public Stream ToBeSigned(Document document, SignatureParameters parameters)
{
if (document is null)
{
throw new ArgumentNullException(nameof(document));
}
if (parameters is null)
{
throw new ArgumentNullException(nameof(parameters));
}
if (parameters.SignaturePackaging != SignaturePackaging.ENVELOPING && parameters.SignaturePackaging != SignaturePackaging.DETACHED)
{
throw new ArgumentException("Unsupported signature packaging " + parameters.SignaturePackaging);
}
byte[] toBeSigned = Streams.ReadAll(document.OpenStream());
CmsProcessableByteArray content = new CmsProcessableByteArray(toBeSigned);
bool includeContent = true;
if (parameters.SignaturePackaging == SignaturePackaging.DETACHED)
{
includeContent = false;
}
CmsSignedData signed = CreateCMSSignedDataGenerator(parameters, GetSigningProfile(parameters), false, null).Generate(content, includeContent);
var e = signed.GetSignerInfos().GetSigners().GetEnumerator();
e.MoveNext();
var si = e.Current as SignerInformation;
return(new MemoryStream(si.GetEncodedSignedAttributes()));
}
private CAdESSignatureExtension GetExtensionProfile(SignatureParameters parameters)
{
SignatureProfile signFormat = parameters.SignatureProfile;
if (signFormat == SignatureProfile.BES || signFormat == SignatureProfile.EPES)
{
return(null);
}
else if (signFormat == SignatureProfile.T)
{
CAdESProfileT extensionT = new CAdESProfileT
{
SignatureTsa = tspSource
};
return(extensionT);
}
else if (signFormat == SignatureProfile.C)
{
CAdESProfileC extensionC = new CAdESProfileC
{
SignatureTsa = tspSource,
CertificateVerifier = verifier
};
return(extensionC);
}
else if (signFormat == SignatureProfile.XType1 || signFormat == SignatureProfile.XType2)
{
CAdESProfileX extensionX = new CAdESProfileX
{
SignatureTsa = tspSource
};
extensionX.SetExtendedValidationType(signFormat == SignatureProfile.XType1 ? 1 : 2);
extensionX.CertificateVerifier = verifier;
return(extensionX);
}
else if (signFormat == SignatureProfile.XL || signFormat == SignatureProfile.XLType1 || signFormat == SignatureProfile.XLType2)
{
CAdESProfileXL extensionXL = new CAdESProfileXL
{
SignatureTsa = tspSource
};
extensionXL.SetExtendedValidationType(signFormat == SignatureProfile.XL ? 1 : signFormat == SignatureProfile.XLType1 ? 1 : 2);
extensionXL.CertificateVerifier = verifier;
return(extensionXL);
}
else if (signFormat == SignatureProfile.A)
{
CAdESProfileA extensionA = new CAdESProfileA
{
SignatureTsa = tspSource,
CertificateVerifier = verifier
};
extensionA.SetExtendedValidationType(1);
return(extensionA);
}
throw new ArgumentException("Unsupported signature format " + parameters.SignatureProfile);
}
/// <summary>
/// Because some information are stored in the profile, a profile is not Thread-safe.
/// </summary>
/// <remarks>
/// Because some information are stored in the profile, a profile is not Thread-safe. The software must create one
/// for each request.
/// </remarks>
/// <returns>A new instance of signatureProfile corresponding to the parameters.</returns>
private CAdESProfileBES GetSigningProfile(SignatureParameters parameters)
{
var signFormat = parameters.SignatureProfile;
if (signFormat.Equals(SignatureProfile.BES))
{
return(new CAdESProfileBES());
}
return(new CAdESProfileEPES());
}
private CmsSignedDataGenerator CreateCMSSignedDataGenerator(SignatureParameters parameters, CAdESProfileBES cadesProfile, bool includeUnsignedAttributes = true, CmsSignedData originalSignedData = null, byte[] signature = null)
{
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
X509Certificate signerCertificate = parameters.SigningCertificate;
CmsAttributeTableGenerator signedAttrGen = new DefaultSignedAttributeTableGenerator(new AttributeTable(cadesProfile.GetSignedAttributes(parameters) as System.Collections.IDictionary));
CmsAttributeTableGenerator unsignedAttrGen = new SimpleAttributeTableGenerator(includeUnsignedAttributes ? new AttributeTable(cadesProfile.GetUnsignedAttributes(parameters) as System.Collections.IDictionary) : null);
var builder = new SignerInfoGeneratorBuilder().WithSignedAttributeGenerator(signedAttrGen).WithUnsignedAttributeGenerator(unsignedAttrGen);
generator.AddSignerInfoGenerator(builder.Build(new ReadySignatureFactory(new PreComputedSigner(signature), parameters.DigestWithEncriptionOID), signerCertificate));
if (originalSignedData != null)
{
generator.AddSigners(originalSignedData.GetSignerInfos());
}
var certs = new List <X509Certificate>
{
parameters.SigningCertificate
};
if (parameters.CertificateChain != null)
{
foreach (X509Certificate c in parameters.CertificateChain)
{
if (!c.SubjectDN.Equals(parameters.SigningCertificate.SubjectDN))
{
certs.Add(c);
}
}
}
IX509Store certStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs));
generator.AddCertificates(certStore);
if (originalSignedData != null)
{
generator.AddCertificates(originalSignedData.GetCertificates("Collection"));
}
return(generator);
}
public Document GetSignedDocument(Document document, SignatureParameters parameters, byte[] signatureValue)
{
if (document is null)
{
throw new ArgumentNullException(nameof(document));
}
if (parameters is null)
{
throw new ArgumentNullException(nameof(parameters));
}
if (parameters.SignaturePackaging
!= SignaturePackaging.ENVELOPING && parameters.SignaturePackaging != SignaturePackaging.DETACHED)
{
throw new ArgumentException("Unsupported signature packaging " + parameters.SignaturePackaging);
}
CmsSignedDataGenerator generator = CreateCMSSignedDataGenerator(parameters, GetSigningProfile(parameters), true, null, signatureValue);
byte[] toBeSigned = Streams.ReadAll(document.OpenStream());
CmsProcessableByteArray content = new CmsProcessableByteArray(toBeSigned);
bool includeContent = true;
if (parameters.SignaturePackaging == SignaturePackaging.DETACHED)
{
includeContent = false;
}
CmsSignedData data = generator.Generate(content, includeContent);
CAdESSignatureExtension extension = GetExtensionProfile(parameters);
Document signedDocument = new CMSSignedDocument(data);
if (extension != null)
{
signedDocument = extension.ExtendSignatures(signedDocument, document, parameters);
}
return(signedDocument);
}
public virtual Document ExtendDocument(Document document, Document originalDocument, SignatureParameters parameters)
{
if (parameters is null)
{
throw new ArgumentNullException(nameof(parameters));
}
CAdESSignatureExtension extension = GetExtensionProfile(parameters);
if (extension != null)
{
return(extension.ExtendSignatures(document, originalDocument, parameters));
}
else
{
throw new ArgumentException("No extension for " + parameters.SignatureProfile);
}
}