public void Pkcs11RsaSignatureReuseTest() { using (Pkcs11RsaSignature pkcs11RsaSignature = new Pkcs11RsaSignature(_libraryPath, _tokenSerial, _tokenLabel, _pin, _ckaLabel, _ckaId, _hashAlgorithm)) { byte[] signingCertificate = pkcs11RsaSignature.GetSigningCertificate(); List <byte[]> otherCertificates = pkcs11RsaSignature.GetAllCertificates(); ICollection <X509Certificate> certPath = CertUtils.BuildCertPath(signingCertificate, otherCertificates); for (int i = 0; i < 100; i++) { string unsignedPdfPath = GetTempDocPath(); string signedPdfPath = GetTempDocPath(); try { GenerateRandomPdf(unsignedPdfPath); using (PdfReader pdfReader = new PdfReader(unsignedPdfPath)) using (FileStream outputStream = new FileStream(signedPdfPath, FileMode.Create)) using (PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, outputStream, '\0', GetTempDocPath(), true)) MakeSignature.SignDetached(pdfStamper.SignatureAppearance, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES); Assert.IsTrue(1 == VerifySignatureIntegrity(signedPdfPath)); } finally { File.Delete(unsignedPdfPath); File.Delete(signedPdfPath); } } } }
private void signPDF(int llx, int lly, int urx, int ury) { // Do something interesting with unsigned PDF document FileInfo unsignedPdfInfo = new FileInfo(unsignedPdfPath); //Assert.IsTrue(unsignedPdfInfo.Length > 0); // Specify path to the unmanaged PCKS#11 library string libraryPath = @"C:\Windows\System32\cvP11.dll"; // Specify serial number of the token that contains signing key. May be null if tokenLabel is specified. string tokenSerial = @"910e21b0da172e34"; // Specify label of of the token that contains signing key. May be null if tokenSerial is specified string tokenLabel = @"SuisseID"; // Specify PIN for the token string pin = "091011"; // Specify label (value of CKA_LABEL attribute) of the private key used for signing. May be null if ckaId is specified. string ckaLabel = null; // Specify hex encoded string with identifier (value of CKA_ID attribute) of the private key used for signing. May be null if ckaLabel is specified. string ckaId = "6D808CE0BF9C368FB0AD28E24366F646BA0B3F67"; // Specify hash algorihtm used for the signature creation HashAlgorithm hashAlgorithm = HashAlgorithm.SHA256; // Create instance of Pkcs11Signature class that allows iText to create PKCS#1 v1.5 RSA signature with the private key stored on PKCS#11 compatible device using (Pkcs11RsaSignature pkcs11RsaSignature = new Pkcs11RsaSignature(libraryPath, tokenSerial, tokenLabel, pin, ckaLabel, ckaId, HashAlgorithm.SHA256)) { // When signing certificate is stored on the token it can be usually read with GetSigningCertificate() method byte[] signingCertificate = pkcs11RsaSignature.GetSigningCertificate(); // All certificates stored on the token can be usually read with GetAllCertificates() method List <byte[]> otherCertificates = pkcs11RsaSignature.GetAllCertificates(); // Build certification path for the signing certificate ICollection <Org.BouncyCastle.X509.X509Certificate> certPath = CertUtils.BuildCertPath(signingCertificate, otherCertificates); // Read unsigned PDF document using (PdfReader pdfReader = new PdfReader(unsignedPdfPath)) { // Create output stream for signed PDF document using (FileStream outputStream = new FileStream(signedPdfPath, FileMode.Create)) { // Create PdfStamper that applies extra content to the PDF document using (PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, outputStream, '\0', Path.GetTempFileName(), true)) { // Sign PDF document PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance; signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.GRAPHIC_AND_DESCRIPTION; signatureAppearance.SignatureGraphic = iTextSharp.text.Image.GetInstance("logo_sign.png"); signatureAppearance.SetVisibleSignature(new iTextSharp.text.Rectangle((float)llx, (float)lly, (float)urx, (float)ury), 1, null); MakeSignature.SignDetached(pdfStamper.SignatureAppearance, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES); //MakeSignature.SignDetached(pdfStamper.SignatureAppearance, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES); } } } } // Do something interesting with the signed PDF document FileInfo signedPdfInfo = new FileInfo(signedPdfPath); //Assert.IsTrue(signedPdfInfo.Length > signedPdfPath.Length); }
public static byte[] SaferGetSigningCertificate(this Pkcs11RsaSignature signature) { for (var i = 0; i < TimesToTryFindSlot; i++) { try { return(signature.GetSigningCertificate()); } catch { Task.Delay(MillisecondsToWaitBetweenFindSlotsAttempts); // ignored } } return(null); }
public void GetSigningCertificateTest() { // CKA_ID and CKA_LABEL of the temporary RSA key pair byte[] ckaId = null; string ckaLabel = null; // Generate temporary RSA key pair using (Pkcs11 pkcs11 = new Pkcs11(_libraryPath, false)) { Slot slot = FindSlot(pkcs11, _tokenSerial, _tokenLabel); if (slot == null) { throw new TokenNotFoundException(); } using (Session session = slot.OpenSession(false)) { session.Login(CKU.CKU_USER, _pin); ckaId = session.GenerateRandom(20); ckaLabel = Guid.NewGuid().ToString(); List <ObjectAttribute> publicKeyAttributes = new List <ObjectAttribute>(); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, ckaLabel)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ENCRYPT, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY_RECOVER, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_WRAP, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_MODULUS_BITS, 1024)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PUBLIC_EXPONENT, new byte[] { 0x01, 0x00, 0x01 })); List <ObjectAttribute> privateKeyAttributes = new List <ObjectAttribute>(); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, ckaLabel)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SENSITIVE, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN_RECOVER, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_UNWRAP, true)); ObjectHandle publicKeyHandle = null; ObjectHandle privateKeyHandle = null; session.GenerateKeyPair(new Mechanism(CKM.CKM_RSA_PKCS_KEY_PAIR_GEN), publicKeyAttributes, privateKeyAttributes, out publicKeyHandle, out privateKeyHandle); session.Logout(); } } // Test Pkcs11RsaSignature with RSA key pair associated with certificate present on the token using (Pkcs11RsaSignature pkcs11RsaSignature = new Pkcs11RsaSignature(_libraryPath, _tokenSerial, _tokenLabel, _pin, _ckaLabel, _ckaId, _hashAlgorithm)) { byte[] cert = pkcs11RsaSignature.GetSigningCertificate(); Assert.IsTrue(cert != null); Assert.IsTrue(ConvertUtils.BytesToBase64String(cert) == _certificate); } // Test Pkcs11RsaSignature with temporary RSA key pair that is not associated with any certificate present on the token using (Pkcs11RsaSignature pkcs11RsaSignature = new Pkcs11RsaSignature(_libraryPath, _tokenSerial, _tokenLabel, _pin, ckaLabel, ConvertUtils.BytesToHexString(ckaId), _hashAlgorithm)) { try { pkcs11RsaSignature.GetSigningCertificate(); Assert.Fail("Exception expected but not thrown"); } catch (Exception ex) { Assert.IsTrue(ex is ObjectNotFoundException); } } // Delete temporary RSA key pair using (Pkcs11 pkcs11 = new Pkcs11(_libraryPath, false)) { Slot slot = FindSlot(pkcs11, _tokenSerial, _tokenLabel); if (slot == null) { throw new TokenNotFoundException(); } using (Session session = slot.OpenSession(false)) { session.Login(CKU.CKU_USER, _pin); List <ObjectAttribute> objectAttributes = new List <ObjectAttribute>(); objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_RSA)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, ckaLabel)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId)); List <ObjectHandle> foundObjects = session.FindAllObjects(objectAttributes); foreach (ObjectHandle foundObject in foundObjects) { session.DestroyObject(foundObject); } session.Logout(); } } }
public void SignPdfDocument() { // Specify path to the unsigned PDF that will be created by this code string unsignedPdfPath = @"c:\temp\unsigned.pdf"; // Specify path to the signed PDF that will be created by this code string signedPdfPath = @"c:\temp\signed.pdf"; // Create simple PDF document with iText using (Document document = new Document(PageSize.A4, 50, 50, 50, 50)) { using (FileStream outputStream = new FileStream(unsignedPdfPath, FileMode.Create)) { using (PdfWriter pdfWriter = PdfWriter.GetInstance(document, outputStream)) { document.Open(); document.Add(new Paragraph("Hello World!")); document.Close(); } } } // Do something interesting with unsigned PDF document FileInfo unsignedPdfInfo = new FileInfo(unsignedPdfPath); Assert.IsTrue(unsignedPdfInfo.Length > 0); // Specify path to the unmanaged PCKS#11 library string libraryPath = @"siecap11.dll"; // Specify serial number of the token that contains signing key. May be null if tokenLabel is specified. string tokenSerial = null; // Specify label of of the token that contains signing key. May be null if tokenSerial is specified string tokenLabel = @"Pkcs11Interop"; // Specify PIN for the token string pin = @"11111111"; // Specify label (value of CKA_LABEL attribute) of the private key used for signing. May be null if ckaId is specified. string ckaLabel = @"John Doe"; // Specify hex encoded string with identifier (value of CKA_ID attribute) of the private key used for signing. May be null if ckaLabel is specified. string ckaId = null; // Specify hash algorihtm used for the signature creation HashAlgorithm hashAlgorithm = HashAlgorithm.SHA256; // Create instance of Pkcs11Signature class that allows iText to create PKCS#1 v1.5 RSA signature with the private key stored on PKCS#11 compatible device using (Pkcs11RsaSignature pkcs11RsaSignature = new Pkcs11RsaSignature(libraryPath, tokenSerial, tokenLabel, pin, ckaLabel, ckaId, hashAlgorithm)) { // When signing certificate is stored on the token it can be usually read with GetSigningCertificate() method byte[] signingCertificate = pkcs11RsaSignature.GetSigningCertificate(); // All certificates stored on the token can be usually read with GetAllCertificates() method List <byte[]> otherCertificates = pkcs11RsaSignature.GetAllCertificates(); // Build certification path for the signing certificate ICollection <Org.BouncyCastle.X509.X509Certificate> certPath = CertUtils.BuildCertPath(signingCertificate, otherCertificates); // Read unsigned PDF document using (PdfReader pdfReader = new PdfReader(unsignedPdfPath)) { // Create output stream for signed PDF document using (FileStream outputStream = new FileStream(signedPdfPath, FileMode.Create)) { // Create PdfStamper that applies extra content to the PDF document using (PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, outputStream, '\0', Path.GetTempFileName(), true)) { // Sign PDF document MakeSignature.SignDetached(pdfStamper.SignatureAppearance, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES); } } } } // Do something interesting with the signed PDF document FileInfo signedPdfInfo = new FileInfo(signedPdfPath); Assert.IsTrue(signedPdfInfo.Length > signedPdfPath.Length); }
public void SignPdfDocument() { // Specify path to the unsigned PDF that will be created by this code string unsignedPdfPath = @"c:\temp\unsigned.pdf"; // Specify path to the signed PDF that will be created by this code string signedPdfPath = @"c:\temp\signed.pdf"; // Create simple PDF document with iText using (Document document = new Document(PageSize.A4, 50, 50, 50, 50)) { using (FileStream outputStream = new FileStream(unsignedPdfPath, FileMode.Create)) { using (PdfWriter pdfWriter = PdfWriter.GetInstance(document, outputStream)) { document.Open(); document.Add(new Paragraph("Hello World!")); document.Close(); } } } // Do something interesting with unsigned PDF document FileInfo unsignedPdfInfo = new FileInfo(unsignedPdfPath); Assert.IsTrue(unsignedPdfInfo.Length > 0); // Specify path to the unmanaged PCKS#11 library string libraryPath = @"siecap11.dll"; // Specify serial number of the token that contains signing key. May be null if tokenLabel is specified. string tokenSerial = null; // Specify label of of the token that contains signing key. May be null if tokenSerial is specified string tokenLabel = @"Pkcs11Interop"; // Specify PIN for the token string pin = @"11111111"; // Specify label (value of CKA_LABEL attribute) of the private key used for signing. May be null if ckaId is specified. string ckaLabel = @"John Doe"; // Specify hex encoded string with identifier (value of CKA_ID attribute) of the private key used for signing. May be null if ckaLabel is specified. string ckaId = null; // Specify hash algorihtm used for the signature creation HashAlgorithm hashAlgorithm = HashAlgorithm.SHA256; // Create instance of Pkcs11Signature class that allows iText to create PKCS#1 v1.5 RSA signature with the private key stored on PKCS#11 compatible device using (Pkcs11RsaSignature pkcs11RsaSignature = new Pkcs11RsaSignature(libraryPath, tokenSerial, tokenLabel, pin, ckaLabel, ckaId, hashAlgorithm)) { // When signing certificate is stored on the token it can be usually read with GetSigningCertificate() method byte[] signingCertificate = pkcs11RsaSignature.GetSigningCertificate(); // All certificates stored on the token can be usually read with GetAllCertificates() method List<byte[]> otherCertificates = pkcs11RsaSignature.GetAllCertificates(); // Build certification path for the signing certificate ICollection<Org.BouncyCastle.X509.X509Certificate> certPath = CertUtils.BuildCertPath(signingCertificate, otherCertificates); // Read unsigned PDF document using (PdfReader pdfReader = new PdfReader(unsignedPdfPath)) { // Create output stream for signed PDF document using (FileStream outputStream = new FileStream(signedPdfPath, FileMode.Create)) { // Create PdfStamper that applies extra content to the PDF document using (PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, outputStream, '\0', Path.GetTempFileName(), true)) { // Sign PDF document MakeSignature.SignDetached(pdfStamper.SignatureAppearance, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES); } } } } // Do something interesting with the signed PDF document FileInfo signedPdfInfo = new FileInfo(signedPdfPath); Assert.IsTrue(signedPdfInfo.Length > signedPdfPath.Length); }
public void Pkcs11RsaSignatureReuseTest() { using (Pkcs11RsaSignature pkcs11RsaSignature = new Pkcs11RsaSignature(_libraryPath, _tokenSerial, _tokenLabel, _pin, _ckaLabel, _ckaId, _hashAlgorithm)) { byte[] signingCertificate = pkcs11RsaSignature.GetSigningCertificate(); List<byte[]> otherCertificates = pkcs11RsaSignature.GetAllCertificates(); ICollection<X509Certificate> certPath = CertUtils.BuildCertPath(signingCertificate, otherCertificates); for (int i = 0; i < 100; i++) { string unsignedPdfPath = GetTempDocPath(); string signedPdfPath = GetTempDocPath(); try { GenerateRandomPdf(unsignedPdfPath); using (PdfReader pdfReader = new PdfReader(unsignedPdfPath)) using (FileStream outputStream = new FileStream(signedPdfPath, FileMode.Create)) using (PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, outputStream, '\0', GetTempDocPath(), true)) MakeSignature.SignDetached(pdfStamper.SignatureAppearance, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES); Assert.IsTrue(1 == VerifySignatureIntegrity(signedPdfPath)); } finally { File.Delete(unsignedPdfPath); File.Delete(signedPdfPath); } } } }
public void GetSigningCertificateTest() { // CKA_ID and CKA_LABEL of the temporary RSA key pair byte[] ckaId = null; string ckaLabel = null; // Generate temporary RSA key pair using (Pkcs11 pkcs11 = new Pkcs11(_libraryPath, false)) { Slot slot = FindSlot(pkcs11, _tokenSerial, _tokenLabel); if (slot == null) throw new TokenNotFoundException(); using (Session session = slot.OpenSession(false)) { session.Login(CKU.CKU_USER, _pin); ckaId = session.GenerateRandom(20); ckaLabel = Guid.NewGuid().ToString(); List<ObjectAttribute> publicKeyAttributes = new List<ObjectAttribute>(); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, ckaLabel)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ENCRYPT, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY_RECOVER, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_WRAP, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_MODULUS_BITS, 1024)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PUBLIC_EXPONENT, new byte[] { 0x01, 0x00, 0x01 })); List<ObjectAttribute> privateKeyAttributes = new List<ObjectAttribute>(); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, ckaLabel)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SENSITIVE, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN_RECOVER, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_UNWRAP, true)); ObjectHandle publicKeyHandle = null; ObjectHandle privateKeyHandle = null; session.GenerateKeyPair(new Mechanism(CKM.CKM_RSA_PKCS_KEY_PAIR_GEN), publicKeyAttributes, privateKeyAttributes, out publicKeyHandle, out privateKeyHandle); session.Logout(); } } // Test Pkcs11RsaSignature with RSA key pair associated with certificate present on the token using (Pkcs11RsaSignature pkcs11RsaSignature = new Pkcs11RsaSignature(_libraryPath, _tokenSerial, _tokenLabel, _pin, _ckaLabel, _ckaId, _hashAlgorithm)) { byte[] cert = pkcs11RsaSignature.GetSigningCertificate(); Assert.IsTrue(cert != null); Assert.IsTrue(ConvertUtils.BytesToBase64String(cert) == _certificate); } // Test Pkcs11RsaSignature with temporary RSA key pair that is not associated with any certificate present on the token using (Pkcs11RsaSignature pkcs11RsaSignature = new Pkcs11RsaSignature(_libraryPath, _tokenSerial, _tokenLabel, _pin, ckaLabel, ConvertUtils.BytesToHexString(ckaId), _hashAlgorithm)) { try { pkcs11RsaSignature.GetSigningCertificate(); Assert.Fail("Exception expected but not thrown"); } catch (Exception ex) { Assert.IsTrue(ex is ObjectNotFoundException); } } // Delete temporary RSA key pair using (Pkcs11 pkcs11 = new Pkcs11(_libraryPath, false)) { Slot slot = FindSlot(pkcs11, _tokenSerial, _tokenLabel); if (slot == null) throw new TokenNotFoundException(); using (Session session = slot.OpenSession(false)) { session.Login(CKU.CKU_USER, _pin); List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>(); objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_RSA)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, ckaLabel)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId)); List<ObjectHandle> foundObjects = session.FindAllObjects(objectAttributes); foreach (ObjectHandle foundObject in foundObjects) session.DestroyObject(foundObject); session.Logout(); } } }