private static void SignP7M(X509Certificate2 card, string sourcepath)
{
var service = new CAdESService();
// Creation of MS CAPI signature token
var token = new MSCAPISignatureToken {
Cert = card
};
var parameters = new SignatureParameters
{
SignatureAlgorithm = SignatureAlgorithm.RSA,
SignatureFormat = SignatureFormat.CAdES_BES,
DigestAlgorithm = DigestAlgorithm.SHA256,
SignaturePackaging = SignaturePackaging.ENVELOPING,
SigningCertificate = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(token.Cert),
SigningDate = DateTime.UtcNow
};
var toBeSigned = new FileDocument(sourcepath);
var iStream = service.ToBeSigned(toBeSigned, parameters);
var signatureValue = token.Sign(iStream, parameters.DigestAlgorithm, token.GetKeys()[0]);
var signedDocument = service.SignDocument(toBeSigned, parameters, signatureValue);
var dest = sourcepath + ".p7m";
if (File.Exists(dest))
{
File.Delete(dest);
}
var fout = File.OpenWrite(dest);
signedDocument.OpenStream().CopyTo(fout);
fout.Close();
}
static void Main(string[] args)
{
string pathToSign = Path.Combine("Resources", "test.pdf");
string pathCertificate = Path.Combine("Resources", "test.p12");
string pathSigned = "test.pdf.p7m";
Document toBeSigned = new FileDocument(pathToSign);
Pkcs12SignatureToken token = new Pkcs12SignatureToken("password", pathCertificate);
IDssPrivateKeyEntry privateKey = token.GetKeys()[0];
SignatureParameters parameters = new SignatureParameters();
parameters.SignaturePackaging = SignaturePackaging.ENVELOPING;
parameters.SigningCertificate = privateKey.GetCertificate();
parameters.CertificateChain = privateKey.GetCertificateChain();
parameters.SigningDate = DateTime.Now;
parameters.DigestAlgorithm = DigestAlgorithm.SHA256;
CAdESService service = new CAdESService();
parameters.SignatureFormat = EU.Europa.EC.Markt.Dss.Signature.SignatureFormat.CAdES_BES;
/* CERTIFIED TIMESTAMP
* var ocspSource1 = new OnlineOcspSource();
* var crlSource1 = new FileCacheCrlSource();
* var crlOnline1 = new OnlineCrlSource();
* crlOnline1.IntermediateAcUrl = @"http://www.eci.bce.ec/CRL/cacrl.crl";
* crlSource1.CachedSource = crlOnline1;
* var verifier1 = new OCSPAndCRLCertificateVerifier(crlSource1, ocspSource1);
* var estado = verifier1.Check(privateKey.GetCertificate(), privateKey.GetCertificateChain()[1], DateTime.Now);
*/
/*
* //parameters.SignatureFormat = SignatureFormat.CAdES_T; //Se añade TSA.
* parameters.SignatureFormat = EU.Europa.EC.Markt.Dss.Signature.SignatureFormat.CAdES_C; //Se añade CRL y OCSP.
* //parameters.SignatureFormat = SignatureFormat.CAdES_X; //No se añade nada más al código.
* //parameters.SignatureFormat = EU.Europa.EC.Markt.Dss.Signature.SignatureFormat.CAdES_XL; //No se añade nada más al código.
*
* string urlTss = @"http://tsp.iaik.tugraz.at/tsp/TspRequest";
* string username = "";
* string password = "";
*
*
* OnlineTspSource tspSource = new OnlineTspSource(urlTss, username, password);
* service.TspSource = tspSource;
*
* OnlineOcspSource ocspSource = new OnlineOcspSource();
* TrustedListCertificateVerifier verifier = new TrustedListCertificateVerifier();
* FileCacheCrlSource crlSource = new FileCacheCrlSource();
* OnlineCrlSource crlOnline = new OnlineCrlSource();
* crlOnline.IntermediateAcUrl = @"http://www.eci.bce.ec/CRL/cacrl.crl";
* //@"http://www.eci.bce.ec/CRL/pruebas/cacrl.crl"
*
* crlSource.CachedSource = crlOnline;
* verifier.CrlSource = crlSource;
* verifier.OcspSource = ocspSource;
*
* ValidationContext validationContext = verifier.ValidateCertificate(parameters.SigningCertificate, DateTime.Now,
* new EU.Europa.EC.Markt.Dss.Validation.Certificate.CompositeCertificateSource(
* new EU.Europa.EC.Markt.Dss.Validation.Certificate.ListCertificateSource(parameters.CertificateChain)), null, null);
*
* service.Verifier = verifier;
*/
/* DOUBLE-SIGN
* Document contentInCMS = null;
*
* try
* {
* CmsSignedData cmsData = new CmsSignedData(toBeSigned.OpenStream());
* if (cmsData != null && cmsData.SignedContent != null
* && cmsData.SignedContent.GetContent() != null)
* {
* Stream buf = new MemoryStream();
* cmsData.SignedContent.Write(buf);
* buf.Seek(0, SeekOrigin.Begin);
* contentInCMS = new InMemoryDocument(Streams.ReadAll(buf));
* }
* }
* catch (CmsException)
* {
* }
*
* Stream iStream = service.ToBeSigned(contentInCMS ?? toBeSigned, parameters);
* byte[] signatureValue = token.Sign(iStream, parameters.DigestAlgorithm, privateKey);
*
* // We invoke the service to sign the document with the signature value obtained in the previous step.
* Document signedDocument = contentInCMS != null
* ? service.AddASignatureToDocument(toBeSigned, parameters, signatureValue)
* : service.SignDocument(toBeSigned, parameters, signatureValue);
*
* FileStream fs = new FileStream(pathParaFirmado, FileMode.OpenOrCreate);
* Streams.PipeAll(signedDocument.OpenStream(), fs);
* fs.Close();
* return;
*/
Document signedDocument = service.SignDocument(toBeSigned, parameters,
(hashbytes) => privateKey.Encrypt(hashbytes));
FileStream fs = new FileStream(pathSigned, FileMode.OpenOrCreate);
Streams.PipeAll(signedDocument.OpenStream(), fs);
fs.Close();
return;
// Already signed document
Document document = new FileDocument(pathSigned);
SignedDocumentValidator validator;
validator = SignedDocumentValidator.FromDocument(document);
//validator.CertificateVerifier = verifier;
validator.ExternalContent = document;
ValidationReport report = validator.ValidateDocument();
SignatureInformation info = report.SignatureInformationList[0];
Console.WriteLine("--> Final_Conclusion: ");
Console.WriteLine(info.FinalConclusion); // --> AdES
Console.ReadKey();
}
