public SmartCardSignature(BaseSigner signer, X509Certificate2 certificate, String hashAlgorithm)
{
mSigner = signer;
this.certificate = certificate;
this.hashAlgorithm = DigestAlgorithms.GetDigest(DigestAlgorithms.GetAllowedDigests(hashAlgorithm));
encryptionAlgorithm = "RSA";
}
/// <summary>
/// Creates a signature using a X509Certificate2. It supports smartcards without
/// exportable private keys.
/// </summary>
/// <param name="certificate">The certificate with the private key</param>
/// <param name="hashAlgorithm">The hash algorithm for the signature. As the Windows CAPI is used
/// to do the signature the only hash guaranteed to exist is SHA-1</param>
public X509Certificate2Signature(X509Certificate2 certificate, string hashAlgorithm)
{
if (!certificate.HasPrivateKey)
{
throw new ArgumentException("No private key.");
}
this.certificate = certificate;
this.hashAlgorithm = DigestAlgorithms.GetDigest(DigestAlgorithms.GetAllowedDigest(hashAlgorithm));
if (certificate.GetRSAPrivateKey() != null)
{
encryptionAlgorithm = "RSA";
}
else if (certificate.GetDSAPrivateKey() != null)
{
encryptionAlgorithm = "DSA";
}
else if (certificate.GetECDsaPrivateKey() != null)
{
encryptionAlgorithm = "ECDSA";
}
else
{
throw new ArgumentException("Unknown encryption algorithm " + certificate.GetKeyAlgorithm());
}
}
// https://git.itextsupport.com/projects/I5N/repos/itextsharp/browse/src/core/iTextSharp/text/pdf/security
public static void Test(System.Security.Cryptography.X509Certificates.X509Certificate2 cert)
{
Org.BouncyCastle.X509.X509CertificateParser parser = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate bouncyCertificate = parser.ReadCertificate(cert.RawData);
string algorithm = DigestAlgorithms.GetDigest(bouncyCertificate.SigAlgOid);
X509Certificate2Signature signature = new X509Certificate2Signature(cert, algorithm);
}
private static IExternalSignature ResolveExternalSignatureFromCertStore(X509Certificate2 cert, bool allowInvalidCertificate, out ICollection <Org.BouncyCastle.X509.X509Certificate> chain)
{
try
{
X509Certificate2 signatureCert = new X509Certificate2(cert);
Org.BouncyCastle.X509.X509Certificate bcCert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(cert);
chain = new List <Org.BouncyCastle.X509.X509Certificate> {
bcCert
};
var parser = new Org.BouncyCastle.X509.X509CertificateParser();
var bouncyCertificate = parser.ReadCertificate(cert.GetRawCertData());
var algorithm = DigestAlgorithms.GetDigest(bouncyCertificate.SigAlgOid);
return(new X509Certificate2Signature(signatureCert, algorithm));
}
catch (Exception)
{
throw;
}
}
public X509Certificate2Signature(X509Certificate2 certificate, String hashAlgorithm)
{
if (!certificate.HasPrivateKey)
{
throw new ArgumentException("No private key.");
}
this.certificate = certificate;
this.hashAlgorithm = DigestAlgorithms.GetDigest(DigestAlgorithms.GetAllowedDigest(hashAlgorithm));
if (certificate.PrivateKey is RSACryptoServiceProvider)
{
encryptionAlgorithm = "RSA";
}
else if (certificate.PrivateKey is DSACryptoServiceProvider)
{
encryptionAlgorithm = "DSA";
}
else
{
throw new ArgumentException("Unknown encryption algorithm " + certificate.PrivateKey);
}
}
public void Assinar(string caminhoDocSemAssinatura, string caminhoDocAssinado)
{
try
{
X509Store store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(store.Certificates, "Assinatura Digital", "Escolha uma assinatura abaixo:", X509SelectionFlag.SingleSelection);
X509Certificate2 cert = sel[0];
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] {
cp.ReadCertificate(cert.RawData)
};
//Console.Write("ANTES");
//IExternalSignature externalSignature = new X509Certificate2Signature(cert, "SHA-1");
//Console.Write("aqui");
//Get Cert Chain
IList <Org.BouncyCastle.X509.X509Certificate> signatureChain = new List <Org.BouncyCastle.X509.X509Certificate>();
X509Chain x509chain = new X509Chain();
x509chain.Build(cert);
foreach (X509ChainElement x509ChainElement in x509chain.ChainElements)
{
signatureChain.Add(DotNetUtilities.FromX509Certificate(x509ChainElement.Certificate));
}
using (var reader = new PdfReader(caminhoDocSemAssinatura))
using (var writer = new FileStream(caminhoDocAssinado, FileMode.Create, FileAccess.Write))
using (var stamper = PdfStamper.CreateSignature(reader, writer, '\0', null, true))
{
PdfSignatureAppearance signature = stamper.SignatureAppearance;
signature.CertificationLevel = PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED;
signature.Reason = "Hospital Austa";
signature.ReasonCaption = "Tipo de Assinatura: ";
//Console.Write("ANTES");
//Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair key = DotNetUtilities.GetKeyPair(cert.PrivateKey);
//Console.Write("ANTES2");
// var signatureKey = new PrivateKeySignature(cert.PrivateKey, "SHA256");
//Console.Write("depois");
var parser = new Org.BouncyCastle.X509.X509CertificateParser();
var bouncyCertificate = parser.ReadCertificate(cert.RawData);
var algorithm = DigestAlgorithms.GetDigest(bouncyCertificate.SigAlgOid);
var signatureKey = new X509Certificate2Signature(cert, algorithm);
//signatureChain = cert;
var standard = CryptoStandard.CADES;
signature.SignatureGraphic = Image.GetInstance(@"\\192.168.10.27\a3\certificado.jpg");
signature.SetVisibleSignature(new Rectangle(100, 100, 250, 150), reader.NumberOfPages, "Signature");
signature.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.GRAPHIC_AND_DESCRIPTION;
MakeSignature.SignDetached(signature, signatureKey, signatureChain, null, null, null, 0, CryptoStandard.CMS);
}
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
/*signatureAppearance.SignatureGraphic = Image.GetInstance(pathToSignatureImage);
* signatureAppearance.SetVisibleSignature(new Rectangle(100, 100, 250, 150), pdfReader.NumberOfPages, "Signature");
* signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.GRAPHIC_AND_DESCRIPTION;
*
* MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, null, 0, CryptoStandard.CMS);*/
}
public Pkcs11Signature SetHashAlgorithm(String hashAlgorithm)
{
this.hashAlgorithm = DigestAlgorithms.GetDigest(DigestAlgorithms.GetAllowedDigest(hashAlgorithm));
return(this);
}
/// <summary>
/// Initializes a new instance of the <see cref="TokenSigner"/> class.
/// instance.
/// </summary>
/// <param name="pk">
/// A
/// <see cref="Org.BouncyCastle.Crypto.ICipherParameters"/>
/// object.
/// </param>
/// <param name="hashAlgorithm">
/// A hash algorithm (e.g. "SHA-1", "SHA-256",...).
/// </param>
public TokenSigner(AsymmetricAlgorithm pk, string hashAlgorithm)
{
this.m_pk = pk;
this.m_hashAlgorithm = DigestAlgorithms.GetDigest(DigestAlgorithms.GetAllowedDigest(hashAlgorithm));
this.m_encryptionAlgorithm = "RSA";
}
