public IHttpActionResult Start(SignatureStartRequest request)
        {
            byte[]             toSignBytes, transferData;
            SignatureAlgorithm signatureAlg;

            try {
                // Decode the user's certificate
                var cert = PKCertificate.Decode(request.Certificate);

                // Instantiate a PadesSigner class
                var padesSigner = new PadesSigner();

                // Set the PDF to sign, which in the case of this example is a fixed sample document
                if (!string.IsNullOrEmpty(request.FileId))
                {
                    padesSigner.SetPdfToSign(Storage.GetFile(request.FileId));
                }
                else
                {
                    padesSigner.SetPdfToSign(Storage.GetSampleDocContent());
                }

                // Set the signer certificate
                padesSigner.SetSigningCertificate(cert);

                // Set the signature policy
                padesSigner.SetPolicy(getSignaturePolicy());

                // Set the signature's visual representation options (optional)
                padesSigner.SetVisualRepresentation(getVisualRepresentation(cert));

                // Generate the "to-sign-bytes". This method also yields the signature algorithm that must
                // be used on the client-side, based on the signature policy, as well as the "transfer data",
                // a byte-array that will be needed on the next step.
                toSignBytes = padesSigner.GetToSignBytes(out signatureAlg, out transferData);
            } catch (ValidationException ex) {
                // Some of the operations above may throw a ValidationException, for instance if the certificate
                // encoding cannot be read or if the certificate is expired.
                return(new ResponseMessageResult(Request.CreateResponse(HttpStatusCode.BadRequest, new ValidationErrorModel(ex.ValidationResults))));
            }

            // Create response with some informations that we'll use on Complete action and on client-side.
            var response = new SignatureStartResponse()
            {
                // The "transfer data" for PDF signatures can be as large as the original PDF itself. Therefore, we mustn't use a hidden field
                // on the page to store it. Here we're using our storage mock (see file Classes\Storage.cs) to simulate storing the transfer data
                // on a database and saving on a hidden field on the page only the ID that can be used later to retrieve it. Another option would
                // be to store the transfer data on the Session dictionary.
                TransferDataFileId = Storage.StoreFile(transferData),

                // Send to the javascript the "to sign hash" of the document (digest of the "to-sign-bytes") and the digest algorithm that must
                // be used on the signature algorithm computation
                ToSignBytes        = toSignBytes,
                DigestAlgorithmOid = signatureAlg.DigestAlgorithm.Oid
            };

            return(Ok(response));
        }
示例#2
0
        public IHttpActionResult Start(SignatureStartRequest request)
        {
            byte[]             toSignHash, transferData;
            SignatureAlgorithm signatureAlg;

            try {
                // Decode the user's certificate
                var cert = PKCertificate.Decode(request.Certificate);

                // Instantiate a XmlElementSigner class
                var signer = new XmlElementSigner();

                // Set the data to sign, which in the case of this example is a fixed sample document
                signer.SetXml(Storage.GetSampleNFeContent());

                // static Id from node <infNFe> from SampleNFe.xml document
                signer.SetToSignElementId("NFe35141214314050000662550010001084271182362300");

                // Set the signer certificate decoded
                signer.SetSigningCertificate(cert);

                // Set the signature policy
                signer.SetPolicy(getSignaturePolicy());

                // Generate the "to-sign-hash". This method also yields the signature algorithm that must
                // be used on the client-side, based on the signature policy. As well as the "transfer data",
                // a byte-array that will be needed on the next step.
                toSignHash = signer.GenerateToSignHash(out signatureAlg, out transferData);
            } catch (ValidationException ex) {
                // Some of the operations above may throw a ValidationException, for instance if the certificate
                // encoding cannot be read or if the certificate is expired.
                return(new ResponseMessageResult(Request.CreateResponse(HttpStatusCode.BadRequest, new ValidationErrorModel(ex.ValidationResults))));
            }

            // Create response with some informations that we'll use on Complete action and on client-side.
            var response = new SignatureStartResponse()
            {
                // The "transfer data" for Xml signatyures are not so big. Therefore, we can easily send it as one of
                // response fields.
                TransferData = transferData,

                // Send to the javascript the "to sign hash" of the document and the digest algorithm that must
                // be used on the signature algorithm computation
                ToSignHash         = toSignHash,
                DigestAlgorithmOid = signatureAlg.DigestAlgorithm.Oid
            };

            return(Ok(response));
        }
        public IHttpActionResult Start(SignatureStartRequest request)
        {
            byte[]             toSignBytes;
            SignatureAlgorithm signatureAlg;

            try {
                // Decode the user's certificate
                var cert = PKCertificate.Decode(request.Certificate);

                // Instantiate a CadesSigner class
                var cadesSigner = new CadesSigner();

                // Set the data to sign, which in the case of this example is a fixed sample document
                if (!string.IsNullOrEmpty(request.FileId))
                {
                    cadesSigner.SetDataToSign(Storage.GetFile(request.FileId));
                }
                else
                {
                    cadesSigner.SetDataToSign(Storage.GetSampleDocContent());
                }

                // Set the signer certificate
                cadesSigner.SetSigningCertificate(cert);

                // Set the signature policy
                cadesSigner.SetPolicy(getSignaturePolicy());

                // Generate the "to-sign-bytes". This method also yields the signature algorithm that must
                // be used on the client-side, based on the signature policy.
                toSignBytes = cadesSigner.GenerateToSignBytes(out signatureAlg);
            } catch (ValidationException ex) {
                // Some of the operations above may throw a ValidationException, for instance if the certificate
                // encoding cannot be read or if the certificate is expired.
                return(new ResponseMessageResult(Request.CreateResponse(HttpStatusCode.BadRequest, new ValidationErrorModel(ex.ValidationResults))));
            }

            // Create response with some informations that we'll use on Complete action and on client-side.
            var response = new SignatureStartResponse()
            {
                // Send to the javascript the "to sign hash" of the document and the digest algorithm that must
                // be used on the signature algorithm computation
                ToSignBytes        = toSignBytes,
                DigestAlgorithmOid = signatureAlg.DigestAlgorithm.Oid
            };

            return(Ok(response));
        }
        public IHttpActionResult Start(SignatureStartRequest model)
        {
            byte[] toSign;
            SignatureAlgorithm signatureAlg;

            try {

                // Instantiate a CadesSigner class
                var cadesSigner = new CadesSigner();

                // Set the data to sign, which in the case of this example is a fixed sample document
                cadesSigner.SetDataToSign(Util.GetSampleDocContent());

                // Decode the user's certificate and set as the signer certificate
                cadesSigner.SetSigningCertificate(PKCertificate.Decode(model.Certificate));

                // Set the signature policy
                cadesSigner.SetPolicy(getPolicy());

                // Generate the "to-sign-bytes". This method also yields the signature algorithm that must
                // be used on the client-side, based on the signature policy.
                toSign = cadesSigner.GenerateToSignBytes(out signatureAlg);

            } catch (ValidationException ex) {

                // Some of the operations above may throw a ValidationException, for instance if the certificate
                // encoding cannot be read or if the certificate is expired.
                return Ok(new SignatureStartResponse() {
                    Success = false,
                    Message = "A validation error has occurred",
                    ValidationResults = ex.ValidationResults.ToString()
                });

            }

            // On the next step (Complete action), we'll need once again the signer's certificate and the
            // "to-sign-bytes" (besides from the document to be signed and the policy). We'll store these
            // values on the database and return to the page an identifier that will be later used to locate
            // these values again.
            SignatureProcess signatureProcess;
            using (var dbContext = new DbContext()) {
                signatureProcess = SignatureProcess.Create();
                signatureProcess.CadesSignerCertificate = model.Certificate;
                signatureProcess.CadesToSign = toSign;
                dbContext.SignatureProcesses.Add(signatureProcess);
                dbContext.SaveChanges();
            }

            // Send back to the page:
            // - The identifier that we'll later use to locate the user's certificate and "to-sign-bytes"
            // - The "to-sign-bytes"
            // - The OID of the digest algorithm to be used during the signature operation
            var response = new SignatureStartResponse() {
                Success = true,
                ProcessId = signatureProcess.Id,
                ToSign = toSign,
                DigestAlgorithmOid = signatureAlg.DigestAlgorithm.Oid
            };
            return Ok(response);
        }