I want to export all the Functional CIs from a Specific Person. In the web-interface I can just click the wrench-icon and click export to csv, but when I try to do this with a link, it gets a bit more complicated. basically I'm trying to download this View:
or in text:
"FunctionalCI->Typ","FunctionalCI->Name","ID (Primärer Schlüssel)","Voller Name (Friendly Name)","Kontakt","Kontakt->Name","Kontakt->Voller Name (Friendly Name)","Kontakt->Typ","Kontakt->Obsolet","Kontakt->Organisation","Kontakt->Organisation","Kontakt->Email"
"Peripheriegerät","USBKI08018",3747,"3090 795",795,"Sample","Ex Sample","Person",Nein,6,"oragnisation","ex.sample#email.com"
"PC","FUJIQ58003",3395,"3837 795",795,"Sample","Ex Sample","Person",Nein,6,"oragnisation","ex.sample#email.com"
"Peripheriegerät","M056-1907",3432,"3898 795",795,"Sample","Ex Sample","Person",Nein,6,"oragnisation","ex.sample#email.com"
"Peripheriegerät","YUBIKEY013",3632,"3990 795",795,"Sample","Ex Sample","Person",Nein,6,"oragnisation","ex.sample#email.com"
"Peripheriegerät","MSDOCK102",4900,"4555 795",795,"Sample","Ex Sample","Person",Nein,6,"oragnisation","ex.sample#email.com"
"PC","MSSURL348",4895,"4663 795",795,"Sample","Ex Sample","Person",Nein,6,"oragnisation","ex.sample#email.com"
"Peripheriegerät","HEADSET431",6072,"5764 795",795,"Sample","Ex Sample","Person",Nein,6,"oragnisation","ex.sample#email.com"
I have tried multiple OQL's, but I can't get the user to link with its CIs. This is what I have tried:
https://itop.tirvers.at/itop/webservices/export-v2.php?expression=SELECT Person WHERE Person.friendlyname LIKE 'Ex Sample%'&fields=friendlyname, name, status, id&format=csv
This link actually works, but it only gives me more information about the person, which is not what I need. The next thing I tried was:
https://itop.tirvers.at/itop/webservices/export-v2.php?expression=SELECT FunctionalCI WHERE FunctionalCI.name LIKE 'FUJIQ58003%'&fields=id&format=csv
which also works, but, again, only yields more information about the FunctionalCI, which is not what I need.
With a bit of tinkering I got all the classes of the Server:
AsyncTask, AsyncSendEmail, DBProperty, CMDBChange, CMDBChangeOp, CMDBChangeOpCreate,
CMDBChangeOpDelete, CMDBChangeOpSetAttribute, CMDBChangeOpSetAttributeScalar,
CMDBChangeOpSetAttributeTagSet, CMDBChangeOpSetAttributeURL, CMDBChangeOpSetAttributeBlob,
CMDBChangeOpSetAttributeOneWayPassword, CMDBChangeOpSetAttributeEncrypted,
CMDBChangeOpSetAttributeText, CMDBChangeOpSetAttributeLongText, CMDBChangeOpSetAttributeHTML,
CMDBChangeOpSetAttributeCaseLog, CMDBChangeOpPlugin, CMDBChangeOpSetAttributeLinks,
CMDBChangeOpSetAttributeLinksAddRemove, CMDBChangeOpSetAttributeLinksTune,
CMDBChangeOpSetAttributeCustomFields, AuditCategory, AuditRule, Query, QueryOQL,
ModuleInstallation, ExtensionInstallation,
UserDashboard, Shortcut, ShortcutOQL, appUserPreferences, User, UserInternal, Event,
EventNotification, EventNotificationEmail, EventIssue, EventWebService, EventRestService,
EventLoginUsage,
EventOnObject, Action, ActionNotification, ActionEmail, Trigger, TriggerOnObject,
TriggerOnPortalUpdate, TriggerOnStateChange, TriggerOnStateEnter, TriggerOnStateLeave,
TriggerOnObjectCreate,
TriggerOnObjectDelete, TriggerOnObjectUpdate, lnkTriggerAction, TriggerOnThresholdReached,
BulkExportResult, iTopOwnershipToken, TagSetFieldData, SynchroDataSource, SynchroAttribute,
SynchroAttExtKey,
SynchroAttLinkSet, SynchroLog, SynchroReplica, BackgroundTask, InlineImage, KeyValueStore,
UserExternal, UserLDAP, UserLocal, EmailReplica, TriggerOnMailUpdate, MailInboxBase,
Attachment,
CMDBChangeOpAttachmentAdded, CMDBChangeOpAttachmentRemoved, Organization, Location, Contact,
Person, Team, Document, DocumentFile, DocumentNote, DocumentWeb, FunctionalCI, PhysicalDevice,
ConnectableCI, DatacenterDevice, NetworkDevice, Server, ApplicationSolution, BusinessProcess,
SoftwareInstance, Middleware, DBServer, WebServer, PCSoftware, OtherSoftware,
MiddlewareInstance,
DatabaseSchema, WebApplication, Software, Patch, OSPatch, SoftwarePatch, Licence, OSLicence,
SoftwareLicence, lnkDocumentToLicence, Typology, OSVersion, OSFamily, DocumentType,
ContactType,
Brand, Model, NetworkDeviceType, IOSVersion, lnkDocumentToPatch,
lnkSoftwareInstanceToSoftwarePatch, lnkFunctionalCIToOSPatch, lnkDocumentToSoftware,
lnkContactToFunctionalCI,
lnkDocumentToFunctionalCI, Subnet, VLAN, lnkSubnetToVLAN, NetworkInterface, IPInterface,
PhysicalInterface, lnkPhysicalInterfaceToVLAN, lnkConnectableCIToNetworkDevice,
lnkApplicationSolutionToFunctionalCI, lnkApplicationSolutionToBusinessProcess, l
InkPersonToTeam, Group, lnkGroupToCI, Rack, Enclosure, PowerConnection, PowerSource, PDU, PC,
Printer,
TelephonyCI, Phone, MobilePhone, IPPhone, Tablet, Peripheral, MailInboxStandard,
StorageSystem, SANSwitch, TapeLibrary, NAS, FiberChannelInterface, Tape, NASFileSystem,
LogicalVolume,
lnkServerToVolume, lnkSanToDatacenterDevice, Ticket, lnkContactToTicket,
lnkFunctionalCIToTicket, WorkOrder, VirtualDevice, VirtualHost, Hypervisor, Farm,
VirtualMachine, LogicalInterface,
AbstractResource, ResourceAdminMenu, ResourceRunQueriesMenu, ResourceSystemMenu,
lnkVirtualDeviceToVolume, Change, RoutineChange, ApprovedChange, NormalChange,
EmergencyChange, Incident,
KnownError, lnkErrorToFunctionalCI, lnkDocumentToError, FAQ, TagSetFieldDataFor_FAQ__domains,
FAQCategory, Problem, UserRequest, ContractType, Contract, CustomerContract, ProviderContract,
lnkContactToContract, lnkContractToDocument, lnkFunctionalCIToProviderContract, ServiceFamily,
Service, lnkDocumentToService, lnkContactToService, ServiceSubcategory, SLA, SLT, lnkSLAToSLT,
lnkCustomerContractToService, lnkProviderContractToService, lnkFunctionalCIToService,
DeliveryModel, lnkDeliveryModelToContact, CoverageWindowInterval, Holiday, HolidayCalendar,
CoverageWindow, URP_Profiles, URP_UserProfile, URP_UserOrg
as well as the Person filter codes:
finalclass, friendlyname, obsolescence_flag, name, status, org_id, org_id_friendlyname,
org_id_obsolescence_flag, org_name, email, phone, notify, function, first_name, employee_number,
mobile_phone, location_id, location_id_friendlyname, location_id_obsolescence_flag,
location_name, manager_id, manager_id_friendlyname, manager_id_obsolescence_flag,
manager_name, obsolescence_date, id
and the FunctionalCI filter codes:
finalclass, friendlyname, obsolescence_flag, obsolescence_date, name, description, org_id, org_id_friendlyname, org_id_obsolescence_flag, organization_name, business_criticity, move2production, id
And this is the Web-view of a Person:
I don't know if this information is helpful, but it's all I've got.
The downloaded information (csv) would then be processed with python and exported to pdf.
I'm new to Itop-OQL and everything I know about it is from this page: https://www.itophub.io/wiki/page?id=2_4_0%3Aoql%3Aexample. I'm sorry if I made some stupid mistakes or the solution to this problem is super simple!
Context
Functional CIs of a Person are represented as an "indirect linkedset" in iTop, which means that there is an intermediate class in between to store the relation and any data that it would contain (eg. the "role" in the Person / Team link).
The class corresponding to this specific link is named lnkContactToFunctionalCI, you can find it in the "Datamodel viewer" (here is what it looks like on the online demo, use admin/admin credentials) which is in the "Administration" menu. It displays all classes linked to a specific class.
Solution
You should try with an OQL query like SELECT lnkContactToFunctionalCI WHERE contact_id_friendlyname LIKE 'Ex Sample%'
I am using a smart card that is signing a SHA-1 hash of a document, and compute a 256 bytes digital signature.
I am using the code posted on this question - iText signing PDF using external signature with smart card.
My problem is that I get the error:" The document has been altered or corrupted since the signature was applied".
I am using a GUI to create the hash and then send the signed 256 bytes that is computed on the card to the signing functions .
Here is my code:
hash creating code of filepath pdf document:
SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider();
SHA256 sha2 = SHA256.Create();
//sha2.ComputeHash
byte[] pdfBytes = System.IO.File.ReadAllBytes(filePath);
byte[] hash = null;
hash= sha1.ComputeHash(pdfBytes);
the above code is used in one of the GUI functions to create the hash of the document
namespace EIDSmartCardSign
{
class PdfSignature
{
private string outputPdfPath;
private string certPath;
byte[] messageDigest;
private string inputPdfPath;
public PdfSignature(byte[] messageDigest, string inputPdfPath,string outputPdfPath)
{
this.messageDigest = messageDigest;
this.outputPdfPath = outputPdfPath;
this.inputPdfPath = inputPdfPath;
}
public void setCertPath(string certPath)
{
this.certPath = certPath;
}
public void signPdf()
{
X509Certificate2 cert = new X509Certificate2();
cert.Import(certPath); // .cer file certificate obtained from smart card
X509CertificateParser certParse = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[1] ;
chain[0] = certParse.ReadCertificate(cert.RawData);
X509Certificate2[] certs;
PdfReader reader = new PdfReader(inputPdfPath);
FileStream fout = new FileStream(outputPdfPath,FileMode.Create);
PdfStamper stamper = PdfStamper.CreateSignature(reader, fout, '\0',null,true);
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.SignatureCreator = "Me";
appearance.Reason = "Testing iText";
appearance.Location = "On my Laptop";
iTextSharp.text.Rectangle rec = new iTextSharp.text.Rectangle(50, 50, 250, 100);
appearance.SetVisibleSignature(rec, 1, "Signature");
IExternalSignature extSignature= new MyExternalSignature("SHA-1",this.messageDigest);
MakeSignature.SignDetached(appearance, extSignature, chain, null, null, null, 0, CryptoStandard.CMS);
//MakeSignature.
}
}
}
Your hash creating function
SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider();
SHA256 sha2 = SHA256.Create();
//sha2.ComputeHash
byte[] pdfBytes = System.IO.File.ReadAllBytes(filePath);
byte[] hash = null;
hash = sha1.ComputeHash(pdfBytes);
calculates the wrong hash value.
Have a look at this answer on Information Security Stack Exchange, in particular the sketch
shows that to get the document bytes to sign you do not take the original PDF but instead have to prepare it for integrating the signature container (add signature field, field value with some space reserved for the signature container, and field visualization) and then hash all the bytes except the space reserved for the signature container.
Furthermore, even this naked hash is not the data to sign. Instead a set of attributes is built, one of them containing the document hash calculated as above, other ones containing references to the signer certificate etc., and these attributes are to be signed.
Thus, instead do what you already claimed to be doing:
I am using the code posted on this question - iText signing PDF using external signature with smart card.
In particular the code there does not sign the hash of the whole file but instead uses the data the method Sign of the IExternalSignature implementation receives as parameter which is constructed as explained above.
More details
In a comment the OP said
The card I am working with expects a 20 bytes hash.
20 bytes would be typical for a naked hash generated by either SHA1 or RIPEMD-160. According to your question text, I assume the former algorithm is used. (This by the way indicates that the context does not require a high security level as SHA1 effectively is already phased out or in the process of being phased out for such use cases.)
What steps are needed to further create this hash After hashing the contents of the pdf?
Simply do as in the IExternalSignature implementation in the question you referenced:
public virtual byte[] Sign(byte[] message) {
byte[] hash = null;
using (SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider())
{
hash = sha1.ComputeHash(message);
}
byte[] sig = MySC.GetSignature(hash);
return sig;
}
(Obviously chances are that your smart card signing routine is not called MySC.GetSignature and you have to replace that call accordingly...)
As your card appears to expect a naked hash value in contrast to the card of the OP of the referenced question, this should work for you.
Where can I find examples of creating the aformentioned integrated signature container?
In the examples to the iText white paper Digital Signatures for PDF Documents.
After the signature process, I have 256 bytes signed data, 3 .cer certificates exported from the card.
256 bytes signed data sounds like a naked signature generated using RSA or RSASSA-PSS with a 2048 bit key size.
That been said, you need the signer certificate before signing: In most relevant profiles the signed attributes have to contain a reference to the signer certificate. In the code in the question you referenced that signer certificate is handled here
public void StartTest(){
X509Certificate2 cert = new X509Certificate2();
cert.Import("cert.cer"); // certificate obtained from smart card
X509CertificateParser certParse = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { certParse.ReadCertificate(cert.RawData) };
[...]
MyMakeSignature.SignDetached(appearance, externalSignature, chain, null, null, tsc, 0, CryptoStandard.CADES);
In particular you have to identify the correct signer certificate among those three certificate your card returns; otherwise you might have the same issue as the OP in the referenced question.
How do I create the Contents object when I have all of this data?
Considering what you said about your use case, chances are good that you really merely have to use the code posted of the question iText signing PDF using external signature with smart card with minor adaptions.