public async Task <ActionResult> Index(SignatureStartModel model)
{
ClientSideSignatureInstructions signatureParams;
try {
// Get an instance of the PadesSignatureStarter class, responsible for receiving the
// signature elements and start the signature process.
var signatureStarter = new PadesSignatureStarter(Util.GetRestPkiClient())
{
// Set the unit of measurement used to edit the pdf marks and visual representations.
MeasurementUnits = PadesMeasurementUnits.Centimeters,
// Set the signature policy.
SignaturePolicyId = StandardPadesSignaturePolicies.Basic,
// Set a SecurityContext to be used to determine trust in the certificate chain.
SecurityContextId = Util.GetSecurityContextId(),
// Set a visual representation for the signature.
VisualRepresentation = new PadesVisualRepresentation()
{
// The tags {{name}} and {{national_id}} will be substituted according to the user's
// certificate:
//
// name : Full name of the signer;
// national_id : If the certificate is ICP-Brasil, contains the signer's CPF.
//
// For a full list of the supported tags, see:
// https://github.com/LacunaSoftware/RestPkiSamples/blob/master/PadesTags.md
Text = new PadesVisualText("Signed by {{name}} ({{national_id}})")
{
// Specify that the signing time should also be rendered.
IncludeSigningTime = true,
// Optionally set the horizontal alignment of the text ('Left' or 'Right'), if
// not set the default is Left.
HorizontalAlign = PadesTextHorizontalAlign.Left
},
// We'll use as background the image in Content/PdfStamp.png.
Image = new PadesVisualImage(Util.GetPdfStampContent(), "image/png")
{
// Opacity is an integer from 0 to 100. (0 is completely transparent, 100 is
// completely opaque)
Opacity = 50,
// Align the image to the right.
HorizontalAlign = PadesHorizontalAlign.Right
},
// Position of the visual representation. We have encapsulated this code in a method
// to include several possibilities depending on the argument passed. Experiment
// changing the argument to see different examples of signature positioning. Once you
// decide which is best for your case, you can place the code directly here.
Position = PadesVisualElements.GetVisualPositioning(1)
}
};
// Set certificate's content. (received from a hidden field on the form submission, its value
// is filled on javascript, see signature-start-form.js)
signatureStarter.SetSignerCertificate(model.CertContent);
// Set PDF to be signed.
signatureStarter.SetPdfToSign(Util.GetSampleDocPath());
/*
* Optionally, add marks to the PDF before signing. These differ from the signature visual
* representation in that they are actually changes done to the document prior to signing,
* not binded to any signature. Therefore, any number of marks can be added, for instance
* one per page, whereas there can only be one visual representation per signature. However,
* since the marks are in reality changes to the PDF, they can only be added to documents
* which have no previous signatures, otherwise such signatures would be made invalid by the
* changes to the document (see property PadesSignatureStarter.BypassMarksIfSigned). This
* problem does not occurr with signature visual representations.
*
* We have encapsulated this code in a method to include several possibilities depending on
* the argument passed. Experiment changing the argument to see different examples of PDF
* marks. Once you decide which is best for your case, you can place the code directly here.
*/
//signatureStarter.PdfMarks.Add(PadesVisualElements.GetPdfMark(1));
// Call the StartAsync() method, which initiates the signature. This yields the parameters
// for the signature using the certificates.
signatureParams = await signatureStarter.StartAsync();
} catch (ValidationException ex) {
// Return to Index view rendering the error message.
ModelState.AddModelError("", ex.Message);
return(View());
}
// On the next step (Complete action), we'll need once again some information:
// - The token that identifies the signature process on REST PKI service.
// - The thumbprint of the selected certificate.
// - The "to-sign-hash" to be signed. (see signature-complete-form.js)
// - The OID of the digest algorithm to be used during the signature operation.
// We'll store these values on TempData, which is a dictionary shared between actions.
TempData["SignatureCompleteModel"] = new SignatureCompleteModel()
{
Token = signatureParams.Token,
CertThumb = model.CertThumb,
ToSignHash = signatureParams.ToSignHash,
DigestAlgorithmOid = signatureParams.DigestAlgorithmOid
};
return(RedirectToAction("Complete"));
}
private async void signButtonClick(object sender, RoutedEventArgs e)
{
//var progressDialog = await this.ShowProgressAsync("Please wait...", "Signing");
Pkcs11CertificateStore p11Store = null;
addLog($"Signature process begin");
progressBar.Value = 10;
try {
var signatureStarter = new PadesSignatureStarter(restPkiClient)
{
// Set the unit of measurement used to edit the pdf marks and visual representations
MeasurementUnits = PadesMeasurementUnits.Centimeters,
// Set the signature policy
SignaturePolicyId = StandardPadesSignaturePolicies.Basic,
// Set a SecurityContext to be used to determine trust in the certificate chain
SecurityContextId = Guid.Parse("803517ad-3bbc-4169-b085-60053a8f6dbf"),
//SecurityContextId =StandardSecurityContexts.PkiBrazil,
// Note: this SecurityContext above accept unsecured certificates. You can create custom security context on the Rest PKI website.
// Set a visual representation for the signature
VisualRepresentation = createVisualRepresentation()
};
progressBar.Value = 15;
// If the user was redirected here by UploadController (signature with file uploaded by user), the "userfile" URL argument
// will contain the filename under the "App_Data" folder. Otherwise (signature with server file), we'll sign a sample
// document.
if (string.IsNullOrEmpty(FileToSign))
{
// Set the PDF to be signed as a byte array
signatureStarter.SetPdfToSign(Signer.Resources.SampleDocument);
}
else
{
// Set the path of the file to be signed
addLog($"file size {(new FileInfo(FileToSign).Length / 1024.0).ToString("0.00")} KBytes");
signatureStarter.SetPdfToSign(FileToSign);
}
/*
* Optionally, add marks to the PDF before signing. These differ from the signature visual representation in that
* they are actually changes done to the document prior to signing, not binded to any signature. Therefore, any number
* of marks can be added, for instance one per page, whereas there can only be one visual representation per signature.
* However, since the marks are in reality changes to the PDF, they can only be added to documents which have no previous
* signatures, otherwise such signatures would be made invalid by the changes to the document (see property
* PadesSignatureStarter.BypassMarksIfSigned). This problem does not occurr with signature visual representations.
*
* We have encapsulated this code in a method to include several possibilities depending on the argument passed.
* Experiment changing the argument to see different examples of PDF marks. Once you decide which is best for your case,
* you can place the code directly here.
*/
signatureStarter.PdfMarks.Add(PadesVisualElements.GetPdfMark(1));
// Call the StartWithWebPki() method, which initiates the signature. This yields the token, a 43-character
// case-sensitive URL-safe string, which identifies this signature process. We'll use this value to call the
// signWithRestPki() method on the Web PKI component (see javascript on the view) and also to complete the signature
// on the POST action below (this should not be mistaken with the API access token).
// Find selected certificate with key
// --------------------------------------------------------------
PKCertificateWithKey certWithKey = null;
var selectedThumbprint = (CertificatesCB.SelectedItem as ComboCertificate).Certificate.ThumbprintSHA256;
p11Store = Pkcs11CertificateStore.Load(getPkcs11Modules(), new P11LoginProvider());
// search on pkcs11 store
if (findCertificate(p11Store.GetCertificatesWithKey(), selectedThumbprint, out certWithKey))
{
}
else if (findCertificate(WindowsCertificateStore.LoadPersonalCurrentUser().GetCertificatesWithKey(), selectedThumbprint, out certWithKey))
{
}
else
{
throw new Exception("Selected certificate not found");
}
// --------------------------------------------------------------
signatureStarter.SetSignerCertificate(certWithKey.Certificate.EncodedValue);
progressBar.Value = 30;
addLog($"Step 1: Start Signature");
var sw = Stopwatch.StartNew();
Token = await signatureStarter.StartAsync();
sw.Stop();
addLog($"Step 1: Signature Started, elapsed {sw.Elapsed.TotalSeconds:N1}s");
progressBar.Value = 50;
addLog($"Signing with {certWithKey.Certificate.SubjectDisplayName}");
var signature = certWithKey.SignData(Lacuna.Pki.DigestAlgorithm.GetInstanceByOid(Token.DigestAlgorithmOid), Token.ToSignData);
addLog($"Signed");
progressBar.Value = 70;
var signatureFinisher = new PadesSignatureFinisher2(restPkiClient)
{
Token = Token.Token,
Signature = signature
};
sw = Stopwatch.StartNew();
// Call the Finish() method, which finalizes the signature process and returns a SignatureResult object
addLog($"Step 2: Finish Signature");
var signatureResult = await signatureFinisher.FinishAsync();
sw.Stop();
addLog($"Step 2: Signature Finished, elapsed {sw.Elapsed.TotalSeconds:N1}s");
SignedFile = System.IO.Path.Combine(Path.GetDirectoryName(FileToSign), Path.GetFileNameWithoutExtension(FileToSign) + "-signed" + Path.GetExtension(FileToSign));
signatureResult.WriteToFile(SignedFile);
//BusyIndicator.IsBusy = false;
progressBar.Value = 100;
OpenFileSignedBt.IsEnabled = true;
addLog($"File signed: {SignedFile}");
} catch (Exception ex) {
addLog(ex.ToString());
} finally {
if (p11Store != null)
{
p11Store.Dispose();
}
}
progressBar.Value = 0;
}
private async void signButtonClick(object sender, RoutedEventArgs e)
{
var progressDialog = await this.ShowProgressAsync("Please wait...", "Signing");
addLog($"Signature started");
progressDialog.SetProgress(0.10);
try {
var signatureStarter = new PadesSignatureStarter(restPkiClient)
{
// Set the unit of measurement used to edit the pdf marks and visual representations
MeasurementUnits = PadesMeasurementUnits.Centimeters,
// Set the signature policy
SignaturePolicyId = StandardPadesSignaturePolicies.Basic,
// Set a SecurityContext to be used to determine trust in the certificate chain
SecurityContextId = Guid.Parse("803517ad-3bbc-4169-b085-60053a8f6dbf"),
//SecurityContextId =StandardSecurityContexts.PkiBrazil,
// Note: this SecurityContext above accept unsecured certificates. You can create custom security context on the Rest PKI website.
// Set a visual representation for the signature
VisualRepresentation = new PadesVisualRepresentation()
{
// The tags {{name}} and {{national_id}} will be substituted according to the user's certificate
//
// name : full name of the signer
// national_id : if the certificate is ICP-Brasil, contains the signer's CPF
//
// For a full list of the supported tags, see: https://github.com/LacunaSoftware/RestPkiSamples/blob/master/PadesTags.md
Text = new PadesVisualText("Signed by {{name}} ({{national_id}})")
{
// Specify that the signing time should also be rendered
IncludeSigningTime = true,
// Optionally set the horizontal alignment of the text ('Left' or 'Right'), if not set the default is Left
HorizontalAlign = PadesTextHorizontalAlign.Left
},
// We'll use as background the image in Content/PdfStamp.png
Image = new PadesVisualImage(Signer.Resources.PdfStamp_png, "image/png")
{
// Opacity is an integer from 0 to 100 (0 is completely transparent, 100 is completely opaque).
Opacity = 50,
// Align the image to the right
HorizontalAlign = PadesHorizontalAlign.Right
},
// Position of the visual representation. We have encapsulated this code in a method to include several
// possibilities depending on the argument passed. Experiment changing the argument to see different examples
// of signature positioning. Once you decide which is best for your case, you can place the code directly here.
Position = PadesVisualElements.GetVisualPositioning(restPkiClient, 1)
},
};
var cert = CertificatesCB.SelectedItem as Cert;
var certificate = getCertificate(cert.Thumbprint);
signatureStarter.SetSignerCertificate(certificate.GetRawCertData());
progressDialog.SetProgress(0.15);
// If the user was redirected here by UploadController (signature with file uploaded by user), the "userfile" URL argument
// will contain the filename under the "App_Data" folder. Otherwise (signature with server file), we'll sign a sample
// document.
if (string.IsNullOrEmpty(FileToSign))
{
// Set the PDF to be signed as a byte array
signatureStarter.SetPdfToSign(Signer.Resources.SampleDocument);
}
else
{
// Set the path of the file to be signed
addLog($"file size {new FileInfo(FileToSign).Length / 1024}kBytes");
signatureStarter.SetPdfToSign(FileToSign);
}
/*
* Optionally, add marks to the PDF before signing. These differ from the signature visual representation in that
* they are actually changes done to the document prior to signing, not binded to any signature. Therefore, any number
* of marks can be added, for instance one per page, whereas there can only be one visual representation per signature.
* However, since the marks are in reality changes to the PDF, they can only be added to documents which have no previous
* signatures, otherwise such signatures would be made invalid by the changes to the document (see property
* PadesSignatureStarter.BypassMarksIfSigned). This problem does not occurr with signature visual representations.
*
* We have encapsulated this code in a method to include several possibilities depending on the argument passed.
* Experiment changing the argument to see different examples of PDF marks. Once you decide which is best for your case,
* you can place the code directly here.
*/
signatureStarter.PdfMarks.Add(PadesVisualElements.GetPdfMark(1));
// Call the StartWithWebPki() method, which initiates the signature. This yields the token, a 43-character
// case-sensitive URL-safe string, which identifies this signature process. We'll use this value to call the
// signWithRestPki() method on the Web PKI component (see javascript on the view) and also to complete the signature
// on the POST action below (this should not be mistaken with the API access token).
progressDialog.SetProgress(0.20);
addLog($"Step One Started");
var sw = new Stopwatch();
sw.Start();
Token = await signatureStarter.StartAsync();
sw.Stop();
addLog($"Step One finished,elapsed {sw.Elapsed.TotalSeconds:N1}s");
progressDialog.SetProgress(0.40);
byte[] signature;
using (RSA rsa = certificate.GetRSAPrivateKey()) {
HashAlgorithmName hashAlgorithm;
switch (Token.DigestAlgorithm.ApiModel)
{
case DigestAlgorithms.MD5:
hashAlgorithm = HashAlgorithmName.MD5;
break;
case DigestAlgorithms.SHA1:
hashAlgorithm = HashAlgorithmName.SHA1;
break;
case DigestAlgorithms.SHA256:
hashAlgorithm = HashAlgorithmName.SHA256;
break;
case DigestAlgorithms.SHA384:
hashAlgorithm = HashAlgorithmName.SHA384;
break;
case DigestAlgorithms.SHA512:
hashAlgorithm = HashAlgorithmName.SHA512;
break;
default:
throw new ArgumentOutOfRangeException();
}
signature = rsa.SignData(Token.ToSignData, hashAlgorithm, RSASignaturePadding.Pkcs1);
var signatureFinisher = new PadesSignatureFinisher2(restPkiClient)
{
Token = Token.Token,
Signature = signature
};
progressDialog.SetProgress(0.50);
// Call the Finish() method, which finalizes the signature process and returns a SignatureResult object
sw.Reset();
sw.Start();
var signatureResult = await signatureFinisher.FinishAsync();
sw.Stop();
addLog($"Step two finished,elapsed {sw.Elapsed.TotalSeconds:N1}s");
SignedFile = System.IO.Path.Combine(Path.GetDirectoryName(FileToSign),
Path.GetFileNameWithoutExtension(FileToSign) + "Signed" + Path.GetExtension(FileToSign));
signatureResult.WriteToFile(SignedFile);
//BusyIndicator.IsBusy = false;
progressDialog.SetProgress(0.99);
OpenFileSignedBt.IsEnabled = true;
addLog($"Signarure finished");
}
} catch (Exception ex) {
addLog(ex.ToString());
}
await progressDialog.CloseAsync();
}