private static CryptographicAttributeObjectCollection CreateAttributeCollection( X509Certificate2 certificate, AsymmetricKeyParameter privateKey, Action <Asn1EncodableVector> addAttributes) { var content = new CmsProcessableByteArray(new byte[0]); var attributes = new Asn1EncodableVector(); addAttributes(attributes); var signedAttributes = new AttributeTable(attributes); var unsignedAttributes = new AttributeTable(DerSet.Empty); var generator = new CmsSignedDataGenerator(); generator.AddSigner( privateKey, DotNetUtilities.FromX509Certificate(certificate), Oids.Sha256, signedAttributes, unsignedAttributes); var bcSignedCms = generator.Generate(content, encapsulate: true); var signedCms = new SignedCms(); signedCms.Decode(bcSignedCms.GetEncoded()); return(signedCms.SignerInfos[0].SignedAttributes); }
public async Task VerifyAsync_WithRevokedCountersignatureCertificate_ReturnsSuspect() { var testServer = await _fixture.GetSigningTestServerAsync(); var certificateAuthority = await _fixture.GetDefaultTrustedCertificateAuthorityAsync(); var issueCertificateOptions = IssueCertificateOptions.CreateDefaultForEndCertificate(); var bcCertificate = certificateAuthority.IssueCertificate(issueCertificateOptions); var timestampService = await _fixture.GetDefaultTrustedTimestampServiceAsync(); using (var certificate = new X509Certificate2(bcCertificate.GetEncoded())) { certificate.PrivateKey = DotNetUtilities.ToRSA(issueCertificateOptions.KeyPair.Private as RsaPrivateCrtKeyParameters); using (var test = await Test.CreateAuthorSignedRepositoryCountersignedPackageAsync( _fixture.TrustedTestCertificate.Source.Cert, certificate, timestampService.Url, timestampService.Url)) using (var packageReader = new PackageArchiveReader(test.PackageFile.FullName)) { await certificateAuthority.OcspResponder.WaitForResponseExpirationAsync(bcCertificate); certificateAuthority.Revoke( bcCertificate, RevocationReason.KeyCompromise, DateTimeOffset.UtcNow.AddHours(-1)); var status = await _verifier.VerifyAsync(packageReader, CancellationToken.None); Assert.Equal(SignatureVerificationStatus.Suspect, status); } } }
static void Main(string[] args) { //All pdf files are fetched from a particular folder string[] pdfFiles = Directory.GetFiles("PATH1", "*.pdf") .Select(Path.GetFileName) .ToArray(); string[] pdfpaths = Directory.GetFiles("PATH1", "*.pdf").ToArray(); string[] newfilepaths = new string[50]; int[] psn = new int[50]; string[] ski; for (int i = 0; i < pdfFiles.Length; i++) { psn[i] = PSNumber(pdfFiles[i]); string[] address = { @"PATH2", pdfFiles[i] }; newfilepaths[i] = Path.Combine(address); } ski = details(psn); for (int i = 0; psn[i] != 0; i++) { X509Store store = new X509Store("MY", StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates; X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindBySubjectKeyIdentifier, ski[i], true); X509Certificate2 digitalID = fcollection[0]; PdfReader reader = new PdfReader(pdfpaths[i]); PdfStamper stamper = PdfStamper.CreateSignature(reader, new FileStream(newfilepaths[i], FileMode.Create), '\0'); PdfSignatureAppearance sap = stamper.SignatureAppearance; sap.SetVisibleSignature(new iTextSharp.text.Rectangle(100, 100, 250, 150), 1, null); BcX509.X509Certificate bcCert = DotNetUtils.FromX509Certificate(digitalID); var chain = new List <BcX509.X509Certificate> { bcCert }; var privatekey = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(digitalID.PrivateKey).Private; IExternalSignature es = new PrivateKeySignature(privatekey, "SHA-256"); MakeSignature.SignDetached(sap, es, chain, null, null, null, 0, CryptoStandard.CMS); stamper.Close(); store.Close(); } }
public override void EncodeAndSign(X509Certificate2 certificate, string filePath) { PdfReader Reader = new PdfReader(filePath); PdfStamper Stamper = PdfStamper.CreateSignature(Reader, new FileStream(filePath + ".signed", FileMode.Create), '0'); PdfSignatureAppearance SAP = Stamper.SignatureAppearance; BcX509.X509Certificate BouncyCertificate = DotNetUtils.FromX509Certificate(certificate); var chain = new List <BcX509.X509Certificate> { BouncyCertificate }; IExternalSignature ES = new X509Certificate2Signature(certificate, DigestAlgorithms.SHA256); MakeSignature.SignDetached(SAP, ES, chain, null, null, null, 0, CryptoStandard.CMS); Stamper.Close(); Reader.Close(); File.Delete(filePath); File.Move(filePath + ".signed", filePath); }
public override bool VerifyFile(string filePath, ref List <KeyValuePair <X509Certificate2, bool> > verifiedCMS) { PdfReader Reader = new PdfReader(filePath); AcroFields Fields = Reader.AcroFields; List <String> Names = Fields.GetSignatureNames(); List <KeyValuePair <X509Certificate2, bool> > UsedCertificates = new List <KeyValuePair <X509Certificate2, bool> >(); bool Validation = false; foreach (String Signature in Names) { PdfPKCS7 CMS = Fields.VerifySignature(Signature); bool currentValidation = CMS.Verify(); UsedCertificates.Add(new KeyValuePair <X509Certificate2, bool>(new X509Certificate2(DotNetUtils.ToX509Certificate(CMS.SigningCertificate)), currentValidation)); //If one signature fails, so does the global validation of the file if (!currentValidation) { Validation = false; } } verifiedCMS = UsedCertificates; return(Validation); }