public virtual void LtvEnabledSingleSignatureTest01()
{
String signCertFileName = certsSrc + "signCertRsaWithChain.p12";
String tsaCertFileName = certsSrc + "tsCertRsa.p12";
String intermediateCertFileName = certsSrc + "intermediateRsa.p12";
String caCertFileName = certsSrc + "rootRsa.p12";
String srcFileName = sourceFolder + "helloWorldDoc.pdf";
String ltvFileName = destinationFolder + "ltvEnabledSingleSignatureTest01.pdf";
X509Certificate[] tsaChain = Pkcs12FileHelper.ReadFirstChain(tsaCertFileName, password);
ICipherParameters tsaPrivateKey = Pkcs12FileHelper.ReadFirstKey(tsaCertFileName, password, password);
X509Certificate intermediateCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(intermediateCertFileName
, password)[0];
ICipherParameters intermediatePrivateKey = Pkcs12FileHelper.ReadFirstKey(intermediateCertFileName, password
, password);
X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
TestTsaClient testTsa = new TestTsaClient(JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey);
TestOcspClient testOcspClient = new TestOcspClient().AddBuilderForCertIssuer(intermediateCert, intermediatePrivateKey
).AddBuilderForCertIssuer(caCert, caPrivateKey);
X509Certificate[] signChain = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password);
ICipherParameters signPrivateKey = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password);
IExternalSignature pks = new PrivateKeySignature(signPrivateKey, DigestAlgorithms.SHA256);
PdfSigner signer = new PdfSigner(new PdfReader(srcFileName), new FileStream(ltvFileName, FileMode.Create),
new StampingProperties());
signer.SetFieldName("Signature1");
signer.SignDetached(pks, signChain, null, testOcspClient, testTsa, 0, PdfSigner.CryptoStandard.CADES);
PadesSigTest.BasicCheckSignedDoc(destinationFolder + "ltvEnabledSingleSignatureTest01.pdf", "Signature1");
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
private void BasicCheckLtvDoc(String outFileName, String tsSigName)
{
PdfDocument outDocument = new PdfDocument(new PdfReader(destinationFolder + outFileName));
PdfDictionary dssDict = outDocument.GetCatalog().GetPdfObject().GetAsDictionary(PdfName.DSS);
NUnit.Framework.Assert.IsNotNull(dssDict);
NUnit.Framework.Assert.AreEqual(4, dssDict.Size());
outDocument.Close();
PadesSigTest.BasicCheckSignedDoc(destinationFolder + outFileName, tsSigName);
}
public virtual void PadesSignatureLevelLTATest01()
{
String outFileName = destinationFolder + "padesSignatureLevelLTATest01.pdf";
String srcFileName = sourceFolder + "signedPAdES-LT.pdf";
String tsaCertFileName = certsSrc + "tsCertRsa.p12";
X509Certificate[] tsaChain = Pkcs12FileHelper.ReadFirstChain(tsaCertFileName, password);
ICipherParameters tsaPrivateKey = Pkcs12FileHelper.ReadFirstKey(tsaCertFileName, password, password);
PdfSigner signer = new PdfSigner(new PdfReader(srcFileName), new FileStream(outFileName, FileMode.Create),
new StampingProperties().UseAppendMode());
TestTsaClient testTsa = new TestTsaClient(JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey);
signer.Timestamp(testTsa, "timestampSig1");
PadesSigTest.BasicCheckSignedDoc(destinationFolder + "padesSignatureLevelLTATest01.pdf", "timestampSig1");
}
public virtual void TimestampTest01()
{
String tsaCertFileName = certsSrc + "tsCertRsa.p12";
String srcFileName = sourceFolder + "helloWorldDoc.pdf";
String outFileName = destinationFolder + "timestampTest01.pdf";
X509Certificate[] tsaChain = Pkcs12FileHelper.ReadFirstChain(tsaCertFileName, password);
ICipherParameters tsaPrivateKey = Pkcs12FileHelper.ReadFirstKey(tsaCertFileName, password, password);
PdfSigner signer = new PdfSigner(new PdfReader(srcFileName), new FileStream(outFileName, FileMode.Create),
false);
TestTsaClient testTsa = new TestTsaClient(iText.IO.Util.JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey);
signer.Timestamp(testTsa, "timestampSig1");
PadesSigTest.BasicCheckSignedDoc(destinationFolder + "timestampTest01.pdf", "timestampSig1");
}
public virtual void CalcHashOnDocCreationThenDeferredSignTest01()
{
String input = sourceFolder + "helloWorldDoc.pdf";
String outFileName = destinationFolder + "calcHashOnDocCreationThenDeferredSignTest01.pdf";
String cmpFileName = sourceFolder + "cmp_calcHashOnDocCreationThenDeferredSignTest01.pdf";
// pre-calculate hash on creating pre-signed PDF
String sigFieldName = "DeferredSignature1";
PdfName filter = PdfName.Adobe_PPKLite;
PdfName subFilter = PdfName.Adbe_pkcs7_detached;
int estimatedSize = 8192;
PdfReader reader = new PdfReader(input);
MemoryStream baos = new MemoryStream();
PdfSigner signer = new PdfSigner(reader, baos, new StampingProperties());
signer.SetCertificationLevel(PdfSigner.CERTIFIED_NO_CHANGES_ALLOWED);
PdfSignatureAppearance appearance = signer.GetSignatureAppearance();
appearance.SetLayer2Text("Signature field which signing is deferred.").SetPageRect(new Rectangle(36, 600,
200, 100)).SetPageNumber(1);
signer.SetFieldName(sigFieldName);
SignDeferredTest.DigestCalcBlankSigner external = new SignDeferredTest.DigestCalcBlankSigner(filter, subFilter
);
signer.SignExternalContainer(external, estimatedSize);
byte[] docBytesHash = external.GetDocBytesHash();
byte[] preSignedBytes = baos.ToArray();
// sign the hash
String signCertFileName = certsSrc + "signCertRsa01.p12";
X509Certificate[] signChain = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password);
ICipherParameters signPrivateKey = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password);
byte[] cmsSignature = SignDocBytesHash(docBytesHash, signPrivateKey, signChain);
// fill the signature to the presigned document
SignDeferredTest.ReadySignatureSigner extSigContainer = new SignDeferredTest.ReadySignatureSigner(cmsSignature
);
PdfDocument docToSign = new PdfDocument(new PdfReader(new MemoryStream(preSignedBytes)));
FileStream outStream = new FileStream(outFileName, FileMode.Create);
PdfSigner.SignDeferred(docToSign, sigFieldName, outStream, extSigContainer);
docToSign.Close();
outStream.Dispose();
// validate result
PadesSigTest.BasicCheckSignedDoc(outFileName, sigFieldName);
NUnit.Framework.Assert.IsNull(new CompareTool().CompareVisually(outFileName, cmpFileName, destinationFolder
, null));
}
public virtual void SequentialSignOfFileWithAnnots()
{
String signCertFileName = certsSrc + "signCertRsa01.p12";
String outFileName = destinationFolder + "sequentialSignOfFileWithAnnots.pdf";
String srcFileName = sourceFolder + "signedWithAnnots.pdf";
X509Certificate[] signChain = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password);
ICipherParameters signPrivateKey = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password);
IExternalSignature pks = new PrivateKeySignature(signPrivateKey, DigestAlgorithms.SHA256);
String signatureName = "Signature2";
PdfSigner signer = new PdfSigner(new PdfReader(srcFileName), new FileStream(outFileName, FileMode.Create),
new StampingProperties().UseAppendMode());
signer.SetFieldName(signatureName);
signer.GetSignatureAppearance().SetPageRect(new Rectangle(50, 350, 200, 100)).SetReason("Test").SetLocation
("TestCity").SetLayer2Text("Approval test signature.\nCreated by iText7.");
signer.SignDetached(pks, signChain, null, null, null, 0, PdfSigner.CryptoStandard.CADES);
PadesSigTest.BasicCheckSignedDoc(outFileName, signatureName);
}
public virtual void SecondSignOfTaggedDocTest()
{
String signCertFileName = certsSrc + "signCertRsa01.p12";
String outFileName = destinationFolder + "secondSignOfTagged.pdf";
String srcFileName = sourceFolder + "taggedAndSignedDoc.pdf";
X509Certificate[] signChain = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password);
ICipherParameters signPrivateKey = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password);
IExternalSignature pks = new PrivateKeySignature(signPrivateKey, DigestAlgorithms.SHA256);
String signatureName = "Signature2";
PdfSigner signer = new PdfSigner(new PdfReader(srcFileName), new FileStream(outFileName, FileMode.Create),
new StampingProperties().UseAppendMode());
PdfDocument document = signer.GetDocument();
document.GetWriter().SetCompressionLevel(CompressionConstants.NO_COMPRESSION);
signer.SetFieldName(signatureName);
PdfSignatureAppearance appearance = signer.GetSignatureAppearance();
appearance.SetPageNumber(1);
signer.GetSignatureAppearance().SetPageRect(new Rectangle(50, 550, 200, 100)).SetReason("Test2").SetLocation
("TestCity2").SetLayer2Text("Approval test signature #2.\nCreated by iText7.");
signer.SignDetached(pks, signChain, null, null, null, 0, PdfSigner.CryptoStandard.CADES);
PadesSigTest.BasicCheckSignedDoc(outFileName, "Signature1");
PadesSigTest.BasicCheckSignedDoc(outFileName, "Signature2");
using (PdfDocument twiceSigned = new PdfDocument(new PdfReader(outFileName))) {
using (PdfDocument resource = new PdfDocument(new PdfReader(srcFileName))) {
float resourceStrElemNumber = resource.GetStructTreeRoot().GetPdfObject().GetAsArray(PdfName.K).GetAsDictionary
(0).GetAsArray(PdfName.K).Size();
float outStrElemNumber = twiceSigned.GetStructTreeRoot().GetPdfObject().GetAsArray(PdfName.K).GetAsDictionary
(0).GetAsArray(PdfName.K).Size();
// Here we assert the amount of objects in StructTreeRoot in resource file and twice signed file
// as the original signature validation failed by Adobe because of struct tree change. If the fix
// would make this tree unchanged, then the assertion should be adjusted with comparing the tree of
// objects in StructTreeRoot to ensure that it won't be changed.
NUnit.Framework.Assert.AreNotEqual(resourceStrElemNumber, outStrElemNumber);
}
}
}
public virtual void DeferredHashCalcAndSignTest01()
{
String srcFileName = sourceFolder + "templateForSignCMSDeferred.pdf";
String outFileName = destinationFolder + "deferredHashCalcAndSignTest01.pdf";
String cmpFileName = sourceFolder + "cmp_deferredHashCalcAndSignTest01.pdf";
String signCertFileName = certsSrc + "signCertRsa01.p12";
X509Certificate[] signChain = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password);
ICipherParameters signPrivateKey = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password);
IExternalSignatureContainer extSigContainer = new SignDeferredTest.CmsDeferredSigner(signPrivateKey, signChain
);
String sigFieldName = "DeferredSignature1";
PdfDocument docToSign = new PdfDocument(new PdfReader(srcFileName));
FileStream outStream = new FileStream(outFileName, FileMode.Create);
PdfSigner.SignDeferred(docToSign, sigFieldName, outStream, extSigContainer);
docToSign.Close();
outStream.Dispose();
// validate result
PadesSigTest.BasicCheckSignedDoc(outFileName, sigFieldName);
NUnit.Framework.Assert.IsNull(new CompareTool().CompareVisually(outFileName, cmpFileName, destinationFolder
, null));
}
public virtual void PadesSignatureLevelTTest01()
{
String outFileName = destinationFolder + "padesSignatureLevelTTest01.pdf";
String srcFileName = sourceFolder + "helloWorldDoc.pdf";
String signCertFileName = certsSrc + "signCertRsa01.p12";
String tsaCertFileName = certsSrc + "tsCertRsa.p12";
X509Certificate[] signRsaChain = Pkcs12FileHelper.ReadFirstChain(signCertFileName, password);
ICipherParameters signRsaPrivateKey = Pkcs12FileHelper.ReadFirstKey(signCertFileName, password, password);
IExternalSignature pks = new PrivateKeySignature(signRsaPrivateKey, DigestAlgorithms.SHA256);
X509Certificate[] tsaChain = Pkcs12FileHelper.ReadFirstChain(tsaCertFileName, password);
ICipherParameters tsaPrivateKey = Pkcs12FileHelper.ReadFirstKey(tsaCertFileName, password, password);
PdfSigner signer = new PdfSigner(new PdfReader(srcFileName), new FileStream(outFileName, FileMode.Create),
new StampingProperties());
signer.SetFieldName("Signature1");
signer.GetSignatureAppearance().SetPageRect(new Rectangle(50, 650, 200, 100)).SetReason("Test").SetLocation
("TestCity").SetLayer2Text("Approval test signature.\nCreated by iText7.");
TestTsaClient testTsa = new TestTsaClient(JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey);
signer.SignDetached(pks, signRsaChain, null, null, testTsa, 0, PdfSigner.CryptoStandard.CADES);
PadesSigTest.BasicCheckSignedDoc(destinationFolder + "padesSignatureLevelTTest01.pdf", "Signature1");
}