using System;
using System.Collections.Generic;
using System.IO;

using pdftron;
using pdftron.Common;
using pdftron.PDF;
using pdftron.PDF.Annots;
using pdftron.SDF;
using pdftron.Crypto;

namespace DigitalSignaturesTestCS
{
	class Class1
	{
		static string input_path = "../../TestFiles/";
		static string output_path = "../../TestFiles/Output/";

		/// <summary>
		/// Create a new single paged PDF, add a digital signature field, sign it, time stamp it and add long term validation to the field and then save the PDF.
		/// </summary>
		/// <param name="in_approval_field_name">The name of the Digital Signature field to create</param>
		/// <param name="widget_rect">The location on `widget_page` where the Digital Signature Widget annotation will appear. This is the visible location of the field.</param>
		/// <param name="in_public_certificate_file_path">The public certificate of the `in_private_key_file_path` being used.</param>
		/// <param name="in_private_key_file_path">The private signing key (matches the public certificate of `in_public_certificate_file_path`)</param>
		/// <param name="in_keyfile_password">The password for `in_private_key_file_path`</param>
		/// <param name="in_appearance_img_path">The image to be used for the Widget</param>
		/// <param name="tsa_url">The URL of the Time Stamp Authority server you want to use</param>
		/// <param name="in_timestamp_authority_root_certificate_path">The root certificate for the TSA server at `tsa_url`</param>
		/// <param name="in_outpath">Where to save the newly created PDF</param>
		static void SignPDF(
			string in_approval_field_name,
			Rect widget_rect,
			string in_public_certificate_file_path,
			string in_private_key_file_path,
			string in_keyfile_password,
			string in_appearance_img_path,
			string tsa_url,
			string in_timestamp_authority_root_certificate_path,
			string in_outpath)
		{
			Console.Out.WriteLine("================================================================================");
			Console.Out.WriteLine("Signing PDF document");

			// create new, single page, PDF.
			using (PDFDoc doc = new PDFDoc())
			{
				var page = doc.PageCreate();
				doc.PagePushBack(page);

				// Create a digital signature field and associated widget.
				DigitalSignatureField digsig_field = doc.CreateDigitalSignatureField(in_approval_field_name);
				SignatureWidget widgetAnnot = SignatureWidget.Create(doc, widget_rect, digsig_field);
				Image img = Image.Create(doc, in_appearance_img_path);
				widgetAnnot.CreateSignatureAppearance(img);
				page.AnnotPushBack(widgetAnnot);

				// Create a digital signature dictionary inside the digital signature field, in preparation for signing.
				digsig_field.CreateSigDictForCustomSigning("Adobe.PPKLite", DigitalSignatureField.SubFilterType.e_adbe_pkcs7_detached,
					8200); // For security reasons, set the contents size to a value greater than but as close as possible to the size you expect your final signature to be, in bytes.

				// Save the document incrementally to avoid invalidating any previous signatures.
				doc.Save(in_outpath, SDFDoc.SaveOptions.e_incremental);

				// Digest the relevant bytes of the document in accordance with ByteRanges surrounding the signature.
				byte[] pdf_digest = digsig_field.CalculateDigest(DigestAlgorithm.Type.e_sha256);

				byte[] in_pkcs12_buffer = File.ReadAllBytes(in_private_key_file_path);
				byte[] signature_value = DigitalSignatureField.SignDigest(pdf_digest, in_pkcs12_buffer, in_keyfile_password, false, DigestAlgorithm.Type.e_sha256);

				// Write the signature to the document.
				doc.SaveCustomSignature(signature_value, digsig_field, in_outpath);

				digsig_field = new DigitalSignatureField(doc.GetField(in_approval_field_name));

                // Add embedded timestamp to signature.
                TimestampingConfiguration tst_config = new TimestampingConfiguration(tsa_url);
                VerificationOptions opts = new VerificationOptions(VerificationOptions.SignatureVerificationSecurityLevel.e_compatibility_and_archiving);
                opts.AddTrustedCertificate(in_timestamp_authority_root_certificate_path);
                opts.AddTrustedCertificate(in_public_certificate_file_path);
                opts.EnableOnlineCRLRevocationChecking(true);

                // Add LTV
                VerificationResult timestampVerificationResult = digsig_field.Verify(opts);
                if (!digsig_field.EnableLTVOfflineVerification(timestampVerificationResult))
				{
					throw new Exception("Could not enable LTV for DocTimeStamp.");
				}
				// end LTV

                TimestampingResult result = digsig_field.GenerateContentsWithEmbeddedTimestamp(tst_config, opts);

                if (!result.GetStatus())
                {
                    throw new Exception(result.GetString());
                }
                doc.SaveCustomSignature(result.GetData(), digsig_field, in_outpath);
            }
		}
		
		private static pdftron.PDFNetLoader pdfNetLoader = pdftron.PDFNetLoader.Instance();
		static Class1() {}

		[STAThread]
		static void Main(string[] args)
		{
			PDFNet.Initialize(PDFTronLicense.Key);
			try
			{
				SignPDF(
					"PDFTronCertificationSig",
					new Rect(143, 287, 219, 306),
					input_path + "pdftron.cer",
					input_path + "pdftron.pfx",
					"password",
					input_path + "pdftron.bmp",
					"http://rfc3161timestamp.globalsign.com/advanced",
					input_path + "GlobalSignRootForTST.cer",
					output_path + "signed.pdf");
			}
			catch (Exception e)
			{
				Console.Error.WriteLine(e);
			}
			PDFNet.Terminate();
		}
	}
}