public ActionResult Start(BatchSignatureStartRequest request)
{
// Instantiate a CadesSigner class
var cadesSigner = new CadesSigner();
// Get the file's content.
if (!StorageMock.TryGetFile(StorageMock.GetBatchDocPath(request.Id), out byte[] fileContent))
public ActionResult Start(BatchSignatureStartRequest request)
{
byte[] toSignBytes, transferData;
SignatureAlgorithm signatureAlg;
try {
// Decode the user's certificate
var cert = PKCertificate.Decode(request.CertContent);
// Instantiate a PadesSigner class
var padesSigner = new PadesSigner();
// Set the PDF to sign, which in the case of this example is one of the batch documents
padesSigner.SetPdfToSign(StorageMock.GetBatchDocPath(request.Id));
// Set the signer certificate
padesSigner.SetSigningCertificate(cert);
// Set the signature policy.
padesSigner.SetPolicy(GetSignaturePolicy());
// Set a visual representation for the signature.
padesSigner.SetVisualRepresentation(PadesVisualElements.GetVisualRepresentationForPkiSdk(cert));
// Generate the "to-sign-bytes". This method also yields the signature algorithm that must
// be used on the client-side, based on the signature policy, as well as the "transfer data",
// a byte-array that will be needed on the next step.
toSignBytes = padesSigner.GetToSignBytes(out signatureAlg, out transferData);
} catch (ValidationException ex) {
// Some of the operations above may throw a ValidationException, for instance if the certificate
// encoding cannot be read or if the certificate is expired.
return(new HttpStatusCodeResult(500, ex.ValidationResults.ToString()));
}
// For the next steps, we'll need once again some information:
// - The "transfer data" filename. Its content is stored in a temporary file (with extension .bin) to
// be shared with the Complete action.
// - The "to-sign-hash" (digest of the "to-sign-bytes"). And the OID of the digest algorithm to be
// used during the signature operation. this information is need in the signature computation with
// Web PKI component. (see batch-signature-form.js)
return(Json(new BatchSignatureStartResponse()
{
TransferDataFileId = StorageMock.Store(transferData, ".bin"),
ToSignHash = signatureAlg.DigestAlgorithm.ComputeHash(toSignBytes),
DigestAlgorithmOid = signatureAlg.DigestAlgorithm.Oid
}));
}
public ActionResult Start(BatchSignatureStartRequest request)
{
// Recover the batch information based on its ID, which contains the user's certificate
var batchInfo = batches[request.BatchId];
// Get an instance of the PadesSignatureStarter class, responsible for receiving the signature elements and start the
// signature process
var signatureStarter = new PadesSignatureStarter(Util.GetRestPkiClient())
{
// Set the user's certificate. Notice that this step is not necessary on the regular batch signature example. This
// enhances the performance of the batch processing
SignerCertificate = Convert.FromBase64String(batchInfo.Certificate),
// Set the signature policy
SignaturePolicyId = StandardPadesSignaturePolicies.Basic,
// Set a SecurityContext to be used to determine trust in the certificate chain
SecurityContextId = StandardSecurityContexts.PkiBrazil,
// Note: By changing the SecurityContext above you can accept certificates from a custom security context created on the Rest PKI website.
// Set a visual representation for the signature
VisualRepresentation = new PadesVisualRepresentation()
{
// The tags {{signerName}} and {{signerNationalId}} will be substituted according to the user's certificate
// signerName -> full name of the signer
// signerNationalId -> if the certificate is ICP-Brasil, contains the signer's CPF
Text = new PadesVisualText("Signed by {{signerName}} ({{signerNationalId}})")
{
// Specify that the signing time should also be rendered
IncludeSigningTime = true,
// Optionally set the horizontal alignment of the text ('Left' or 'Right'), if not set the default is Left
HorizontalAlign = PadesTextHorizontalAlign.Left
},
// We'll use as background the image in Content/PdfStamp.png
Image = new PadesVisualImage(Util.GetPdfStampContent(), "image/png")
{
// Opacity is an integer from 0 to 100 (0 is completely transparent, 100 is completely opaque).
Opacity = 50,
// Align the image to the right
HorizontalAlign = PadesHorizontalAlign.Right
},
// Position of the visual representation. We have encapsulated this code in a method to include several
// possibilities depending on the argument passed. Experiment changing the argument to see different examples
// of signature positioning. Once you decide which is best for your case, you can place the code directly here.
Position = getVisualPositioning(1)
}
};
// Set the document to be signed based on its ID (passed to us from the page)
signatureStarter.SetPdfToSign(Util.GetBatchDocContent(request.DocumentId));
// Call the Start() method, which initiates the signature. Notice that, on the regular signature example, we call the
// StartWithRestPki() method, which is simpler but with worse performance. The Start() method will yield not only the
// token, a 43-character case-sensitive URL-safe string which identifies this signature process, but also the data
// that should be used to call the signHash() function on the Web PKI component (instead of the signWithRestPki()
// function, which is also simpler but far slower).
var signatureParams = signatureStarter.Start();
// Notice: it is not necessary to call SetNoCacheHeaders() because this action is a POST action, therefore no caching
// of the response will be made by browsers.
// Return a JSON with the token obtained from REST PKI, along with the parameters for the signHash() call
// (the page will use jQuery to decode this value)
var response = new BatchSignatureStartResponse()
{
Token = signatureParams.Token,
ToSignHash = Convert.ToBase64String(signatureParams.ToSignHash),
DigestAlgorithmOid = signatureParams.DigestAlgorithmOid
};
return(Json(response));
}
public IHttpActionResult Start(BatchSignatureStartRequest request)
{
byte[] toSignBytes, transferData;
SignatureAlgorithm signatureAlg;
try {
// Decode the user's certificate
var cert = PKCertificate.Decode(request.CertContent);
// Instantiate a PadesSigner class
var padesSigner = new PadesSigner();
// Set the PDF to sign, which in the case of this example is one of the batch documents
padesSigner.SetPdfToSign(Storage.GetBatchDocContent(request.Id));
// Set the signer certificate
padesSigner.SetSigningCertificate(cert);
// Set the signature policy
padesSigner.SetPolicy(getSignaturePolicy());
// Set the signature's visual representation options (this is optional). For more information, see
// http://pki.lacunasoftware.com/Help/html/98095ec7-2742-4d1f-9709-681c684eb13b.htm
var visual = new PadesVisualRepresentation2()
{
// Text of the visual representation
Text = new PadesVisualText()
{
// Compose the message
CustomText = $"Assinado digitalmente por {cert.SubjectDisplayName}",
// Specify that the signing time should also be rendered
IncludeSigningTime = true,
// Optionally set the horizontal alignment of the text ('Left' or 'Right'), if not set the default is Left
HorizontalAlign = PadesTextHorizontalAlign.Left
},
// Background image of the visual representation
Image = new PadesVisualImage()
{
// We'll use as background the image in Content/PdfStamp.png
Content = Storage.GetPdfStampContent(),
// Opacity is an integer from 0 to 100 (0 is completely transparent, 100 is completely opaque).
Opacity = 50,
// Align the image to the right
HorizontalAlign = PadesHorizontalAlign.Right
},
// Set the position of the visual representation
Position = PadesVisualAutoPositioning.GetFootnote()
};
padesSigner.SetVisualRepresentation(visual);
// Generate the "to-sign-bytes". This method also yields the signature algorithm that must
// be used on the client-side, based on the signature policy, as well as the "transfer data",
// a byte-array that will be needed on the next step.
toSignBytes = padesSigner.GetToSignBytes(out signatureAlg, out transferData);
} catch (ValidationException ex) {
// Some of the operations above may throw a ValidationException, for instance if the certificate
// encoding cannot be read or if the certificate is expired.
var message = Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.ValidationResults.ToString());
return(ResponseMessage(message));
}
// For the next steps, we'll need once again some information:
// - The "transfer data" filename. Its content is stored in a temporary file (with extension .bin) to
// be shared with the Complete action.
// - The "to-sign-hash" (digest of the "to-sign-bytes"). And the OID of the digest algorithm to be
// used during the signature operation. this information is need in the signature computation with
// Web PKI component. (see batch-signature-form.js)
return(Ok(new BatchSignatureStartResponse()
{
TransferDataFileId = Storage.StoreFile(transferData, ".bin"),
ToSignHash = signatureAlg.DigestAlgorithm.ComputeHash(toSignBytes),
DigestAlgorithmOid = signatureAlg.DigestAlgorithm.Oid
}));
}