internal SignerInfo(SignedCms signedCms, SafeLocalAllocHandle pbCmsgSignerInfo) { this.m_signedCms = signedCms; this.m_parentSignerInfo = (SignerInfo)null; this.m_encodedSignerInfo = (byte[])null; this.m_pbCmsgSignerInfo = pbCmsgSignerInfo; this.m_cmsgSignerInfo = (CAPI.CMSG_SIGNER_INFO)Marshal.PtrToStructure(pbCmsgSignerInfo.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_INFO)); }
internal SignerInfo(SignedCms signedCms, SignerInfo parentSignerInfo, byte[] encodedSignerInfo) { uint cbDecodedValue = 0U; SafeLocalAllocHandle decodedValue = SafeLocalAllocHandle.InvalidHandle; fixed (byte* numPtr = &encodedSignerInfo[0]) { if (!CAPI.DecodeObject(new IntPtr(500L), new IntPtr((void*)numPtr), (uint)encodedSignerInfo.Length, out decodedValue, out cbDecodedValue)) throw new CryptographicException(Marshal.GetLastWin32Error()); } this.m_signedCms = signedCms; this.m_parentSignerInfo = parentSignerInfo; this.m_encodedSignerInfo = (byte[])encodedSignerInfo.Clone(); this.m_pbCmsgSignerInfo = decodedValue; this.m_cmsgSignerInfo = (CAPI.CMSG_SIGNER_INFO)Marshal.PtrToStructure(decodedValue.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_INFO)); }
public static void CheckSignature_ThrowsOnNullStore() { SignedCms cms = new SignedCms(); cms.Decode(SignedDocuments.RsaPssDocument); SignerInfo signer = cms.SignerInfos[0]; AssertExtensions.Throws <ArgumentNullException>( "extraStore", () => signer.CheckSignature(null, true)); AssertExtensions.Throws <ArgumentNullException>( "extraStore", () => signer.CheckSignature(null, false)); }
public static void CheckSignature_ExtraStore_IsAdditional() { SignedCms cms = new SignedCms(); cms.Decode(SignedDocuments.RsaPkcs1OneSignerIssuerAndSerialNumber); SignerInfo signer = cms.SignerInfos[0]; Assert.NotNull(signer.Certificate); // Assert.NotThrows signer.CheckSignature(true); // Assert.NotThrows signer.CheckSignature(new X509Certificate2Collection(), true); }
private bool CheckForVersion3( IList signerInfos) { foreach (SignerInformation si in signerInfos) { SignerInfo s = SignerInfo.GetInstance(si.ToSignerInfo()); if (s.Version.Value.IntValue == 3) { return(true); } } return(false); }
private static void VerifySigningCertificate( SignedCms signedCms, SignerInfo signerInfo, SigningSpecifications signingSpecifications) { var certificates = SignatureUtility.GetPrimarySignatureCertificates( signedCms, signerInfo, signingSpecifications); if (certificates == null || certificates.Count == 0) { ThrowForInvalidPrimarySignature(); } }
public static void AddCounterSigner_DuplicateCert_RSA() { SignedCms cms = new SignedCms(); cms.Decode(SignedDocuments.RsaPkcs1OneSignerIssuerAndSerialNumber); Assert.Single(cms.Certificates); SignerInfo firstSigner = cms.SignerInfos[0]; Assert.Empty(firstSigner.CounterSignerInfos); Assert.Empty(firstSigner.UnsignedAttributes); using (X509Certificate2 signerCert = Certificates.RSAKeyTransferCapi1.TryGetCertificateWithPrivateKey()) { CmsSigner signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, signerCert); firstSigner.ComputeCounterSignature(signer); } Assert.Empty(firstSigner.CounterSignerInfos); Assert.Empty(firstSigner.UnsignedAttributes); SignerInfo firstSigner2 = cms.SignerInfos[0]; Assert.Single(firstSigner2.CounterSignerInfos); Assert.Single(firstSigner2.UnsignedAttributes); SignerInfo counterSigner = firstSigner2.CounterSignerInfos[0]; Assert.Equal(SubjectIdentifierType.IssuerAndSerialNumber, counterSigner.SignerIdentifier.Type); // On NetFx there will be two attributes, because Windows emits the // content-type attribute even for counter-signers. int expectedAttrCount = 1; // One of them is a V3 signer. #if netfx expectedAttrCount = 2; #endif Assert.Equal(expectedAttrCount, counterSigner.SignedAttributes.Count); Assert.Equal(Oids.MessageDigest, counterSigner.SignedAttributes[expectedAttrCount - 1].Oid.Value); Assert.Equal(firstSigner2.Certificate, counterSigner.Certificate); Assert.Single(cms.Certificates); counterSigner.CheckSignature(true); firstSigner2.CheckSignature(true); cms.CheckSignature(true); }
public SignerInformationStore GetSignerInfos() { //IL_00e9: Expected O, but got Unknown if (_signerInfoStore == null) { PopulateCertCrlSets(); global::System.Collections.IList list = Platform.CreateArrayList(); IDictionary val = Platform.CreateHashtable(); { global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)_digests.get_Keys()).GetEnumerator(); try { while (enumerator.MoveNext()) { object current = enumerator.get_Current(); val.set_Item(current, (object)DigestUtilities.DoFinal((IDigest)_digests.get_Item(current))); } } finally { global::System.IDisposable disposable = enumerator as global::System.IDisposable; if (disposable != null) { disposable.Dispose(); } } } try { Asn1SetParser signerInfos = _signedData.GetSignerInfos(); IAsn1Convertible asn1Convertible; while ((asn1Convertible = signerInfos.ReadObject()) != null) { SignerInfo instance = SignerInfo.GetInstance(asn1Convertible.ToAsn1Object()); string digestAlgName = Helper.GetDigestAlgName(instance.DigestAlgorithm.Algorithm.Id); byte[] digest = (byte[])val.get_Item((object)digestAlgName); list.Add((object)new SignerInformation(instance, _signedContentType, null, new BaseDigestCalculator(digest))); } } catch (IOException val2) { IOException val3 = val2; throw new CmsException("io exception: " + ((global::System.Exception)(object) val3).get_Message(), (global::System.Exception)(object) val3); } _signerInfoStore = new SignerInformationStore((global::System.Collections.ICollection)list); } return(_signerInfoStore); }
/// <summary> /// Verifies the digital signature. /// </summary> /// <remarks> /// Verifies the digital signature. /// </remarks> /// <returns><c>true</c> if the signature is valid; otherwise <c>false</c>.</returns> /// <exception cref="DigitalSignatureVerifyException"> /// An error verifying the signature has occurred. /// </exception> public bool Verify() { if (vex != null) { throw vex; } try { SignerInfo.CheckSignature(false); return(true); } catch (Exception ex) { var message = string.Format("Failed to verify digital signature: {0}", ex.Message); vex = new DigitalSignatureVerifyException(message, ex); throw vex; } }
public static void RemoveCounterSignature_TooBigByValue() { SignedCms cms = new SignedCms(); cms.Decode(SignedDocuments.OneRsaSignerTwoRsaCounterSigners); SignerInfo signer = cms.SignerInfos[0]; Assert.Throws <CryptographicException>( () => signer.RemoveCounterSignature(2)); signer.RemoveCounterSignature(1); Assert.Equal(2, signer.CounterSignerInfos.Count); Assert.Throws <CryptographicException>( () => signer.RemoveCounterSignature(1)); }
/** * Protected constructor. In some cases clients have their own idea about how to encode * the signed attributes and calculate the signature. This constructor is to allow developers * to deal with that by extending off the class and overridng methods like getSignedAttributes(). * * @param baseInfo the SignerInformation to base this one on. */ protected SignerInformation(SignerInformation baseInfo) { this.info = baseInfo.info; this.contentType = baseInfo.contentType; this.isCounterSignature = baseInfo.IsCounterSignature; this.sid = baseInfo.SignerID; this.digestAlgorithm = info.DigestAlgorithm; this.signedAttributeSet = info.AuthenticatedAttributes; this.unsignedAttributeSet = info.UnauthenticatedAttributes; this.encryptionAlgorithm = info.DigestEncryptionAlgorithm; this.signature = info.EncryptedDigest.GetOctets(); this.content = baseInfo.content; this.resultDigest = baseInfo.resultDigest; this.signedAttributeTable = baseInfo.signedAttributeTable; this.unsignedAttributeTable = baseInfo.unsignedAttributeTable; }
public static void RemoveCounterSignature_TooBigByMatch() { SignedCms cms = new SignedCms(); cms.Decode(SignedDocuments.OneRsaSignerTwoRsaCounterSigners); SignerInfo signer = cms.SignerInfos[0]; SignerInfo counterSigner = signer.CounterSignerInfos[1]; // This succeeeds, but reduces the real count to 1. signer.RemoveCounterSignature(counterSigner); Assert.Equal(2, signer.CounterSignerInfos.Count); Assert.Single(cms.SignerInfos[0].CounterSignerInfos); Assert.Throws <CryptographicException>( () => signer.RemoveCounterSignature(counterSigner)); }
private void AppendRowsStatus() { //SignerInfo signerInfo=this._signatureResult.PKCS7Documents[this._requestDocumentIndex].SignersInfo[this._requestSignerIndex]; SignerInfo signerInfo = getSignerInfo(this._requestDocumentIndex, Request.QueryString["index"]); TableRow row = this.CreateHeaderTableRow(); row.Cells[0].Text = "Risultato verifica"; row = this.CreateStandardTableRow(); row.Cells[0].Text = "Stato della firma"; row.Cells[1].Controls.Add(this.GetStatusFirmaImage(signerInfo != null)); // Per verificare la validità della firma, // verifica la presenza di almeno un firmatario if (signerInfo.CertificateInfo.ThumbPrint != null && signerInfo.CertificateInfo.ThumbPrint != "") { row.Cells[2].Text = "Valido"; //controlliamo l'aa if (this._signatureResult.StatusCode == -5) { row.Cells[2].Text = "Non Conforme CADES (idaasigningcertificateV2 non trovato nella firma)"; } } else { row.Cells[2].Text = "Non valido"; } row = this.CreateStandardTableRow(); row.Cells[0].Text = "Stato del certificato"; row.Cells[1].Controls.Add(this.GetStatusImage(signerInfo.CertificateInfo.RevocationStatus == 0)); row.Cells[2].Text = signerInfo.CertificateInfo.RevocationStatusDescription; row = null; row = this.CreateStandardTableRow(); row.Cells[0].Text = "Verifica CRL:"; if (this._signatureResult.CRLOnlineCheck) { row.Cells[2].Text = "In linea"; } else { row.Cells[2].Text = "Locale"; } row = null; }
public static void AddCounterSigner_RSA(SubjectIdentifierType identifierType) { SignedCms cms = new SignedCms(); cms.Decode(SignedDocuments.RsaPkcs1OneSignerIssuerAndSerialNumber); Assert.Single(cms.Certificates); SignerInfo firstSigner = cms.SignerInfos[0]; Assert.Empty(firstSigner.CounterSignerInfos); Assert.Empty(firstSigner.UnsignedAttributes); using (X509Certificate2 signerCert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey()) { CmsSigner signer = new CmsSigner(identifierType, signerCert); firstSigner.ComputeCounterSignature(signer); } Assert.Empty(firstSigner.CounterSignerInfos); Assert.Empty(firstSigner.UnsignedAttributes); SignerInfo firstSigner2 = cms.SignerInfos[0]; Assert.Single(firstSigner2.CounterSignerInfos); Assert.Single(firstSigner2.UnsignedAttributes); SignerInfo counterSigner = firstSigner2.CounterSignerInfos[0]; Assert.Equal(identifierType, counterSigner.SignerIdentifier.Type); // On .NET Framework there will be two attributes, because Windows emits the // content-type attribute even for counter-signers. int expectedCount = 1; #if NETFRAMEWORK expectedCount = 2; #endif Assert.Equal(expectedCount, counterSigner.SignedAttributes.Count); Assert.Equal(Oids.MessageDigest, counterSigner.SignedAttributes[expectedCount - 1].Oid.Value); Assert.NotEqual(firstSigner2.Certificate, counterSigner.Certificate); Assert.Equal(2, cms.Certificates.Count); counterSigner.CheckSignature(true); firstSigner2.CheckSignature(true); cms.CheckSignature(true); }
public SignedData(ASN1 asn1) { if (asn1[0].Tag != 48 || asn1[0].Count < 4) { throw new ArgumentException("Invalid SignedData"); } if (asn1[0][0].Tag != 2) { throw new ArgumentException("Invalid version"); } version = asn1[0][0].Value[0]; contentInfo = new ContentInfo(asn1[0][2]); int num = 3; certs = new X509CertificateCollection(); if (asn1[0][num].Tag == 160) { for (int i = 0; i < asn1[0][num].Count; i++) { certs.Add(new X509Certificate(asn1[0][num][i].GetBytes())); } num++; } crls = new ArrayList(); if (asn1[0][num].Tag == 161) { for (int j = 0; j < asn1[0][num].Count; j++) { crls.Add(asn1[0][num][j].GetBytes()); } num++; } if (asn1[0][num].Count > 0) { signerInfo = new SignerInfo(asn1[0][num]); } else { signerInfo = new SignerInfo(); } if (signerInfo.HashName != null) { HashName = OidToName(signerInfo.HashName); } mda = (signerInfo.AuthenticatedAttributes.Count > 0); }
private void AppendRowsCertificate() { //SignerInfo signerInfo=this._signatureResult.PKCS7Documents[this._requestDocumentIndex].SignersInfo[this._requestSignerIndex]; SignerInfo signerInfo = getSignerInfo(this._requestDocumentIndex, Request.QueryString["index"]); CertificateInfo certInfo = signerInfo.CertificateInfo; TableRow row = this.CreateHeaderTableRow(); row.Cells[0].Text = "Certificato"; row = null; //Mev Firma1 < aggiunta info ente certificatore row = this.CreateStandardTableRow(); row.Cells[0].Text = "Ente Certificatore:"; row.Cells[2].Text = Utils.getEnteCertificatore(certInfo.IssuerName); row = null; //> row = this.CreateStandardTableRow(); row.Cells[0].Text = "S.N. certificato:"; row.Cells[2].Text = certInfo.SerialNumber; row = null; //Mev Firma1 < posizionameto orizzontale delle info date dal - al row = this.CreateStandardTableRow(); row.Cells[0].Text = "Valido dal:"; row.Cells[2].Text = string.Format("{0} Valido sino al: {1}", certInfo.ValidFromDate.ToLongDateString(), certInfo.ValidToDate.ToLongDateString());; row = null; //> row = this.CreateStandardTableRow(); row.Cells[0].Text = "Algoritmo Firma Certificato:"; row.Cells[2].Text = certInfo.SignatureAlgorithm; row = null; row = this.CreateStandardTableRow(); row.Cells[0].Text = "Firmatario:"; row.Cells[2].Text = this.GetItemValue(signerInfo.SubjectInfo.Cognome + " " + signerInfo.SubjectInfo.Nome); row = null; row = this.CreateStandardTableRow(); row.Cells[0].Text = "Thumbprint Certificato:"; row.Cells[2].Text = certInfo.ThumbPrint; row = null; certInfo = null; }
/// <summary> /// Get timestamps from the signer info /// </summary> /// <param name="signer"></param> /// <returns></returns> private static IReadOnlyList <Timestamp> GetTimestamps(SignerInfo signer) { var authorUnsignedAttributes = signer.UnsignedAttributes; var timestampList = new List <Timestamp>(); foreach (var attribute in authorUnsignedAttributes) { if (string.Equals(attribute.Oid.Value, Oids.SignatureTimeStampTokenAttributeOid, StringComparison.Ordinal)) { var timestampCms = new SignedCms(); timestampCms.Decode(attribute.Values[0].RawData); timestampList.Add(new Timestamp(timestampCms));; } } return(timestampList); }
public static void AddFirstSigner_RSA(SubjectIdentifierType identifierType, bool detached) { ContentInfo contentInfo = new ContentInfo(new byte[] { 9, 8, 7, 6, 5 }); SignedCms cms = new SignedCms(contentInfo, detached); using (X509Certificate2 signerCert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey()) { CmsSigner signer = new CmsSigner(identifierType, signerCert); cms.ComputeSignature(signer); } Assert.Same(contentInfo.Content, cms.ContentInfo.Content); Assert.Single(cms.SignerInfos); Assert.Single(cms.Certificates); int expectedVersion = identifierType == SubjectIdentifierType.SubjectKeyIdentifier ? 3 : 1; Assert.Equal(expectedVersion, cms.Version); SignerInfo firstSigner = cms.SignerInfos[0]; Assert.Equal(identifierType, firstSigner.SignerIdentifier.Type); Assert.NotNull(firstSigner.Certificate); Assert.NotSame(cms.Certificates[0], firstSigner.Certificate); Assert.Equal(cms.Certificates[0], firstSigner.Certificate); cms.CheckSignature(true); byte[] encoded = cms.Encode(); cms = new SignedCms(); cms.Decode(encoded); Assert.Single(cms.SignerInfos); Assert.Single(cms.Certificates); Assert.Equal(expectedVersion, cms.Version); Assert.Equal(identifierType, cms.SignerInfos[0].SignerIdentifier.Type); Assert.Equal(firstSigner.Certificate, cms.SignerInfos[0].Certificate); if (detached) { Assert.Throws <CryptographicException>(() => cms.CheckSignature(true)); cms = new SignedCms(contentInfo, detached); cms.Decode(encoded); } cms.CheckSignature(true); }
public static void RemoveSignature_MatchesSubjectKeyIdentifier() { SignedCms cms = new SignedCms(); cms.Decode(SignedDocuments.RsaPssDocument); Assert.Single(cms.SignerInfos); SignerInfo signerInfo = cms.SignerInfos[0]; Assert.Equal(SubjectIdentifierType.SubjectKeyIdentifier, signerInfo.SignerIdentifier.Type); int certCount = cms.Certificates.Count; cms.RemoveSignature(signerInfo); Assert.Empty(cms.SignerInfos); Assert.Equal(certCount, cms.Certificates.Count); }
private static void VerifySigningCertificate( SignedCms signedCms, SignerInfo signerInfo, SigningSpecifications signingSpecifications) { using (var certificates = SignatureUtility.GetCertificateChain( signedCms, signerInfo, signingSpecifications, Strings.PrimarySignatureFriendlyName)) { if (certificates == null || certificates.Count == 0) { ThrowForInvalidPrimarySignature(); } } }
/** * return the collection of signers that are associated with the * signatures for the message. */ public SignerInformationStore GetSignerInfos() { if (signerInfoStore == null) { IList signerInfos = new ArrayList(); Asn1Set s = signedData.SignerInfos; foreach (object obj in s) { signerInfos.Add(new SignerInformation(SignerInfo.GetInstance(obj), signedData.EncapContentInfo.ContentType, signedContent, null)); } signerInfoStore = new SignerInformationStore(signerInfos); } return(signerInfoStore); }
/** * return the collection of signers that are associated with the * signatures for the message. * @throws CmsException */ public SignerInformationStore GetSignerInfos() { if (_signerInfoStore == null) { IList signerInfos = new ArrayList(); IDictionary hashes = new Hashtable(); foreach (object digestKey in _digests.Keys) { hashes[digestKey] = DigestUtilities.DoFinal( (IDigest)_digests[digestKey]); } try { Asn1SetParser s = _signedData.GetSignerInfos(); IAsn1Convertible o; while ((o = s.ReadObject()) != null) { SignerInfo info = SignerInfo.GetInstance(o.ToAsn1Object()); string digestName = Helper.GetDigestAlgName( info.DigestAlgorithm.ObjectID.Id); byte[] hash = (byte[])hashes[digestName]; signerInfos.Add( new SignerInformation( info, new DerObjectIdentifier(_signedContent.ContentType), null, hash)); } } catch (IOException e) { throw new CmsException("io exception: " + e.Message, e); } _signerInfoStore = new SignerInformationStore(signerInfos); } return(_signerInfoStore); }
internal SignerInformation( SignerInfo info, DerObjectIdentifier contentType, CmsProcessable content, IDigestCalculator digestCalculator) { this.info = info; this.sid = new SignerID(); this.contentType = contentType; this.isCounterSignature = contentType == null; try { SignerIdentifier s = info.SignerID; if (s.IsTagged) { Asn1OctetString octs = Asn1OctetString.GetInstance(s.ID); sid.SubjectKeyIdentifier = octs.GetEncoded(); } else { Asn1.Cms.IssuerAndSerialNumber iAnds = Asn1.Cms.IssuerAndSerialNumber.GetInstance(s.ID); sid.Issuer = iAnds.Name; sid.SerialNumber = iAnds.SerialNumber.Value; } } catch (IOException) { throw new ArgumentException("invalid sid in SignerInfo"); } this.digestAlgorithm = info.DigestAlgorithm; this.signedAttributeSet = info.AuthenticatedAttributes; this.unsignedAttributeSet = info.UnauthenticatedAttributes; this.encryptionAlgorithm = info.DigestEncryptionAlgorithm; this.signature = info.EncryptedDigest.GetOctets(); this.content = content; this.digestCalculator = digestCalculator; }
private async Task CreateTimeStamp(SignedCms signedCms) { // See: https://www.glennwatson.net/posts/rfc-3161-signing const string timeStampAuthorityUri = "http://time.certum.pl/"; byte[] nonce = new byte[8]; using (RandomNumberGenerator rng = RandomNumberGenerator.Create()) { rng.GetBytes(nonce); } SignerInfo newSignerInfo = signedCms.SignerInfos[0]; Rfc3161TimestampRequest?request = Rfc3161TimestampRequest.CreateFromSignerInfo( newSignerInfo, HashAlgorithmName.SHA256, requestSignerCertificates: true, nonce: nonce); using HttpClient client = new HttpClient(); using ReadOnlyMemoryContent content = new ReadOnlyMemoryContent(request.Encode()); content.Headers.ContentType = new MediaTypeHeaderValue("application/timestamp-query"); using HttpResponseMessage? httpResponse = await client.PostAsync(timeStampAuthorityUri, content).ConfigureAwait(false); if (!httpResponse.IsSuccessStatusCode) { throw new CryptographicException($"There was a error from the timestamp authority. It responded with {httpResponse.StatusCode} {(int)httpResponse.StatusCode}: {httpResponse.Content}"); } if (httpResponse.Content.Headers.ContentType.MediaType != "application/timestamp-reply") { throw new CryptographicException("The reply from the time stamp server was in a invalid format."); } byte[]? data = await httpResponse.Content.ReadAsByteArrayAsync().ConfigureAwait(false); Rfc3161TimestampToken?timestampToken = request.ProcessResponse(data, out _); Oid signatureTimeStampOid = new Oid("1.2.840.113549.1.9.16.2.14"); newSignerInfo.AddUnsignedAttribute(new AsnEncodedData(signatureTimeStampOid, timestampToken.AsSignedCms().Encode())); }
public static void RemoveCounterSignature_EncodedInSingleAttribute_ByIndex(int indexToRemove) { SignedCms cms = new SignedCms(); cms.Decode(SignedDocuments.RsaPkcs1TwoCounterSignaturesInSingleAttribute); SignerInfo signerInfo = cms.SignerInfos[0]; Assert.Equal(2, signerInfo.CounterSignerInfos.Count); signerInfo.RemoveCounterSignature(indexToRemove); Assert.Equal(1, signerInfo.CounterSignerInfos.Count); cms.CheckSignature(true); byte[] encoded = cms.Encode(); cms.Decode(encoded); Assert.Equal(1, cms.SignerInfos[0].CounterSignerInfos.Count); cms.CheckSignature(true); }
public X509Certificate2 Verify(bool skipCertValidation) { if (!this.IsSigned) { throw new Exception("Package is not signed"); } IntegrityList computedIntegrityList = this.ComputeIntegrityList(out byte[] integrityListContent, out byte[] integrityListSignatureContent); IntegrityList embeddedIntegrityList = IntegrityList.FromByteArray(integrityListContent); SignerInfo signerInfo = CryptoUtils.VerifyDetachedCmsSignature(integrityListContent, integrityListSignatureContent, skipCertValidation); if (!computedIntegrityList.SequenceEqual(embeddedIntegrityList)) { throw new InvalidSignatureException("Package content has been altered"); } return(signerInfo.Certificate); }
public static void SignerInfo_AddRemoveUnsignedAttributeWithDetachtedSigner_Throws() { SignedCms cms = new SignedCms(); cms.Decode(SignedDocuments.OneRsaSignerTwoRsaCounterSigners); // Detatch signer (and its counter signers) SignerInfo counterSigner = cms.SignerInfos[0].CounterSignerInfos[0]; cms.RemoveSignature(0); // we shouldn't throw Assert.Equal(0, counterSigner.UnsignedAttributes.Count); AsnEncodedData attribute = CreateTimestampToken(1); Assert.Throws <CryptographicException>(() => counterSigner.AddUnsignedAttribute(attribute)); Assert.Throws <CryptographicException>(() => counterSigner.RemoveUnsignedAttribute(attribute)); }
internal static Signer FromSignerInfo(SignerInfo signerInfo) { DateTime?signingTime = null; var attr = signerInfo .SignedAttributes .Cast <CryptographicAttributeObject>() .Where(a => a.Oid.Value.Equals("1.2.840.113549.1.9.5", StringComparison.OrdinalIgnoreCase)) .Select(a => new Pkcs9SigningTime(a.Values.Cast <AsnEncodedData>().First().RawData)) .FirstOrDefault(); if (attr != null) { signingTime = attr.SigningTime.ToUniversalTime(); } return(new Signer( signerInfo.Certificate.ComputePublicKeyIdentifier(), signerInfo.Certificate, signingTime)); }
internal SignerInfoCollection(SignedCms signedCms) { uint num1 = 0U; uint num2 = (uint)Marshal.SizeOf(typeof(uint)); SafeCryptMsgHandle cryptMsgHandle = signedCms.GetCryptMsgHandle(); if (!CAPI.CAPISafe.CryptMsgGetParam(cryptMsgHandle, 5U, 0U, new IntPtr((void*)&num1), new IntPtr((void*)&num2))) throw new CryptographicException(Marshal.GetLastWin32Error()); SignerInfo[] signerInfoArray = new SignerInfo[(IntPtr)num1]; for (int index = 0; (long)index < (long)num1; ++index) { uint num3 = 0U; if (!CAPI.CAPISafe.CryptMsgGetParam(cryptMsgHandle, 6U, (uint)index, IntPtr.Zero, new IntPtr((void*)&num3))) throw new CryptographicException(Marshal.GetLastWin32Error()); SafeLocalAllocHandle localAllocHandle = CAPI.LocalAlloc(0U, new IntPtr((long)num3)); if (!CAPI.CAPISafe.CryptMsgGetParam(cryptMsgHandle, 6U, (uint)index, localAllocHandle, new IntPtr((void*)&num3))) throw new CryptographicException(Marshal.GetLastWin32Error()); signerInfoArray[index] = new SignerInfo(signedCms, localAllocHandle); } this.m_signerInfos = signerInfoArray; }
/** * return the collection of signers that are associated with the * signatures for the message. * @throws CmsException */ public SignerInformationStore GetSignerInfos() { if (_signerInfoStore == null) { PopulateCertCrlSets(); IList signerInfos = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateArrayList(); IDictionary hashes = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateHashtable(); foreach (object digestKey in _digests.Keys) { hashes[digestKey] = DigestUtilities.DoFinal( (IDigest)_digests[digestKey]); } try { Asn1SetParser s = _signedData.GetSignerInfos(); IAsn1Convertible o; while ((o = s.ReadObject()) != null) { SignerInfo info = SignerInfo.GetInstance(o.ToAsn1Object()); string digestName = Helper.GetDigestAlgName( info.DigestAlgorithm.Algorithm.Id); byte[] hash = (byte[])hashes[digestName]; signerInfos.Add(new SignerInformation(info, _signedContentType, null, new BaseDigestCalculator(hash))); } } catch (IOException e) { throw new CmsException("io exception: " + e.Message, e); } _signerInfoStore = new SignerInformationStore(signerInfos); } return(_signerInfoStore); }
public static void CreateSignature_RsaPss(string digestOid, bool assignByConstructor) { ContentInfo content = new ContentInfo(new byte[] { 1, 2, 3 }); SignedCms cms = new SignedCms(content); byte[] cmsBytes; using (X509Certificate2 cert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey()) { CmsSigner signer; if (assignByConstructor) { signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, cert, null, RSASignaturePadding.Pss); } else { signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, cert); signer.SignaturePadding = RSASignaturePadding.Pss; } signer.DigestAlgorithm = new Oid(digestOid, null); if (!SignatureSupport.SupportsRsaSha1Signatures && digestOid == Oids.Sha1) { Assert.ThrowsAny <CryptographicException>(() => cms.ComputeSignature(signer)); } else { cms.ComputeSignature(signer); cmsBytes = cms.Encode(); cms = new SignedCms(); cms.Decode(cmsBytes); cms.CheckSignature(true); // Assert.NoThrow Assert.Single(cms.SignerInfos); SignerInfo signerInfo = cms.SignerInfos[0]; Assert.Equal(Oids.RsaPss, signerInfo.SignatureAlgorithm.Value); } } }
/** * Return a signer information object with passed in SignerInformationStore representing counter * signatures attached as an unsigned attribute. * * @param signerInformation the signerInfo to be used as the basis. * @param counterSigners signer info objects carrying counter signature. * @return a copy of the original SignerInformationObject with the changed attributes. */ public static SignerInformation AddCounterSigners( SignerInformation signerInformation, SignerInformationStore counterSigners) { // TODO Perform checks from RFC 3852 11.4 SignerInfo sInfo = signerInformation.info; Asn1.Cms.AttributeTable unsignedAttr = signerInformation.UnsignedAttributes; Asn1EncodableVector v; if (unsignedAttr != null) { v = unsignedAttr.ToAsn1EncodableVector(); } else { v = new Asn1EncodableVector(); } Asn1EncodableVector sigs = new Asn1EncodableVector(); foreach (SignerInformation sigInf in counterSigners.GetSigners()) { sigs.Add(sigInf.ToSignerInfo()); } v.Add(new Asn1.Cms.Attribute(CmsAttributes.CounterSignature, new DerSet(sigs))); return(new SignerInformation( new SignerInfo( sInfo.SignerID, sInfo.DigestAlgorithm, sInfo.AuthenticatedAttributes, sInfo.DigestEncryptionAlgorithm, sInfo.EncryptedDigest, new DerSet(v)), signerInformation.contentType, signerInformation.content, null)); }
public static void BuildFromSignerInfo() { ContentInfo content = new ContentInfo(new byte[] { 1, 2, 3, 4 }); SignedCms cms = new SignedCms(content, false); using (X509Certificate2 signerCert = Certificates.RSAKeyTransferCapi1.TryGetCertificateWithPrivateKey()) { CmsSigner signer = new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, signerCert); signer.SignedAttributes.Add(new Pkcs9SigningTime()); cms.ComputeSignature(signer); } SignerInfo signerInfo = cms.SignerInfos[0]; byte[] sig = signerInfo.GetSignature(); Rfc3161TimestampRequest fromSigner = Rfc3161TimestampRequest.CreateFromSignerInfo(signerInfo, HashAlgorithmName.SHA256); Rfc3161TimestampRequest fromData = Rfc3161TimestampRequest.CreateFromData(sig, HashAlgorithmName.SHA256); Assert.Equal(fromData.Encode().ByteArrayToHex(), fromSigner.Encode().ByteArrayToHex()); }
internal SignerInfoCollection(SignedCms signedCms, SignerInfo signerInfo) { SignerInfo[] signerInfoArray1 = new SignerInfo[0]; int length = 0; int num = 0; foreach (CryptographicAttributeObject cryptographicAttributeObject in signerInfo.UnsignedAttributes) { if (cryptographicAttributeObject.Oid.Value == "1.2.840.113549.1.9.6") length += cryptographicAttributeObject.Values.Count; } SignerInfo[] signerInfoArray2 = new SignerInfo[length]; foreach (CryptographicAttributeObject cryptographicAttributeObject in signerInfo.UnsignedAttributes) { if (cryptographicAttributeObject.Oid.Value == "1.2.840.113549.1.9.6") { for (int index = 0; index < cryptographicAttributeObject.Values.Count; ++index) { AsnEncodedData asnEncodedData = cryptographicAttributeObject.Values[index]; signerInfoArray2[num++] = new SignerInfo(signedCms, signerInfo, asnEncodedData.RawData); } } } this.m_signerInfos = signerInfoArray2; }
public SignedData () { version = 1; contentInfo = new ContentInfo (); certs = new X509CertificateCollection (); crls = new ArrayList (); signerInfo = new SignerInfo (); mda = true; signed = false; }
public void RemoveCounterSignature(SignerInfo counterSignerInfo) { }
/// <summary> /// The <see cref="M:System.Security.Cryptography.Pkcs.SignerInfoCollection.CopyTo(System.Security.Cryptography.Pkcs.SignerInfo[],System.Int32)"/> method copies the <see cref="T:System.Security.Cryptography.Pkcs.SignerInfoCollection"/> collection to a <see cref="T:System.Security.Cryptography.Pkcs.SignerInfo"/> array. /// </summary> /// <param name="array">An array of <see cref="T:System.Security.Cryptography.Pkcs.SignerInfo"/> objects where the <see cref="T:System.Security.Cryptography.Pkcs.SignerInfoCollection"/> collection is to be copied.</param><param name="index">The zero-based index in <paramref name="array"/> where the <see cref="T:System.Security.Cryptography.Pkcs.SignerInfoCollection"/> collection is copied.</param><exception cref="T:System.ArgumentException">One of the arguments provided to a method was not valid.</exception><exception cref="T:System.ArgumentNullException">A null reference was passed to a method that does not accept it as a valid argument. </exception><exception cref="T:System.ArgumentOutOfRangeException">The value of an argument was outside the allowable range of values as defined by the called method.</exception> public void CopyTo(SignerInfo[] array, int index) { this.CopyTo((Array)array, index); }
public SignedData (ASN1 asn1) { if ((asn1[0].Tag != 0x30) || (asn1[0].Count < 4)) throw new ArgumentException ("Invalid SignedData"); if (asn1[0][0].Tag != 0x02) throw new ArgumentException ("Invalid version"); version = asn1[0][0].Value[0]; contentInfo = new ContentInfo (asn1[0][2]); int n = 3; certs = new X509CertificateCollection (); if (asn1[0][n].Tag == 0xA0) { for (int i=0; i < asn1[0][n].Count; i++) certs.Add (new X509Certificate (asn1[0][n][i].GetBytes ())); n++; } crls = new ArrayList (); if (asn1[0][n].Tag == 0xA1) { for (int i=0; i < asn1[0][n].Count; i++) crls.Add (asn1[0][n][i].GetBytes ()); n++; } if (asn1[0][n].Count > 0) signerInfo = new SignerInfo (asn1[0][n]); else signerInfo = new SignerInfo (); // Exchange hash algorithm Oid from SignerInfo if (signerInfo.HashName != null) { HashName = OidToName(signerInfo.HashName); } // Check if SignerInfo has authenticated attributes mda = (signerInfo.AuthenticatedAttributes.Count > 0); }
public void CopyTo(SignerInfo[] array, int index) { }
public void RemoveCounterSignature(SignerInfo counterSignerInfo) { if (this.m_parentSignerInfo != null) throw new CryptographicException(-2147483647); if (counterSignerInfo == null) throw new ArgumentNullException("counterSignerInfo"); foreach (CryptographicAttributeObject cryptographicAttributeObject in this.UnsignedAttributes) { if (string.Compare(cryptographicAttributeObject.Oid.Value, "1.2.840.113549.1.9.6", StringComparison.OrdinalIgnoreCase) == 0) { for (int childIndex = 0; childIndex < cryptographicAttributeObject.Values.Count; ++childIndex) { SignerInfo signerInfo = new SignerInfo(this.m_signedCms, this.m_parentSignerInfo, cryptographicAttributeObject.Values[childIndex].RawData); if (counterSignerInfo.SignerIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber && signerInfo.SignerIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber) { X509IssuerSerial x509IssuerSerial1 = (X509IssuerSerial)counterSignerInfo.SignerIdentifier.Value; X509IssuerSerial x509IssuerSerial2 = (X509IssuerSerial)signerInfo.SignerIdentifier.Value; if (string.Compare(x509IssuerSerial1.IssuerName, x509IssuerSerial2.IssuerName, StringComparison.OrdinalIgnoreCase) == 0 && string.Compare(x509IssuerSerial1.SerialNumber, x509IssuerSerial2.SerialNumber, StringComparison.OrdinalIgnoreCase) == 0) { this.RemoveCounterSignature(PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0), childIndex); return; } } else if (counterSignerInfo.SignerIdentifier.Type == SubjectIdentifierType.SubjectKeyIdentifier && signerInfo.SignerIdentifier.Type == SubjectIdentifierType.SubjectKeyIdentifier && string.Compare(counterSignerInfo.SignerIdentifier.Value as string, signerInfo.SignerIdentifier.Value as string, StringComparison.OrdinalIgnoreCase) == 0) { this.RemoveCounterSignature(PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0), childIndex); return; } } } } throw new CryptographicException(-2146889714); }
public void RemoveSignature(SignerInfo signerInfo) { }
public void RemoveSignature(SignerInfo signerInfo) { if (signerInfo == null) throw new ArgumentNullException("signerInfo"); this.RemoveSignature(PkcsUtils.GetSignerIndex(this.m_safeCryptMsgHandle, signerInfo, 0)); }