
if (pk12.IsKeyEntry(alias))
{
break;
}
}
ICipherParameters pk = pk12.GetKey(alias).Key;
X509CertificateEntry[] ce = pk12.GetCertificateChain(alias);
X509Certificate[] chain = new X509Certificate[ce.Length];
for (int k = 0; k < ce.Length; ++k)
{
chain[k] = ce[k].Certificate;
}
PdfReader reader = new PdfReader(src);
PdfSigner signer = new PdfSigner(reader, new FileStream(dest, FileMode.Create),
new StampingProperties().UseAppendMode());
signer.SetFieldName(name);
PrivateKeySignature pks = new PrivateKeySignature(pk, DigestAlgorithms.SHA256);
signer.SignDetached(pks, chain, null, null, null,
0, PdfSigner.CryptoStandard.CMS);
}
private void TestSignatureOnRotatedPage(int pageNum, PdfSignatureAppearance.RenderingMode renderingMode, StringBuilder
assertionResults)
{
String fileName = "signaturesOnRotatedPages" + pageNum + "_mode_" + renderingMode.ToString() + ".pdf";
String src = sourceFolder + "documentWithRotatedPages.pdf";
String dest = destinationFolder + fileName;
PdfSigner signer = new PdfSigner(new PdfReader(src), new FileStream(dest, FileMode.Create), new StampingProperties
().UseAppendMode());
PdfSignatureAppearance appearance = signer.GetSignatureAppearance();
appearance.SetLayer2Text("Digitally signed by Test User. All rights reserved. Take care!").SetPageRect(new
Rectangle(100, 100, 100, 50)).SetRenderingMode(renderingMode).SetSignatureGraphic(ImageDataFactory.Create
(sourceFolder + "itext.png")).SetPageNumber(pageNum);
signer.SetCertificationLevel(PdfSigner.NOT_CERTIFIED);
IExternalSignature pks = new PrivateKeySignature(pk, DigestAlgorithms.SHA256);
signer.SignDetached(pks, chain, null, null, null, 0, PdfSigner.CryptoStandard.CADES);
// Make sure iText can open the document
new PdfDocument(new PdfReader(dest)).Close();
try {
String testResult = new CompareTool().CompareVisually(dest, sourceFolder + "cmp_" + fileName, destinationFolder
, "diff_");
if (null != testResult)
{
assertionResults.Append(testResult);
}
}
catch (CompareTool.CompareToolExecutionException e) {
assertionResults.Append(e.Message);
}
}
private byte[] Sign(byte[] src, Org.BouncyCastle.X509.X509Certificate[] chain, ICipherParameters pk,
string digestAlgorithm, PdfSigner.CryptoStandard subfilter, string signatureFieldName
)
{
using (MemoryStream outputMemoryStream = new MemoryStream())
using (MemoryStream memoryStream = new MemoryStream(src))
using (PdfReader pdfReader = new PdfReader(memoryStream))
{
PdfSigner signer = new PdfSigner(
pdfReader, outputMemoryStream,
new StampingProperties().UseAppendMode()
);
signer.SetFieldName(signatureFieldName);
IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm);
try
{
// Sign the document using the detached mode, CMS or CAdES equivalent.
signer.SignDetached(pks, chain, null, null, null, 0, subfilter);
}
catch (Exception ex)
{
throw;
}
pdfReader.Close();
memoryStream.Close();
var documentoAssinado = outputMemoryStream.ToArray();
outputMemoryStream.Close();
return(documentoAssinado);
}
}
public static byte[] SignPDFBytes(X509Certificate2 signatureCert, byte[] pdf)
{
byte[] result;
MemoryStream ms = new MemoryStream();
PdfReader reader = new PdfReader(pdf);
using (PdfStamper signer = PdfStamper.CreateSignature(reader, ms, '\0'))
{
// digital signature
var pk = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(signatureCert.PrivateKey).Private;
IExternalSignature es = new PrivateKeySignature(pk, "SHA-256");
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new[] { cp.ReadCertificate(signatureCert.RawData) };
try
{
MakeSignature.SignDetached(signer.SignatureAppearance, es, chain, null, null, null, 0, CryptoStandard.CMS);
result = ms.ToArray();
}
catch (CryptographicException ex)
{
throw;
}
signer.Close();
}
return(result);
}
private static void SignPdfWithLocalCertificate()
{
var certificate = GetCertificateLocal();
var privateKey = DotNetUtilities.GetKeyPair(certificate.PrivateKey).Private;
var externalSignature = new PrivateKeySignature(privateKey, "SHA-256");
SignPdf(certificate, externalSignature, "Local Key.pdf");
}
public async Task DigitallySign(int idDocument, string userId, string password, byte[] certificateData, string reason, string location)
{
var document = await dbContext
.Documents
.FirstAsync(it => it.IdDocument == idDocument);
var lastState = await dbContext.DocumentStates.Include(it => it.DocumentData).Where(it => it.IdDocument == idDocument).LastAsync();
var unsignedData = ((DocumentDataUpload)lastState.DocumentData).Data;
var store = new Pkcs12Store(new MemoryStream(certificateData), password.ToCharArray());
var alias = string.Empty;
foreach (string al in store.Aliases)
{
if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate)
{
alias = al;
break;
}
}
var pk = store.GetKey(alias);
var chain = new List <X509Certificate>();
foreach (X509CertificateEntry c in store.GetCertificateChain(alias))
{
chain.Add(c.Certificate);
}
var certificate = new System.Security.Cryptography.X509Certificates.X509Certificate(certificateData, password);
var signedPdfData = new MemoryStream();
using (var reader = new PdfReader(unsignedData))
{
var stp = PdfStamper.CreateSignature(reader, signedPdfData, '\0');
stp.SignatureAppearance.Reason = reason;
stp.SignatureAppearance.Location = location;
stp.SignatureAppearance.SetVisibleSignature(new Rectangle(36, 748, 144, 780), 1, null);
var es = new PrivateKeySignature(pk.Key as RsaPrivateCrtKeyParameters, DigestAlgorithms.SHA256);
MakeSignature.SignDetached(stp.SignatureAppearance, es, chain, null, null, null, 0, CryptoStandard.CMS);
stp.Close();
}
dbContext.Entry(lastState).State = EntityState.Detached;
lastState.IdDocumentState = 0;
lastState.IdDocumentData = 0;
lastState.StatusDate = DateTime.Now;
lastState.IsDigitallySigned = true;
lastState.Version = GetNextVersion(lastState.Version, lastState.DocumentStatus);
lastState.DocumentData = new DocumentDataUpload {
Data = signedPdfData.ToArray()
};
dbContext.DocumentStates.Add(lastState);
}
public bool signCertificate(string DocumentPath, string CertificateSavePath, Stream privateKeyStream, string keyPassword)
{
try
{
Pkcs12Store pk12 = new Pkcs12Store(privateKeyStream, keyPassword.ToCharArray());
privateKeyStream.Dispose();
//then Iterate throught certificate entries to find the private key entry
string alias = null;
foreach (string tAlias in pk12.Aliases)
{
if (pk12.IsKeyEntry(tAlias))
{
alias = tAlias;
break;
}
}
var pk = pk12.GetKey(alias).Key;
// reader and stamper
PdfReader reader = new PdfReader(DocumentPath);
int PageCount = reader.NumberOfPages;
using (FileStream fout = new FileStream(CertificateSavePath, FileMode.Create, FileAccess.ReadWrite))
{
using (PdfStamper stamper = PdfStamper.CreateSignature(reader, fout, '\0', null, true))
{
// appearance
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
//appearance.Image = new iTextSharp.text.pdf.PdfImage();
//appearance.Reason = reason;
// appearance.Location = location;
appearance.SetVisibleSignature(new iTextSharp.text.Rectangle(220, 165, 420, 250), PageCount, "Icsi-Vendor");//.IsInvisible();//s
//220,165, 435, 310
//lly - gose up llx - is width 210,245,495,620 500, 300, 297, 200
//iTextSharp.text.Image watermark = iTextSharp.text.Image.GetInstance(SignatureIMGPath);
//appearance.Image = watermark;
//appearance.Image.ScaleToFit(70, 70);
////appearance.Image.Alignment=100;
//appearance.Image.SetAbsolutePosition(100, 100);
//appearance.GetAppearance().AddImage(watermark);
//digital signature
IExternalSignature es = new PrivateKeySignature(pk, "SHA-256");
MakeSignature.SignDetached(appearance, es, new Org.BouncyCastle.X509.X509Certificate[] { pk12.GetCertificate(alias).Certificate }, null, null, null, 0, CryptoStandard.CMS);
stamper.Close();
}
}
return(true);
}
catch (Exception Ex)
{
ErrorLog.LogError(Ex);
return(false);
}
}
private void SignDocumentSigningBlock(ICollection <X509Certificate> chain, ICipherParameters pk, string block, PdfSignatureAppearance appearance, PdfStamper stamper, byte[] signatureImage)
{
appearance.SetVisibleSignature(block);
SignDocumentSigningBlockWithImage(signatureImage, appearance);
SignDocumentSigningBlockWithText(appearance, chain.First());
IExternalSignature externalSignature = new PrivateKeySignature(pk, "SHA-256");
MakeSignature.SignDetached(appearance, externalSignature, chain, null, null, new TSAClientBouncyCastle("http://services.globaltrustfinder.com/adss/tsa"), 104000, CryptoStandard.CMS);
}
public string AddSignature(string PathSource, string PathTarget, string CertPath, string CertPass, int lx = 100, int ly = 100, int ux = 250, int uy = 150, int page = 1, bool Visible = true)
{
try
{
Org.BouncyCastle.Crypto.AsymmetricKeyParameter Akp = null;
Org.BouncyCastle.X509.X509Certificate[] Chain = null;
string alias = null;
Org.BouncyCastle.Pkcs.Pkcs12Store pk12;
pk12 = new Org.BouncyCastle.Pkcs.Pkcs12Store(new System.IO.FileStream(CertPath, System.IO.FileMode.Open, System.IO.FileAccess.Read), CertPass.ToCharArray());
IEnumerable aliases = pk12.Aliases;
foreach (string aliasTemp in aliases)
{
alias = aliasTemp;
if (pk12.IsKeyEntry(alias))
{
break;
}
}
Akp = pk12.GetKey(alias).Key;
Org.BouncyCastle.Pkcs.X509CertificateEntry[] ce = pk12.GetCertificateChain(alias);
Chain = new Org.BouncyCastle.X509.X509Certificate[ce.Length];
for (int k = 0; k < ce.Length; ++k)
{
Chain[k] = ce[k].Certificate;
}
iTextSharp.text.pdf.PdfReader reader = new iTextSharp.text.pdf.PdfReader(PathSource);
iTextSharp.text.pdf.PdfStamper st = iTextSharp.text.pdf.PdfStamper.CreateSignature(reader, new System.IO.FileStream(PathTarget, System.IO.FileMode.Create, System.IO.FileAccess.Write), '\0', null, true);
iTextSharp.text.pdf.PdfSignatureAppearance sap = st.SignatureAppearance;
if (Visible == true)
{
page = (page <1 || page> reader.NumberOfPages) ? 1 : page;
sap.SetVisibleSignature(new iTextSharp.text.Rectangle(lx, ly, ux, uy), page, null);
}
sap.CertificationLevel = iTextSharp.text.pdf.PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED;
// digital signature - http://itextpdf.com/examples/iia.php?id=222
IExternalSignature es = new PrivateKeySignature(Akp, "SHA-256"); // "BC"
MakeSignature.SignDetached(sap, es, new X509Certificate[] { pk12.GetCertificate(alias).Certificate }, null, null, null, 0, CryptoStandard.CMS);
st.Close();
return("");
}
catch (Exception e)
{
return(e.Message);
}
}
private static async Task SignPdfWithExportableCertificateInKeyVault()
{
var client = GetKeyVaultClient();
var exportableSecretIdentifier = "https://vaultfromcode.vault.azure.net:443/secrets/TestCertificate";
var certificate = await GetCertificateKeyVault(exportableSecretIdentifier);
var privateKey = DotNetUtilities.GetKeyPair(certificate.PrivateKey).Private;
var externalSignature = new PrivateKeySignature(privateKey, "SHA-256");
SignPdf(certificate, externalSignature, "Exportable Key Vault.pdf");
}
public static void DigitalSign()
{
PdfReader reader = new PdfReader(@"C:\workspace\PDFDigitalSign\Resource\Result1.pdf");
using (FileStream fout = new FileStream(@"C:\workspace\PDFDigitalSign\Resource\Result2.pdf", FileMode.Create, FileAccess.ReadWrite))
{
// appearance
PdfStamper stamper = PdfStamper.CreateSignature(reader, fout, '\0', null, true);
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
//appearance.Reason = SignReason;
//appearance.Location = SignLocation;
appearance.SignDate = DateTime.Now.Date;
appearance.SetVisibleSignature(new iTextSharp.text.Rectangle(100, 100, 50 + 200, 50 + 100), 1, null);//.IsInvisible
// Custom text and background image
appearance.Image = iTextSharp.text.Image.GetInstance(@"C:\workspace\PDFDigitalSign\Resource\sign2.png");
appearance.ImageScale = 0.6f;
appearance.Image.Alignment = 300;
appearance.Acro6Layers = true;
StringBuilder buf = new StringBuilder();
buf.Append("Digitally Signed by ");
String name = "Sidd";
buf.Append(name).Append('\n');
buf.Append("Date: ").Append(DateTime.Now.ToString("dd-MM-yyyy HH:mm:ss zzz"));
string text = buf.ToString();
appearance.Layer2Text = text;
var pk12 = new Pkcs12Store(new System.IO.FileStream(@"C:\workspace\PDFDigitalSign\Resource\certificate.pfx", System.IO.FileMode.Open, System.IO.FileAccess.Read), "12345678".ToCharArray());
string alias = null;
foreach (string tAlias in pk12.Aliases)
{
if (pk12.IsKeyEntry(tAlias))
{
alias = tAlias;
break;
}
}
var pk = pk12.GetKey(alias).Key;
//digital signature
IExternalSignature es = new PrivateKeySignature(pk, "SHA-256");
MakeSignature.SignDetached(appearance, es, new Org.BouncyCastle.X509.X509Certificate[] { pk12.GetCertificate(alias).Certificate }, null, null, null, 0, CryptoStandard.CMS);
stamper.Close();
}
}
public static void Sign(string input, string output, ImageData stamper, ICipherParameters privateKey, X509Certificate[] chain, string flag)
{
PdfDocument document = new PdfDocument(new PdfReader(input));
PdfAcroForm acroForm = PdfAcroForm.GetAcroForm(document, false);
bool append = (acroForm != null && acroForm.GetSignatureFlags() != 0);
int pageNumber = document.GetNumberOfPages();
RegexBasedLocationExtractionStrategy strategy = new RegexBasedLocationExtractionStrategy(flag);
PdfDocumentContentParser parser = new PdfDocumentContentParser(document);
parser.ProcessContent(pageNumber, strategy);
var locations = new List <IPdfTextLocation>(strategy.GetResultantLocations());
document.Close();
StampingProperties properties = new StampingProperties();
properties = append ? properties.UseAppendMode() : properties;
PdfSigner signer = new PdfSigner(new PdfReader(input), new FileStream(output, FileMode.Create), properties);
signer.SetCertificationLevel(PdfSigner.CERTIFIED_NO_CHANGES_ALLOWED);
PdfSignatureAppearance appearance = signer.GetSignatureAppearance();
appearance.SetPageNumber(pageNumber);
int size = locations.Count;
if (size != 0)
{
IPdfTextLocation location = locations[size - 1];
float flagX = location.GetRectangle().GetX();
float flagY = location.GetRectangle().GetY();
float width = stamper.GetWidth();
float height = stamper.GetHeight();
float x = flagX - width / 2;
float y = flagY - height / 2;
appearance.SetRenderingMode(PdfSignatureAppearance.RenderingMode.GRAPHIC);
appearance.SetSignatureGraphic(stamper);
appearance.SetPageRect(new Rectangle(x, y, width, height));
}
PrivateKeySignature signature = new PrivateKeySignature(privateKey, DigestAlgorithms.SHA256);
signer.SignDetached(signature, chain, null, null, null, 0, PdfSigner.CryptoStandard.CADES);
}
