private void CounterSign(CmsSigner signer)
{
CspParameters parameters = new CspParameters();
if (!System.Security.Cryptography.X509Certificates.X509Utils.GetPrivateKeyInfo(System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(signer.Certificate), ref parameters))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Sign | KeyContainerPermissionFlags.Open);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
uint dwIndex = (uint)PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0);
System.Security.Cryptography.SafeLocalAllocHandle handle = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO))));
System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO structure = PkcsUtils.CreateSignerEncodeInfo(signer);
try
{
Marshal.StructureToPtr(structure, handle.DangerousGetHandle(), false);
if (!System.Security.Cryptography.CAPI.CryptMsgCountersign(this.m_signedCms.GetCryptMsgHandle(), dwIndex, 1, handle.DangerousGetHandle()))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
this.m_signedCms.ReopenToDecode();
}
finally
{
Marshal.DestroyStructure(handle.DangerousGetHandle(), typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO));
handle.Dispose();
structure.Dispose();
}
PkcsUtils.AddCertsToMessage(this.m_signedCms.GetCryptMsgHandle(), this.m_signedCms.Certificates, PkcsUtils.CreateBagOfCertificates(signer));
}
private unsafe void Sign(CmsSigner signer, bool silent)
{
System.Security.Cryptography.SafeCryptMsgHandle hCryptMsg = null;
System.Security.Cryptography.CAPI.CMSG_SIGNED_ENCODE_INFO cmsg_signed_encode_info = new System.Security.Cryptography.CAPI.CMSG_SIGNED_ENCODE_INFO(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNED_ENCODE_INFO)));
System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO structure = PkcsUtils.CreateSignerEncodeInfo(signer, silent);
byte[] encodedMessage = null;
try
{
System.Security.Cryptography.SafeLocalAllocHandle handle2 = System.Security.Cryptography.CAPI.LocalAlloc(0, new IntPtr(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO))));
try
{
Marshal.StructureToPtr(structure, handle2.DangerousGetHandle(), false);
X509Certificate2Collection certificates = PkcsUtils.CreateBagOfCertificates(signer);
System.Security.Cryptography.SafeLocalAllocHandle handle3 = PkcsUtils.CreateEncodedCertBlob(certificates);
cmsg_signed_encode_info.cSigners = 1;
cmsg_signed_encode_info.rgSigners = handle2.DangerousGetHandle();
cmsg_signed_encode_info.cCertEncoded = (uint)certificates.Count;
if (certificates.Count > 0)
{
cmsg_signed_encode_info.rgCertEncoded = handle3.DangerousGetHandle();
}
if (string.Compare(this.ContentInfo.ContentType.Value, "1.2.840.113549.1.7.1", StringComparison.OrdinalIgnoreCase) == 0)
{
hCryptMsg = System.Security.Cryptography.CAPI.CryptMsgOpenToEncode(0x10001, this.Detached ? 4 : 0, 2, new IntPtr((void *)&cmsg_signed_encode_info), IntPtr.Zero, IntPtr.Zero);
}
else
{
hCryptMsg = System.Security.Cryptography.CAPI.CryptMsgOpenToEncode(0x10001, this.Detached ? 4 : 0, 2, new IntPtr((void *)&cmsg_signed_encode_info), this.ContentInfo.ContentType.Value, IntPtr.Zero);
}
if ((hCryptMsg == null) || hCryptMsg.IsInvalid)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if ((this.ContentInfo.Content.Length > 0) && !System.Security.Cryptography.CAPI.CAPISafe.CryptMsgUpdate(hCryptMsg, this.ContentInfo.pContent, (uint)this.ContentInfo.Content.Length, true))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
encodedMessage = PkcsUtils.GetContent(hCryptMsg);
hCryptMsg.Dispose();
handle3.Dispose();
}
finally
{
Marshal.DestroyStructure(handle2.DangerousGetHandle(), typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO));
handle2.Dispose();
}
}
finally
{
structure.Dispose();
}
hCryptMsg = OpenToDecode(encodedMessage, this.ContentInfo, this.Detached);
if ((this.m_safeCryptMsgHandle != null) && !this.m_safeCryptMsgHandle.IsInvalid)
{
this.m_safeCryptMsgHandle.Dispose();
}
this.m_safeCryptMsgHandle = hCryptMsg;
GC.KeepAlive(signer);
}
private void CoSign(CmsSigner signer, bool silent)
{
using (System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO cmsg_signer_encode_info = PkcsUtils.CreateSignerEncodeInfo(signer, silent))
{
System.Security.Cryptography.SafeLocalAllocHandle handle = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO))));
try
{
Marshal.StructureToPtr(cmsg_signer_encode_info, handle.DangerousGetHandle(), false);
if (!System.Security.Cryptography.CAPI.CryptMsgControl(this.m_safeCryptMsgHandle, 0, 6, handle.DangerousGetHandle()))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
finally
{
Marshal.DestroyStructure(handle.DangerousGetHandle(), typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO));
handle.Dispose();
}
}
PkcsUtils.AddCertsToMessage(this.m_safeCryptMsgHandle, this.Certificates, PkcsUtils.CreateBagOfCertificates(signer));
}
internal static unsafe System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO CreateSignerEncodeInfo(CmsSigner signer, bool silent)
{
System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO cmsg_signer_encode_info = new System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO)));
System.Security.Cryptography.SafeCryptProvHandle invalidHandle = System.Security.Cryptography.SafeCryptProvHandle.InvalidHandle;
uint pdwKeySpec = 0;
bool pfCallerFreeProv = false;
cmsg_signer_encode_info.HashAlgorithm.pszObjId = signer.DigestAlgorithm.Value;
if (string.Compare(signer.Certificate.PublicKey.Oid.Value, "1.2.840.10040.4.1", StringComparison.Ordinal) == 0)
{
cmsg_signer_encode_info.HashEncryptionAlgorithm.pszObjId = "1.2.840.10040.4.3";
}
cmsg_signer_encode_info.cAuthAttr = (uint)signer.SignedAttributes.Count;
cmsg_signer_encode_info.rgAuthAttr = CreateCryptAttributes(signer.SignedAttributes);
cmsg_signer_encode_info.cUnauthAttr = (uint)signer.UnsignedAttributes.Count;
cmsg_signer_encode_info.rgUnauthAttr = CreateCryptAttributes(signer.UnsignedAttributes);
if (signer.SignerIdentifierType == SubjectIdentifierType.NoSignature)
{
cmsg_signer_encode_info.HashEncryptionAlgorithm.pszObjId = "1.3.6.1.5.5.7.6.2";
cmsg_signer_encode_info.pCertInfo = IntPtr.Zero;
cmsg_signer_encode_info.dwKeySpec = pdwKeySpec;
if (!System.Security.Cryptography.CAPI.CryptAcquireContext(ref invalidHandle, (string)null, (string)null, 1, 0xf0000000))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
cmsg_signer_encode_info.hCryptProv = invalidHandle.DangerousGetHandle();
GC.SuppressFinalize(invalidHandle);
cmsg_signer_encode_info.SignerId.dwIdChoice = 1;
X500DistinguishedName name = new X500DistinguishedName("CN=Dummy Signer")
{
Oid = new Oid("1.3.6.1.4.1.311.21.9")
};
cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.Issuer.cbData = (uint)name.RawData.Length;
System.Security.Cryptography.SafeLocalAllocHandle handle2 = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr((long)cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.Issuer.cbData));
Marshal.Copy(name.RawData, 0, handle2.DangerousGetHandle(), name.RawData.Length);
cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.Issuer.pbData = handle2.DangerousGetHandle();
GC.SuppressFinalize(handle2);
cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.SerialNumber.cbData = 1;
System.Security.Cryptography.SafeLocalAllocHandle handle3 = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr((long)cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.SerialNumber.cbData));
byte *handle = (byte *)handle3.DangerousGetHandle();
handle[0] = 0;
cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.SerialNumber.pbData = handle3.DangerousGetHandle();
GC.SuppressFinalize(handle3);
return(cmsg_signer_encode_info);
}
System.Security.Cryptography.SafeCertContextHandle certContext = System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(signer.Certificate);
if (!System.Security.Cryptography.CAPI.CAPISafe.CryptAcquireCertificatePrivateKey(certContext, silent ? 70 : 6, IntPtr.Zero, ref invalidHandle, ref pdwKeySpec, ref pfCallerFreeProv))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
cmsg_signer_encode_info.dwKeySpec = pdwKeySpec;
cmsg_signer_encode_info.hCryptProv = invalidHandle.DangerousGetHandle();
GC.SuppressFinalize(invalidHandle);
System.Security.Cryptography.CAPI.CERT_CONTEXT cert_context = *((System.Security.Cryptography.CAPI.CERT_CONTEXT *)certContext.DangerousGetHandle());
cmsg_signer_encode_info.pCertInfo = cert_context.pCertInfo;
if (signer.SignerIdentifierType == SubjectIdentifierType.SubjectKeyIdentifier)
{
uint pcbData = 0;
System.Security.Cryptography.SafeLocalAllocHandle pvData = System.Security.Cryptography.SafeLocalAllocHandle.InvalidHandle;
if (!System.Security.Cryptography.CAPI.CAPISafe.CertGetCertificateContextProperty(certContext, 20, pvData, ref pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (pcbData <= 0)
{
return(cmsg_signer_encode_info);
}
pvData = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr((long)pcbData));
if (!System.Security.Cryptography.CAPI.CAPISafe.CertGetCertificateContextProperty(certContext, 20, pvData, ref pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
cmsg_signer_encode_info.SignerId.dwIdChoice = 2;
cmsg_signer_encode_info.SignerId.Value.KeyId.cbData = pcbData;
cmsg_signer_encode_info.SignerId.Value.KeyId.pbData = pvData.DangerousGetHandle();
GC.SuppressFinalize(pvData);
}
return(cmsg_signer_encode_info);
}
internal static unsafe System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO CreateSignerEncodeInfo(CmsSigner signer, bool silent)
{
System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO cmsg_signer_encode_info = new System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO)));
System.Security.Cryptography.SafeCryptProvHandle invalidHandle = System.Security.Cryptography.SafeCryptProvHandle.InvalidHandle;
uint pdwKeySpec = 0;
bool pfCallerFreeProv = false;
cmsg_signer_encode_info.HashAlgorithm.pszObjId = signer.DigestAlgorithm.Value;
if (string.Compare(signer.Certificate.PublicKey.Oid.Value, "1.2.840.10040.4.1", StringComparison.Ordinal) == 0)
{
cmsg_signer_encode_info.HashEncryptionAlgorithm.pszObjId = "1.2.840.10040.4.3";
}
cmsg_signer_encode_info.cAuthAttr = (uint) signer.SignedAttributes.Count;
cmsg_signer_encode_info.rgAuthAttr = CreateCryptAttributes(signer.SignedAttributes);
cmsg_signer_encode_info.cUnauthAttr = (uint) signer.UnsignedAttributes.Count;
cmsg_signer_encode_info.rgUnauthAttr = CreateCryptAttributes(signer.UnsignedAttributes);
if (signer.SignerIdentifierType == SubjectIdentifierType.NoSignature)
{
cmsg_signer_encode_info.HashEncryptionAlgorithm.pszObjId = "1.3.6.1.5.5.7.6.2";
cmsg_signer_encode_info.pCertInfo = IntPtr.Zero;
cmsg_signer_encode_info.dwKeySpec = pdwKeySpec;
if (!System.Security.Cryptography.CAPI.CryptAcquireContext(ref invalidHandle, (string) null, (string) null, 1, 0xf0000000))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
cmsg_signer_encode_info.hCryptProv = invalidHandle.DangerousGetHandle();
GC.SuppressFinalize(invalidHandle);
cmsg_signer_encode_info.SignerId.dwIdChoice = 1;
X500DistinguishedName name = new X500DistinguishedName("CN=Dummy Signer") {
Oid = new Oid("1.3.6.1.4.1.311.21.9")
};
cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.Issuer.cbData = (uint) name.RawData.Length;
System.Security.Cryptography.SafeLocalAllocHandle handle2 = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr((long) cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.Issuer.cbData));
Marshal.Copy(name.RawData, 0, handle2.DangerousGetHandle(), name.RawData.Length);
cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.Issuer.pbData = handle2.DangerousGetHandle();
GC.SuppressFinalize(handle2);
cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.SerialNumber.cbData = 1;
System.Security.Cryptography.SafeLocalAllocHandle handle3 = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr((long) cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.SerialNumber.cbData));
byte* handle = (byte*) handle3.DangerousGetHandle();
handle[0] = 0;
cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.SerialNumber.pbData = handle3.DangerousGetHandle();
GC.SuppressFinalize(handle3);
return cmsg_signer_encode_info;
}
System.Security.Cryptography.SafeCertContextHandle certContext = System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(signer.Certificate);
if (!System.Security.Cryptography.CAPI.CAPISafe.CryptAcquireCertificatePrivateKey(certContext, silent ? 70 : 6, IntPtr.Zero, ref invalidHandle, ref pdwKeySpec, ref pfCallerFreeProv))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
cmsg_signer_encode_info.dwKeySpec = pdwKeySpec;
cmsg_signer_encode_info.hCryptProv = invalidHandle.DangerousGetHandle();
GC.SuppressFinalize(invalidHandle);
System.Security.Cryptography.CAPI.CERT_CONTEXT cert_context = *((System.Security.Cryptography.CAPI.CERT_CONTEXT*) certContext.DangerousGetHandle());
cmsg_signer_encode_info.pCertInfo = cert_context.pCertInfo;
if (signer.SignerIdentifierType == SubjectIdentifierType.SubjectKeyIdentifier)
{
uint pcbData = 0;
System.Security.Cryptography.SafeLocalAllocHandle pvData = System.Security.Cryptography.SafeLocalAllocHandle.InvalidHandle;
if (!System.Security.Cryptography.CAPI.CAPISafe.CertGetCertificateContextProperty(certContext, 20, pvData, ref pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (pcbData <= 0)
{
return cmsg_signer_encode_info;
}
pvData = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr((long) pcbData));
if (!System.Security.Cryptography.CAPI.CAPISafe.CertGetCertificateContextProperty(certContext, 20, pvData, ref pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
cmsg_signer_encode_info.SignerId.dwIdChoice = 2;
cmsg_signer_encode_info.SignerId.Value.KeyId.cbData = pcbData;
cmsg_signer_encode_info.SignerId.Value.KeyId.pbData = pvData.DangerousGetHandle();
GC.SuppressFinalize(pvData);
}
return cmsg_signer_encode_info;
}
