public static void SignPdfCert(String SRC, String DEST, String Reason, String Location, String certPassword, String certFile, String llx, String lly, String urx, String ury, int fontSize)
{
Pkcs12Store p12ks = new Pkcs12Store();
FileStream fs = new FileStream(certFile, FileMode.Open);
p12ks.Load(fs, certPassword.ToCharArray());
String alias = "";
foreach (String al in p12ks.Aliases)
{
if (p12ks.IsKeyEntry(al) && p12ks.GetKey(al).Key.IsPrivate)
{
alias = al;
break;
}
}
AsymmetricKeyParameter pk = p12ks.GetKey(alias).Key;
ICollection<X509Certificate> chain = new List<X509Certificate>();
foreach (X509CertificateEntry entry in p12ks.GetCertificateChain(alias))
{
chain.Add(entry.Certificate);
}
fs.Close();
//Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
//Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(cert.RawData) };
IExternalSignature externalSignature = new PrivateKeySignature(pk, DigestAlgorithms.SHA512);
PdfReader pdfReader = new PdfReader(SRC);
FileStream signedPdf = new FileStream(DEST, FileMode.Create); //the output pdf file
Program.logLine("page size" + pdfReader.GetPageSize(1));
PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, signedPdf, '\0');
PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance;
//here set signatureAppearance at your will
signatureAppearance.Reason = Reason;
signatureAppearance.Location = Location;
BaseFont bf = BaseFont.CreateFont();
signatureAppearance.Layer2Font = new Font(bf, fontSize);
signatureAppearance.SetVisibleSignature(new Rectangle(float.Parse(llx), float.Parse(lly), float.Parse(urx), float.Parse(ury)), 1, "sig");
//signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.DESCRIPTION;
MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, null, 0, CryptoStandard.CMS);
//MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, null, 0, CryptoStandard.CADES);
}
virtual protected void SignWithCertificate(String src, String dest, ICipherParameters pk,
X509Certificate[] chain, String digestAlgorithm) {
// Creating the reader and the stamper
PdfReader reader = new PdfReader(src);
FileStream os = new FileStream(dest, FileMode.Create);
PdfStamper stamper = PdfStamper.createXmlSignature(reader, os);
// Creating the appearance
XmlSignatureAppearance appearance = stamper.XmlSignatureAppearance;
appearance.SetXmlLocator(new XfaXmlLocator(stamper));
// Creating the signature
IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm);
MakeXmlSignature.SignXmlDSig(appearance, pks, chain);
}
virtual protected void SignXades(String src, String dest, ICipherParameters pk,
X509Certificate[] chain, String digestAlgorithm, bool includeSignaturePolicy) {
// Creating the reader and the stamper
PdfReader reader = new PdfReader(src);
FileStream os = new FileStream(dest, FileMode.Create);
PdfStamper stamper = PdfStamper.createXmlSignature(reader, os);
// Creating the appearance
XmlSignatureAppearance appearance = stamper.XmlSignatureAppearance;
appearance.SetXmlLocator(new XfaXmlLocator(stamper));
appearance.SetDescription("Simple xfa form");
// Creating the signature
IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm);
MakeXmlSignature.SignXades(appearance, pks, chain, includeSignaturePolicy);
}
protected void SignWithPublicKey(String src, String dest, ICipherParameters pk,
AsymmetricAlgorithm publicKey, String digestAlgorithm) {
// Creating the reader and the stamper
PdfReader reader = new PdfReader(src);
FileStream os = new FileStream(dest, FileMode.Create);
PdfStamper stamper = PdfStamper.createXmlSignature(reader, os);
// Creating the appearance
XmlSignatureAppearance appearance = stamper.XmlSignatureAppearance;
//Set XfaXmlLocator to control getting and setting Document
appearance.SetXmlLocator(new XfaXmlLocator(stamper));
// Creating the signature
IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm);
MakeXmlSignature.SignXmlDSig(appearance, pks, publicKey);
}
virtual protected void SignWithKeyInfo(String src, String dest, ICipherParameters pk,
AsymmetricAlgorithm publicKey, String digestAlgorithm) {
// Creating the reader and the stamper
PdfReader reader = new PdfReader(src);
FileStream os = new FileStream(dest, FileMode.Create);
PdfStamper stamper = PdfStamper.createXmlSignature(reader, os);
// Creating the appearance
XmlSignatureAppearance appearance = stamper.XmlSignatureAppearance;
//Set XfaXmlLocator to control getting and setting Document
appearance.SetXmlLocator(new XfaXmlLocator(stamper));
// Creating the signature
IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm);
KeyInfoClause keyInfo;
if(publicKey is DSA)
keyInfo = new DSAKeyValue((DSA)publicKey);
else if(publicKey is RSA)
keyInfo = new RSAKeyValue((RSA)publicKey);
else
throw new ArgumentException("Invalid public key algorithm", "publicKey");
MakeXmlSignature.SignXmlDSig(appearance, pks, keyInfo);
}
virtual protected void SignPackageWithCertificate(String src, String dest, XfaXpathConstructor.XdpPackage xdpPackage,
ICipherParameters pk, X509Certificate[] chain, String digestAlgorithm) {
// Creating the reader and the stamper
PdfReader reader = new PdfReader(src);
FileStream os = new FileStream(dest, FileMode.Create);
PdfStamper stamper = PdfStamper.createXmlSignature(reader, os);
// Creating the appearance
XmlSignatureAppearance appearance = stamper.XmlSignatureAppearance;
//Set XfaXmlLocator to control getting and setting Document
appearance.SetXmlLocator(new XfaXmlLocator(stamper));
// Set XpathConstructor, to construct xpath expression for signing an xdp package
appearance.SetXpathConstructor(new XfaXpathConstructor(xdpPackage));
// Creating the signature
IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm);
MakeXmlSignature.SignXmlDSig(appearance, pks, chain);
}
public void SignPdf(string filename, string outFilename)
{
PdfReader reader = new PdfReader(filename);
PdfStamper st = PdfStamper.CreateSignature(reader, new FileStream(outFilename, FileMode.Create, FileAccess.Write), '\0', null, true);
PdfSignatureAppearance sap = st.SignatureAppearance;
sap.Reason = "税单完整性";
sap.Location = "广州海关";
sap.SetVisibleSignature(new iTextSharp.text.Rectangle(450,100,650,200),1,"sig");
sap.ImageScale = 1;
sap.Layer2Text = "此文档由广州海关签名";
sap.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.GRAPHIC_AND_DESCRIPTION;
sap.SignatureGraphic = Stamp;
IExternalSignature signature = new PrivateKeySignature(PrivateKey, "SHA-256");
MakeSignature.SignDetached(sap, signature, CertChain, null, null, null, 0, CryptoStandard.CMS);
}
private void signDetached(PdfSignatureAppearance signAppearance)
{
signAppearance.CertificationLevel = PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED;
var es = new PrivateKeySignature(_asymmetricKeyParameter, "SHA-256");
MakeSignature.SignDetached(signAppearance, es, _chain, null, null, null, 0, CryptoStandard.CMS);
}
private void addTsa(PdfSignatureAppearance signAppearance)
{
var es = new PrivateKeySignature(_asymmetricKeyParameter, "SHA-256");
var tsc = new TSAClientBouncyCastle(SignatureData.TsaClient.Url, SignatureData.TsaClient.UserName, SignatureData.TsaClient.Password);
MakeSignature.SignDetached(signAppearance, es, _chain, null, null, tsc, 0, CryptoStandard.CMS);
}
public static void signPDF_old(DocumentData doc, Dictionary<String, String> metadata)
{
ILog Log;
Log = LogManager.GetLogger(Properties.Settings.Default.logName);
try
{
PdfReader reader = new PdfReader(doc.Docsignedpath);
if (File.Exists(doc.Docsignedpath + "-signed.pdf"))
File.Delete(doc.Docsignedpath + "-signed.pdf");
FileStream fos = new FileStream(doc.Docsignedpath + "-signed.pdf", FileMode.CreateNew, FileAccess.Write);
doc.Docsignedpath = doc.Docsignedpath + "-signed.pdf";
Log.Debug(String.Format("Creating Stamper for doc {0}", doc.Docname));
PdfStamper stp = PdfStamper.CreateSignature(reader, fos, '\x002', null, true);
Log.Debug(String.Format("Creating Certificate for doc {0}", doc.Docname));
Org.BouncyCastle.X509.X509Certificate[] chain = crearCertificado();
Log.Debug(String.Format("Reading private key for doc {0}", doc.Docname));
AsymmetricKeyParameter pk = readPrivateKey();
stp.Writer.CloseStream = false;
LtvVerification v = stp.LtvVerification;
AcroFields af = stp.AcroFields;
Log.Debug(String.Format("Adding metadata for doc {0}", doc.Docname));
stp.MoreInfo = metadata;
foreach (String sigName in af.GetSignatureNames())
{
v.AddVerification(sigName, new OcspClientBouncyCastle(), new CrlClientOffline(null), LtvVerification.CertificateOption.WHOLE_CHAIN, LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO);
}
PdfSignatureAppearance sap = stp.SignatureAppearance;
sap.Reason = "";
sap.Location = "";
//Preserve some space for the contents
int contentEstimated = 15000;
Dictionary<PdfName, int> exc = new Dictionary<PdfName, int>();
exc.Add(PdfName.CONTENTS, (contentEstimated * 2 + 2));
//Add timestamp
Log.Debug(String.Format("Adding timestamp for doc {0}", doc.Docname));
TSAClientBouncyCastle tsc = new TSAClientBouncyCastle(Properties.Settings.Default.tsaUrl, Properties.Settings.Default.tsaUser, Properties.Settings.Default.tsaPass, contentEstimated, DigestAlgorithms.SHA512);
// Creating the signature
//LtvTimestamp.Timestamp(sap, tsc, null);
//Org.BouncyCastle.Crypto.BouncyCastleDigest messageDigest = MessageDigest.getInstance("SHA1");
//IExternalDigest digest = new Org.BouncyCastle.Crypto.BouncyCastleDigest();
//RSACryptoServiceProvider crypt = (RSACryptoServiceProvider)cert.PrivateKey;
Log.Debug(String.Format("Dreating signature for doc {0}", doc.Docname));
IExternalSignature signature = new PrivateKeySignature(pk, DigestAlgorithms.SHA512);
MakeSignature.SignDetached(sap, signature, chain, null, null, tsc, 0, CryptoStandard.CMS);
Log.Debug(String.Format("Closing file for doc {0}", doc.Docname));
stp.Close();
fos.Close();
reader.Close();
}
catch (IOException ex)
{
Log.Error("IOException", ex);
}
catch (DocumentException dex)
{
Log.Error("DocumentException", dex);
}
}
/**
*
*
*/
public static void signPDF(DocumentData doc, String metadata, GraphSign sign, Signer signer)
{
ILog Log;
Log = LogManager.GetLogger(Properties.Settings.Default.logName);
if (!File.Exists(doc.Docsignedpath /*+ "-signed.pdf"*/))
{
File.Copy(doc.Docpath, doc.Docsignedpath);
}
try
{
PdfReader reader = new PdfReader(doc.Docsignedpath);
if (File.Exists(doc.Docsignedpath + "-signed.pdf"))
File.Delete(doc.Docsignedpath + "-signed.pdf");
FileStream fos = new FileStream(doc.Docsignedpath + "-signed.pdf", FileMode.CreateNew, FileAccess.Write);
doc.Docsignedpath = doc.Docsignedpath + "-signed.pdf";
Log.Debug(String.Format("Creating Stamper for doc {0}",doc.Docname));
PdfStamper stp = PdfStamper.CreateSignature(reader, fos, '\0', null, true);
Log.Debug(String.Format("Creating Certificate for doc {0}", doc.Docname));
Org.BouncyCastle.X509.X509Certificate[] chain = crearCertificado();
Log.Debug(String.Format("Reading private key for doc {0}", doc.Docname));
AsymmetricKeyParameter pk = readPrivateKey();
stp.Writer.CloseStream = false;
LtvVerification v = stp.LtvVerification;
//AcroFields af = stp.AcroFields;
Log.Debug(String.Format("Adding metadata for doc {0}", doc.Docname));
//stp.MoreInfo = metadata;
// foreach (String sigName in af.GetSignatureNames())
// {
// v.AddVerification(sigName, new OcspClientBouncyCastle(), new CrlClientOffline(null), LtvVerification.CertificateOption.WHOLE_CHAIN, LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO);
// }
PdfSignatureAppearance sap = stp.SignatureAppearance;
//sap.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.DESCRIPTION;
sap.Reason = metadata;
sap.Location = "";
sign.Image.MakeTransparent();
sap.Image = iTextSharp.text.Image.GetInstance(sign.Image, System.Drawing.Imaging.ImageFormat.Png);
sap.Layer2Text = "";
//Preserve some space for the contents
int contentEstimated = 15000;
Dictionary<PdfName, int> exc = new Dictionary<PdfName, int>();
exc.Add(PdfName.CONTENTS, (contentEstimated * 2 + 2));
//Add timestamp
Log.Debug(String.Format("Adding timestamp for doc {0}", doc.Docname));
TSAClientBouncyCastle tsc = new TSAClientBouncyCastle(Properties.Settings.Default.tsaUrl, Properties.Settings.Default.tsaUser, Properties.Settings.Default.tsaPass, contentEstimated, DigestAlgorithms.SHA512);
// Creating the signature
//LtvTimestamp.Timestamp(sap, tsc, null);
//Org.BouncyCastle.Crypto.BouncyCastleDigest messageDigest = MessageDigest.getInstance("SHA1");
//IExternalDigest digest = new Org.BouncyCastle.Crypto.BouncyCastleDigest();
//RSACryptoServiceProvider crypt = (RSACryptoServiceProvider)cert.PrivateKey;
Log.Debug(String.Format("Dreating signature for doc {0}", doc.Docname));
IExternalSignature signature = new PrivateKeySignature(pk, DigestAlgorithms.SHA512);
sap.Layer2Text = "Huella: "+signature.GetHashCode();
sap.SetVisibleSignature(new Rectangle(signer.X, signer.Y, 200, 200), signer.Page, signer.Nombre+index);
MakeSignature.SignDetached(sap, signature, chain, null, null, tsc, 0, CryptoStandard.CMS);
Log.Debug(String.Format("Closing file for doc {0}", doc.Docname));
stp.Close();
fos.Close();
reader.Close();
}
catch (IOException ex)
{
Log.Error("IOException", ex);
}
catch (DocumentException dex)
{
Log.Error("DocumentException", dex);
}
}
private void SignPdf(Stream input, Stream output, X509Certificate2 cert)
{
var bcCert = DotNetUtilities.FromX509Certificate(cert);
var bcKey = DotNetUtilities.GetKeyPair(cert.PrivateKey);
var signature = new PrivateKeySignature(bcKey.Private, "SHA-512");
var tsaClient = new TSAClientBouncyCastle("http://timestamp.globalsign.com/scripts/timestamp.dll");
using (var reader = new PdfReader(input))
using (var stamper = PdfStamper.CreateSignature(reader, output, '\0'))
{
MakeSignature.SignDetached(stamper.SignatureAppearance, signature, new[] { bcCert }, null, null, tsaClient, 0, CryptoStandard.CMS);
}
}
