/** * Signs the document using the detached mode, CMS or CAdES equivalent. * @param sap the PdfSignatureAppearance * @param externalSignature the interface providing the actual signing * @param chain the certificate chain * @param crlList the CRL list * @param ocspClient the OCSP client * @param tsaClient the Timestamp client * @param provider the provider or null * @param estimatedSize the reserved size for the signature. It will be estimated if 0 * @param cades true to sign CAdES equivalent PAdES-BES, false to sign CMS * @throws DocumentException * @throws IOException * @throws GeneralSecurityException * @throws NoSuchAlgorithmException * @throws Exception */ public static void SignDetached(PdfSignatureAppearance sap, IExternalSignature externalSignature, ICollection<X509Certificate> chain, ICollection<ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize, CryptoStandard sigtype) { List<X509Certificate> certa = new List<X509Certificate>(chain); ICollection<byte[]> crlBytes = null; int i = 0; while (crlBytes == null && i < certa.Count) crlBytes = ProcessCrl(certa[i++], crlList); if (estimatedSize == 0) { estimatedSize = 8192; if (crlBytes != null) { foreach (byte[] element in crlBytes) { estimatedSize += element.Length + 10; } } if (ocspClient != null) estimatedSize += 4192; if (tsaClient != null) estimatedSize += 4192; } sap.Certificate = certa[0]; if(sigtype == CryptoStandard.CADES) sap.AddDeveloperExtension(PdfDeveloperExtension.ESIC_1_7_EXTENSIONLEVEL2); PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, sigtype == CryptoStandard.CADES ? PdfName.ETSI_CADES_DETACHED : PdfName.ADBE_PKCS7_DETACHED); dic.Reason = sap.Reason; dic.Location = sap.Location; dic.SignatureCreator = sap.SignatureCreator; dic.Contact = sap.Contact; dic.Date = new PdfDate(sap.SignDate); // time-stamp will over-rule this sap.CryptoDictionary = dic; Dictionary<PdfName, int> exc = new Dictionary<PdfName, int>(); exc[PdfName.CONTENTS] = estimatedSize * 2 + 2; sap.PreClose(exc); String hashAlgorithm = externalSignature.GetHashAlgorithm(); PdfPKCS7 sgn = new PdfPKCS7(null, chain, hashAlgorithm, false); IDigest messageDigest = DigestUtilities.GetDigest(hashAlgorithm); Stream data = sap.GetRangeStream(); byte[] hash = DigestAlgorithms.Digest(data, hashAlgorithm); DateTime cal = DateTime.Now; byte[] ocsp = null; if (chain.Count >= 2 && ocspClient != null) { ocsp = ocspClient.GetEncoded(certa[0], certa[1], null); } byte[] sh = sgn.getAuthenticatedAttributeBytes(hash, cal, ocsp, crlBytes, sigtype); byte[] extSignature = externalSignature.Sign(sh); sgn.SetExternalDigest(extSignature, null, externalSignature.GetEncryptionAlgorithm()); byte[] encodedSig = sgn.GetEncodedPKCS7(hash, cal, tsaClient, ocsp, crlBytes, sigtype); if (estimatedSize < encodedSig.Length) throw new IOException("Not enough space"); byte[] paddedSig = new byte[estimatedSize]; System.Array.Copy(encodedSig, 0, paddedSig, 0, encodedSig.Length); PdfDictionary dic2 = new PdfDictionary(); dic2.Put(PdfName.CONTENTS, new PdfString(paddedSig).SetHexWriting(true)); sap.Close(dic2); }
/** * Signs a document with a PAdES-LTV Timestamp. The document is closed at the end. * @param sap the signature appearance * @param tsa the timestamp generator * @param signatureName the signature name or null to have a name generated * automatically * @throws Exception */ public static void Timestamp(PdfSignatureAppearance sap, ITSAClient tsa, String signatureName) { int contentEstimated = tsa.GetTokenSizeEstimate(); sap.SetVisibleSignature(new Rectangle(0,0,0,0), 1, signatureName); PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ETSI_RFC3161); dic.Put(PdfName.TYPE, PdfName.DOCTIMESTAMP); sap.CryptoDictionary = dic; Dictionary<PdfName,int> exc = new Dictionary<PdfName,int>(); exc[PdfName.CONTENTS] = contentEstimated * 2 + 2; sap.PreClose(exc); Stream data = sap.GetRangeStream(); IDigest messageDigest = DigestUtilities.GetDigest(tsa.GetDigestAlgorithm()); byte[] buf = new byte[4096]; int n; while ((n = data.Read(buf, 0, buf.Length)) > 0) { messageDigest.BlockUpdate(buf, 0, n); } byte[] tsImprint = new byte[messageDigest.GetDigestSize()]; messageDigest.DoFinal(tsImprint, 0); byte[] tsToken = tsa.GetTimeStampToken(tsImprint); if (contentEstimated + 2 < tsToken.Length) throw new Exception("Not enough space"); byte[] paddedSig = new byte[contentEstimated]; System.Array.Copy(tsToken, 0, paddedSig, 0, tsToken.Length); PdfDictionary dic2 = new PdfDictionary(); dic2.Put(PdfName.CONTENTS, new PdfString(paddedSig).SetHexWriting(true)); sap.Close(dic2); }
public static void signPdfFile(string sourceDocument, string destinationPath, Stream privateKeyStream, string keyPassword, string reason, string location) { Pkcs12Store pk12 = new Pkcs12Store(privateKeyStream, keyPassword.ToCharArray()); privateKeyStream.Dispose(); //then Iterate throught certificate entries to find the private key entry string alias = null; foreach (string tAlias in pk12.Aliases) { if (pk12.IsKeyEntry(tAlias)) { alias = tAlias; break; } } var pk = pk12.GetKey(alias).Key; var ce = pk12.GetCertificateChain(alias); var chain = new X509Certificate[ce.Length]; for (int k = 0; k < ce.Length; ++k) { chain[k] = ce[k].Certificate; } // reader and stamper PdfReader reader = new PdfReader(sourceDocument); FileStream fout = new FileStream(destinationPath, FileMode.Create, FileAccess.ReadWrite); PdfStamper stamper = PdfStamper.CreateSignature(reader, fout, '\0', null, true); PdfSignatureAppearance appearance = stamper.SignatureAppearance; appearance.SetCrypto(pk, chain, null, PdfSignatureAppearance.SELF_SIGNED); appearance.Reason = reason; appearance.Location = location; stamper.Close(); }
/// <summary> /// Signs a PDF document using iTextSharp library /// </summary> /// <param name="sourceDocument">The path of the source pdf document which is to be signed</param> /// <param name="destinationDocument">The path at which the signed pdf document should be generated</param> /// <param name="privateKeyStream">A Stream containing the private/public key in .pfx format which would be used to sign the document</param> /// <param name="pfxKeyPass">The password for the private key</param> /// <param name="reasonForSigning">String describing the reason for signing, would be embedded as part of the signature</param> /// <param name="location">Location where the document was signed, would be embedded as part of the signature</param> public static void SignPdfFile(string sourceDocument, string destinationDocument, SignInfo i) { using (var cpfxFile = new FileStream(i.pfxFilePath, FileMode.Open, FileAccess.Read)) { Pkcs12Store pk12 = new Pkcs12Store(cpfxFile, i.pfxKeyPass.ToCharArray()); string alias = null; foreach (string tAlias in pk12.Aliases) { if (pk12.IsKeyEntry(tAlias)) { alias = tAlias; break; } } var pk = pk12.GetKey(alias).Key; using (var reader = new PdfReader(sourceDocument)) using (var fout = new FileStream(destinationDocument, FileMode.Create, FileAccess.ReadWrite)) using (var stamper = PdfStamper.CreateSignature(reader, fout, '\0')) { stamper.SetEncryption(i.docPass, i.docPass, PdfWriter.ALLOW_SCREENREADERS, PdfWriter.STRENGTH128BITS); var img = new iTextSharp.text.Jpeg(new Uri(i.signImagePath)); PdfSignatureAppearance appearance = stamper.SignatureAppearance; appearance.Image = img; appearance.Reason = i.reasonForSigning; appearance.Location = i.location; const float x = 20, y = 10; appearance.SetVisibleSignature(new iTextSharp.text.Rectangle(x, y, x + img.Width, y + img.Width), 1, "Icsi-Vendor"); IExternalSignature es = new PrivateKeySignature(pk, "SHA-256"); MakeSignature.SignDetached(appearance, es, new X509Certificate[] { pk12.GetCertificate(alias).Certificate }, null, null, null, 0, CryptoStandard.CMS); stamper.Close(); } } }
public PdfSignatureAppearance makePdfSignature(PdfSignatureAppearance signatureAppearance, DesignSign design) { /* signatureAppearance.Layer2Text = * "K\x00fd bởi: " + this.getSubjectByKey("CN") + * "\nK\x00fd ng\x00e0y: " + string.Format("{0:d/M/yyyy HH:mm:ss}"+ * "\nMã số thuế:"+this.getMST_EX() * , DateTime.Now); */ // iTextSharp.text.Font font2 = new iTextSharp.text.Font(BaseFont.CreateFont(@"D:\C++Project\Projects\times.ttf", "Identity-H", false)); // iTextSharp.text.Font font2 = new iTextSharp.text.Font(BaseFont.CreateFont("Tahoma", "UTF-8", false)); signatureAppearance.Location = design.getLocation(); signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.DESCRIPTION; signatureAppearance.SignDate = DateTime.Now; signatureAppearance.Layer2Font = design.getFont(); signatureAppearance.Layer2Font.SetColor(design.getColor().r, design.getColor().g, design.getColor().b); // signatureAppearance.SetVisibleSignature(design.getRect(),design.getPage(), null); return(signatureAppearance); }
private static void CertSign(X509Certificate2 cert, X509CertificateParser cp, string destinationPath, PdfReader reader, string reason, string location) { Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(cert.RawData) }; IExternalSignature externalSignature = new X509Certificate2Signature(cert, "SHA-1"); using (FileStream fout = new FileStream(destinationPath, FileMode.Create, FileAccess.ReadWrite)) { using (PdfStamper stamper = PdfStamper.CreateSignature(reader, fout, '\0', null, true)) { PdfSignatureAppearance appearance = stamper.SignatureAppearance; appearance.Reason = reason; appearance.Location = location; MakeSignature.SignDetached(appearance, externalSignature, chain, null, null, null, 0, CryptoStandard.CADES); stamper.Close(); } } }
public void Sign3(String src, String name, String dest, X509Certificate[] chain, ICipherParameters pk, String digestAlgorithm, PdfSigner.CryptoStandard subfilter, String reason, String location) { PdfReader reader = new PdfReader(src); PdfSigner signer = new PdfSigner(reader, new FileStream(dest, FileMode.Create), new StampingProperties()); PdfSignatureAppearance appearance = signer.GetSignatureAppearance(); appearance.SetReason(reason); appearance.SetLocation(location); signer.SetFieldName(name); // Set a custom text and background image appearance.SetLayer2Text("This document was signed by Bruno Specimen"); appearance.SetImage(ImageDataFactory.Create(IMG)); appearance.SetImageScale(1); PrivateKeySignature pks = new PrivateKeySignature(pk, digestAlgorithm); signer.SignDetached(pks, chain, null, null, null, 0, subfilter); }
public void Sign3(String src, String name, String dest, ICollection <X509Certificate> chain, ICipherParameters pk, String digestAlgorithm, CryptoStandard subfilter, String reason, String location) { // Creating the reader and the stamper PdfReader reader = new PdfReader(src); FileStream os = new FileStream(dest, FileMode.Create); PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0'); // Creating the appearance PdfSignatureAppearance appearance = stamper.SignatureAppearance; appearance.Reason = reason; appearance.Location = location; appearance.SetVisibleSignature(name); // Custom text and background image appearance.Layer2Text = "This document was signed by Bruno Specimen"; appearance.Image = Image.GetInstance(IMG); appearance.ImageScale = 1; // Creating the signature IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm); MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, subfilter); }
public void Sign2(String src, String name, String dest, ICollection <X509Certificate> chain, ICipherParameters pk, String digestAlgorithm, CryptoStandard subfilter, String reason, String location) { // Creating the reader and the stamper PdfReader reader = new PdfReader(src); FileStream os = new FileStream(dest, FileMode.Create); PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0'); // Creating the appearance PdfSignatureAppearance appearance = stamper.SignatureAppearance; appearance.Reason = reason; appearance.Location = location; appearance.SetVisibleSignature(name); // Custom text, custom font, and right-to-left writing appearance.Layer2Text = "\u0644\u0648\u0631\u0627\u0646\u0633 \u0627\u0644\u0639\u0631\u0628"; appearance.RunDirection = PdfWriter.RUN_DIRECTION_RTL; appearance.Layer2Font = new Font(BaseFont.CreateFont("C:/windows/fonts/arialuni.ttf", BaseFont.IDENTITY_H, BaseFont.EMBEDDED), 12); // Creating the signature IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm); MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, subfilter); }
/// <summary> /// The method Sign Pdf. /// </summary> /// <param name="input"> /// The pdf to signed. /// </param> /// <param name="_pkcs12Store"> /// Pkcs12Store private key. /// </param> /// <param name="password"> /// password of Pkcs12Store key. /// </param> /// <param name="reason"> /// reason for digital signature. /// </param> ///<param name="location"> /// signing location. /// </param> /// ///<param name="signDate"> /// signing time. /// </param> /// <returns> /// The <see cref="byte[]" />. /// </returns> public byte[] sign(byte[] input, Pkcs12Store _pkcs12Store, string password, string reason, string location, DateTime signDate) { //_pkcs12Store = pkcs12Store; Pkcs12Store pkcs12Store = _pkcs12Store; //Pkcs12Store pkcs12Store = new Pkcs12Store((Stream)new FileStream(certificatePath, FileMode.Open, FileAccess.Read), password.ToCharArray()); string str6 = (string)null; foreach (string aliase in pkcs12Store.Aliases) { if (pkcs12Store.IsKeyEntry(aliase)) { str6 = aliase; } } AsymmetricKeyParameter key = pkcs12Store.GetKey(str6).Key; PdfReader pdfReader = new PdfReader(input); using (MemoryStream memoryStream = new MemoryStream()) { using (PdfStamper signature = PdfStamper.CreateSignature(pdfReader, (Stream)memoryStream, char.MinValue)) { PdfSignatureAppearance signatureAppearance = signature.SignatureAppearance; signatureAppearance.Reason = reason; signatureAppearance.Location = location; signatureAppearance.SignDate = signDate; signatureAppearance.CertificationLevel = 1; IExternalSignature iexternalSignature = (IExternalSignature) new PrivateKeySignature((ICipherParameters)key, "SHA-256"); MakeSignature.SignDetached(signatureAppearance, iexternalSignature, (ICollection <X509Certificate>) new X509Certificate[1] { //pkcs12Store.GetCertificate(str6).get_Certificate() pkcs12Store.GetCertificate(str6).Certificate }, (ICollection <ICrlClient>)null, (IOcspClient)null, (ITSAClient)null, 0, (CryptoStandard)0); signature.Close(); } this._result = memoryStream.ToArray(); } return(this._result); }
/// <summary> /// Methods which returns base64 digested PDF. /// </summary> /// <param name="unsignedPdf">Path to pdf which needs to be signed</param> /// <param name="tempPdf">Path to temporary pdf</param> /// <param name="signatureFieldName">Name of field</param> /// <returns></returns> public static string GetBytesToSign(string unsignedPdf, string tempPdf, string signatureFieldName) { if (File.Exists(tempPdf)) { File.Delete(tempPdf); } using (PdfReader reader = new PdfReader(unsignedPdf)) { using (FileStream os = File.OpenWrite(tempPdf)) { StampingProperties sp = new StampingProperties(); sp.UseAppendMode(); PdfSigner pdfSigner = new PdfSigner(reader, os, sp); pdfSigner.SetFieldName(signatureFieldName); PdfSignatureAppearance appearance = pdfSigner.GetSignatureAppearance(); appearance.SetPageNumber(1); appearance.SetPageRect(new Rectangle(100, 100)); appearance.SetLocation("Varazdin"); //Creating container for emty signature, with atrivute where digest is calculated. //ExternalHashingSignatureContainer external = new ExternalHashingSignatureContainer(PdfName.Adobe_PPKLite, PdfName.Adbe_pkcs7_detached); //pdfSigner.SignExternalContainer(external, 8192); //hash = external.Hash; //Creating container for empty signature. IExternalSignatureContainer external = new ExternalBlankSignatureContainer(PdfName.Adobe_PPKLite, PdfName.Adbe_x509_rsa_sha1); pdfSigner.SignExternalContainer(external, 8192); //Digest from created new temporary PDF with empty space for signature. FileStream oso = File.OpenRead(temp); hash = DigestAlgorithms.Digest(oso, DigestAlgorithms.SHA256); return(Convert.ToBase64String(hash)); } } }
/** * Signs a document with a PAdES-LTV Timestamp. The document is closed at the end. * @param sap the signature appearance * @param tsa the timestamp generator * @param signatureName the signature name or null to have a name generated * automatically * @throws Exception */ public static void Timestamp(PdfSignatureAppearance sap, ITSAClient tsa, String signatureName) { int contentEstimated = tsa.GetTokenSizeEstimate(); sap.AddDeveloperExtension(PdfDeveloperExtension.ESIC_1_7_EXTENSIONLEVEL5); sap.SetVisibleSignature(new Rectangle(0,0,0,0), 1, signatureName); PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ETSI_RFC3161); dic.Put(PdfName.TYPE, PdfName.DOCTIMESTAMP); sap.CryptoDictionary = dic; Dictionary<PdfName,int> exc = new Dictionary<PdfName,int>(); exc[PdfName.CONTENTS] = contentEstimated * 2 + 2; sap.PreClose(exc); Stream data = sap.GetRangeStream(); IDigest messageDigest = tsa.GetMessageDigest(); byte[] buf = new byte[4096]; int n; while ((n = data.Read(buf, 0, buf.Length)) > 0) { messageDigest.BlockUpdate(buf, 0, n); } byte[] tsImprint = new byte[messageDigest.GetDigestSize()]; messageDigest.DoFinal(tsImprint, 0); byte[] tsToken; try { tsToken = tsa.GetTimeStampToken(tsImprint); } catch(Exception e) { throw new GeneralSecurityException(e.Message); } //TODO jbonilla Validar para el TSA de Certificado que devuelve un valor muy grande. if (contentEstimated + 2 < tsToken.Length) throw new IOException("Not enough space"); byte[] paddedSig = new byte[contentEstimated]; System.Array.Copy(tsToken, 0, paddedSig, 0, tsToken.Length); PdfDictionary dic2 = new PdfDictionary(); dic2.Put(PdfName.CONTENTS, new PdfString(paddedSig).SetHexWriting(true)); sap.Close(dic2); }
public void Sign(String src, String dest, X509Certificate[] chain, PdfSigner.CryptoStandard subfilter, String reason, String location) { PdfReader reader = new PdfReader(src); PdfSigner signer = new PdfSigner(reader, new FileStream(dest, FileMode.Create), new StampingProperties()); // Create the signature appearance Rectangle rect = new Rectangle(36, 648, 200, 100); PdfSignatureAppearance appearance = signer.GetSignatureAppearance(); appearance .SetReason(reason) .SetLocation(location) .SetPageRect(rect) .SetPageNumber(1); signer.SetFieldName("sig"); IExternalSignature pks = new ServerSignature(); // Sign the document using the detached mode, CMS or CAdES equivalent. signer.SignDetached(pks, chain, null, null, null, 0, subfilter); }
public virtual void PrepareDocForSignDeferredTest() { String input = sourceFolder + "helloWorldDoc.pdf"; String output = destinationFolder + "newTemplateForSignDeferred.pdf"; String sigFieldName = "DeferredSignature1"; PdfName filter = PdfName.Adobe_PPKLite; PdfName subFilter = PdfName.Adbe_pkcs7_detached; int estimatedSize = 8192; PdfReader reader = new PdfReader(input); PdfSigner signer = new PdfSigner(reader, new FileStream(output, FileMode.Create), new StampingProperties() ); PdfSignatureAppearance appearance = signer.GetSignatureAppearance(); appearance.SetLayer2Text("Signature field which signing is deferred.").SetPageRect(new Rectangle(36, 600, 200, 100)).SetPageNumber(1); signer.SetFieldName(sigFieldName); IExternalSignatureContainer external = new ExternalBlankSignatureContainer(filter, subFilter); signer.SignExternalContainer(external, estimatedSize); // validate result ValidateTemplateForSignedDeferredResult(output, sigFieldName, filter, subFilter, estimatedSize); }
public virtual void TestSigningInAppendModeWithHybridDocument() { String src = sourceFolder + "hybrid.pdf"; String dest = destinationFolder + "signed_hybrid.pdf"; String cmp = sourceFolder + "cmp_signed_hybrid.pdf"; PdfSigner signer = new PdfSigner(new PdfReader(src), new FileStream(dest, FileMode.Create), new StampingProperties ().UseAppendMode()); PdfSignatureAppearance appearance = signer.GetSignatureAppearance(); appearance.SetLayer2FontSize(13.8f).SetPageRect(new Rectangle(36, 748, 200, 100)).SetPageNumber(1).SetReason ("Test").SetLocation("Nagpur"); signer.SetFieldName("Sign1"); signer.SetCertificationLevel(PdfSigner.NOT_CERTIFIED); IExternalSignature pks = new PrivateKeySignature(pk, DigestAlgorithms.SHA256); signer.SignDetached(pks, chain, null, null, null, 0, PdfSigner.CryptoStandard.CADES); // Make sure iText can open the document new PdfDocument(new PdfReader(dest)).Close(); // Assert that the document can be rendered correctly NUnit.Framework.Assert.IsNull(new CompareTool().CompareVisually(dest, cmp, destinationFolder, "diff_", GetIgnoredAreaTestMap (new Rectangle(36, 748, 200, 100)))); }
public void Sign(String src, String name, String dest, ICollection <X509Certificate> chain, ICipherParameters pk, String digestAlgorithm, CryptoStandard subfilter, String reason, String location, PdfSignatureAppearance.RenderingMode renderingMode, Image image) { // Creating the reader and the stamper PdfReader reader = new PdfReader(src); FileStream os = new FileStream(dest, FileMode.Create); PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0'); // Creating the appearance PdfSignatureAppearance appearance = stamper.SignatureAppearance; appearance.Reason = reason; appearance.Location = location; appearance.SetVisibleSignature(name); appearance.Layer2Text = "Signed on " + DateTime.Now; appearance.SignatureRenderingMode = renderingMode; appearance.SignatureGraphic = image; // Creating the signature IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm); MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, subfilter); }
public void FillOutAndSign(String keystore, String src, String name, String fname, String value, String dest) { Pkcs12Store store = new Pkcs12Store(new FileStream(keystore, FileMode.Open), PASSWORD); String alias = ""; ICollection <X509Certificate> chain = new List <X509Certificate>(); // searching for private key foreach (string al in store.Aliases) { if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate) { alias = al; break; } } AsymmetricKeyEntry pk = store.GetKey(alias); foreach (X509CertificateEntry c in store.GetCertificateChain(alias)) { chain.Add(c.Certificate); } RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters; PdfReader reader = new PdfReader(src); FileStream os = new FileStream(dest, FileMode.Create); PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0', null, true); AcroFields form = stamper.AcroFields; form.SetField(fname, value); form.SetFieldProperty(fname, "setfflags", PdfFormField.FF_READ_ONLY, null); // Creating the appearance PdfSignatureAppearance appearance = stamper.SignatureAppearance; appearance.SetVisibleSignature(name); // Creating the signature IExternalSignature pks = new PrivateKeySignature(parameters, "SHA-256"); MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, CryptoStandard.CMS); }
public virtual void SecondSignOfTaggedDocTest() { String signCertFileName = certsSrc + "signCertRsa01.p12"; String outFileName = destinationFolder + "secondSignOfTagged.pdf"; String srcFileName = sourceFolder + "taggedAndSignedDoc.pdf"; X509Certificate[] signChain = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password); ICipherParameters signPrivateKey = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password); IExternalSignature pks = new PrivateKeySignature(signPrivateKey, DigestAlgorithms.SHA256); String signatureName = "Signature2"; PdfSigner signer = new PdfSigner(new PdfReader(srcFileName), new FileStream(outFileName, FileMode.Create), new StampingProperties().UseAppendMode()); PdfDocument document = signer.GetDocument(); document.GetWriter().SetCompressionLevel(CompressionConstants.NO_COMPRESSION); signer.SetFieldName(signatureName); PdfSignatureAppearance appearance = signer.GetSignatureAppearance(); appearance.SetPageNumber(1); signer.GetSignatureAppearance().SetPageRect(new Rectangle(50, 550, 200, 100)).SetReason("Test2").SetLocation ("TestCity2").SetLayer2Text("Approval test signature #2.\nCreated by iText7."); signer.SignDetached(pks, signChain, null, null, null, 0, PdfSigner.CryptoStandard.CADES); PadesSigTest.BasicCheckSignedDoc(outFileName, "Signature1"); PadesSigTest.BasicCheckSignedDoc(outFileName, "Signature2"); using (PdfDocument twiceSigned = new PdfDocument(new PdfReader(outFileName))) { using (PdfDocument resource = new PdfDocument(new PdfReader(srcFileName))) { float resourceStrElemNumber = resource.GetStructTreeRoot().GetPdfObject().GetAsArray(PdfName.K).GetAsDictionary (0).GetAsArray(PdfName.K).Size(); float outStrElemNumber = twiceSigned.GetStructTreeRoot().GetPdfObject().GetAsArray(PdfName.K).GetAsDictionary (0).GetAsArray(PdfName.K).Size(); // Here we assert the amount of objects in StructTreeRoot in resource file and twice signed file // as the original signature validation failed by Adobe because of struct tree change. If the fix // would make this tree unchanged, then the assertion should be adjusted with comparing the tree of // objects in StructTreeRoot to ensure that it won't be changed. NUnit.Framework.Assert.AreNotEqual(resourceStrElemNumber, outStrElemNumber); } } }
public void Sign(String src, String name, String dest, ICollection <X509Certificate> chain, ICipherParameters pk, String digestAlgorithm, CryptoStandard subfilter, String reason, String location) { // Creating the reader and the stamper PdfReader reader = new PdfReader(src); FileStream os = new FileStream(dest, FileMode.Create); PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0'); // Creating the appearance PdfSignatureAppearance appearance = stamper.SignatureAppearance; appearance.Reason = reason; appearance.Location = location; appearance.SetVisibleSignature(name); // Creating the appearance for layer 0 PdfTemplate n0 = appearance.GetLayer(0); float x = n0.BoundingBox.Left; float y = n0.BoundingBox.Bottom; float width = n0.BoundingBox.Width; float height = n0.BoundingBox.Height; n0.SetColorFill(BaseColor.LIGHT_GRAY); n0.Rectangle(x, y, width, height); n0.Fill(); // Creating the appearance for layer 2 PdfTemplate n2 = appearance.GetLayer(2); ColumnText ct = new ColumnText(n2); ct.SetSimpleColumn(n2.BoundingBox); Paragraph p = new Paragraph("This document was signed by Bruno Specimen."); ct.AddElement(p); ct.Go(); // Creating the signature IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm); MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, subfilter); }
/*public void Verify(string pdfFile, Stream fileStream) * { * * //KeyStore kall = PdfPKCS7.loadCacertsKeyStore(); * var parser = new X509CertificateParser(fileStream); * var certifi = parser.ReadCertificate (); * fileStream.Dispose(); * * string pathToFiles = HttpContext.Current.Server.MapPath("~/UploadFile/output/ForCekTandaTangan.pdf"); * PdfReader reader = new PdfReader(pathToFiles); * AcroFields af = reader.AcroFields; * var names = af.GetSignatureNames(); * if (names.Count == 0) * { * System.Diagnostics.Debug.WriteLine("Tidak ada ttdnya"); * } * else * { * System.Diagnostics.Debug.WriteLine("IKI lo TTD ne yooow"); * } * foreach (string name in names) * { * if (!af.SignatureCoversWholeDocument(name)) * { * System.Diagnostics.Debug.WriteLine("The signature: {0} does not covers the whole document.", name); * } * System.Diagnostics.Debug.WriteLine("Signature Name: " + name); * System.Diagnostics.Debug.WriteLine("Signature covers whole document: " + af.SignatureCoversWholeDocument(name)); * System.Diagnostics.Debug.WriteLine("Document revision: " + af.GetRevision(name)); * * PdfPKCS7 pk = af.VerifySignature(name); * var cal = pk.SignDate; * var pkc = pk.Certificates; * // TimeStampToken ts = pk.TimeStampToken; * if (!pk.Verify()) * { * System.Diagnostics.Debug.WriteLine("The signature could not be verified"); * } else * { * System.Diagnostics.Debug.WriteLine("Name signature: " + pk.SignName); * System.Diagnostics.Debug.WriteLine("Reason signature: " + pk.Reason); * System.Diagnostics.Debug.WriteLine("Location signature: " + pk.Location); * System.Diagnostics.Debug.WriteLine("Date signature: " + pk.SignDate); * System.Diagnostics.Debug.WriteLine("Version signature: " + pk.SigningInfoVersion); * System.Diagnostics.Debug.WriteLine("Sertificate signature: " + pk.SigningCertificate); * } * * //IList<VerificationException>[] fails = PdfPKCS7.VerifyCertificates(pkc, new X509Certificate[] { certifi }, null, cal); * //Object[] fails = PdfPKCS7.VerifyCertificates(pkc, new X509Certificate[] { }, null, cal); * //if (fails != null) * //{ * // System.Diagnostics.Debug.WriteLine("The file is not signed using the specified key-pair."); * //} * } * }*/ //To disable Multi signatures uncomment this line : every new signature will invalidate older ones ! line 251 //PdfStamper st = PdfStamper.CreateSignature(reader, new FileStream(this.outputPDF, FileMode.Create, FileAccess.Write), '\0'); public void Sign(string SigReason, string SigContact, string SigLocation, string pic, bool visible, int posX, int posY) { //Activate MultiSignatures PdfReader reader = new PdfReader(this.inputPDF); PdfStamper st = PdfStamper.CreateSignature(reader, new FileStream(this.outputPDF, FileMode.Create, FileAccess.Write), '\0', null, true); //iTextSharp.text.Image sigImg = iTextSharp.text.Image.GetInstance(pic); Image sigImg = Image.GetInstance(pic); // MAX_WIDTH, MAX_HEIGHT sigImg.ScaleToFit(150, 50); // Set signature position on page sigImg.SetAbsolutePosition(posX, 840 - posY); // Add signatures to desired page PdfContentByte over = st.GetOverContent(1); over.AddImage(sigImg); st.MoreInfo = this.metadata.getMetaData(); st.XmpMetadata = this.metadata.getStreamedMetaData(); PdfSignatureAppearance sap = st.SignatureAppearance; sap.SetCrypto(this.myCert.Akp, this.myCert.Chain, null, PdfSignatureAppearance.WINCER_SIGNED); sap.Reason = SigReason; sap.Contact = SigContact; sap.Location = SigLocation; if (visible) { sap.SetVisibleSignature( new Rectangle(posX, 840 - posY, posX + 150, (840 - posY) + 50), 1, null); } st.Close(); }
public MemoryStream sign( byte[] byte_pdfData, X509Certificate2 cert, Org.BouncyCastle.X509.X509Certificate[] chain, string hashAlgorithm, string reason, string location, int certifyLevel, byte[] sigImg, bool isShowDescription ) { //Open source PDF PdfReader pdfReader = new PdfReader(byte_pdfData); MemoryStream outputStream = new MemoryStream(); //Create PDF Stamper PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, outputStream, '\0'); //Create PDF Signature Appearance PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance; signatureAppearance.Reason = reason; //Reason signatureAppearance.Location = location; //Location signatureAppearance.CertificationLevel = certifyLevel; signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.DESCRIPTION; //Rendering mode IExternalSignature signature = new X509Certificate2Signature(cert, hashAlgorithm); try { //Do signing MakeSignature.SignDetached(signatureAppearance, signature, chain, null, null, null, 0, this.sigType); } catch (Exception e) { throw new Exception("Cannot sign the PDF file.", e); } return(outputStream); }
public void Certify(String keystore, String src, String name, String dest) { Pkcs12Store store = new Pkcs12Store(new FileStream(keystore, FileMode.Open), PASSWORD); String alias = ""; ICollection <X509Certificate> chain = new List <X509Certificate>(); // searching for private key foreach (string al in store.Aliases) { if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate) { alias = al; break; } } AsymmetricKeyEntry pk = store.GetKey(alias); foreach (X509CertificateEntry c in store.GetCertificateChain(alias)) { chain.Add(c.Certificate); } RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters; PdfReader reader = new PdfReader(src); FileStream os = new FileStream(dest, FileMode.Create); PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0', null, true); // Creating the appearance PdfSignatureAppearance appearance = stamper.SignatureAppearance; appearance.SetVisibleSignature(name); appearance.CertificationLevel = PdfSignatureAppearance.CERTIFIED_FORM_FILLING; // Creating the signature IExternalSignature pks = new PrivateKeySignature(parameters, "SHA-256"); MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, CryptoStandard.CMS); }
public void Sign(String src, String dest, ICollection <X509Certificate> chain, Session session, String alias, String digestAlgorithm, CryptoStandard subfilter, String reason, String location, ICollection <ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize) { // Creating the reader and the stamper PdfReader reader = null; PdfStamper stamper = null; FileStream os = null; try { reader = new PdfReader(src); os = new FileStream(dest, FileMode.Create); stamper = PdfStamper.CreateSignature(reader, os, '\0'); // Creating the appearance PdfSignatureAppearance appearance = stamper.SignatureAppearance; appearance.Reason = reason; appearance.Location = location; appearance.SetVisibleSignature(new Rectangle(36, 748, 144, 780), 1, "sig"); // Creating the signature IExternalSignature pks = new CryptokiPrivateKeySignature(session, alias); MakeSignature.SignDetached(appearance, pks, chain, crlList, ocspClient, tsaClient, estimatedSize, subfilter); } finally { if (reader != null) { reader.Close(); } if (stamper != null) { stamper.Close(); } if (os != null) { os.Close(); } } }
public void Sign(String src, String name, String dest, X509Certificate[] chain, ICipherParameters pk, String digestAlgorithm, PdfSigner.CryptoStandard subfilter, String reason, String location, String contact, String fullName) { PdfReader reader = new PdfReader(src); PdfSigner signer = new PdfSigner(reader, new FileStream(dest, FileMode.Create), new StampingProperties()); // Create the signature appearance PdfSignatureAppearance appearance = signer.GetSignatureAppearance(); appearance.SetReason(reason); appearance.SetLocation(location); appearance.SetContact(contact); signer.SetFieldName(name); // Set the signature event to allow modification of the signature dictionary. signer.SetSignatureEvent(new CustomISignatureEvent(fullName)); PrivateKeySignature pks = new PrivateKeySignature(pk, digestAlgorithm); // Sign the document using the detached mode, CMS or CAdES equivalent. signer.SignDetached(pks, chain, null, null, null, 0, subfilter); }
private void CreateNewSignatureField(SignInformation signInfo) { try { pdfStamper = PdfStamper.CreateSignature(document, stream, '\0', null, true); sap = pdfStamper.SignatureAppearance; sap.Reason = signInfo.reason; sap.Location = signInfo.location; sap.CertificationLevel = signInfo.certifyLevel; PdfSignature sig = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_DETACHED); sig.Reason = signInfo.reason; sap.CryptoDictionary = sig; Dictionary <PdfName, int> exc = new Dictionary <PdfName, int>(); exc[PdfName.CONTENTS] = ESTIMATE_SIZE * 2 + 2; sap.PreClose(exc); } catch (Exception ex) { throw (ex); } }
public void EmptySignature(String src, String dest, String fieldname, X509Certificate[] chain) { PdfReader reader = new PdfReader(src); PdfSigner signer = new PdfSigner(reader, new FileStream(dest, FileMode.Create), new StampingProperties()); PdfSignatureAppearance appearance = signer.GetSignatureAppearance(); appearance .SetPageRect(new Rectangle(36, 748, 200, 100)) .SetPageNumber(1) .SetCertificate(chain[0]); signer.SetFieldName(fieldname); /* ExternalBlankSignatureContainer constructor will create the PdfDictionary for the signature * information and will insert the /Filter and /SubFilter values into this dictionary. * It will leave just a blank placeholder for the signature that is to be inserted later. */ IExternalSignatureContainer external = new ExternalBlankSignatureContainer(PdfName.Adobe_PPKLite, PdfName.Adbe_pkcs7_detached); // Sign the document using an external container // 8192 is the size of the empty signature placeholder. signer.SignExternalContainer(external, 8192); }
public void Sign(string SigReason, string SigContact, string SigLocation, bool visible) { PdfReader reader = new PdfReader(this.inputPDF); //Activate MultiSignatures PdfStamper st = PdfStamper.CreateSignature(reader, new FileStream(this.outputPDF, FileMode.Create, FileAccess.Write), '\0', null, true); //To disable Multi signatures uncomment this line : every new signature will invalidate older ones ! //PdfStamper st = PdfStamper.CreateSignature(reader, new FileStream(this.outputPDF, FileMode.Create, FileAccess.Write), '\0'); st.MoreInfo = this.metadata.getMetaData(); st.XmpMetadata = this.metadata.getStreamedMetaData(); PdfSignatureAppearance sap = st.SignatureAppearance; sap.SetCrypto(this.myCert.Akp, this.myCert.Chain, null, PdfSignatureAppearance.WINCER_SIGNED); sap.Reason = SigReason; sap.Contact = SigContact; sap.Location = SigLocation; if (visible) { sap.SetVisibleSignature(new iTextSharp.text.Rectangle(100, 100, 250, 150), 1, null); } st.Close(); }
public static void signPdfFile(string sourceDocument, string destinationPath, Stream privateKeyStream, string keyPassword, string reason, string location) { Pkcs12Store pk12 = new Pkcs12Store(privateKeyStream, keyPassword.ToCharArray()); privateKeyStream.Dispose(); //then Iterate throught certificate entries to find the private key entry string alias = null; foreach (string tAlias in pk12.Aliases) { if (pk12.IsKeyEntry(tAlias)) { alias = tAlias; break; } } var pk = pk12.GetKey(alias).Key; var ce = pk12.GetCertificateChain(alias); var chain = new X509Certificate[ce.Length]; for (int k = 0; k < ce.Length; ++k) { chain[k] = ce[k].Certificate; } // reader and stamper PdfReader reader = new PdfReader(sourceDocument); FileStream fout = new FileStream(destinationPath, FileMode.Create, FileAccess.ReadWrite); StampingProperties properties = new StampingProperties(); PdfSigner signer = new PdfSigner(reader, fout, properties); PdfSignatureAppearance appearance = signer.GetSignatureAppearance().SetReason(reason).SetLocation(location); IExternalSignature pks = new PrivateKeySignature(pk, "SHA-512"); signer.SignDetached(pks, chain, null, null, null, 0, PdfSigner.CryptoStandard.CMS); }
public void Sign(String src, String dest, ICollection <X509Certificate> chain, X509Certificate2 pk, String digestAlgorithm, CryptoStandard subfilter, String reason, String location, ICollection <ICrlClient> crlList, IOcspClient ocspClient, ITSAClient tsaClient, int estimatedSize, int RowIdx, int RowHeight, int x, int y, int NameWidth, int DateWidth, String RevIndex, String RevStep, String Reason, String Name, String Date) { // Creating the reader and the stamper PdfReader reader = null; PdfStamper stamper = null; FileStream os = null; try { reader = new PdfReader(src); os = new FileStream(dest, FileMode.Create); // os = new FileStream(dest, FileMode.Create, FileAccess.Write); //Activate MultiSignatures stamper = PdfStamper.CreateSignature(reader, os, '\0', null, true); //To disable Multi signatures uncomment this line : every new signature will invalidate older ones ! //stamper = PdfStamper.CreateSignature(reader, os, '\0'); // Creating the appearance PdfSignatureAppearance appearance = stamper.SignatureAppearance; Rectangle rectangle = new Rectangle(x, y + RowIdx * RowHeight, x + NameWidth + DateWidth, y + (RowIdx + 1) * RowHeight); appearance.SetVisibleSignature(rectangle, 1, "Revision " + RevIndex + "|" + RevStep); appearance.Reason = "marked as changed"; appearance.Location = location; appearance.Layer2Text = "Signed on " + DateTime.Now; appearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.DESCRIPTION; PdfTemplate n2 = appearance.GetLayer(2); Font font = new Font(); font.SetColor(255, 0, 0); font.Size = 10; ColumnText ct1 = new ColumnText(n2); ct1.SetSimpleColumn(new Phrase(Name, font), 0, 0, NameWidth, rectangle.Height, 15, Element.ALIGN_LEFT); ct1.Go(); ColumnText ct2 = new ColumnText(n2); ct2.SetSimpleColumn(new Phrase(Date, font), NameWidth, 0, rectangle.Width, rectangle.Height, 15, Element.ALIGN_LEFT); ct2.Go(); //n2.ConcatCTM(1, 0, 0, -1, 0, 0); //n2.SaveState(); // Creating the signature IExternalSignature pks = new X509Certificate2Signature(pk, digestAlgorithm); MakeSignature.SignDetached(appearance, pks, chain, crlList, ocspClient, tsaClient, estimatedSize, subfilter); } catch (Exception ex) { Console.WriteLine("GMA: " + ex.Message); } finally { if (reader != null) { reader.Close(); } if (stamper != null) { stamper.Close(); } if (os != null) { os.Close(); } } }
public void Sign(PDFSignatureAP sigAP, bool encrypt, PDFEncryption Enc) { PdfReader reader = new PdfReader(this.inputPDF); FileStream fs = new FileStream(this.outputPDF, FileMode.Create, FileAccess.Write); PdfStamper st; if (this.myCert == null) //No signature just write meta-data and quit { st = new PdfStamper(reader, fs); } else { st = PdfStamper.CreateSignature(reader, fs, '\0', null, sigAP.Multi); } if (encrypt && Enc != null) { Enc.Encrypt(st); } //st.SetEncryption(PdfWriter.STRENGTH128BITS, "user", "owner", PdfWriter.ALLOW_COPY); st.MoreInfo = this.metadata.getMetaData(); st.XmpMetadata = this.metadata.getStreamedMetaData(); if (this.myCert == null) //No signature just write meta-data and quit { st.Close(); return; } PdfSignatureAppearance sap = st.SignatureAppearance; //sap.SetCrypto(this.myCert.Akp, this.myCert.Chain, null, PdfSignatureAppearance.WINCER_SIGNED); sap.SetCrypto(null, this.myCert.Chain, null, PdfSignatureAppearance.SELF_SIGNED); sap.Reason = sigAP.SigReason; sap.Contact = sigAP.SigContact; sap.Location = sigAP.SigLocation; if (sigAP.Visible) { iTextSharp.text.Rectangle rect = st.Reader.GetPageSize(sigAP.Page); sap.Image = sigAP.RawData == null ? null : iTextSharp.text.Image.GetInstance(sigAP.RawData); sap.Layer2Text = sigAP.CustomText; sap.SetVisibleSignature(new iTextSharp.text.Rectangle(sigAP.SigX, sigAP.SigY, sigAP.SigX + sigAP.SigW, sigAP.SigY + sigAP.SigH), sigAP.Page, null); } ///// PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, new PdfName("adbe.pkcs7.detached")); dic.Reason = sap.Reason; dic.Location = sap.Location; dic.Contact = sap.Contact; dic.Date = new PdfDate(sap.SignDate); sap.CryptoDictionary = dic; int contentEstimated = 15000; // Preallocate excluded byte-range for the signature content (hex encoded) Dictionary <PdfName, int> exc = new Dictionary <PdfName, int>(); exc[PdfName.CONTENTS] = contentEstimated * 2 + 2; sap.PreClose(exc); PdfPKCS7 sgn = new PdfPKCS7(this.myCert.Akp, this.myCert.Chain, null, "SHA1", false); IDigest messageDigest = DigestUtilities.GetDigest("SHA1"); Stream data = sap.GetRangeStream(); byte[] buf = new byte[8192]; int n; while ((n = data.Read(buf, 0, buf.Length)) > 0) { messageDigest.BlockUpdate(buf, 0, n); } byte[] hash = new byte[messageDigest.GetDigestSize()]; messageDigest.DoFinal(hash, 0); DateTime cal = DateTime.Now; byte[] ocsp = null; if (this.myCert.Chain.Length >= 2) { String url = PdfPKCS7.GetOCSPURL(this.myCert.Chain[0]); if (url != null && url.Length > 0) { ocsp = new OcspClientBouncyCastle().GetEncoded(this.myCert.Chain[0], this.myCert.Chain[1], url); } } byte[] sh = sgn.GetAuthenticatedAttributeBytes(hash, cal, ocsp); sgn.Update(sh, 0, sh.Length); byte[] paddedSig = new byte[contentEstimated]; if (this.myCert.Tsc != null) { byte[] encodedSigTsa = sgn.GetEncodedPKCS7(hash, cal, this.myCert.Tsc, ocsp); System.Array.Copy(encodedSigTsa, 0, paddedSig, 0, encodedSigTsa.Length); if (contentEstimated + 2 < encodedSigTsa.Length) { throw new Exception("Not enough space for signature"); } } else { byte[] encodedSig = sgn.GetEncodedPKCS7(hash, cal); System.Array.Copy(encodedSig, 0, paddedSig, 0, encodedSig.Length); if (contentEstimated + 2 < encodedSig.Length) { throw new Exception("Not enough space for signature"); } } PdfDictionary dic2 = new PdfDictionary(); dic2.Put(PdfName.CONTENTS, new PdfString(paddedSig).SetHexWriting(true)); sap.Close(dic2); ////// //st.Close(); }
static void signPDF(string document) { //string certificate_dn = "C=RU, S=lenobl, L=spb, O=fil, OU=IT, CN=iks, E=iks@iks"; // Subject->Name string certificate_dn = "L=Санкт-Петербург, O=ООО Филберт, CN=iks, [email protected]"; X509Store store = new X509Store("My", StoreLocation.CurrentUser); store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly); X509Certificate2Collection found = store.Certificates.Find( X509FindType.FindBySubjectDistinguishedName, certificate_dn, true); if (found.Count == 0) { Console.Out.Write("Сертфикат [" + certificate_dn + "] не найден "); return; } if (found.Count > 1) { Console.WriteLine("Найдено более одного секретного ключа."); return; } X509Certificate2 certificate = found[0]; CryptoPro.Sharpei.Gost3410_2012_256CryptoServiceProvider cert_key = certificate.PrivateKey as CryptoPro.Sharpei.Gost3410_2012_256CryptoServiceProvider; var cspParameters = new CspParameters(); //копируем параметры csp из исходного контекста сертификата cspParameters.KeyContainerName = cert_key.CspKeyContainerInfo.KeyContainerName; cspParameters.ProviderType = cert_key.CspKeyContainerInfo.ProviderType; cspParameters.ProviderName = cert_key.CspKeyContainerInfo.ProviderName; cspParameters.Flags = cert_key.CspKeyContainerInfo.MachineKeyStore ? (CspProviderFlags.UseExistingKey | CspProviderFlags.UseMachineKeyStore) : (CspProviderFlags.UseExistingKey); cspParameters.KeyPassword = new SecureString(); string pass = "******"; foreach (var c in pass) { cspParameters.KeyPassword.AppendChar(c); } //создаем новый контекст сертификат, поскольку исходный открыт readonly certificate = new X509Certificate2(certificate.RawData); //задаем криптопровайдер с установленным паролем certificate.PrivateKey = new CryptoPro.Sharpei.Gost3410_2012_256CryptoServiceProvider(cspParameters); /////////////////////////читаем файл /* * System.IO.StreamReader file = new System.IO.StreamReader("C:\\TEMP\\test.json"); * * string s = file.ReadToEnd(); * byte[] body = Encoding.Default.GetBytes(s); */ ///////////////////////////// PDF подпись //////////////////////////////////////////////// PdfReader reader = new PdfReader(document); string newSigned = Path.Combine(Path.GetDirectoryName(document) + @"\" + Path.GetFileNameWithoutExtension(document) + "_signed" + Path.GetExtension(document)); FileStream signedPDF = new FileStream(newSigned, FileMode.Create, FileAccess.ReadWrite); PdfStamper st = PdfStamper.CreateSignature(reader, signedPDF, '\0', null, true); PdfSignatureAppearance sap = st.SignatureAppearance; // Загружаем сертификат в объект iTextSharp X509CertificateParser parser = new X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { parser.ReadCertificate(certificate.RawData) }; sap.Certificate = parser.ReadCertificate(certificate.RawData); sap.Reason = "I like to sign"; sap.Location = "Universe"; sap.Acro6Layers = true; //sap.Render = PdfSignatureAppearance.SignatureRender.NameAndDescription; sap.SignDate = DateTime.Now; // Выбираем подходящий тип фильтра PdfName filterName = new PdfName("CryptoPro PDF"); // Создаем подпись PdfSignature dic = new PdfSignature(filterName, PdfName.ADBE_PKCS7_DETACHED); dic.Date = new PdfDate(sap.SignDate); dic.Name = "iks"; if (sap.Reason != null) { dic.Reason = sap.Reason; } if (sap.Location != null) { dic.Location = sap.Location; } sap.CryptoDictionary = dic; int intCSize = 4000; Dictionary <PdfName, int> hashtable = new Dictionary <PdfName, int>(); hashtable[PdfName.CONTENTS] = intCSize * 2 + 2; sap.PreClose(hashtable); Stream s = sap.GetRangeStream(); MemoryStream ss = new MemoryStream(); int read = 0; byte[] buff = new byte[8192]; while ((read = s.Read(buff, 0, 8192)) > 0) { ss.Write(buff, 0, read); } ////////////////////////////////////////// // Вычисляем подпись ContentInfo contentInfo = new ContentInfo(ss.ToArray()); SignedCms signedCms = new SignedCms(contentInfo, true); CmsSigner cmsSigner = new CmsSigner(certificate); signedCms.ComputeSignature(cmsSigner, false); byte[] pk = signedCms.Encode(); /* * // Помещаем подпись в документ * byte[] outc = new byte[intCSize]; * PdfDictionary dic2 = new PdfDictionary(); * Array.Copy(pk, 0, outc, 0, pk.Length); * dic2.Put(PdfName.CONTENTS, new PdfString(outc).SetHexWriting(true)); * sap.Close(dic2); */ Console.WriteLine(string.Format("Документ {0} успешно подписан на ключе {1} => {2}.", document, certificate.Subject, newSigned)); /* * System.IO.StreamWriter sw = null; * System.IO.FileStream fs = new System.IO.FileStream("C:\\TEMP\\test_json_signed.json", System.IO.FileMode.Append, System.IO.FileAccess.Write); * * * sw = new System.IO.StreamWriter(fs, Encoding.GetEncoding(1251)); * sw.WriteLine(Encoding.Default.GetString(pk)); * sw.Close(); * * fs.Dispose(); * fs.Close(); */ // Помещаем подпись в документ byte[] outc = new byte[intCSize]; PdfDictionary dic2 = new PdfDictionary(); Array.Copy(pk, 0, outc, 0, pk.Length); dic2.Put(PdfName.CONTENTS, new PdfString(outc).SetHexWriting(true)); sap.Close(dic2); ///////////////////////////////////////////////////////////////////////////// }
public byte[] signPdfWithSmartCard(string terminal, ECertificate signatureCertificate, string pinCode, string pdfFileName) { byte[] buffer = null; PdfReader reader = null; PdfStamper stamper = null; FileStream os = null; try { string dest = AppDomain.CurrentDomain.BaseDirectory + "\\tmp.pdf"; if (File.Exists(dest)) { File.Delete(dest); } IExternalSignature pks = new SmartCardPrivateKeySignature(terminal, pinCode, signatureCertificate); reader = new PdfReader(pdfFileName); os = new FileStream(dest, FileMode.Create); stamper = PdfStamper.CreateSignature(reader, os, '\0'); Org.BouncyCastle.Asn1.Esf.SignaturePolicyIdentifier policy = new Org.BouncyCastle.Asn1.Esf.SignaturePolicyIdentifier(); DateTime dtNow = DateTime.Now; PdfSignatureAppearance appearance = stamper.SignatureAppearance; appearance.Reason = ""; appearance.Location = ""; appearance.SignDate = dtNow; PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKMS, PdfName.ADBE_PKCS7_SHA1); dic.Date = new PdfDate(dtNow); appearance.CryptoDictionary = dic; ICollection <Org.BouncyCastle.X509.X509Certificate> chain = new List <Org.BouncyCastle.X509.X509Certificate>(); X509Certificate2 cert = signatureCertificate.asX509Certificate2(); X509Chain x509chain = new X509Chain(); x509chain.Build(cert); foreach (X509ChainElement x509ChainElement in x509chain.ChainElements) { chain.Add(DotNetUtilities.FromX509Certificate(x509ChainElement.Certificate)); } MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, CryptoStandard.CADES, policy); buffer = File.ReadAllBytes(dest); File.Delete(dest); } finally { if (reader != null) { reader.Close(); } if (stamper != null) { stamper.Close(); } if (os != null) { os.Close(); } } return(buffer); }
/** * Sign the document using an external container, usually a PKCS7. The signature is fully composed * externally, iText will just put the container inside the document. * @param sap the PdfSignatureAppearance * @param externalSignatureContainer the interface providing the actual signing * @param estimatedSize the reserved size for the signature * @throws GeneralSecurityException * @throws IOException * @throws DocumentException */ public static void SignExternalContainer(PdfSignatureAppearance sap, IExternalSignatureContainer externalSignatureContainer, int estimatedSize) { PdfSignature dic = new PdfSignature(null, null); dic.Reason = sap.Reason; dic.Location = sap.Location; dic.SignatureCreator = sap.SignatureCreator; dic.Contact = sap.Contact; dic.Date = new PdfDate(sap.SignDate); // time-stamp will over-rule this externalSignatureContainer.ModifySigningDictionary(dic); sap.CryptoDictionary = dic; Dictionary<PdfName, int> exc = new Dictionary<PdfName, int>(); exc[PdfName.CONTENTS] = estimatedSize * 2 + 2; sap.PreClose(exc); Stream data = sap.GetRangeStream(); byte[] encodedSig = externalSignatureContainer.Sign(data); if (estimatedSize < encodedSig.Length) throw new IOException("Not enough space"); byte[] paddedSig = new byte[estimatedSize]; System.Array.Copy(encodedSig, 0, paddedSig, 0, encodedSig.Length); PdfDictionary dic2 = new PdfDictionary(); dic2.Put(PdfName.CONTENTS, new PdfString(paddedSig).SetHexWriting(true)); sap.Close(dic2); }
private void SignUsingEstEIDCard2(string filename, string outfile) { statusHandler(Resources.VERIFYING_DOCUMENT, false); AcroFields af = this.reader.AcroFields; ArrayList names = af.GetSignatureNames(); bool nextRevision = ((names != null) && (names.Count > 0)); // already signed ? if (nextRevision) { // pick always first signature string name = (string)names[0]; PdfPKCS7 pkc7 = af.VerifySignature(name); bool verify = pkc7.Verify(); if (!verify) { string who = PdfPKCS7.GetSubjectFields(pkc7.SigningCertificate).GetField("CN"); throw new DocVerifyException(Resources.DOC_VERIFY_FAILED + who); } } statusHandler(Resources.CONNECTING_SMARTCARD, false); // open EstEID EstEIDReader estEidReader = new EstEIDReader(); string pkcs11_lib = conf.PKCS11DriverPath; bool b = estEidReader.Open(pkcs11_lib); if (b == false) { throw new Exception(Resources.PKCS11_OPEN); } statusHandler(Resources.READ_CERTS, false); PKCS11Signer signer = LocateSigner(estEidReader); Org.BouncyCastle.X509.X509Certificate[] chain = X509Utils.LoadCertificate(signer.Cert.RawData); statusHandler(Resources.VERIFYING_OCSP, false); OCSPClientEstEID ocspClient = OCSPClient(chain[0]); if (ocspClient == null) { throw new Exception(this.lastError); } byte[] ocsp = ocspClient.GetEncoded(); if (ocsp == null) { throw new RevocationException(ocspClient.lastError); } X509Certificate2 card = signer.Cert; Oid oid = card.SignatureAlgorithm; if (oid.Value != PkcsObjectIdentifiers.Sha1WithRsaEncryption.Id) { throw new Exception(Resources.INVALID_CERT); } PdfReader reader = new PdfReader(filename); Document document = new Document(reader.GetPageSizeWithRotation(1)); PdfStamper stp = PdfStamper.CreateSignature(reader, new FileStream(outfile, FileMode.Create), '\0', null, nextRevision); if (metadata != null) { stp.XmpMetadata = metadata.getStreamedMetaData(); } PdfSignatureAppearance sap = stp.SignatureAppearance; if (appearance.Visible) { if (appearance.SigLocation.UseSector) { appearance.SigLocation.Bounds = document.PageSize; } sap.SetVisibleSignature(appearance.SigLocation, (int)appearance.Page, null); } sap.SignDate = DateTime.Now; sap.SetCrypto(null, chain, null, null); sap.Reason = (appearance.Reason.Length > 0) ? appearance.Reason : null; sap.Location = (appearance.Location.Length > 0) ? appearance.Location : null; sap.Contact = (appearance.Contact.Length > 0) ? appearance.Contact : null; sap.Acro6Layers = true; sap.Render = appearance.SignatureRender; sap.Layer2Text = appearance.SignatureText(sap.SignDate, chain[0]); PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_SHA1); dic.Date = new PdfDate(sap.SignDate); dic.Name = PdfPKCS7.GetSubjectFields(chain[0]).GetField("CN"); if (sap.Reason != null) { dic.Reason = sap.Reason; } if (sap.Location != null) { dic.Location = sap.Location; } if (sap.Contact != null) { dic.Contact = sap.Contact; } sap.CryptoDictionary = dic; sap.SetExternalDigest(new byte[SIGNATURE_LENGTH], new byte[Digest.SHA1_LENGTH], "RSA"); // expect 6K to be enough if TSA response, else 2K ? int csize = (stamp != null) ? 1024 * 6 : 1024 * 2; Hashtable exc = new Hashtable(); exc[PdfName.CONTENTS] = csize * 2 + 2; sap.PreClose(exc); // compute hash based on PDF bytes byte[] digest = ComputeHash(estEidReader, sap); statusHandler(Resources.ADD_SIGNATURE, false); // sign hash byte[] rsadata = EstEIDCardSign(estEidReader, signer, digest); // if null, user requested Cancel if (rsadata == null) { throw new Exception(Resources.CARD_INTERNAL_ERROR); } // create PKCS#7 envelope PdfPKCS7 pk7 = new PdfPKCS7(null, chain, null, "SHA1", true); pk7.SetExternalDigest(rsadata, digest, "RSA"); byte[] pk = pk7.GetEncodedPKCS7(); // user wants to add TSA response ? if (stamp != null && pk != null) { statusHandler(Resources.TSA_REQUEST, false); pk = TimestampAuthorityResponse(estEidReader, pk); } // PKCS#7 bytes too large ? if (pk.Length >= csize) { throw new Exception(Resources.MEMORY_ERROR); } byte[] outc = new byte[csize]; PdfDictionary dic2 = new PdfDictionary(); Array.Copy(pk, 0, outc, 0, pk.Length); dic2.Put(PdfName.CONTENTS, new PdfString(outc).SetHexWriting(true)); sap.Close(dic2); }