Beispiel #1
0
        /// <summary>
        /// 对待签名数据签名
        /// </summary>
        /// <param name="inData">在操作过程中请勿对流进行关闭</param>
        /// <param name="propertyInfo">签章属性信息</param>
        /// <returns></returns>
        public override byte[] Sign(Stream inData, string propertyInfo)
        {
            //原文杂凑值计算
            GeneralDigest digest = GetDigest();

            byte[] block = inData.ToArray();
            digest.BlockUpdate(block, 0, block.Length);
            byte[] outBytes = new byte[32];
            digest.DoFinal(outBytes, 0);

            //计算杂凑值
            DerUtcTime signTime = new DerUtcTime(DateTime.Now);
            TbsSign    tbsSign  = new TbsSign
            {
                Version            = new DerInteger(1),
                EsSeal             = _seal,
                TimeInfo           = new DerBitString(signTime),
                DataHash           = new DerBitString(outBytes),
                PropertyInfo       = new DerIA5String(propertyInfo),
                Cert               = new DerOctetString(_certificate.GetEncoded()),
                SignatureAlgorithm = GetSignAlgOId()
            };
            ISigner signer = SignerUtilities.GetSigner(GMObjectIdentifiers.sm2sign_with_sm3);

            signer.Init(true, _privateKey);
            byte[] signBytes = tbsSign.GetDerEncoded();
            signer.BlockUpdate(signBytes, 0, signBytes.Length);
            byte[]       sign         = signer.GenerateSignature();
            SesSignature sesSignature = new SesSignature(tbsSign, new DerBitString(sign));

            return(sesSignature.GetDerEncoded());
        }
Beispiel #2
0
        /// <summary>
        /// 对待签名数据签名
        /// </summary>
        /// <param name="inData">在操作过程中请勿对流进行关闭</param>
        /// <param name="propertyInfo">签章属性信息</param>
        /// <returns></returns>
        public override byte[] Sign(Stream inData, string propertyInfo)
        {
            GeneralDigest md = GetDigest();

            byte[] input = inData.ToArray();
            md.BlockUpdate(input, 0, input.Length);
            byte[] output = new byte[32];
            md.DoFinal(output, 0);

            TbsSign tbsSign = new TbsSign
            {
                Version      = SesHeader.V4,
                EsSeal       = _seal,
                TimeInfo     = new DerGeneralizedTime(DateTime.Now),
                DataHash     = new DerBitString(output),
                PropertyInfo = new DerIA5String(propertyInfo)
            };
            ISigner signer = SignerUtilities.GetSigner(GMObjectIdentifiers.sm2sign_with_sm3);

            signer.Init(true, _privateKey);
            byte[] toSign = tbsSign.GetDerEncoded();
            signer.BlockUpdate(toSign, 0, toSign.Length);
            byte[] signed = signer.GenerateSignature();

            SesSignature sesSignature = new SesSignature(tbsSign, new DerOctetString(_certificate.GetEncoded()), GMObjectIdentifiers.sm2sign_with_sm3, new DerBitString(signed));

            return(sesSignature.GetDerEncoded());
        }
Beispiel #3
0
        /// <summary>
        /// 签名数据验证
        /// </summary>
        /// <param name="type">电子签名类型</param>
        /// <param name="tbsContent">待签章内容</param>
        /// <param name="signedValue">电子签章数据或签名值(SignedValue.xml文件内容)</param>
        public override VerifyResult Validate(SigType type, byte[] tbsContent, byte[] signedValue)
        {
            if (type == SigType.Sign)
            {
                throw new ArgumentOutOfRangeException(nameof(type), "签名类型(type)必须是 Seal,不支持电子印章验证");
            }
            //计算原文摘要
            SM3Digest md = new SM3Digest();

            md.BlockUpdate(tbsContent, 0, tbsContent.Length);
            byte[] output = new byte[32];
            md.DoFinal(output, 0);

            SesSignature sesSignature = SesSignature.GetInstance(signedValue);
            TbsSign      toSign       = sesSignature.TbsSign;

            byte[] exceptHash = toSign.DataHash.GetOctets();
            if (!Arrays.AreEqual(output, exceptHash))
            {
                return(VerifyResult.SignedNotMatch);
            }
            //加载证书
            byte[] certDer = sesSignature.Cert.GetOctets();
            X509CertificateParser parser = new X509CertificateParser();
            X509Certificate       cert   = parser.ReadCertificate(certDer);

            //判断证书是否过期
            if (!cert.IsValid(DateTime.Now))
            {
                return(VerifyResult.SealOutdated);
            }
            //获取签名验证对象
            ISigner signer           = SignerUtilities.GetSigner(sesSignature.SignatureAlgId);
            AsymmetricKeyParameter p = cert.GetPublicKey();

            signer.Init(false, p);
            byte[] buf = toSign.GetDerEncoded();
            signer.BlockUpdate(buf, 0, buf.Length);

            //预期的电子签章数据,签章值
            byte[] expect = sesSignature.Signature.GetOctets();

            //验证签名
            bool result = signer.VerifySignature(expect);

            return(result ? VerifyResult.Success : VerifyResult.SealTampered);
        }
        public override VerifyResult Validate(SigType type, byte[] tbsContent, byte[] signedValue)
        {
            if (type == SigType.Sign)
            {
                throw new ArgumentOutOfRangeException(nameof(type), "签名类型(type)必须是 Seal,不支持电子印章验证");
            }

            // 计算原文摘要
            GeneralDigest md = new SM3Digest();

            md.BlockUpdate(tbsContent, 0, tbsContent.Length);
            byte[] expect = new byte[32];
            md.DoFinal(expect, 0);

            SesSignature sesSignature = SesSignature.GetInstance(signedValue);
            TbsSign      toSign       = sesSignature.ToSign;

            byte[] expectDataHash = toSign.DataHash.GetOctets();

            // 比较原文摘要
            if (!Arrays.AreEqual(expect, expectDataHash))
            {
                return(VerifyResult.SignedTampered);
            }

            // 预期的电子签章数据,签章值
            byte[]  expSigVal = sesSignature.Signature.GetOctets();
            ISigner sg        = SignerUtilities.GetSigner(toSign.SignatureAlgorithm);

            byte[] certDer = toSign.Cert.GetOctets();

            // 构造证书对象
            X509Certificate        x509Certificate = new X509CertificateParser().ReadCertificate(certDer);
            AsymmetricKeyParameter p = x509Certificate.GetPublicKey();

            sg.Init(false, p);

            byte[] input = toSign.GetDerEncoded();
            sg.BlockUpdate(input, 0, input.Length);

            if (!sg.VerifySignature(expSigVal))
            {
                return(VerifyResult.SignedTampered);
            }
            return(VerifyResult.Success);
        }
Beispiel #5
0
        public override void Validate(SigType type, string signAlgName, byte[] tbsContent, byte[] signedValue)
        {
            if (type == SigType.Sign)
            {
                throw new ArgumentOutOfRangeException(nameof(type), "签名类型(type)必须是 Seal,不支持电子印章验证");
            }



            // 计算原文摘要
            GeneralDigest md = new SM3Digest();

            md.BlockUpdate(tbsContent, 0, tbsContent.Length);
            byte[] expect = new byte[32];
            md.DoFinal(expect, 0);

            SesSignature sesSignature = SesSignature.GetInstance(signedValue);
            TbsSign      toSign       = sesSignature.ToSign;

            byte[] expectDataHash = toSign.DataHash.GetOctets();


            // 比较原文摘要
            if (!Arrays.AreEqual(expect, expectDataHash))
            {
                //throw new InvalidSignedValueException("Signature.xml 文件被篡改,电子签章失效。("+ toSign.getPropertyInfo().getString() + ")");
            }

            //sg.initVerify(signCert);
            //sg.update(toSign.getEncoded("DER"));
            //if (!sg.verify(expSigVal))
            //{
            //    throw new InvalidSignedValueException("电子签章数据签名值不匹配,电子签章数据失效。");
            //}

            // 预期的电子签章数据,签章值
            byte[] expSigVal = sesSignature.Signature.GetOctets();

            //Signature sg = Signature(toSign.getSignatureAlgorithm().getId(),new BouncyCastleProvider());
            ISigner sg = SignerUtilities.GetSigner(GMObjectIdentifiers.sm2encrypt_with_sm3);

            byte[] certDER = toSign.Cert.GetOctets();

            //new  X509V1CertificateGenerator().Generate()

            // 构造证书对象
            //Certificate signCert = new CertificateFactory().engineGenerateCertificate(new ByteArrayInputStream(certDER));
            //X509Certificate x509Certificate = new X509Certificate(new X509CertificateStructure(TbsCertificateStructure.GetInstance(certDER), null, new DerBitString(certDER)));
            X509Certificate x509Certificate = new X509CertificateParser().ReadCertificate(certDER);
            //x509Certificate.Verify();
            AsymmetricKeyParameter p = x509Certificate.GetPublicKey();

            sg.Init(false, p);

            //System.Security.Cryptography.X509Certificates.X509Certificate x509 = new System.Security.Cryptography.X509Certificates.X509Certificate(certDER);
            //sg.Init(false,new ECPublicKeyParameters());


            // 获取一条SM2曲线参数
            X9ECParameters sm2EcParameters = GMNamedCurves.GetByName("sm2p256v1");
            // 构造domain参数
            ECDomainParameters domainParameters = new ECDomainParameters(sm2EcParameters.Curve, sm2EcParameters.G, sm2EcParameters.N);
            //提取公钥点
            ECPoint pukPoint = sm2EcParameters.Curve.DecodePoint(certDER);
            // 公钥前面的02或者03表示是压缩公钥,04表示未压缩公钥, 04的时候,可以去掉前面的04
            ECPublicKeyParameters publicKeyParameters = new ECPublicKeyParameters(pukPoint, domainParameters);

            sg.Init(false, publicKeyParameters);


            byte[] input = toSign.GetDerEncoded();
            sg.BlockUpdate(input, 0, input.Length);

            bool pass = sg.VerifySignature(expSigVal);

            if (!pass)
            {
                throw new Exception();
            }
        }