Beispiel #1
0
 internal SignerInfo(SignedCms signedCms, SafeLocalAllocHandle pbCmsgSignerInfo)
 {
     this.m_signedCms = signedCms;
     this.m_parentSignerInfo = (SignerInfo)null;
     this.m_encodedSignerInfo = (byte[])null;
     this.m_pbCmsgSignerInfo = pbCmsgSignerInfo;
     this.m_cmsgSignerInfo = (CAPI.CMSG_SIGNER_INFO)Marshal.PtrToStructure(pbCmsgSignerInfo.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_INFO));
 }
Beispiel #2
0
 internal SignerInfo(SignedCms signedCms, SignerInfo parentSignerInfo, byte[] encodedSignerInfo)
 {
     uint cbDecodedValue = 0U;
     SafeLocalAllocHandle decodedValue = SafeLocalAllocHandle.InvalidHandle;
     fixed (byte* numPtr = &encodedSignerInfo[0])
     {
         if (!CAPI.DecodeObject(new IntPtr(500L), new IntPtr((void*)numPtr), (uint)encodedSignerInfo.Length, out decodedValue, out cbDecodedValue))
             throw new CryptographicException(Marshal.GetLastWin32Error());
     }
     this.m_signedCms = signedCms;
     this.m_parentSignerInfo = parentSignerInfo;
     this.m_encodedSignerInfo = (byte[])encodedSignerInfo.Clone();
     this.m_pbCmsgSignerInfo = decodedValue;
     this.m_cmsgSignerInfo = (CAPI.CMSG_SIGNER_INFO)Marshal.PtrToStructure(decodedValue.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_INFO));
 }
 internal SignerInfoCollection(SignedCms signedCms)
 {
     uint num1 = 0U;
     uint num2 = (uint)Marshal.SizeOf(typeof(uint));
     SafeCryptMsgHandle cryptMsgHandle = signedCms.GetCryptMsgHandle();
     if (!CAPI.CAPISafe.CryptMsgGetParam(cryptMsgHandle, 5U, 0U, new IntPtr((void*)&num1), new IntPtr((void*)&num2)))
         throw new CryptographicException(Marshal.GetLastWin32Error());
     SignerInfo[] signerInfoArray = new SignerInfo[(IntPtr)num1];
     for (int index = 0; (long)index < (long)num1; ++index)
     {
         uint num3 = 0U;
         if (!CAPI.CAPISafe.CryptMsgGetParam(cryptMsgHandle, 6U, (uint)index, IntPtr.Zero, new IntPtr((void*)&num3)))
             throw new CryptographicException(Marshal.GetLastWin32Error());
         SafeLocalAllocHandle localAllocHandle = CAPI.LocalAlloc(0U, new IntPtr((long)num3));
         if (!CAPI.CAPISafe.CryptMsgGetParam(cryptMsgHandle, 6U, (uint)index, localAllocHandle, new IntPtr((void*)&num3)))
             throw new CryptographicException(Marshal.GetLastWin32Error());
         signerInfoArray[index] = new SignerInfo(signedCms, localAllocHandle);
     }
     this.m_signerInfos = signerInfoArray;
 }
 internal SignerInfoCollection(SignedCms signedCms, SignerInfo signerInfo)
 {
     SignerInfo[] signerInfoArray1 = new SignerInfo[0];
     int length = 0;
     int num = 0;
     foreach (CryptographicAttributeObject cryptographicAttributeObject in signerInfo.UnsignedAttributes)
     {
         if (cryptographicAttributeObject.Oid.Value == "1.2.840.113549.1.9.6")
             length += cryptographicAttributeObject.Values.Count;
     }
     SignerInfo[] signerInfoArray2 = new SignerInfo[length];
     foreach (CryptographicAttributeObject cryptographicAttributeObject in signerInfo.UnsignedAttributes)
     {
         if (cryptographicAttributeObject.Oid.Value == "1.2.840.113549.1.9.6")
         {
             for (int index = 0; index < cryptographicAttributeObject.Values.Count; ++index)
             {
                 AsnEncodedData asnEncodedData = cryptographicAttributeObject.Values[index];
                 signerInfoArray2[num++] = new SignerInfo(signedCms, signerInfo, asnEncodedData.RawData);
             }
         }
     }
     this.m_signerInfos = signerInfoArray2;
 }
Beispiel #5
0
        private void loadPolicy()
        {
            try
            {
                var client = new WebClient();
                byte[] data = null;

                try
                {
                    string trustedlistdata = FZRegistry.get("trustedlist.p7m");
                    if (trustedlistdata == null) throw new Exception("Dont have trusted list");
                    string[] trustedlistdataarr = trustedlistdata.Split(';');
                    data = Convert.FromBase64String(trustedlistdataarr[1]);
                    if (long.Parse(trustedlistdataarr[0]) < DateTime.Now.Ticks - (long) 24*3600*10000000) {
                        throw new Exception("Trusted list is too old");
                    }
                }
                catch{
                    byte[] data2 = client.DownloadData("http://www.nbusr.sk/ipublisher/files/nbusr.sk/sign_policy/trustedlist.p7m");
                    if (data2 != null)
                    {
                        try
                        {

                            data = data2;
                            FZRegistry.set("trustedlist.p7m", DateTime.Now.Ticks.ToString() + ";" + Convert.ToBase64String(data2));
                        }
                        catch(Exception exc){
                            MessageBox.Show("Chyba v stiahnutom súbore trustedlist.p7m: "+exc.Message);
                        }
                    }
                }
                SignedCms signedCms = new SignedCms();
                signedCms.Decode(data);

                var stream = new StreamReader(new MemoryStream(signedCms.ContentInfo.Content),System.Text.Encoding.UTF8);
                string line = null;
                byte[] file = null;
                string notafter = "";
                string oid = "";
                string FieldOfApplication = "";
                ASNNode der = null;
                string web = "";
                while ((line = stream.ReadLine()) != null)
                {
                    if (line.Substring(0, 5) == "FILE=") {

                        try
                        {
                            web = line.Substring(5);

                        }
                        catch (Exception exc) {
                            MessageBox.Show(exc.Message);
                        }
                    }
                    if (line.Substring(0, 7) == "NOTICE=") {
                        foreach (string data1 in line.Substring(7).Split(',')) {
                            string data2 = data1;
                            data2 = data2.Trim();
                            if (data2.Substring(data2.Length - 8) == "NotAfter")
                            {
                                notafter = data2.Substring(0, data2.Length - 8).Trim();
                            }
                            if (data2.Substring(0, 4) == "OID=")
                            {
                                oid = data2.Substring(4).Trim();
                            }
                            if (data2.Substring(0, 19) == "FieldOfApplication=")
                            {
                                FieldOfApplication = data2.Substring(19).Trim();
                            }

                        }

                        // spracuj zaznam

                        try
                        {
                            if (web == "") throw new Exception("Failed to parse trustedlist.p7m file");
                            string name = web.Substring(web.LastIndexOf('/') + 1);
                            string created = name.Substring(0, 8);
                            var crdate = DateTime.ParseExact(created, "yyyyMMdd", System.Globalization.CultureInfo.InvariantCulture);
                            var todate = DateTime.ParseExact(notafter.Substring(0, 8), "yyyyMMdd", System.Globalization.CultureInfo.InvariantCulture);
                            if (crdate > DateTime.Now) continue;
                            if (todate < DateTime.Now) continue;

                            if (oid == "") {
                                oid = name.Substring(0, name.Length - 4);
                            }
                            if (oid == "") throw new Exception("Failed to parse trustedlist.p7m file. Missing oid.");
                            if (web.Substring(web.Length - ".der".Length) != ".der") continue;

                            if (!FZRegistry.isSet(oid + ".short.der"))
                            {
                                file = client.DownloadData(web);
                                //File.WriteAllBytes("d:/policy/" + name, file);
                                FZRegistry.set(oid+".der", Convert.ToBase64String(file));
                                //byte[] policy = createShortPolicy(file, false);
                                //FZRegistry.set(oid + ".short.der", Convert.ToBase64String(policy));
                                //File.WriteAllBytes("d:/policy/" + name + ".short.asn", policy);
                            }
                            else
                            {
                                //file = File.ReadAllBytes("d:/policy/" + name);
                                //byte[] policy = createShortPolicy(file, false);
                                //File.WriteAllBytes("d:/policy/" + name + ".short.asn", policy);
                            }
                            dataGridViewPolitiky.Rows.Add(new object[] { oid, FieldOfApplication, crdate.ToString("dd.mm.yyyy"), todate.ToString("dd.mm.yyyy") });

                            web = "";
                            oid = "";
                            FieldOfApplication = "";
                            notafter = "";

                        }
                        catch (Exception exc) {
                            MessageBox.Show(exc.Message);
                        }
                    }
                }
                    //File.WriteAllBytes("d:/test.txt", signedCms.ContentInfo.Content);
                //File.ReadAllLines()

            }
            catch (Exception exc) {
                MessageBox.Show("Chyba pri čítaní politiky: " + exc.Message);
            }

            //dataGridViewPolitiky.Rows.Add(new object[] { "policy1", "Zaručený elektronický podpis v súlade s legislatívou Slovenskej republiky.", "1.2.2010", "31.12.2010" });
            //dataGridViewPolitiky.Rows.Add(new object[] { "policy2", "Podpisová politika pre dokumenty podpísané ZEP v orgánoch štátnej správy.", "23.8.2010", "31.1.2014" });

            try
            {

                string sel = FZRegistry.get("savedPolicy");
                foreach(DataGridViewRow row in dataGridViewPolitiky.Rows){
                    if (row.Cells["id"].Value.ToString() == sel) row.Selected = true;
                }
            }
            catch { }
        }
 /// <summary>
 /// Verifies the PKINIT response from the KDC is signed and validates as expected.
 /// Throws <see cref="CryptographicException"/> if the KDC certificate cannot be validated.
 /// </summary>
 /// <param name="signed">The signed CMS message within the response</param>
 protected virtual void VerifyKdcSignature(SignedCms signed)
 {
     signed.CheckSignature(verifySignatureOnly: false);
 }
        internal static X509Certificate GetSignerCertificate(Stream stream)
        {
            stream.Seek(60, SeekOrigin.Begin);
            BinaryReader br = new BinaryReader(stream);
            int          peSignatureOffset = br.ReadInt32();
            int          checksumOffset    = peSignatureOffset + 24 + 64;

            // seek to the IMAGE_OPTIONAL_HEADER
            stream.Seek(peSignatureOffset + 24, SeekOrigin.Begin);
            int certificateTableDataDirectoryOffset;

            switch (br.ReadUInt16())
            {
            case IMAGE_NT_OPTIONAL_HDR32_MAGIC:
                certificateTableDataDirectoryOffset = peSignatureOffset + 24 + (64 + 4 * 8) + 8 * 4;
                break;

            case IMAGE_NT_OPTIONAL_HDR64_MAGIC:
                certificateTableDataDirectoryOffset = peSignatureOffset + 24 + (64 + 4 * 8 + 16) + 8 * 4;
                break;

            default:
                throw new BadImageFormatException();
            }
            stream.Seek(certificateTableDataDirectoryOffset, SeekOrigin.Begin);
            int certificateTableOffset = br.ReadInt32();
            int certificateTableLength = br.ReadInt32();

            stream.Seek(certificateTableOffset, SeekOrigin.Begin);
            int   dwLength         = br.ReadInt32();
            short wRevision        = br.ReadInt16();
            short wCertificateType = br.ReadInt16();

            if (wRevision != WIN_CERT_REVISION_2_0)
            {
                return(null);
            }
            if (wCertificateType != WIN_CERT_TYPE_PKCS_SIGNED_DATA)
            {
                return(null);
            }
            byte[] buf = br.ReadBytes(certificateTableLength - 8);

            SignedCms cms = new SignedCms();

            try
            {
                cms.Decode(buf);
                cms.CheckSignature(false);
            }
            catch (CryptographicException)
            {
                return(null);
            }
            SignerInfo signerInfo = cms.SignerInfos[0];

            int[]  offsets      = new int[] { checksumOffset, certificateTableDataDirectoryOffset, certificateTableOffset };
            int[]  lengths      = new int[] { 4, 8, certificateTableLength };
            byte[] actualHash   = ComputeHashWithSkip(stream, signerInfo.DigestAlgorithm.FriendlyName, offsets, lengths);
            byte[] requiredHash = DecodeASN1(cms.ContentInfo.Content, 0, 1, 1);

            if (requiredHash == null || actualHash.Length != requiredHash.Length)
            {
                return(null);
            }

            for (int i = 0; i < actualHash.Length; i++)
            {
                if (actualHash[i] != requiredHash[i])
                {
                    return(null);
                }
            }

            return(signerInfo.Certificate);
        }
Beispiel #8
0
        public static void AddFirstSigner_ECDSA(SubjectIdentifierType identifierType, bool detached, string digestOid)
        {
            ContentInfo contentInfo = new ContentInfo(new byte[] { 9, 8, 7, 6, 5 });
            SignedCms   cms         = new SignedCms(contentInfo, detached);

            using (X509Certificate2 signerCert = Certificates.ECDsaP256Win.TryGetCertificateWithPrivateKey())
            {
                CmsSigner signer = new CmsSigner(identifierType, signerCert);
                signer.IncludeOption   = X509IncludeOption.EndCertOnly;
                signer.DigestAlgorithm = new Oid(digestOid, digestOid);
                cms.ComputeSignature(signer);
            }

            Assert.Single(cms.SignerInfos);
            Assert.Single(cms.Certificates);

            int expectedVersion = identifierType == SubjectIdentifierType.SubjectKeyIdentifier ? 3 : 1;

            Assert.Equal(expectedVersion, cms.Version);

            SignerInfo firstSigner = cms.SignerInfos[0];

            Assert.Equal(identifierType, firstSigner.SignerIdentifier.Type);
            Assert.NotNull(firstSigner.Certificate);
            Assert.NotSame(cms.Certificates[0], firstSigner.Certificate);
            Assert.Equal(cms.Certificates[0], firstSigner.Certificate);

#if netcoreapp
            byte[] signature = firstSigner.GetSignature();
            Assert.NotEmpty(signature);
            // ECDSA PKIX signature format is a DER SEQUENCE.
            Assert.Equal(0x30, signature[0]);

            // ECDSA Oids are all under 1.2.840.10045.4.
            Assert.StartsWith("1.2.840.10045.4.", firstSigner.SignatureAlgorithm.Value);
#endif

            cms.CheckSignature(true);
            byte[] encoded = cms.Encode();

            cms = new SignedCms();
            cms.Decode(encoded);

            Assert.Single(cms.SignerInfos);
            Assert.Single(cms.Certificates);
            Assert.Equal(expectedVersion, cms.Version);
            Assert.Equal(identifierType, cms.SignerInfos[0].SignerIdentifier.Type);
            Assert.Equal(firstSigner.Certificate, cms.SignerInfos[0].Certificate);

#if netcoreapp
            byte[] sig2 = cms.SignerInfos[0].GetSignature();
            Assert.Equal(signature, sig2);
#endif

            if (detached)
            {
                Assert.Throws <CryptographicException>(() => cms.CheckSignature(true));
                cms = new SignedCms(contentInfo, detached);
                cms.Decode(encoded);
            }

            cms.CheckSignature(true);
        }
Beispiel #9
0
        private void GetSignature()
        {
            if (_vbaPart == null)
            {
                return;
            }
            var rel = _vbaPart.GetRelationshipsByType(schemaRelVbaSignature).FirstOrDefault();

            if (rel != null)
            {
                Uri  = PackUriHelper.ResolvePartUri(rel.SourceUri, rel.TargetUri);
                Part = _vbaPart.Package.GetPart(Uri);

                var          stream             = Part.GetStream();
                BinaryReader br                 = new BinaryReader(stream);
                uint         cbSignature        = br.ReadUInt32();
                uint         signatureOffset    = br.ReadUInt32(); //44 ??
                uint         cbSigningCertStore = br.ReadUInt32();
                uint         certStoreOffset    = br.ReadUInt32();
                uint         cbProjectName      = br.ReadUInt32();
                uint         projectNameOffset  = br.ReadUInt32();
                uint         fTimestamp         = br.ReadUInt32();
                uint         cbTimestampUrl     = br.ReadUInt32();
                uint         timestampUrlOffset = br.ReadUInt32();
                byte[]       signature          = br.ReadBytes((int)cbSignature);
                uint         version            = br.ReadUInt32();
                uint         fileType           = br.ReadUInt32();

                uint id = br.ReadUInt32();
                while (id != 0)
                {
                    uint encodingType = br.ReadUInt32();
                    uint length       = br.ReadUInt32();
                    if (length > 0)
                    {
                        byte[] value = br.ReadBytes((int)length);
                        switch (id)
                        {
                        //Add property values here...
                        case 0x20:
                            Certificate = new X509Certificate2(value);
                            break;

                        default:
                            break;
                        }
                    }
                    id = br.ReadUInt32();
                }
                uint   endel1 = br.ReadUInt32(); //0
                uint   endel2 = br.ReadUInt32(); //0
                ushort rgchProjectNameBuffer = br.ReadUInt16();
                ushort rgchTimestampBuffer   = br.ReadUInt16();
                Verifier = new SignedCms();
                Verifier.Decode(signature);
            }
            else
            {
                Certificate = null;
                Verifier    = null;
            }
        }
Beispiel #10
0
 //---------------------------------------
 //
 // PKCS
 //
 //---------------------------------------
 /// <summary>
 /// Checks if the given SignedCms object has signatures
 /// </summary>
 /// <param name="cms">Cms object</param>
 /// <returns>true if signatures present</returns>
 public static bool HasSignatures(this SignedCms cms)
 {
     return(!cms.SignerInfos.IsNullOrEmpty());
 }
        private static void TestParseDocument(
            ReadOnlyMemory <byte> tokenBytes,
            TimestampTokenTestData testData,
            int?expectedBytesRead)
        {
            int bytesRead;
            Rfc3161TimestampToken token;

            Assert.True(
                Rfc3161TimestampToken.TryDecode(tokenBytes, out token, out bytesRead),
                "Rfc3161TimestampToken.TryDecode");

            if (expectedBytesRead != null)
            {
                Assert.Equal(expectedBytesRead.Value, bytesRead);
            }

            Assert.NotNull(token);
            TimestampTokenInfoTests.AssertEqual(testData, token.TokenInfo);

            SignedCms signedCms = token.AsSignedCms();

            Assert.NotNull(signedCms);
            Assert.Equal(Oids.TstInfo, signedCms.ContentInfo.ContentType.Value);

            Assert.Equal(
                testData.TokenInfoBytes.ByteArrayToHex(),
                signedCms.ContentInfo.Content.ByteArrayToHex());

            if (testData.EmbeddedSigningCertificate != null)
            {
                Assert.NotNull(signedCms.SignerInfos[0].Certificate);

                Assert.Equal(
                    testData.EmbeddedSigningCertificate.Value.ByteArrayToHex(),
                    signedCms.SignerInfos[0].Certificate.RawData.ByteArrayToHex());

                // Assert.NoThrow
                signedCms.CheckSignature(true);
            }
            else
            {
                Assert.Null(signedCms.SignerInfos[0].Certificate);

                using (var signerCert = new X509Certificate2(testData.ExternalCertificateBytes))
                {
                    // Assert.NoThrow
                    signedCms.CheckSignature(
                        new X509Certificate2Collection(signerCert),
                        true);
                }
            }

            X509Certificate2           returnedCert;
            ReadOnlySpan <byte>        messageContentSpan = testData.MessageContent.Span;
            X509Certificate2Collection candidates         = null;

            if (testData.EmbeddedSigningCertificate != null)
            {
                Assert.True(
                    token.VerifySignatureForData(messageContentSpan, out returnedCert),
                    "token.VerifySignatureForData(correct)");

                Assert.NotNull(returnedCert);
                Assert.Equal(signedCms.SignerInfos[0].Certificate, returnedCert);
            }
            else
            {
                candidates = new X509Certificate2Collection
                {
                    new X509Certificate2(testData.ExternalCertificateBytes),
                };

                Assert.False(
                    token.VerifySignatureForData(messageContentSpan, out returnedCert),
                    "token.VerifySignatureForData(correct, no cert)");

                Assert.Null(returnedCert);

                Assert.True(
                    token.VerifySignatureForData(messageContentSpan, out returnedCert, candidates),
                    "token.VerifySignatureForData(correct, certs)");

                Assert.NotNull(returnedCert);
                Assert.Equal(candidates[0], returnedCert);
            }

            X509Certificate2 previousCert = returnedCert;

            Assert.False(
                token.VerifySignatureForData(messageContentSpan.Slice(1), out returnedCert, candidates),
                "token.VerifySignatureForData(incorrect)");

            Assert.Null(returnedCert);

            byte[] messageHash = testData.HashBytes.ToArray();

            Assert.False(
                token.VerifySignatureForHash(messageHash, HashAlgorithmName.MD5, out returnedCert, candidates),
                "token.VerifyHash(correct, MD5)");
            Assert.Null(returnedCert);

            Assert.False(
                token.VerifySignatureForHash(messageHash, new Oid(Oids.Md5), out returnedCert, candidates),
                "token.VerifyHash(correct, Oid(MD5))");
            Assert.Null(returnedCert);

            Assert.True(
                token.VerifySignatureForHash(messageHash, new Oid(testData.HashAlgorithmId), out returnedCert, candidates),
                "token.VerifyHash(correct, Oid(algId))");
            Assert.NotNull(returnedCert);
            Assert.Equal(previousCert, returnedCert);

            messageHash[0] ^= 0xFF;
            Assert.False(
                token.VerifySignatureForHash(messageHash, new Oid(testData.HashAlgorithmId), out returnedCert, candidates),
                "token.VerifyHash(incorrect, Oid(algId))");
            Assert.Null(returnedCert);
        }
Beispiel #12
0
        /// <summary>
        /// Extract a list of MIME parts from a multipart/* MIME encoded message.
        /// </summary>
        /// <param name="contentType">Content Type of the outermost MIME part.</param>
        /// <param name="charSet">Character set of the outermost MIME part.</param>
        /// <param name="contentTransferEncoding">Encoding of the outermost MIME part.</param>
        /// <param name="body">The outermost MIME part's contents.</param>
        /// <param name="depth">The nesting layer of this MIME part.</param>
        /// <param name="processingFlags">Flags determining whether specialized properties are returned with a MailMessage.</param>
        public static List <MimePart> ExtractMIMEParts(string contentType, string charSet, string contentTransferEncoding, string body, MailMessageProcessingFlags processingFlags, int depth)
        {
            List <MimePart> mimeParts = new List <MimePart>();

            string contentTypeToUpper = contentType.ToUpper();

            if (contentTypeToUpper.StartsWith("MULTIPART/"))
            {
                // Prepare to process each part of the multipart/* message.
                int cursor = 0;

                // Prepend and append to the body with a carriage return and linefeed for consistent boundary matching.
                body = "\r\n" + body + "\r\n";

                // Determine the outermost boundary name.
                string boundaryName       = Functions.ExtractMimeParameter(contentType, "boundary");
                int    boundaryNameLength = boundaryName.Length;

                // Variables used for record keeping with signed S/MIME parts.
                int           signatureBlock = -1;
                List <string> mimeBlocks     = new List <string>();

                cursor = body.IndexOf("\r\n--" + boundaryName, 0, StringComparison.Ordinal);
                while (cursor > -1)
                {
                    // Calculate the end boundary of the current MIME part.
                    int mimeStartPosition = cursor + boundaryNameLength + 4;
                    int mimeEndPosition   = body.IndexOf("\r\n--" + boundaryName, mimeStartPosition, StringComparison.Ordinal);
                    if (mimeEndPosition > -1 && (mimeEndPosition + boundaryNameLength + 6 <= body.Length))
                    {
                        string afterBoundaryEnd = body.Substring(mimeEndPosition + 4 + boundaryNameLength, 2);
                        if (afterBoundaryEnd == "\r\n" || afterBoundaryEnd == "--")
                        {
                            string mimeContents = body.Substring(mimeStartPosition, mimeEndPosition - mimeStartPosition);

                            // Extract the header portion of the current MIME part.
                            int    mimeDivider = mimeContents.IndexOf("\r\n\r\n");
                            string mimeHeaders, mimeBody;
                            if (mimeDivider > -1)
                            {
                                mimeHeaders = mimeContents.Substring(0, mimeDivider);
                                mimeBody    = mimeContents.Substring(mimeDivider + 4);
                            }
                            else
                            {
                                // The following is a workaround to handle malformed MIME bodies.
                                mimeHeaders = mimeContents;
                                mimeBody    = "";

                                int linePos = 0, lastLinePos = 0;
                                while (linePos > -1)
                                {
                                    lastLinePos = linePos;
                                    linePos     = mimeHeaders.IndexOf("\r\n", lastLinePos);
                                    if (linePos > -1)
                                    {
                                        string currentLine = mimeContents.Substring(lastLinePos, linePos - lastLinePos);
                                        if (currentLine.Length > 0 && currentLine.IndexOf(":") < 0)
                                        {
                                            mimeBody = mimeContents.Substring(lastLinePos + 2, mimeContents.Length - lastLinePos - 4);
                                            linePos  = -1;
                                        }
                                        else
                                        {
                                            linePos += 2;
                                        }
                                    }
                                }
                            }

                            mimeBlocks.Add(mimeContents);

                            // Divide the MIME part's headers into its components.
                            string mimeCharSet = "", mimeContentDisposition = "", mimeContentID = "", mimeContentType = "", mimeContentTransferEncoding = "", mimeFileName = "";
                            ExtractMimeHeaders(mimeHeaders, out mimeContentType, out mimeCharSet, out mimeContentTransferEncoding, out mimeContentDisposition, out mimeFileName, out mimeContentID);

                            string mimeContentTypeToUpper = mimeContentType.ToUpper();
                            if (mimeContentTypeToUpper.StartsWith("MULTIPART/"))
                            {
                                // Recurse through embedded MIME parts.
                                List <MimePart> returnedMIMEParts = ExtractMIMEParts(mimeContentType, mimeCharSet, mimeContentTransferEncoding, mimeBody, processingFlags, depth + 1);
                                foreach (MimePart returnedMIMEPart in returnedMIMEParts)
                                {
                                    mimeParts.Add(returnedMIMEPart);
                                }
                            }
                            else
                            {
                                // Keep track of whether this MIME part's body has already been processed.
                                bool processed = false;

                                if (mimeContentTypeToUpper.StartsWith("APPLICATION/PKCS7-SIGNATURE") || mimeContentTypeToUpper.StartsWith("APPLICATION/X-PKCS7-SIGNATURE"))
                                {
                                    // Unless a flag has been set to include this *.p7s block, exclude it from attachments.
                                    if ((processingFlags & MailMessageProcessingFlags.IncludeSmimeSignedData) == 0)
                                    {
                                        processed = true;
                                    }

                                    // Remember the signature block to use for later verification.
                                    signatureBlock = mimeBlocks.Count() - 1;
                                }
                                else if (mimeContentTypeToUpper.StartsWith("APPLICATION/PKCS7-MIME") || mimeContentTypeToUpper.StartsWith("APPLICATION/X-PKCS7-MIME"))
                                {
                                    // Unless a flag has been set to include this *.p7m block, exclude it from attachments.
                                    processed = (processingFlags & MailMessageProcessingFlags.IncludeSmimeEncryptedEnvelopeData) == 0;

                                    // Decrypt the MIME part and recurse through embedded MIME parts.
                                    List <MimePart> returnedMIMEParts = ReturnSmimeDecryptedMimeParts(mimeContentType, mimeContentTransferEncoding, mimeBody, processingFlags, depth + 1);
                                    if (returnedMIMEParts != null)
                                    {
                                        foreach (MimePart returnedMIMEPart in returnedMIMEParts)
                                        {
                                            mimeParts.Add(returnedMIMEPart);
                                        }
                                    }
                                    else
                                    {
                                        // If we were unable to decrypt, return this MIME part as-is.
                                        processed = false;
                                    }
                                }
                                else if (mimeContentTypeToUpper.StartsWith("APPLICATION/MS-TNEF") || mimeFileName.ToUpper() == "WINMAIL.DAT")
                                {
                                    // Process the TNEF encoded message.
                                    processed = true;
                                    TnefEncoding tnef = new TnefEncoding(Convert.FromBase64String(mimeBody));

                                    // If we were unable to extract content from this MIME, include it as an attachment.
                                    if ((tnef.Body.Length < 1 && tnef.MimeAttachments.Count < 1) || (processingFlags & MailMessageProcessingFlags.IncludeWinMailData) > 0)
                                    {
                                        processed = false;
                                    }
                                    else
                                    {
                                        // Unless a flag has been set to include this winmail.dat block, exclude it from attachments.
                                        if ((processingFlags & MailMessageProcessingFlags.IncludeWinMailData) > 0)
                                        {
                                            if (!string.IsNullOrEmpty(tnef.Body))
                                            {
                                                mimeParts.Add(new MimePart("winmail.dat", tnef.ContentType, "", "", mimeContentTransferEncoding, Encoding.UTF8.GetBytes(tnef.Body)));
                                            }
                                        }

                                        foreach (MimePart mimePart in tnef.MimeAttachments)
                                        {
                                            mimeParts.Add(mimePart);
                                        }
                                    }
                                }
                                else if (mimeContentTypeToUpper == "MESSAGE/RFC822")
                                {
                                    if ((processingFlags & MailMessageProcessingFlags.IncludeNestedRFC822Messages) > 0)
                                    {
                                        // Recurse through the RFC822 container.
                                        processed = true;

                                        mimeDivider = mimeBody.IndexOf("\r\n\r\n");
                                        if (mimeDivider > -1)
                                        {
                                            mimeHeaders = Functions.UnfoldWhitespace(mimeBody.Substring(0, mimeDivider));
                                            mimeBody    = mimeBody.Substring(mimeDivider + 4);

                                            mimeContentType             = Functions.ReturnBetween(mimeHeaders, "Content-Type:", "\r\n").Trim();
                                            mimeContentTransferEncoding = Functions.ReturnBetween(mimeHeaders, "Content-Transfer-Encoding:", "\r\n").Trim();
                                            mimeCharSet = Functions.ExtractMimeParameter(mimeContentType, "charset").Replace("\"", "");

                                            List <MimePart> returnedMIMEParts = ExtractMIMEParts(mimeContentType, mimeCharSet, mimeContentTransferEncoding, mimeBody, processingFlags, depth + 1);
                                            foreach (MimePart returnedMIMEPart in returnedMIMEParts)
                                            {
                                                mimeParts.Add(returnedMIMEPart);
                                            }
                                        }
                                    }
                                }

                                if (!processed)
                                {
                                    // Decode and add the message to the MIME parts collection.
                                    switch (mimeContentTransferEncoding.ToLower())
                                    {
                                    case "base64":
                                        mimeBody = mimeBody.Replace("\r\n", "");
                                        if (mimeBody.Length % 4 != 0)
                                        {
                                            mimeBody += new String('=', 4 - (mimeBody.Length % 4));
                                        }

                                        mimeParts.Add(new MimePart(mimeFileName, mimeContentType, mimeCharSet, mimeContentID, mimeContentTransferEncoding, Convert.FromBase64String(mimeBody)));
                                        break;

                                    case "quoted-printable":
                                        mimeParts.Add(new MimePart(mimeFileName, mimeContentType, mimeCharSet, mimeContentID, mimeContentTransferEncoding, Functions.FromQuotedPrintable(mimeBody, mimeCharSet, null)));
                                        break;

                                    case "binary":
                                    case "7bit":
                                    case "8bit":
                                    default:
                                        mimeParts.Add(new MimePart(mimeFileName, mimeContentType, mimeCharSet, mimeContentID, mimeContentTransferEncoding, mimeBody));
                                        break;
                                    }
                                }
                            }
                        }
                        cursor = mimeEndPosition;
                    }
                    else
                    {
                        cursor = -1;
                    }
                }

                // If a PKCS signature was found and there's one other MIME part, verify the signature.
                if (signatureBlock > -1 && mimeBlocks.Count == 2)
                {
                    // Verify the signature and track the signing certificates.
                    X509Certificate2Collection signingCertificates;
                    if (VerifySmimeSignature(mimeBlocks[signatureBlock], mimeBlocks[1 - signatureBlock], out signingCertificates))
                    {
                        // Stamp each MIME part found so far as signed, and if relevant, triple wrapped.
                        foreach (MimePart mimePart in mimeParts)
                        {
                            mimePart.SmimeSigningCertificates = signingCertificates;

                            if (mimePart.SmimeSigned && mimePart.SmimeEncryptedEnvelope)
                            {
                                mimePart.SmimeTripleWrapped = true;
                            }

                            mimePart.SmimeSigned = true;
                        }
                    }
                }
            }
            else if (contentTypeToUpper.StartsWith("APPLICATION/MS-TNEF"))
            {
                // Process the TNEF encoded message.
                TnefEncoding tnef = new TnefEncoding(Convert.FromBase64String(body));

                // Unless a flag has been set to include this winmail.dat block, exclude it from attachments.
                if ((processingFlags & MailMessageProcessingFlags.IncludeWinMailData) > 0)
                {
                    if (!string.IsNullOrEmpty(tnef.Body))
                    {
                        mimeParts.Add(new MimePart("winmail.dat", tnef.ContentType, "", "", "", Encoding.UTF8.GetBytes(tnef.Body)));
                    }
                }

                foreach (MimePart mimePart in tnef.MimeAttachments)
                {
                    mimeParts.Add(mimePart);
                }
            }
            else if (contentTypeToUpper.StartsWith("APPLICATION/PKCS7-MIME") || contentTypeToUpper.StartsWith("APPLICATION/X-PKCS7-MIME"))
            {
                // Don't attempt to decrypt if this is a signed message only.
                if (contentType.IndexOf("smime-type=signed-data") < 0)
                {
                    // Unless a flag has been set to include this *.p7m block, exclude it from attachments.
                    if ((processingFlags & MailMessageProcessingFlags.IncludeSmimeEncryptedEnvelopeData) > 0)
                    {
                        mimeParts.Add(new MimePart("smime.p7m", contentType, "", "", "", body));
                    }

                    // Decrypt the MIME part and recurse through embedded MIME parts.
                    List <MimePart> returnedMIMEParts = ReturnSmimeDecryptedMimeParts(contentType, contentTransferEncoding, body, processingFlags, depth + 1);
                    if (returnedMIMEParts != null)
                    {
                        foreach (MimePart returnedMIMEPart in returnedMIMEParts)
                        {
                            mimeParts.Add(returnedMIMEPart);
                        }
                    }
                    else
                    {
                        // If we were unable to decrypt the message, pass it along as-is.
                        mimeParts.Add(new MimePart(Functions.ReturnBetween(contentType + ";", "name=", ";").Replace("\"", ""), contentType, "", "", contentTransferEncoding, body));
                    }
                }
                else
                {
                    // Hydrate the signature CMS object.
                    SignedCms signedCms = new SignedCms();

                    try
                    {
                        // Attempt to decode the signature block and verify the passed in signature.
                        signedCms.Decode(Convert.FromBase64String(body));
                        signedCms.CheckSignature(true);

                        string mimeContents = Encoding.UTF8.GetString(signedCms.ContentInfo.Content);

                        int    mimeDivider = mimeContents.IndexOf("\r\n\r\n");
                        string mimeHeaders;
                        if (mimeDivider > -1)
                        {
                            mimeHeaders = mimeContents.Substring(0, mimeDivider);
                        }
                        else
                        {
                            mimeHeaders = mimeContents;
                        }

                        if (mimeHeaders.Length > 0)
                        {
                            // Extract the body portion of the current MIME part.
                            string mimeBody = mimeContents.Substring(mimeDivider + 4);

                            string mimeCharSet = "", mimeContentDisposition = "", mimeContentID = "", mimeContentType = "", mimeContentTransferEncoding = "", mimeFileName = "";
                            ExtractMimeHeaders(mimeHeaders, out mimeContentType, out mimeCharSet, out mimeContentTransferEncoding, out mimeContentDisposition, out mimeFileName, out mimeContentID);

                            List <MimePart> returnedMIMEParts = ExtractMIMEParts(mimeContentType, mimeCharSet, mimeContentTransferEncoding, mimeBody, processingFlags, depth + 1);
                            foreach (MimePart returnedMIMEPart in returnedMIMEParts)
                            {
                                mimeParts.Add(returnedMIMEPart);
                            }
                        }
                    }
                    catch
                    {
                        // If an exception occured, the signature could not be verified.
                    }
                }
            }
            else if (contentTypeToUpper == "MESSAGE/RFC822")
            {
                int mimeDivider = body.IndexOf("\r\n\r\n");
                if (mimeDivider > -1)
                {
                    string mimeHeaders = Functions.UnfoldWhitespace(body.Substring(0, mimeDivider));
                    string mimeBody    = body.Substring(mimeDivider + 4);

                    string mimeContentType             = Functions.ReturnBetween(mimeHeaders, "Content-Type:", "\r\n").Trim();
                    string mimeContentTransferEncoding = Functions.ReturnBetween(mimeHeaders, "Content-Transfer-Encoding:", "\r\n").Trim();
                    string mimeCharSet = Functions.ExtractMimeParameter(mimeContentType, "charset");

                    List <MimePart> returnedMIMEParts = ExtractMIMEParts(mimeContentType, mimeCharSet, mimeContentTransferEncoding, mimeBody, processingFlags, depth + 1);
                    foreach (MimePart returnedMIMEPart in returnedMIMEParts)
                    {
                        mimeParts.Add(returnedMIMEPart);
                    }
                }
            }
            else
            {
                // Decode the message.
                switch (contentTransferEncoding.ToLower())
                {
                case "base64":
                    body = Functions.FromBase64(body);
                    break;

                case "quoted-printable":
                    body = Functions.FromQuotedPrintable(body, charSet, null);
                    break;

                case "binary":
                case "7bit":
                case "8bit":
                    break;
                }

                // If we're beyond the first layer, process the MIME part.  Otherwise, the message isn't MIME encoded.
                if (depth > 0)
                {
                    // Extract the headers from this MIME part.
                    string mimeHeaders;
                    int    mimeDivider = body.IndexOf("\r\n\r\n");
                    if (mimeDivider > -1)
                    {
                        mimeHeaders = body.Substring(0, mimeDivider);
                    }
                    else
                    {
                        mimeHeaders = body;
                    }

                    // Divide the MIME part's headers into its components.
                    string mimeCharSet = "", mimeContentDisposition = "", mimeContentID = "", mimeContentType = "", mimeContentTransferEncoding = "", mimeFileName = "";
                    ExtractMimeHeaders(mimeHeaders, out mimeContentType, out mimeCharSet, out mimeContentTransferEncoding, out mimeContentDisposition, out mimeFileName, out mimeContentID);

                    // If this MIME part's content type is null, fall back to the overall content type.
                    if ((string.IsNullOrEmpty(mimeContentType) && !string.IsNullOrEmpty(contentType)) || (contentTypeToUpper.StartsWith("MESSAGE/PARTIAL")))
                    {
                        mimeCharSet     = charSet;
                        mimeContentType = contentType;
                    }
                    else
                    {
                        if (body.Length > (mimeDivider + 4))
                        {
                            body = body.Substring(mimeDivider + 4);
                        }
                        else
                        {
                            body = "";
                        }
                    }

                    // Add the message to the MIME parts collection.
                    mimeParts.Add(new MimePart(mimeFileName, mimeContentType, mimeCharSet, mimeContentID, mimeContentTransferEncoding, body));
                }
                else
                {
                    // If the content type contains a character set, extract it.
                    charSet = Functions.NormalizeCharSet(Functions.ExtractMimeParameter(contentType, "charset"));

                    int semicolonPos = contentType.IndexOf(";");
                    if (semicolonPos > -1)
                    {
                        contentType = contentType.Substring(0, semicolonPos);
                    }

                    // Add the message as-is.
                    mimeParts.Add(new MimePart("", contentType, charSet, "", contentTransferEncoding, body));
                }
            }

            return(mimeParts);
        }
Beispiel #13
0
        private bool signFile(string file, string outFile, string algoritmus, bool detached)
        {
            try
            {
                string saveTo = Path.GetDirectoryName(file);
                string tmpDir = FastZep.FastZepFolder + "tmp";
                if (lbValue == "") {
                    return false;
                }
                if (Directory.Exists(tmpDir))
                {
                    Directory.Delete(tmpDir, true);
                }
                Directory.CreateDirectory(tmpDir);

                string date = DateTime.Now.Subtract(TimeSpan.FromHours(1)).ToString("yyyyMMddHHmmss") + "Z";

                Directory.CreateDirectory(tmpDir + "\\D" + date + "\\Policy\\");
                string certFile = tmpDir + "\\D" + date + "\\Policy\\P" + date + ".der";
                string sigFile = tmpDir + "\\D" + date + "\\S" + date + ".p7s";

                string emlFile = tmpDir + "\\D" + date + "\\M" + date + ".eml";
                Directory.CreateDirectory(tmpDir + "\\D" + date + "\\");
                TextWriter eml = new StreamWriter(emlFile);
                eml.WriteLine("MIME-Version: 1.0");
                eml.WriteLine("Content-Type: " + MimeType(file));
                eml.WriteLine("Content-Transfer-Encoding: base64");
                eml.WriteLine("Content-Disposition: filename=\"" + Path.GetFileName(file) + "\"");
                eml.WriteLine();
                FileStream fs = new FileStream(file, FileMode.Open);
                byte[] filebytes = new byte[fs.Length];
                fs.Read(filebytes, 0, Convert.ToInt32(fs.Length));
                string encodedData = Convert.ToBase64String(filebytes, Base64FormattingOptions.InsertLineBreaks);
                eml.Write(encodedData);
                eml.Close();
                fs.Close();

                byte[] buffer = File.ReadAllBytes(emlFile);
                ContentInfo contentInfo = new ContentInfo(buffer);
                X509Store store = new X509Store();
                store.Open(OpenFlags.ReadOnly);
                X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySerialNumber, lbValue, false);
                int i = 0;
                foreach (X509Certificate2 cert in certs)
                {
                    i++;
                    SignedCms signedCms = new SignedCms(SubjectIdentifierType.IssuerAndSerialNumber, contentInfo, !detached);
                    CmsSigner cmsSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, cert);

                    cmsSigner.SignedAttributes.Add(new Pkcs9SigningTime());
                    cmsSigner.IncludeOption = X509IncludeOption.WholeChain;

                    ESSCertIDv2 cer2 = new ESSCertIDv2(cert);
                    X509Chain chain = new X509Chain();
                    chain.Build(cert);

                    /*

                    /**/

                    //cmsSigner.UnsignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.21", CertRefs.get(chain)));
                    //cmsSigner.UnsignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.22", CertCrls.get(chain)));
                    //cmsSigner.UnsignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.23", OtherCerts.get(chain)));
                    //cmsSigner.UnsignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.24", OtherCrls.get(chain)));
                    /**/
                    //cmsSigner.SignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.47", cer2.get()));
                    //cmsSigner.SignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.15", getPolicy(false)));

                    /**/
                    signedCms.ComputeSignature(cmsSigner, false);
                    File.WriteAllBytes(certFile, getPolicy(true));
                    File.WriteAllBytes(sigFile, signedCms.Encode());
                }
                if (i == 0)
                {
                    throw new Exception("Failed" + Marshal.GetLastWin32Error().ToString());
                }
                SignedCms signedCms2 = new SignedCms();

                byte[] encodedMessage = File.ReadAllBytes(sigFile);
                signedCms2.Decode(encodedMessage);

                BHI.Rats.RatsCompressionManager.Zip(tmpDir, outFile);
                Directory.Delete(tmpDir, true);
                return true;
            }
            catch (CryptographicException e)
            {
                var error = e.Message.ToString();
                if (error == "Unknown error \"-1073741275\".") {
                    error = "Nepodarilo sa načítať certifikát. odpojte a pripojte čítačku.";
                }
                if (error == "An internal error occurred.\r\n") {
                    error = "Došlo ku chybe pri podpisovaní. Pravdepodobne nemáte pripojený USB kľúč alebo čítačku kariet.";
                }
                Console.WriteLine("Signing failed: " + error.ToString());
                if (e.InnerException != null)
                {
                    Console.WriteLine("Inner Exception: " + e.InnerException.ToString());
                }
                MessageBox.Show(error, "Chyba pri podpisovaní", MessageBoxButtons.OK, MessageBoxIcon.Error);

            }catch (Exception exc)
            {
                MessageBox.Show(exc.Message + "\n" + Marshal.GetLastWin32Error().ToString(), "Chyba pri podpisovaní", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
            return false;
        }
Beispiel #14
0
        /// <summary>
        /// Decrypt (optionally) the given message and try to extract signatures
        /// </summary>
        bool DecryptSignatures(IncomingMessage message, X509Certificate2 certificate, out SignedCms signatures, out MimeEntity payload)
        {
            MimeEntity decryptedEntity = null;

            signatures = null;
            payload    = null;

            if (certificate != null)
            {
                decryptedEntity = m_cryptographer.DecryptEntity(message.GetEncryptedBytes(m_cryptographer), certificate);
            }
            else
            {
                decryptedEntity = message.Message;
            }
            if (decryptedEntity == null)
            {
                return(false);
            }

            if (SMIMEStandard.IsContentEnvelopedSignature(decryptedEntity.ParsedContentType))
            {
                signatures = m_cryptographer.DeserializeEnvelopedSignature(decryptedEntity);
                payload    = MimeSerializer.Default.Deserialize <MimeEntity>(signatures.ContentInfo.Content);
            }
            else if (SMIMEStandard.IsContentMultipartSignature(decryptedEntity.ParsedContentType))
            {
                SignedEntity signedEntity = SignedEntity.Load(decryptedEntity);
                signatures = m_cryptographer.DeserializeDetachedSignature(signedEntity);
                payload    = signedEntity.Content;
            }
            else
            {
                throw new AgentException(AgentError.UnsignedMessage);
            }

            return(true);
        }
        static void SendEncryptedEmail(

            string SigningCertPath, string EncryptingCertPath,

            string To, string From, string Subject, string Body,

            string SmtpServer, int SmtpPort, bool HTML)

        {
            X509Certificate2 SignCert = new X509Certificate2(SigningCertPath, "password");

            X509Certificate2 EncryptCert = new X509Certificate2(EncryptingCertPath, "");



            StringBuilder Message = new StringBuilder();

            Message.AppendLine("Content-Type: text/" + ((HTML) ? "html" : "plain") +

                               "; charset=\"iso-8859-1\"");

            Message.AppendLine("Content-Transfer-Encoding: 7bit");

            Message.AppendLine();

            Message.AppendLine(Body);



            byte[] BodyBytes = Encoding.ASCII.GetBytes(Message.ToString());



            EnvelopedCms ECms = new EnvelopedCms(new ContentInfo(BodyBytes));

            CmsRecipient Recipient = new CmsRecipient(

                SubjectIdentifierType.IssuerAndSerialNumber, EncryptCert);

            ECms.Encrypt(Recipient);

            byte[] EncryptedBytes = ECms.Encode();



            SignedCms Cms = new SignedCms(new ContentInfo(EncryptedBytes));

            CmsSigner Signer = new CmsSigner

                                   (SubjectIdentifierType.IssuerAndSerialNumber, SignCert);



            Cms.ComputeSignature(Signer);

            byte[] SignedBytes = Cms.Encode();



            MailMessage Msg = new MailMessage();

            Msg.To.Add(new MailAddress(To));

            Msg.From = new MailAddress(From);

            Msg.Subject = Subject;



            MemoryStream ms = new MemoryStream(EncryptedBytes);

            AlternateView av = new AlternateView(ms,

                                                 "application/pkcs7-mime; smime-type=signed-data;name=smime.p7m");

            Msg.AlternateViews.Add(av);



            SmtpClient smtp = new SmtpClient(SmtpServer, SmtpPort);

            smtp.UseDefaultCredentials = true;

            smtp.Send(Msg);
        }
Beispiel #16
0
        public static void EnsureDataIsolation_NewDocument(bool detached)
        {
            byte[]      contentBytes = { 9, 8, 7, 6, 5 };
            ContentInfo contentInfo  = new ContentInfo(contentBytes);
            SignedCms   cms          = new SignedCms(contentInfo, detached);

            SubjectIdentifierType firstType  = SubjectIdentifierType.IssuerAndSerialNumber;
            SubjectIdentifierType secondType = SubjectIdentifierType.SubjectKeyIdentifier;

            using (X509Certificate2 signerCert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey())
            {
                CmsSigner signer = new CmsSigner(firstType, signerCert);
                signer.SignedAttributes.Add(new Pkcs9SigningTime());
                cms.ComputeSignature(signer);
            }

            // CheckSignature doesn't read the public mutable data
            contentInfo.Content[0]       ^= 0xFF;
            contentInfo.ContentType.Value = Oids.Pkcs7Hashed;
            cms.CheckSignature(true);

            using (X509Certificate2 signerCert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey())
            {
                CmsSigner signer = new CmsSigner(secondType, signerCert);
                signer.SignedAttributes.Add(new Pkcs9SigningTime());

                // A second ComputeSignature uses the content value from the first one.
                cms.ComputeSignature(signer);
            }

            // They should have the same content digests.
            AsnEncodedData firstDigest = cms.SignerInfos[0].SignedAttributes
                                         .OfType <CryptographicAttributeObject>().First(cao => cao.Oid.Value == Oids.MessageDigest).Values[0];

            AsnEncodedData secondDigest = cms.SignerInfos[1].SignedAttributes
                                          .OfType <CryptographicAttributeObject>().First(cao => cao.Oid.Value == Oids.MessageDigest).Values[0];

            Assert.Equal(firstDigest.RawData.ByteArrayToHex(), secondDigest.RawData.ByteArrayToHex());

            byte[] encoded = cms.Encode();

            if (detached)
            {
                cms.Decode(encoded);

                // Because Decode leaves ContentInfo alone, and Decode resets the
                // "known" content, this will fail due to the tampered content.
                Assert.Throws <CryptographicException>(() => cms.CheckSignature(true));

                // So put it back.
                cms.ContentInfo.Content[0] ^= 0xFF;
            }

            cms.Decode(encoded);

            if (detached)
            {
                // And break it again.
                cms.ContentInfo.Content[0] ^= 0xFF;
            }

            // Destroy the content that just got decoded.
            encoded.AsSpan().Fill(0x55);
            cms.CheckSignature(true);
        }
Beispiel #17
0
        public static void EnsureExtraCertsAdded(bool newDocument)
        {
            SignedCms cms;

            if (newDocument)
            {
                ContentInfo data = new ContentInfo(new byte[] { 1, 2, 3 });
                cms = new SignedCms(data, false);
            }
            else
            {
                cms = new SignedCms();
                cms.Decode(SignedDocuments.OneDsa1024);
            }

            int preCount = cms.Certificates.Count;

            using (X509Certificate2 unrelated1 = Certificates.DHKeyAgree1.GetCertificate())
                using (X509Certificate2 unrelated1Copy = Certificates.DHKeyAgree1.GetCertificate())
                    using (X509Certificate2 unrelated2 = Certificates.RSAKeyTransfer2.GetCertificate())
                        using (X509Certificate2 unrelated3 = Certificates.RSAKeyTransfer3.GetCertificate())
                            using (X509Certificate2 signerCert = Certificates.RSAKeyTransferCapi1.TryGetCertificateWithPrivateKey())
                            {
                                var signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, signerCert);
                                signer.Certificates.Add(unrelated1);
                                signer.Certificates.Add(unrelated2);
                                signer.Certificates.Add(unrelated3);
                                signer.Certificates.Add(unrelated1Copy);
                                cms.ComputeSignature(signer);

                                bool ExpectCopyRemoved =
#if !netfx
                                    true
#else
                                    false
#endif
                                ;

                                int expectedAddedCount = 4;

                                if (!ExpectCopyRemoved)
                                {
                                    expectedAddedCount++;
                                }

                                // In .NET Framework adding (document) signers adds certificates at the end
                                // EXCEPT for the first signer, which triggers an internal Decode(Encode())
                                // which is only observable if there were multiple certificates.
                                int u1Idx;
                                int u1CopyIdx;
                                int u2Idx;
                                int u3Idx;
                                int sIdx;

                                if (newDocument)
                                {
                                    // These indicies are manually computable by observing the certificate sizes.
                                    // But they'll be stable unless a cert changes.
                                    u1Idx     = 3;
                                    u1CopyIdx = 4;
                                    u2Idx     = 0;
                                    u3Idx     = 1;
                                    sIdx      = 2;
                                }
                                else
                                {
                                    u1Idx     = 0;
                                    u1CopyIdx = 3;
                                    u2Idx     = 1;
                                    u3Idx     = 2;
                                    sIdx      = ExpectCopyRemoved ? 3 : 4;
                                }

                                X509Certificate2Collection certs = cms.Certificates;
                                Assert.Equal(preCount + expectedAddedCount, certs.Count);

                                Assert.Equal(unrelated1, certs[preCount + u1Idx]);
                                Assert.NotSame(unrelated1, certs[preCount + u1Idx]);

                                Assert.Equal(unrelated2, certs[preCount + u2Idx]);
                                Assert.NotSame(unrelated2, certs[preCount + u2Idx]);

                                Assert.Equal(unrelated3, certs[preCount + u3Idx]);
                                Assert.NotSame(unrelated3, certs[preCount + u3Idx]);

                                if (!ExpectCopyRemoved)
                                {
                                    Assert.Equal(unrelated1, certs[preCount + u1CopyIdx]);
                                    Assert.NotSame(unrelated1, certs[preCount + u1CopyIdx]);
                                }

                                Assert.Equal(signerCert, certs[preCount + sIdx]);
                                Assert.NotSame(signerCert, certs[preCount + sIdx]);
                            }

            cms.CheckSignature(true);
        }
Beispiel #18
0
        public static void AddSigner_DuplicateCert_RSA(bool skidFirst, bool detached)
        {
            ContentInfo contentInfo = new ContentInfo(new byte[] { 9, 8, 7, 6, 5 });
            SignedCms   cms         = new SignedCms(contentInfo, detached);

            SubjectIdentifierType first;
            SubjectIdentifierType second;
            int expectedInitialVersion;

            if (skidFirst)
            {
                first  = SubjectIdentifierType.SubjectKeyIdentifier;
                second = SubjectIdentifierType.IssuerAndSerialNumber;
                expectedInitialVersion = 3;
            }
            else
            {
                first  = SubjectIdentifierType.IssuerAndSerialNumber;
                second = SubjectIdentifierType.SubjectKeyIdentifier;
                expectedInitialVersion = 1;
            }

            byte[] firstEncoding;

            using (X509Certificate2 signerCert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey())
            {
                CmsSigner signer = new CmsSigner(first, signerCert);
                cms.ComputeSignature(signer);

                Assert.Single(cms.Certificates);
                Assert.Single(cms.SignerInfos);
                Assert.Equal(expectedInitialVersion, cms.Version);

                Assert.Equal(first, cms.SignerInfos[0].SignerIdentifier.Type);
                Assert.Equal(expectedInitialVersion, cms.SignerInfos[0].Version);

                firstEncoding = cms.Encode();

                CmsSigner signer2 = new CmsSigner(second, signerCert);
                cms.ComputeSignature(signer2);
            }

            Assert.Single(cms.Certificates);
            Assert.Equal(2, cms.SignerInfos.Count);

            // One of them is a V3 signer, so the whole document is V3.
#if netfx
            // Windows CMS computes the version on the first signer, and doesn't
            // seem to lift it on the second one.
            // It encoded the message as
            // SignedData.version=1,
            //   SignedData.SignerInfos[0].version=3
            //   SignedData.SignerInfos[1].version=1
            if (skidFirst)
            {
#endif
            Assert.Equal(3, cms.Version);
#if netfx
        }
#endif

            Assert.Equal(first, cms.SignerInfos[0].SignerIdentifier.Type);
            Assert.Equal(second, cms.SignerInfos[1].SignerIdentifier.Type);
            Assert.Equal(cms.SignerInfos[0].Certificate, cms.SignerInfos[1].Certificate);

            cms.CheckSignature(true);

            byte[] secondEncoding = cms.Encode();
            Assert.True(secondEncoding.Length > firstEncoding.Length);
        }
Beispiel #19
0
 public RepositoryPrimarySignature(SignedCms signedCms)
     : base(signedCms, SignatureType.Repository)
 {
     V3ServiceIndexUrl = AttributeUtility.GetNuGetV3ServiceIndexUrl(SignerInfo.SignedAttributes);
     PackageOwners     = AttributeUtility.GetNuGetPackageOwners(SignerInfo.SignedAttributes);
 }
        public static void AddCounterSigner_DSA()
        {
            SignedCms cms = new SignedCms();

            cms.Decode(SignedDocuments.RsaPkcs1OneSignerIssuerAndSerialNumber);
            Assert.Single(cms.Certificates);

            SignerInfo firstSigner = cms.SignerInfos[0];

            Assert.Empty(firstSigner.CounterSignerInfos);
            Assert.Empty(firstSigner.UnsignedAttributes);

            using (X509Certificate2 signerCert = Certificates.Dsa1024.TryGetCertificateWithPrivateKey())
            {
                CmsSigner signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, signerCert);
                signer.IncludeOption = X509IncludeOption.EndCertOnly;
                // Best compatibility for DSA is SHA-1 (FIPS 186-2)
                signer.DigestAlgorithm = new Oid(Oids.Sha1, Oids.Sha1);
                firstSigner.ComputeCounterSignature(signer);
            }

            Assert.Empty(firstSigner.CounterSignerInfos);
            Assert.Empty(firstSigner.UnsignedAttributes);

            SignerInfo firstSigner2 = cms.SignerInfos[0];

            Assert.Single(firstSigner2.CounterSignerInfos);
            Assert.Single(firstSigner2.UnsignedAttributes);

            Assert.Single(cms.SignerInfos);
            Assert.Equal(2, cms.Certificates.Count);

            SignerInfo counterSigner = firstSigner2.CounterSignerInfos[0];

            Assert.Equal(1, counterSigner.Version);

            // On NetFx there will be two attributes, because Windows emits the
            // content-type attribute even for counter-signers.
            int expectedCount = 1;

#if netfx
            expectedCount = 2;
#endif
            Assert.Equal(expectedCount, counterSigner.SignedAttributes.Count);
            Assert.Equal(Oids.MessageDigest, counterSigner.SignedAttributes[expectedCount - 1].Oid.Value);

            Assert.NotEqual(firstSigner2.Certificate, counterSigner.Certificate);
            Assert.Equal(2, cms.Certificates.Count);

#if netcoreapp
            byte[] signature = counterSigner.GetSignature();
            Assert.NotEmpty(signature);
            // DSA PKIX signature format is a DER SEQUENCE.
            Assert.Equal(0x30, signature[0]);
#endif

            cms.CheckSignature(true);
            byte[] encoded = cms.Encode();
            cms.Decode(encoded);
            cms.CheckSignature(true);
        }
Beispiel #21
0
 public TimestampInfo(byte[] timestampToken)
 {
     try
     {
         TimeStampToken timeStampToken = new TimeStampToken(new CmsSignedData(timestampToken));
         SignedCms      signedCm       = new SignedCms();
         signedCm.Decode(timestampToken);
         try
         {
             signedCm.CheckSignature(true);
             this.IsTimestampAltered = false;
         }
         catch
         {
             this.IsTimestampAltered = true;
         }
         this.TimestampToken = timestampToken;
         this.SignatureTime  = timeStampToken.TimeStampInfo.GenTime;
         try
         {
             this.TsaCertificate = signedCm.Certificates[signedCm.Certificates.Count - 1];
         }
         catch
         {
         }
         try
         {
             this.OriginalDataHash = timeStampToken.TimeStampInfo.GetMessageImprintDigest();
         }
         catch
         {
         }
         try
         {
             this.HashAlgorithm = new Oid(timeStampToken.TimeStampInfo.MessageImprintAlgOid);
         }
         catch
         {
         }
         try
         {
             this.Policy = new Oid(timeStampToken.TimeStampInfo.Policy);
         }
         catch
         {
         }
         try
         {
             this.Nonce = timeStampToken.TimeStampInfo.Nonce.ToString(10);
         }
         catch
         {
         }
         try
         {
             this.SerialNumber = timeStampToken.TimeStampInfo.SerialNumber.ToString(10);
         }
         catch
         {
         }
         try
         {
             this.TsaServerName = timeStampToken.TimeStampInfo.Tsa.Name.ToString();
         }
         catch
         {
         }
         this.Accuracy = new TimestampAccuracy();
         try
         {
             this.Accuracy.Seconds = timeStampToken.TimeStampInfo.Accuracy.Seconds.ToString();
         }
         catch
         {
         }
         try
         {
             this.Accuracy.Milliseconds = timeStampToken.TimeStampInfo.Accuracy.Millis.ToString();
         }
         catch
         {
         }
         try
         {
             this.Accuracy.Microseconds = timeStampToken.TimeStampInfo.Accuracy.Micros.ToString();
         }
         catch
         {
         }
     }
     catch
     {
     }
 }
        private static void AddSecondCounterSignature_NoSignature(bool withCertificate, bool addExtraCert)
        {
            X509Certificate2Collection certs;
            SignedCms cms = new SignedCms();

            cms.Decode(SignedDocuments.RsaPkcs1OneSignerIssuerAndSerialNumber);

            SignerInfo firstSigner = cms.SignerInfos[0];

            using (X509Certificate2 cert = Certificates.RSAKeyTransferCapi1.TryGetCertificateWithPrivateKey())
                using (X509Certificate2 cert2 = Certificates.DHKeyAgree1.GetCertificate())
                {
                    firstSigner.ComputeCounterSignature(
                        new CmsSigner(cert)
                    {
                        IncludeOption = X509IncludeOption.None,
                    });

                    CmsSigner counterSigner;

                    if (withCertificate)
                    {
                        counterSigner = new CmsSigner(SubjectIdentifierType.NoSignature, cert);
                    }
                    else
                    {
                        counterSigner = new CmsSigner(SubjectIdentifierType.NoSignature);
                    }

                    if (addExtraCert)
                    {
                        counterSigner.Certificates.Add(cert2);
                    }

                    firstSigner.ComputeCounterSignature(counterSigner);

                    certs = cms.Certificates;

                    if (addExtraCert)
                    {
                        Assert.Equal(2, certs.Count);
                        Assert.NotEqual(cert2.RawData, certs[0].RawData);
                        Assert.Equal(cert2.RawData, certs[1].RawData);
                    }
                    else
                    {
                        Assert.Equal(1, certs.Count);
                        Assert.NotEqual(cert2.RawData, certs[0].RawData);
                    }
                }

            Assert.ThrowsAny <CryptographicException>(() => cms.CheckSignature(true));
            cms.CheckHash();

            byte[] encoded = cms.Encode();
            cms = new SignedCms();
            cms.Decode(encoded);
            Assert.ThrowsAny <CryptographicException>(() => cms.CheckSignature(true));
            cms.CheckHash();

            firstSigner = cms.SignerInfos[0];
            firstSigner.CheckSignature(verifySignatureOnly: true);
            Assert.ThrowsAny <CryptographicException>(() => firstSigner.CheckHash());

            // The NoSignature CounterSigner sorts first.
            SignerInfo firstCounterSigner = firstSigner.CounterSignerInfos[0];

            Assert.Equal(SubjectIdentifierType.NoSignature, firstCounterSigner.SignerIdentifier.Type);
            Assert.ThrowsAny <CryptographicException>(() => firstCounterSigner.CheckSignature(true));

            if (PlatformDetection.IsFullFramework)
            {
                // NetFX's CheckHash only looks at top-level SignerInfos to find the
                // crypt32 CMS signer ID, so it fails on any check from a countersigner.
                Assert.ThrowsAny <CryptographicException>(() => firstCounterSigner.CheckHash());
            }
            else
            {
                firstCounterSigner.CheckHash();
            }

            certs = cms.Certificates;

            if (addExtraCert)
            {
                Assert.Equal(2, certs.Count);
                Assert.Equal("CN=DfHelleKeyAgreement1", certs[1].SubjectName.Name);
            }
            else
            {
                Assert.Equal(1, certs.Count);
            }

            Assert.Equal("CN=RSAKeyTransferCapi1", certs[0].SubjectName.Name);
        }
Beispiel #23
0
 /// <summary>
 /// Checks if the given SignedCms object has encapsulated content
 /// </summary>
 /// <param name="cms">Cms object</param>
 /// <returns>true if content present</returns>
 public static bool HasContent(this SignedCms cms)
 {
     return(cms.ContentInfo != null && !cms.ContentInfo.Content.IsNullOrEmpty());
 }
Beispiel #24
0
        private void overSubor(string file)
        {
            string tmpadr = FastZep.FastZepFolder + "verify";
            if(Directory.Exists(tmpadr)) Directory.Delete(tmpadr,true);
            Directory.CreateDirectory(tmpadr);
            try
            {
                BHI.Rats.RatsCompressionManager.Extract(file, tmpadr);
            }
            catch (Exception exc) {
                validity.Text = "Súbor nie je platný ZEP súbor. "+exc.Message;
                return;
            }
            dataGridView1.Rows.Clear();
            string myfileEml = "";
            string[] files = Directory.GetFiles(tmpadr, "*.eml", SearchOption.AllDirectories);
            if(files.Length > 0){
                myfileEml = files[0];
            }
            if (myfileEml != "")
            {
                bool indata = false;
                verifiedFileName = "";
                String data = "";
                foreach (string line in File.ReadAllLines(myfileEml))
                {
                    if (indata) { data += line; }
                    else
                    {
                        if (line.IndexOf("Content-Disposition:") >= 0)
                        {
                            int start = line.IndexOf("\"") + 1;
                            int last = line.IndexOf("\"", start + 1);
                            verifiedFileName = line.Substring(start, last - start);
                        }
                        if (line == "") indata = true;
                    }
                }
                if (verifiedFileName == "")
                {
                    validity.Text = "Nepodarilo sa extrahovať súbor!"; return;
                }
                File.WriteAllBytes(tmpadr + @"\" + verifiedFileName, Convert.FromBase64String(data));
            }

            SignedCms cms;
            if (myfileEml != "")
            {
                cms = new SignedCms(new ContentInfo(File.ReadAllBytes(myfileEml)), true);
            }
            else {
                cms = new SignedCms();
                if (cms.ContentInfo.Content.Length == 0) {
                    validity.Text = "Overovaný súbor neobsahuje žiadny podpísaný súbor!"; return;
                }
            }
            try
            {
                validity.Text = "Platný";
                foreach (string myfile in Directory.GetFiles(tmpadr, "*.p7s", SearchOption.AllDirectories))
                {
                    cms.Decode(File.ReadAllBytes(myfile));
                    cms.CheckHash();
                    cms.CheckSignature(true);
                    try
                    {
                        cms.CheckSignature(false);
                    }
                    catch (Exception exc) {
                        validity.Text = "Platný, ale nastali problémy s certifikátmi: " + exc.Message;
                    }
                    string signdate = "";

                    foreach (CryptographicAttributeObject atr in cms.SignerInfos[0].SignedAttributes)
                    {
                        //File.WriteAllBytes(@"C:\tmp\out\F" + atr.Oid.Value.ToString() + ".asn", atr.Values[0].RawData);
                        switch (atr.Oid.Value.ToString())
                        {
                            case "1.2.840.113549.1.9.3":
                                LipingShare.LCLib.Asn1Processor.Oid oid = new LipingShare.LCLib.Asn1Processor.Oid();

                                string oidstr = oid.Decode(atr.Values[0].RawData);
                                foreach (ASNNode node in ASNNode.parse(atr.Values[0].RawData))
                                {
                                    oidstr = oid.Decode(node.getValue());
                                }
                                string value = "";
                                if (oidstr == "1.2.840.113549.1.7.1") value = "Dáta (1.2.840.113549.1.7.1)";
                                if (oidstr == "1.2.840.113549.1.7.2") value = "Podpísané dáta (1.2.840.113549.1.7.2)";
                                if (oidstr == "1.2.840.113549.1.7.3") value = "Obalené dáta (1.2.840.113549.1.7.3)";
                                if (oidstr == "1.2.840.113549.1.7.4") value = "Podpísané a obalené dáta (1.2.840.113549.1.7.4)";
                                if (oidstr == "1.2.840.113549.1.7.5") value = "Zahašované dáta (1.2.840.113549.1.7.5)";
                                if (oidstr == "1.2.840.113549.1.7.6") value = "Zašifrované dáta (1.2.840.113549.1.7.6)";

                                dataGridView1.Rows.Add(new object[] { "1.2.840.113549.1.9.3", true, "Obsah", value });
                                break;
                            case "1.2.840.113549.1.9.4":
                                value = "";
                                foreach (ASNNode node in ASNNode.parse(atr.Values[0].RawData))
                                {
                                    value = BitConverter.ToString(node.getValue()).Replace("-", "");
                                }
                                File.WriteAllBytes(tmpadr + @"\S" + atr.Oid.Value.ToString() + ".cer", atr.Values[0].RawData);
                                dataGridView1.Rows.Add(new object[] { "1.2.840.113549.1.9.4", true, "Hash", value });
                                break;
                            case "1.2.840.113549.1.9.5":
                                value = "";
                                foreach (ASNNode node in ASNNode.parse(atr.Values[0].RawData))
                                {
                                    System.Text.ASCIIEncoding enc = new System.Text.ASCIIEncoding();
                                    value = enc.GetString(node.getValue());
                                    signdate = value;
                                }
                                File.WriteAllBytes(tmpadr + @"\S" + atr.Oid.Value.ToString() + ".cer", atr.Values[0].RawData);
                                dataGridView1.Rows.Add(new object[] { "1.2.840.113549.1.9.5", true, "Čas podpisu", value });
                                break;
                            case "1.2.840.113549.1.9.16.2.12":
                                value = "";
                                foreach (ASNNode node in ASNNode.parse(atr.Values[0].RawData))
                                {
                                    foreach (ASNNode node2 in node.getChilds())
                                    {
                                        foreach (ASNNode node3 in node2.getChilds())
                                        {
                                            foreach (ASNNode node4 in node3.getChilds())
                                            {
                                                foreach (ASNNode node5 in node4.getChilds())
                                                {
                                                    if (node5.Type == 2)
                                                    {
                                                        // identifikator
                                                        string mySerial = BitConverter.ToString(node5.getValue()).Replace("-", "");
                                                        foreach (X509Certificate2 cert in cms.Certificates)
                                                        {
                                                            string serial = cert.GetSerialNumberString();
                                                            if (serial == mySerial)
                                                            {
                                                                File.WriteAllBytes(tmpadr + @"\S1.2.840.113549.1.9.16.2.12.cer", cert.GetRawCertData());
                                                                value = "Dvojklik pre zobrazenie";
                                                            }
                                                        }
                                                    }
                                                }
                                            }
                                        }
                                    }

                                }
                                File.WriteAllBytes(tmpadr + @"\S" + atr.Oid.Value.ToString() + ".cer", atr.Values[0].RawData);
                                dataGridView1.Rows.Add(new object[] { "1.2.840.113549.1.9.16.2.12", true, "Podpisový certifikát", value });
                                break;
                            case "1.2.840.113549.1.9.16.2.15":
                                value = "";
                                foreach (ASNNode node in ASNNode.parse(atr.Values[0].RawData))
                                {
                                    ASNNode node2 = node.getChilds().First();
                                    File.WriteAllBytes(tmpadr + @"\S1.2.840.113549.1.9.16.2.15.cer", node.getValue());
                                    oid = new LipingShare.LCLib.Asn1Processor.Oid();
                                    value = oid.Decode(node2.getValue());

                                }
                                dataGridView1.Rows.Add(new object[] { "1.2.840.113549.1.9.16.2.15", true, "Podpisová politika", value });
                                break;
                            case "1.2.840.113549.1.9.16.2.47":

                                File.WriteAllBytes(tmpadr + @"\S1.2.840.113549.1.9.16.2.47.cer", atr.Values[0].RawData);
                                dataGridView1.Rows.Add(new object[] { "1.2.840.113549.1.9.16.2.47", true, "Podpisový certifikát 2", BitConverter.ToString(atr.Values[0].RawData).Replace("-", "") });
                                break;
                            default:
                                dataGridView1.Rows.Add(new object[] { atr.Oid.Value.ToString(), true, "", BitConverter.ToString(atr.Values[0].RawData).Replace("-", "") });
                                break;
                        }
                    }
                    foreach (CryptographicAttributeObject atr in cms.SignerInfos[0].UnsignedAttributes)
                    {
                        File.WriteAllBytes(tmpadr + @"\U" + atr.Oid.Value.ToString() + ".cer", atr.Values[0].RawData);
                        switch (atr.Oid.Value.ToString())
                        {
                            case "1.2.840.113549.1.9.16.2.14":
                                dataGridView1.Rows.Add(new object[] { atr.Oid.Value.ToString(), false, "Podpis obsahuje časovú pečiatku", "" });
                                break;
                            case "1.2.840.113549.1.9.16.2.21":
                                dataGridView1.Rows.Add(new object[] { atr.Oid.Value.ToString(), false, "Odkazy na certifikáty", "" });
                                break;
                            case "1.2.840.113549.1.9.16.2.22":
                                dataGridView1.Rows.Add(new object[] { atr.Oid.Value.ToString(), false, "Odkazy na CRL (zneplatnené certifikáty)", "" });
                                break;
                            case "1.2.840.113549.1.9.16.2.23":
                                dataGridView1.Rows.Add(new object[] { atr.Oid.Value.ToString(), false, "Zoznam certifikátov", "" });
                                break;
                            case "1.2.840.113549.1.9.16.2.24":

                                foreach (ASNNode node in ASNNode.parse(atr.Values[0].RawData))
                                {
                                    foreach (ASNNode node2 in node.getChilds())
                                    {
                                        foreach (ASNNode node3 in node2.getChilds())
                                        {
                                            foreach (ASNNode node4 in node3.getChilds())
                                            {
                                                foreach (ASNNode node5 in node4.getChilds())
                                                {
                                                    string from = "";
                                                    string until = "";
                                                    foreach (ASNNode node6 in node5.getChilds())
                                                    {
                                                        if (node6.Type == 0x17)
                                                        {
                                                            if (from == "")
                                                            {
                                                                System.Text.ASCIIEncoding enc = new System.Text.ASCIIEncoding();
                                                                from = enc.GetString(node6.getValue());
                                                            }
                                                            else
                                                            {
                                                                System.Text.ASCIIEncoding enc = new System.Text.ASCIIEncoding();
                                                                until = enc.GetString(node6.getValue());
                                                                int i = from.CompareTo(signdate);
                                                                if (signdate != "")
                                                                    if (from.CompareTo(signdate) == -1 && signdate.CompareTo(until) == -1)
                                                                    {
                                                                        // ok
                                                                    }
                                                                    else
                                                                    {
                                                                        // qsign bug
                                                                        validity.Text = "Uznávaný (Podpis obsahuje chybu neplatného CRL spôsobeným chybou aplikácie QSign.)";

                                                                    }
                                                            }
                                                        }
                                                    }
                                                }
                                            }
                                        }
                                    }
                                }
                                dataGridView1.Rows.Add(new object[] { atr.Oid.Value.ToString(), false, "Zoznam CRL", "" });
                                break;
                            default:
                                dataGridView1.Rows.Add(new object[] { atr.Oid.Value.ToString(), false, "", BitConverter.ToString(atr.Values[0].RawData).Replace("-", "") });
                                break;
                        }

                    }
                    dataGridView1.AutoSizeColumnsMode = DataGridViewAutoSizeColumnsMode.AllCells;
                }

            }
            catch (Exception exc) {
                validity.Text = "Neplatný: "+exc.Message;
            }
        }
        private static byte[] BuildCustomToken(
            CertLoader cert,
            DateTimeOffset timestamp,
            SigningCertificateOption v1Option,
            SigningCertificateOption v2Option,
            HashAlgorithmName v2DigestAlg        = default,
            X509IncludeOption includeOption      = X509IncludeOption.ExcludeRoot,
            SubjectIdentifierType identifierType = SubjectIdentifierType.IssuerAndSerialNumber)
        {
            long accuracyMicroSeconds = (long)(TimeSpan.FromMinutes(1).TotalMilliseconds * 1000);

            byte[] serialNumber = BitConverter.GetBytes(DateTimeOffset.UtcNow.Ticks);
            Array.Reverse(serialNumber);

            Rfc3161TimestampTokenInfo info = new Rfc3161TimestampTokenInfo(
                new Oid("0.0", "0.0"),
                new Oid(Oids.Sha384),
                new byte[384 / 8],
                serialNumber,
                timestamp,
                accuracyMicroSeconds,
                isOrdering: true);

            ContentInfo contentInfo = new ContentInfo(new Oid(Oids.TstInfo, Oids.TstInfo), info.Encode());
            SignedCms   cms         = new SignedCms(contentInfo);

            using (X509Certificate2 tsaCert = cert.TryGetCertificateWithPrivateKey())
            {
                CmsSigner signer = new CmsSigner(identifierType, tsaCert)
                {
                    IncludeOption = includeOption
                };

                if (v1Option != SigningCertificateOption.Omit)
                {
                    ExpandOption(v1Option, out bool validHash, out bool skipIssuerSerial, out bool validName, out bool validSerial);

                    // simple SigningCertificate
                    byte[] signingCertificateV1Bytes =
                        "301A3018301604140000000000000000000000000000000000000000".HexToByteArray();

                    if (validHash)
                    {
                        byte[] hash = SHA1.HashData(tsaCert.RawData);

                        Buffer.BlockCopy(
                            hash,
                            0,
                            signingCertificateV1Bytes,
                            signingCertificateV1Bytes.Length - hash.Length,
                            hash.Length);
                    }

                    if (!skipIssuerSerial)
                    {
                        byte[] footer = BuildIssuerAndSerialNumber(tsaCert, validName, validSerial);

                        signingCertificateV1Bytes[1] += (byte)footer.Length;
                        signingCertificateV1Bytes[3] += (byte)footer.Length;
                        signingCertificateV1Bytes[5] += (byte)footer.Length;

                        Assert.InRange(signingCertificateV1Bytes[1], 0, 127);

                        signingCertificateV1Bytes = signingCertificateV1Bytes.Concat(footer).ToArray();
                    }

                    signer.SignedAttributes.Add(
                        new AsnEncodedData("1.2.840.113549.1.9.16.2.12", signingCertificateV1Bytes));
                }

                if (v2Option != SigningCertificateOption.Omit)
                {
                    byte[] attrBytes;
                    byte[] algBytes = Array.Empty <byte>();
                    byte[] hashBytes;
                    byte[] issuerNameBytes = Array.Empty <byte>();

                    if (v2DigestAlg != default)
                    {
                        switch (v2DigestAlg.Name)
                        {
                        case "MD5":
                            algBytes = "300C06082A864886F70D02050500".HexToByteArray();
                            break;

                        case "SHA1":
                            algBytes = "300906052B0E03021A0500".HexToByteArray();
                            break;

                        case "SHA256":
                            // Invalid under DER, because it's the default.
                            algBytes = "300D06096086480165030402010500".HexToByteArray();
                            break;

                        case "SHA384":
                            algBytes = "300D06096086480165030402020500".HexToByteArray();
                            break;

                        case "SHA512":
                            algBytes = "300D06096086480165030402030500".HexToByteArray();
                            break;

                        default:
                            throw new NotSupportedException(v2DigestAlg.Name);
                        }
                    }
                    else
                    {
                        v2DigestAlg = HashAlgorithmName.SHA256;
                    }

                    hashBytes = tsaCert.GetCertHash(v2DigestAlg);

                    ExpandOption(v2Option, out bool validHash, out bool skipIssuerSerial, out bool validName, out bool validSerial);

                    if (!validHash)
                    {
                        hashBytes[0] ^= 0xFF;
                    }

                    if (!skipIssuerSerial)
                    {
                        issuerNameBytes = BuildIssuerAndSerialNumber(tsaCert, validName, validSerial);
                    }

                    // hashBytes hasn't been wrapped in an OCTET STRING yet, so add 2 more.
                    int payloadSize = algBytes.Length + hashBytes.Length + issuerNameBytes.Length + 2;
                    Assert.InRange(payloadSize, 0, 123);

                    attrBytes = new byte[payloadSize + 6];

                    int index = 0;

                    // SEQUENCE (SigningCertificateV2)
                    attrBytes[index++] = 0x30;
                    attrBytes[index++] = (byte)(payloadSize + 4);

                    // SEQUENCE OF => certs
                    attrBytes[index++] = 0x30;
                    attrBytes[index++] = (byte)(payloadSize + 2);

                    // SEQUENCE (ESSCertIdV2)
                    attrBytes[index++] = 0x30;
                    attrBytes[index++] = (byte)payloadSize;

                    Buffer.BlockCopy(algBytes, 0, attrBytes, index, algBytes.Length);
                    index += algBytes.Length;

                    // OCTET STRING (Hash)
                    attrBytes[index++] = 0x04;
                    attrBytes[index++] = (byte)hashBytes.Length;
                    Buffer.BlockCopy(hashBytes, 0, attrBytes, index, hashBytes.Length);
                    index += hashBytes.Length;

                    Buffer.BlockCopy(issuerNameBytes, 0, attrBytes, index, issuerNameBytes.Length);

                    signer.SignedAttributes.Add(
                        new AsnEncodedData("1.2.840.113549.1.9.16.2.47", attrBytes));
                }

                cms.ComputeSignature(signer);
            }

            return(cms.Encode());
        }
Beispiel #26
0
        public static void DecodeNull()
        {
            SignedCms cms = new SignedCms();

            Assert.Throws <ArgumentNullException>(() => cms.Decode(null));
        }
        public static void AddCounterSigner_ECDSA(SubjectIdentifierType identifierType, string digestOid)
        {
            SignedCms cms = new SignedCms();

            cms.Decode(SignedDocuments.RsaPkcs1OneSignerIssuerAndSerialNumber);
            Assert.Single(cms.Certificates);

            SignerInfo firstSigner = cms.SignerInfos[0];

            Assert.Empty(firstSigner.CounterSignerInfos);
            Assert.Empty(firstSigner.UnsignedAttributes);

            using (X509Certificate2 signerCert = Certificates.ECDsaP256Win.TryGetCertificateWithPrivateKey())
            {
                CmsSigner signer = new CmsSigner(identifierType, signerCert);
                signer.IncludeOption   = X509IncludeOption.EndCertOnly;
                signer.DigestAlgorithm = new Oid(digestOid, digestOid);
                firstSigner.ComputeCounterSignature(signer);
            }

            Assert.Empty(firstSigner.CounterSignerInfos);
            Assert.Empty(firstSigner.UnsignedAttributes);

            SignerInfo firstSigner2 = cms.SignerInfos[0];

            Assert.Single(firstSigner2.CounterSignerInfos);
            Assert.Single(firstSigner2.UnsignedAttributes);

            Assert.Single(cms.SignerInfos);
            Assert.Equal(2, cms.Certificates.Count);

            SignerInfo counterSigner = firstSigner2.CounterSignerInfos[0];

            int expectedVersion = identifierType == SubjectIdentifierType.IssuerAndSerialNumber ? 1 : 3;

            Assert.Equal(expectedVersion, counterSigner.Version);

            // On NetFx there will be two attributes, because Windows emits the
            // content-type attribute even for counter-signers.
            int expectedCount = 1;

#if netfx
            expectedCount = 2;
#endif
            Assert.Equal(expectedCount, counterSigner.SignedAttributes.Count);
            Assert.Equal(Oids.MessageDigest, counterSigner.SignedAttributes[expectedCount - 1].Oid.Value);

            Assert.NotEqual(firstSigner2.Certificate, counterSigner.Certificate);
            Assert.Equal(2, cms.Certificates.Count);

#if netcoreapp
            byte[] signature = counterSigner.GetSignature();
            Assert.NotEmpty(signature);
            // DSA PKIX signature format is a DER SEQUENCE.
            Assert.Equal(0x30, signature[0]);

            // ECDSA Oids are all under 1.2.840.10045.4.
            Assert.StartsWith("1.2.840.10045.4.", counterSigner.SignatureAlgorithm.Value);
#endif

            cms.CheckSignature(true);
            byte[] encoded = cms.Encode();
            cms.Decode(encoded);
            cms.CheckSignature(true);
        }
Beispiel #28
0
        public static IEnumerable <Timestamp> GetTimestamps(string path)
        {
            if (String.IsNullOrEmpty(path))
            {
                return(null);
            }

            var timestamps = new List <Timestamp>();
            int msgAndCertEncodingType;
            int msgContentType;
            int formatType;

            // NULL indicates that information is unneeded
            IntPtr certStore = IntPtr.Zero;
            IntPtr msg       = IntPtr.Zero;
            IntPtr context   = IntPtr.Zero;

            if (!WinCrypt.CryptQueryObject(
                    WinCrypt.CERT_QUERY_OBJECT_FILE,
                    Marshal.StringToHGlobalUni(path),
                    WinCrypt.CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED | WinCrypt.CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED | WinCrypt.CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED,
                    WinCrypt.CERT_QUERY_FORMAT_FLAG_ALL,
                    0,
                    out msgAndCertEncodingType,
                    out msgContentType,
                    out formatType,
                    ref certStore,
                    ref msg,
                    ref context))
            {
                throw new Win32Exception(Marshal.GetLastWin32Error());
            }

            int cbData = 0;

            // Passing in NULL to pvData retrieves the size of the encoded message
            if (!WinCrypt.CryptMsgGetParam(msg, WinCrypt.CMSG_ENCODED_MESSAGE, 0, IntPtr.Zero, ref cbData))
            {
                throw new Win32Exception(Marshal.GetLastWin32Error());
            }

            byte[] vData = new byte[cbData];
            if (!WinCrypt.CryptMsgGetParam(msg, WinCrypt.CMSG_ENCODED_MESSAGE, 0, vData, ref cbData))
            {
                throw new Win32Exception(Marshal.GetLastWin32Error());
            }

            var signedCms = new SignedCms();

            signedCms.Decode(vData);

            // Timestamp informaiton can be stored in multiple sections.
            // A single SHA1 stores the timestamp as a counter sign in the unsigned attributes
            // Multiple authenticode signatures will store additional information as a nested signature
            // In the case of SHA2 signatures, we need to find and decode the timestamp token (RFC3161).
            // Luckily NuGet implemented a proper TST and DER parser to decode this
            foreach (SignerInfo signerInfo in signedCms.SignerInfos)
            {
                foreach (CryptographicAttributeObject unsignedAttribute in signerInfo.UnsignedAttributes)
                {
                    if (String.Equals(unsignedAttribute.Oid.Value, WinCrypt.szOID_RSA_counterSign, StringComparison.OrdinalIgnoreCase))
                    {
                        foreach (SignerInfo counterSign in signerInfo.CounterSignerInfos)
                        {
                            foreach (CryptographicAttributeObject signedAttribute in counterSign.SignedAttributes)
                            {
                                if (String.Equals(signedAttribute.Oid.Value, WinCrypt.szOID_RSA_signingTime, StringComparison.OrdinalIgnoreCase))
                                {
                                    var st = (Pkcs9SigningTime)signedAttribute.Values[0];
                                    X509Certificate2 cert = counterSign.Certificate;

                                    var timeStamp = new Timestamp
                                    {
                                        SignedOn           = st.SigningTime.ToLocalTime(),
                                        EffectiveDate      = Convert.ToDateTime(cert.GetEffectiveDateString()).ToLocalTime(),
                                        ExpiryDate         = Convert.ToDateTime(cert.GetExpirationDateString()).ToLocalTime(),
                                        SignatureAlgorithm = cert.SignatureAlgorithm.FriendlyName
                                    };

                                    timestamps.Add(timeStamp);
                                }
                            }
                        }
                    }
                    else if (String.Equals(unsignedAttribute.Oid.Value, WinCrypt.szOID_RFC3161_counterSign, StringComparison.OrdinalIgnoreCase))
                    {
                        timestamps.AddRange(GetTimestampsFromCounterSignature(unsignedAttribute.Values[0]));
                    }
                    else if (String.Equals(unsignedAttribute.Oid.Value, WinCrypt.szOID_NESTED_SIGNATURE, StringComparison.OrdinalIgnoreCase))
                    {
                        var       nestedSignature        = new Pkcs9AttributeObject(unsignedAttribute.Values[0]);
                        SignedCms nestedSignatureMessage = new SignedCms();
                        nestedSignatureMessage.Decode(nestedSignature.RawData);

                        foreach (SignerInfo nestedSignerInfo in nestedSignatureMessage.SignerInfos)
                        {
                            foreach (CryptographicAttributeObject nestedUnsignedAttribute in nestedSignerInfo.UnsignedAttributes)
                            {
                                if (String.Equals(nestedUnsignedAttribute.Oid.Value, WinCrypt.szOID_RFC3161_counterSign, StringComparison.OrdinalIgnoreCase))
                                {
                                    timestamps.AddRange(GetTimestampsFromCounterSignature(nestedUnsignedAttribute.Values[0]));
                                }
                            }
                        }
                    }
                }
            }

            return(timestamps);
        }
        public static void EnsureExtraCertsAdded()
        {
            SignedCms cms = new SignedCms();

            cms.Decode(SignedDocuments.OneDsa1024);

            int preCount = cms.Certificates.Count;

            using (X509Certificate2 unrelated1 = Certificates.DHKeyAgree1.GetCertificate())
                using (X509Certificate2 unrelated1Copy = Certificates.DHKeyAgree1.GetCertificate())
                    using (X509Certificate2 unrelated2 = Certificates.RSAKeyTransfer2.GetCertificate())
                        using (X509Certificate2 unrelated3 = Certificates.RSAKeyTransfer3.GetCertificate())
                            using (X509Certificate2 signerCert = Certificates.RSAKeyTransferCapi1.TryGetCertificateWithPrivateKey())
                            {
                                var signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, signerCert);
                                signer.Certificates.Add(unrelated1);
                                signer.Certificates.Add(unrelated2);
                                signer.Certificates.Add(unrelated3);
                                signer.Certificates.Add(unrelated1Copy);
                                cms.SignerInfos[0].ComputeCounterSignature(signer);

                                bool ExpectCopyRemoved =
#if netfx
                                    false
#else
                                    true
#endif
                                ;

                                int expectedAddedCount = 4;

                                if (!ExpectCopyRemoved)
                                {
                                    expectedAddedCount++;
                                }

                                // Since adding a counter-signer DER-normalizes the document the certificates
                                // get rewritten to be smallest cert first.
                                X509Certificate2Collection certs    = cms.Certificates;
                                List <X509Certificate2>    certList = new List <X509Certificate2>(certs.OfType <X509Certificate2>());

                                int lastSize = -1;

                                for (int i = 0; i < certList.Count; i++)
                                {
                                    byte[] rawData = certList[i].RawData;

                                    Assert.True(
                                        rawData.Length >= lastSize,
                                        $"Certificate {i} has an encoded size ({rawData.Length}) no smaller than its predecessor ({lastSize})");
                                }

                                Assert.Contains(unrelated1, certList);
                                Assert.Contains(unrelated2, certList);
                                Assert.Contains(unrelated3, certList);
                                Assert.Contains(signerCert, certList);

                                Assert.Equal(ExpectCopyRemoved ? 1 : 2, certList.Count(c => c.Equals(unrelated1)));
                            }

            cms.CheckSignature(true);
        }
 public AuthorPrimarySignature(SignedCms signedCms)
     : base(signedCms, SignatureType.Author)
 {
 }
Beispiel #31
0
 protected override void VerifyKdcSignature(SignedCms signed)
 {
     signed.CheckSignature(verifySignatureOnly: true);
 }
        /// <summary>
        /// Creates a signed data from source raw data and a collection of signing certificates
        /// </summary>
        /// <remarks>
        /// Cryptography is performed only on the Mime portions of the message, not the RFC822 headers
        /// Some mail readers ignore the epilogue when calculating signatures!
        /// </remarks>
        /// <param name="content">The <c>byte</c> array to sign</param>
        /// <param name="signingCertificates">The certificates with which to sign.</param>
        /// <returns>Raw data holding the signatures.</returns>
        public byte[] Sign(byte[] content, X509Certificate2Collection signingCertificates)
        {
            SignedCms signature = CreateSignature(content, signingCertificates);

            return(signature.Encode());
        }
Beispiel #33
0
 /// <summary>
 /// Retrieve the bytes of the signed cms signature.
 /// </summary>
 public byte[] GetBytes()
 {
     return(SignedCms.Encode());
 }
        //-----------------------------------------------------
        //
        // Signature Validation
        //
        //-----------------------------------------------------

        /// <summary>
        /// Checks that a signature was signed by the signer certificate.
        /// </summary>
        /// <param name="signedEntity">The signed entity to check</param>
        /// <param name="signerCertificate">The signer certificaet that purports to sign the entity</param>
        /// <exception cref="SignatureException">If the entity was not signed by the claimed certificate</exception>
        public void CheckSignature(SignedEntity signedEntity, X509Certificate2 signerCertificate)
        {
            SignedCms signatureEnvelope = DeserializeDetachedSignature(signedEntity);

            CheckSignature(signatureEnvelope.SignerInfos, signerCertificate);
        }
        private static void ValidateTimestampCms(SigningSpecifications spec, SignedCms timestampCms, IRfc3161TimestampToken timestampToken)
        {
            var signerInfo = timestampCms.SignerInfos[0];

            try
            {
                signerInfo.CheckSignature(verifySignatureOnly: true);
            }
            catch (Exception e)
            {
                throw new TimestampException(NuGetLogCode.NU3021, Strings.SignError_TimestampSignatureValidationFailed, e);
            }

            if (signerInfo.Certificate == null)
            {
                throw new TimestampException(NuGetLogCode.NU3020, Strings.SignError_TimestampNoCertificate);
            }

            if (!CertificateUtility.IsSignatureAlgorithmSupported(signerInfo.Certificate))
            {
                var certificateSignatureAlgorithm = GetNameOrOidString(signerInfo.Certificate.SignatureAlgorithm);

                var supportedSignatureAlgorithms = string.Join(", ", spec.AllowedSignatureAlgorithms);

                var errorMessage = string.Format(CultureInfo.CurrentCulture,
                                                 Strings.TimestampCertificateUnsupportedSignatureAlgorithm,
                                                 certificateSignatureAlgorithm,
                                                 supportedSignatureAlgorithms);

                throw new TimestampException(NuGetLogCode.NU3022, errorMessage);
            }

            if (!CertificateUtility.IsCertificatePublicKeyValid(signerInfo.Certificate))
            {
                throw new TimestampException(NuGetLogCode.NU3023, Strings.SignError_TimestampCertificateFailsPublicKeyLengthRequirement);
            }

            if (!spec.AllowedHashAlgorithmOids.Contains(signerInfo.DigestAlgorithm.Value))
            {
                var digestAlgorithm = GetNameOrOidString(signerInfo.DigestAlgorithm);

                var supportedSignatureAlgorithms = string.Join(", ", spec.AllowedHashAlgorithms);

                var errorMessage = string.Format(CultureInfo.CurrentCulture,
                                                 Strings.TimestampSignatureUnsupportedDigestAlgorithm,
                                                 digestAlgorithm,
                                                 supportedSignatureAlgorithms);

                throw new TimestampException(NuGetLogCode.NU3024, errorMessage);
            }

            if (CertificateUtility.IsCertificateValidityPeriodInTheFuture(signerInfo.Certificate))
            {
                throw new TimestampException(NuGetLogCode.NU3025, Strings.SignError_TimestampNotYetValid);
            }

            if (!CertificateUtility.IsDateInsideValidityPeriod(signerInfo.Certificate, timestampToken.TokenInfo.Timestamp))
            {
                throw new TimestampException(NuGetLogCode.NU3036, Strings.SignError_TimestampGeneralizedTimeInvalid);
            }
        }
Beispiel #36
0
        private VerifierResponse VerifyDetachedSignature(
            byte[] signedFileBytes,
            byte[] signatureFileBytes,
            bool isVerifyCertificateChain = false)
        {
            ContentInfo contentInfo = new ContentInfo(signedFileBytes);
            SignedCms   signedCms   = new SignedCms(contentInfo, true);

            signedCms.Decode(signatureFileBytes);

            if (signedCms.SignerInfos.Count == 0)
            {
                return(VerifierResponse.Invalid("No signatures found in singature file"));
            }

            if (signedCms.SignerInfos.Count > 1)
            {
                return(VerifierResponse.Invalid($"{signedCms.SignerInfos.Count} signatures found in singature file. Only single-signature files are supported at the moment."));
            }

            SignerInfo signerInfo = signedCms.SignerInfos[0];

            var signingDateTime =
                (signerInfo.SignedAttributes
                 .Cast <CryptographicAttributeObject>()
                 .FirstOrDefault(x => x.Oid.Value == "1.2.840.113549.1.9.5")?.Values[0]
                 as Pkcs9SigningTime)?.SigningTime;

            try
            {
                signerInfo.CheckSignature(verifySignatureOnly: isVerifyCertificateChain);
            }
            catch (CryptographicException e)
            {
                return(VerifierResponse.Invalid($"Signature is matematically invalid with message : {e.Message}"));
            }

            X509Certificate2 certificate = signerInfo.Certificate;

            if (signingDateTime.HasValue)
            {
                bool isSigningDateValid =
                    signingDateTime.Value <certificate.NotAfter &&
                                           signingDateTime.Value> certificate.NotBefore;

                if (!isSigningDateValid)
                {
                    return(new VerifierResponse()
                    {
                        IsSignatureMathematicallyValid = true,
                        IsSignatureSigningDateValid = false,
                        SigningDateTime = signingDateTime,
                        Message =
                            $"Signature is matematically valid but signing date {signingDateTime.Value} lies outside of certificate validity range [{certificate.NotBefore}, {certificate.NotAfter}]"
                    });
                }
            }
            else
            {
                return(new VerifierResponse()
                {
                    IsSignatureMathematicallyValid = true,
                    IsSignatureSigningDateValid = false,
                    Message = "Can't extract signing DateTime. Unable to check certificate validity on signing date."
                });
            }

            return(VerifierResponse.Valid);
        }
Beispiel #37
0
        public void hacerLogin()
        {
            string  cmsFirmadoBase64;
            string  loginTicketResponse;
            XmlNode uniqueIdNode;
            XmlNode generationTimeNode;
            XmlNode ExpirationTimeNode;
            XmlNode ServiceNode;

            try
            {
                _globalId += 1;

                // Preparo el XML Request
                XmlLoginTicketRequest = new XmlDocument();
                XMLLOADER.loadTemplate(XmlLoginTicketRequest, "LoginTemplate");
                uniqueIdNode                 = XmlLoginTicketRequest.SelectSingleNode("//uniqueId");
                generationTimeNode           = XmlLoginTicketRequest.SelectSingleNode("//generationTime");
                ExpirationTimeNode           = XmlLoginTicketRequest.SelectSingleNode("//expirationTime");
                ServiceNode                  = XmlLoginTicketRequest.SelectSingleNode("//service");
                generationTimeNode.InnerText = DateTime.Now.AddMinutes(-10).ToString("s");
                ExpirationTimeNode.InnerText = DateTime.Now.AddMinutes(+10).ToString("s");
                uniqueIdNode.InnerText       = Convert.ToString(_globalId);
                ServiceNode.InnerText        = serv;

                // Obtenemos el Cert
                Certificado = new X509Certificate2();
                if (clave.IsReadOnly())
                {
                    Certificado.Import(File.ReadAllBytes(cert_path), clave, X509KeyStorageFlags.PersistKeySet);
                }
                else
                {
                    Certificado.Import(File.ReadAllBytes(cert_path));
                }

                var msgBytes = Encoding.UTF8.GetBytes(XmlLoginTicketRequest.OuterXml);

                // Firmamos
                var infoContenido = new ContentInfo(msgBytes);
                var cmsFirmado    = new SignedCms(infoContenido);
                var cmsFirmante   = new CmsSigner(Certificado);
                cmsFirmante.IncludeOption = X509IncludeOption.EndCertOnly;
                cmsFirmado.ComputeSignature(cmsFirmante);
                cmsFirmadoBase64 = Convert.ToBase64String(cmsFirmado.Encode());

                // Hago el login
                var servicio = new AFIP.WSAA.LoginCMSService();
                servicio.Url        = url;
                loginTicketResponse = servicio.loginCms(cmsFirmadoBase64);

                // Analizamos la respuesta
                XmlLoginTicketResponse = new XmlDocument();
                XmlLoginTicketResponse.LoadXml(loginTicketResponse);
                token = XmlLoginTicketResponse.SelectSingleNode("//token").InnerText;
                sing  = XmlLoginTicketResponse.SelectSingleNode("//sign").InnerText;
                var exStr  = XmlLoginTicketResponse.SelectSingleNode("//expirationTime").InnerText;
                var genStr = XmlLoginTicketResponse.SelectSingleNode("//generationTime").InnerText;
                expirationtime = DateTime.Parse(exStr);
                generationtime = DateTime.Parse(genStr);
                xdocrequest    = XDocument.Parse(XmlLoginTicketRequest.OuterXml);
                xdocresponse   = XDocument.Parse(XmlLoginTicketResponse.OuterXml);

                MessageBox.Show("Exito");
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
        }
Beispiel #38
0
        /// <summary> 
        /// Construye un Login Ticket obtenido del WSAA 
        /// </summary> 
        /// <param name="argServicio">Servicio al que se desea acceder</param> 
        /// <param name="argUrlWsaa">URL del WSAA</param> 
        /// <param name="argRutaCertX509Firmante">Ruta del certificado X509 (con clave privada) usado para firmar</param> 
        /// <param name="argVerbose">Nivel detallado de descripcion? true/false</param> 
        /// <remarks></remarks> 
        public void Obtener(string argServicio, string argUrlWsaa, string argRutaCertX509Firmante, bool argVerbose)
        {
            RutaDelCertificadoFirmante = argRutaCertX509Firmante;

            string cmsFirmadoBase64;
            string respuesta;

            XmlNode xmlNodoUniqueId;
            XmlNode xmlNodoGenerationTime;
            XmlNode xmlNodoExpirationTime;
            XmlNode xmlNodoService;

            // PASO 1: Genero el Login Ticket Request
            try {
                solicitudXML = new XmlDocument ();
                solicitudXML.LoadXml (solicitudPlantillaXML);

                xmlNodoUniqueId = solicitudXML.SelectSingleNode ("//uniqueId");
                xmlNodoGenerationTime = solicitudXML.SelectSingleNode ("//generationTime");
                xmlNodoExpirationTime = solicitudXML.SelectSingleNode ("//expirationTime");
                xmlNodoService = solicitudXML.SelectSingleNode ("//service");

                var now = DateTime.Now;

                xmlNodoGenerationTime.InnerText = now.ToString ("s");
                xmlNodoExpirationTime.InnerText = now.AddHours (12).ToString ("s");
                xmlNodoUniqueId.InnerText = Convert.ToString (_globalUniqueID);
                xmlNodoService.InnerText = Servicio;

                _globalUniqueID += 1;

            } catch (Exception ex) {
                throw new Exception ("Error GENERANDO el Ticket de acceso : " + ex.Message);
            }

            // PASO 2: Firmo el Login Ticket Request
            try {
                // Convierto el login ticket request a bytes, para firmar
                Encoding EncodedMsg = Encoding.UTF8;
                byte[] msgBytes = EncodedMsg.GetBytes (solicitudXML.OuterXml);
                byte[] encodedSignedCms;
                // Firmo el msg y paso a Base64
                try {
                    var certList = new ArrayList ();
                    CMSTypedData msg = new CMSProcessableByteArray ("Hello world!".getBytes ());

                    certList.add (signCert);

                    Store certs = new JcaCertStore (certList);

                    var gen = new  CMSSignedDataGenerator ();
                    ContentSigner sha1Signer = new JcaContentSignerBuilder ("SHA1withRSA").setProvider ("BC").build (signKP.getPrivate ());

                    gen.addSignerInfoGenerator (
                        new JcaSignerInfoGeneratorBuilder (
                            new JcaDigestCalculatorProviderBuilder ().setProvider ("BC").build ())
                        .build (sha1Signer, signCert));

                    gen.addCertificates (certs);

                    CMSSignedData sigData = gen.generate (msg, false);

                    cmsFirmadoBase64 = Convert.ToBase64String (encodedSignedCms);
                    // Pongo el mensaje en un objeto ContentInfo (requerido para construir el obj SignedCms)
                    var infoContenido = new System.Security.Cryptography.Pkcs.ContentInfo (msgBytes);
                    var cmsFirmado = new SignedCms (infoContenido);

                    // Creo objeto CmsSigner que tiene las caracteristicas del firmante
                    var cmsFirmante = new CmsSigner (certificadoFirmante);
                    cmsFirmante.IncludeOption = X509IncludeOption.EndCertOnly;

                    // Firmo el mensaje PKCS #7
                    cmsFirmado.ComputeSignature (cmsFirmante);
                    // Encodeo el mensaje PKCS #7.
                    encodedSignedCms = cmsFirmado.Encode ();
                } catch (Exception excepcionAlFirmar) {
                    throw new Exception ("***Error al firmar: " + excepcionAlFirmar.Message);
                }
            } catch (Exception excepcionAlFirmar) {
                throw new Exception ("***Error FIRMANDO el LoginTicketRequest : " + excepcionAlFirmar.Message);
            }

            // PASO 3: Invoco al WSAA para obtener el Login Ticket Response
            try {
                var wsaa = new  WSAA.LoginCMSService ();
                respuesta = wsaa.loginCms (cmsFirmadoBase64);
            } catch (Exception ex) {
                throw new Exception ("Error INVOCANDO al servicio WSAA : " + ex.Message);
            }

            // PASO 4: Analizo el Login Ticket Response recibido del WSAA
            try {
                respuestaXML = new XmlDocument ();
                respuestaXML.LoadXml (respuesta);

                id = UInt32.Parse (respuestaXML.SelectSingleNode ("//uniqueId").InnerText);
                generacion = DateTime.Parse (respuestaXML.SelectSingleNode ("//generationTime").InnerText);
                expiracion = DateTime.Parse (respuestaXML.SelectSingleNode ("//expirationTime").InnerText);
                firma = respuestaXML.SelectSingleNode ("//sign").InnerText;
                token = respuestaXML.SelectSingleNode ("//token").InnerText;
            } catch (Exception ex) {
                throw new Exception ("Error ANALIZANDO el LoginTicketResponse : " + ex.Message);
            }
        }