public void Pkcs11RsaSignatureReuseTest()
        {
            using (Pkcs11RsaSignature pkcs11RsaSignature = new Pkcs11RsaSignature(_libraryPath, _tokenSerial, _tokenLabel, _pin, _ckaLabel, _ckaId, _hashAlgorithm))
            {
                byte[]        signingCertificate       = pkcs11RsaSignature.GetSigningCertificate();
                List <byte[]> otherCertificates        = pkcs11RsaSignature.GetAllCertificates();
                ICollection <X509Certificate> certPath = CertUtils.BuildCertPath(signingCertificate, otherCertificates);

                for (int i = 0; i < 100; i++)
                {
                    string unsignedPdfPath = GetTempDocPath();
                    string signedPdfPath   = GetTempDocPath();

                    try
                    {
                        GenerateRandomPdf(unsignedPdfPath);

                        using (PdfReader pdfReader = new PdfReader(unsignedPdfPath))
                            using (FileStream outputStream = new FileStream(signedPdfPath, FileMode.Create))
                                using (PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, outputStream, '\0', GetTempDocPath(), true))
                                    MakeSignature.SignDetached(pdfStamper.SignatureAppearance, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES);

                        Assert.IsTrue(1 == VerifySignatureIntegrity(signedPdfPath));
                    }
                    finally
                    {
                        File.Delete(unsignedPdfPath);
                        File.Delete(signedPdfPath);
                    }
                }
            }
        }
예제 #2
0
        public void BuildCertPathTest()
        {
            List <byte[]> otherCerts = null;
            ICollection <BCX509.X509Certificate> certPath = null;

            // Self-signed signing certificate
            certPath = CertUtils.BuildCertPath(_derCert, otherCerts);
            Assert.IsTrue(certPath.Count == 1);
            Assert.IsTrue(Convert.ToBase64String(GetCertAt(certPath, 0).GetEncoded()) == Convert.ToBase64String(_derCert));

            // Path cannot be built when signing certificate is not self-signed and no additional certs are provided
            try
            {
                certPath = CertUtils.BuildCertPath(_endEntity, otherCerts);
                Assert.Fail("Exception expected but not thrown");
            }
            catch (Exception ex)
            {
                Assert.IsTrue(ex is Org.BouncyCastle.Pkix.PkixCertPathBuilderException);
            }

            // Fails when additional certs are provided and the path cannot be build because root CA is missing
            try
            {
                otherCerts = new List <byte[]>();
                otherCerts.Add(_subCA);
                certPath = CertUtils.BuildCertPath(_endEntity, otherCerts);
                Assert.Fail("Exception expected but not thrown");
            }
            catch (Exception ex)
            {
                Assert.IsTrue(ex is Org.BouncyCastle.Pkix.PkixCertPathBuilderException);
            }

            // Fails when additional certs are provided and the path cannot be build because intermediate CA is missing
            try
            {
                otherCerts = new List <byte[]>();
                otherCerts.Add(_rootCA);
                certPath = CertUtils.BuildCertPath(_endEntity, otherCerts);
                Assert.Fail("Exception expected but not thrown");
            }
            catch (Exception ex)
            {
                Assert.IsTrue(ex is Org.BouncyCastle.Pkix.PkixCertPathBuilderException);
            }

            // Returns full chain when the path can be built
            otherCerts = new List <byte[]>();
            otherCerts.Add(_rootCA);
            otherCerts.Add(_subCA);
            certPath = CertUtils.BuildCertPath(_endEntity, otherCerts);
            Assert.IsTrue(certPath.Count == 3);
            Assert.IsTrue(Convert.ToBase64String(GetCertAt(certPath, 0).GetEncoded()) == Convert.ToBase64String(_endEntity));
            Assert.IsTrue(Convert.ToBase64String(GetCertAt(certPath, 1).GetEncoded()) == Convert.ToBase64String(_subCA));
            Assert.IsTrue(Convert.ToBase64String(GetCertAt(certPath, 2).GetEncoded()) == Convert.ToBase64String(_rootCA));
        }
예제 #3
0
        private void signPDF(int llx, int lly, int urx, int ury)
        {
            // Do something interesting with unsigned PDF document
            FileInfo unsignedPdfInfo = new FileInfo(unsignedPdfPath);
            //Assert.IsTrue(unsignedPdfInfo.Length > 0);
            // Specify path to the unmanaged PCKS#11 library
            string libraryPath = @"C:\Windows\System32\cvP11.dll";
            // Specify serial number of the token that contains signing key. May be null if tokenLabel is specified.
            string tokenSerial = @"910e21b0da172e34";
            // Specify label of of the token that contains signing key. May be null if tokenSerial is specified
            string tokenLabel = @"SuisseID";
            // Specify PIN for the token
            string pin = "091011";
            // Specify label (value of CKA_LABEL attribute) of the private key used for signing. May be null if ckaId is specified.
            string ckaLabel = null;
            // Specify hex encoded string with identifier (value of CKA_ID attribute) of the private key used for signing. May be null if ckaLabel is specified.

            string ckaId = "6D808CE0BF9C368FB0AD28E24366F646BA0B3F67";
            // Specify hash algorihtm used for the signature creation
            HashAlgorithm hashAlgorithm = HashAlgorithm.SHA256;

            // Create instance of Pkcs11Signature class that allows iText to create PKCS#1 v1.5 RSA signature with the private key stored on PKCS#11 compatible device
            using (Pkcs11RsaSignature pkcs11RsaSignature = new Pkcs11RsaSignature(libraryPath, tokenSerial, tokenLabel, pin, ckaLabel, ckaId, HashAlgorithm.SHA256))
            {
                // When signing certificate is stored on the token it can be usually read with GetSigningCertificate() method
                byte[] signingCertificate = pkcs11RsaSignature.GetSigningCertificate();
                // All certificates stored on the token can be usually read with GetAllCertificates() method
                List <byte[]> otherCertificates = pkcs11RsaSignature.GetAllCertificates();
                // Build certification path for the signing certificate
                ICollection <Org.BouncyCastle.X509.X509Certificate> certPath = CertUtils.BuildCertPath(signingCertificate, otherCertificates);
                // Read unsigned PDF document
                using (PdfReader pdfReader = new PdfReader(unsignedPdfPath))
                {
                    // Create output stream for signed PDF document
                    using (FileStream outputStream = new FileStream(signedPdfPath, FileMode.Create))
                    {
                        // Create PdfStamper that applies extra content to the PDF document
                        using (PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, outputStream, '\0', Path.GetTempFileName(), true))
                        {
                            // Sign PDF document
                            PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance;
                            signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.GRAPHIC_AND_DESCRIPTION;
                            signatureAppearance.SignatureGraphic       = iTextSharp.text.Image.GetInstance("logo_sign.png");
                            signatureAppearance.SetVisibleSignature(new iTextSharp.text.Rectangle((float)llx, (float)lly, (float)urx, (float)ury), 1, null);
                            MakeSignature.SignDetached(pdfStamper.SignatureAppearance, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES);
                            //MakeSignature.SignDetached(pdfStamper.SignatureAppearance, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES);
                        }
                    }
                }
            }
            // Do something interesting with the signed PDF document
            FileInfo signedPdfInfo = new FileInfo(signedPdfPath);
            //Assert.IsTrue(signedPdfInfo.Length > signedPdfPath.Length);
        }
예제 #4
0
        public void SignPdf(string inputPdfPath, string signedPdfPath, string tokenPin)
        {
            // Pkcs11RsaSignature can't find a private key by certificate label, only by certificate id.
            var signingCertificateId = this.FindSigningCertificateId(tokenPin, this.ckaLabel);

            var pkcs11RsaSignature = SmartCardUtils.SaferCreateSignature(this.pkcsLibPath, this.tokenLabel, tokenPin, signingCertificateId);

            if (pkcs11RsaSignature == null)
            {
                throw new InvalidOperationException("Smart card read error.");
            }
            try
            {
                var rawSigningCertificate = pkcs11RsaSignature.SaferGetSigningCertificate();
                var signingCertificate    = SmartCardUtils.ParseCertificate(rawSigningCertificate);
                var signatureAuthor       = GetCertificateCn(signingCertificate.Subject);
                var certificateChain      = SmartCardUtils.GetCertificateChain(signingCertificate);

                var certPath = CertUtils.BuildCertPath(rawSigningCertificate, certificateChain.Select(v => v.RawData).ToList());

                using (var pdfReader = new PdfReader(inputPdfPath))
                {
                    using (var outputStream = new FileStream(signedPdfPath, FileMode.Create))
                    {
                        // Create PdfStamper that applies extra content to the PDF document
                        using (var pdfStamper = PdfStamper.CreateSignature(pdfReader, outputStream, '\0', Path.GetTempFileName(), true))
                        {
                            pdfStamper.SignatureAppearance.SignatureCreator = signatureAuthor;
                            pdfStamper.SignatureAppearance.SignDate         = DateTime.Now;
                            // Sign PDF document
                            MakeSignature.SignDetached(pdfStamper.SignatureAppearance, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES);
                        }
                    }
                }
            }
            finally
            {
                pkcs11RsaSignature.Dispose();
            }
        }
        public void SignPdfDocument()
        {
            // Specify path to the unsigned PDF that will be created by this code
            string unsignedPdfPath = @"c:\temp\unsigned.pdf";

            // Specify path to the signed PDF that will be created by this code
            string signedPdfPath = @"c:\temp\signed.pdf";

            // Create simple PDF document with iText
            using (Document document = new Document(PageSize.A4, 50, 50, 50, 50))
            {
                using (FileStream outputStream = new FileStream(unsignedPdfPath, FileMode.Create))
                {
                    using (PdfWriter pdfWriter = PdfWriter.GetInstance(document, outputStream))
                    {
                        document.Open();
                        document.Add(new Paragraph("Hello World!"));
                        document.Close();
                    }
                }
            }

            // Do something interesting with unsigned PDF document
            FileInfo unsignedPdfInfo = new FileInfo(unsignedPdfPath);

            Assert.IsTrue(unsignedPdfInfo.Length > 0);

            // Specify path to the unmanaged PCKS#11 library
            string libraryPath = @"siecap11.dll";

            // Specify serial number of the token that contains signing key. May be null if tokenLabel is specified.
            string tokenSerial = null;

            // Specify label of of the token that contains signing key. May be null if tokenSerial is specified
            string tokenLabel = @"Pkcs11Interop";

            // Specify PIN for the token
            string pin = @"11111111";

            // Specify label (value of CKA_LABEL attribute) of the private key used for signing. May be null if ckaId is specified.
            string ckaLabel = @"John Doe";

            // Specify hex encoded string with identifier (value of CKA_ID attribute) of the private key used for signing. May be null if ckaLabel is specified.
            string ckaId = null;

            // Specify hash algorihtm used for the signature creation
            HashAlgorithm hashAlgorithm = HashAlgorithm.SHA256;

            // Create instance of Pkcs11Signature class that allows iText to create PKCS#1 v1.5 RSA signature with the private key stored on PKCS#11 compatible device
            using (Pkcs11RsaSignature pkcs11RsaSignature = new Pkcs11RsaSignature(libraryPath, tokenSerial, tokenLabel, pin, ckaLabel, ckaId, hashAlgorithm))
            {
                // When signing certificate is stored on the token it can be usually read with GetSigningCertificate() method
                byte[] signingCertificate = pkcs11RsaSignature.GetSigningCertificate();

                // All certificates stored on the token can be usually read with GetAllCertificates() method
                List <byte[]> otherCertificates = pkcs11RsaSignature.GetAllCertificates();

                // Build certification path for the signing certificate
                ICollection <Org.BouncyCastle.X509.X509Certificate> certPath = CertUtils.BuildCertPath(signingCertificate, otherCertificates);

                // Read unsigned PDF document
                using (PdfReader pdfReader = new PdfReader(unsignedPdfPath))
                {
                    // Create output stream for signed PDF document
                    using (FileStream outputStream = new FileStream(signedPdfPath, FileMode.Create))
                    {
                        // Create PdfStamper that applies extra content to the PDF document
                        using (PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, outputStream, '\0', Path.GetTempFileName(), true))
                        {
                            // Sign PDF document
                            MakeSignature.SignDetached(pdfStamper.SignatureAppearance, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES);
                        }
                    }
                }
            }

            // Do something interesting with the signed PDF document
            FileInfo signedPdfInfo = new FileInfo(signedPdfPath);

            Assert.IsTrue(signedPdfInfo.Length > signedPdfPath.Length);
        }