Beispiel #1
0
        public Stream ToBeSigned(Document document, SignatureParameters parameters)
        {
            if (document is null)
            {
                throw new ArgumentNullException(nameof(document));
            }
            if (parameters is null)
            {
                throw new ArgumentNullException(nameof(parameters));
            }

            if (parameters.SignaturePackaging != SignaturePackaging.ENVELOPING && parameters.SignaturePackaging != SignaturePackaging.DETACHED)
            {
                throw new ArgumentException("Unsupported signature packaging " + parameters.SignaturePackaging);
            }

            byte[] toBeSigned = Streams.ReadAll(document.OpenStream());
            CmsProcessableByteArray content = new CmsProcessableByteArray(toBeSigned);
            bool includeContent             = true;

            if (parameters.SignaturePackaging == SignaturePackaging.DETACHED)
            {
                includeContent = false;
            }
            CmsSignedData signed = CreateCMSSignedDataGenerator(parameters, GetSigningProfile(parameters), false, null).Generate(content, includeContent);

            var e = signed.GetSignerInfos().GetSigners().GetEnumerator();

            e.MoveNext();
            var si = e.Current as SignerInformation;

            return(new MemoryStream(si.GetEncodedSignedAttributes()));
        }
Beispiel #2
0
        private CAdESSignatureExtension GetExtensionProfile(SignatureParameters parameters)
        {
            SignatureProfile signFormat = parameters.SignatureProfile;

            if (signFormat == SignatureProfile.BES || signFormat == SignatureProfile.EPES)
            {
                return(null);
            }
            else if (signFormat == SignatureProfile.T)
            {
                CAdESProfileT extensionT = new CAdESProfileT
                {
                    SignatureTsa = tspSource
                };
                return(extensionT);
            }
            else if (signFormat == SignatureProfile.C)
            {
                CAdESProfileC extensionC = new CAdESProfileC
                {
                    SignatureTsa        = tspSource,
                    CertificateVerifier = verifier
                };
                return(extensionC);
            }
            else if (signFormat == SignatureProfile.XType1 || signFormat == SignatureProfile.XType2)
            {
                CAdESProfileX extensionX = new CAdESProfileX
                {
                    SignatureTsa = tspSource
                };

                extensionX.SetExtendedValidationType(signFormat == SignatureProfile.XType1 ? 1 : 2);
                extensionX.CertificateVerifier = verifier;
                return(extensionX);
            }
            else if (signFormat == SignatureProfile.XL || signFormat == SignatureProfile.XLType1 || signFormat == SignatureProfile.XLType2)
            {
                CAdESProfileXL extensionXL = new CAdESProfileXL
                {
                    SignatureTsa = tspSource
                };
                extensionXL.SetExtendedValidationType(signFormat == SignatureProfile.XL ? 1 : signFormat == SignatureProfile.XLType1 ? 1 : 2);
                extensionXL.CertificateVerifier = verifier;
                return(extensionXL);
            }
            else if (signFormat == SignatureProfile.A)
            {
                CAdESProfileA extensionA = new CAdESProfileA
                {
                    SignatureTsa        = tspSource,
                    CertificateVerifier = verifier
                };
                extensionA.SetExtendedValidationType(1);
                return(extensionA);
            }

            throw new ArgumentException("Unsupported signature format " + parameters.SignatureProfile);
        }
Beispiel #3
0
        /// <summary>
        /// Because some information are stored in the profile, a profile is not Thread-safe.
        /// </summary>
        /// <remarks>
        /// Because some information are stored in the profile, a profile is not Thread-safe. The software must create one
        /// for each request.
        /// </remarks>
        /// <returns>A new instance of signatureProfile corresponding to the parameters.</returns>
        private CAdESProfileBES GetSigningProfile(SignatureParameters parameters)
        {
            var signFormat = parameters.SignatureProfile;

            if (signFormat.Equals(SignatureProfile.BES))
            {
                return(new CAdESProfileBES());
            }

            return(new CAdESProfileEPES());
        }
Beispiel #4
0
        private CmsSignedDataGenerator CreateCMSSignedDataGenerator(SignatureParameters parameters, CAdESProfileBES cadesProfile, bool includeUnsignedAttributes = true, CmsSignedData originalSignedData = null, byte[] signature = null)
        {
            CmsSignedDataGenerator generator         = new CmsSignedDataGenerator();
            X509Certificate        signerCertificate = parameters.SigningCertificate;

            CmsAttributeTableGenerator signedAttrGen = new DefaultSignedAttributeTableGenerator(new AttributeTable(cadesProfile.GetSignedAttributes(parameters) as System.Collections.IDictionary));

            CmsAttributeTableGenerator unsignedAttrGen = new SimpleAttributeTableGenerator(includeUnsignedAttributes ? new AttributeTable(cadesProfile.GetUnsignedAttributes(parameters) as System.Collections.IDictionary) : null);

            var builder = new SignerInfoGeneratorBuilder().WithSignedAttributeGenerator(signedAttrGen).WithUnsignedAttributeGenerator(unsignedAttrGen);

            generator.AddSignerInfoGenerator(builder.Build(new ReadySignatureFactory(new PreComputedSigner(signature), parameters.DigestWithEncriptionOID), signerCertificate));

            if (originalSignedData != null)
            {
                generator.AddSigners(originalSignedData.GetSignerInfos());
            }
            var certs = new List <X509Certificate>
            {
                parameters.SigningCertificate
            };

            if (parameters.CertificateChain != null)
            {
                foreach (X509Certificate c in parameters.CertificateChain)
                {
                    if (!c.SubjectDN.Equals(parameters.SigningCertificate.SubjectDN))
                    {
                        certs.Add(c);
                    }
                }
            }
            IX509Store certStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs));

            generator.AddCertificates(certStore);
            if (originalSignedData != null)
            {
                generator.AddCertificates(originalSignedData.GetCertificates("Collection"));
            }
            return(generator);
        }
Beispiel #5
0
        public Document GetSignedDocument(Document document, SignatureParameters parameters, byte[] signatureValue)
        {
            if (document is null)
            {
                throw new ArgumentNullException(nameof(document));
            }
            if (parameters is null)
            {
                throw new ArgumentNullException(nameof(parameters));
            }

            if (parameters.SignaturePackaging
                != SignaturePackaging.ENVELOPING && parameters.SignaturePackaging != SignaturePackaging.DETACHED)
            {
                throw new ArgumentException("Unsupported signature packaging " + parameters.SignaturePackaging);
            }
            CmsSignedDataGenerator generator = CreateCMSSignedDataGenerator(parameters, GetSigningProfile(parameters), true, null, signatureValue);

            byte[] toBeSigned = Streams.ReadAll(document.OpenStream());
            CmsProcessableByteArray content = new CmsProcessableByteArray(toBeSigned);
            bool includeContent             = true;

            if (parameters.SignaturePackaging == SignaturePackaging.DETACHED)
            {
                includeContent = false;
            }
            CmsSignedData           data      = generator.Generate(content, includeContent);
            CAdESSignatureExtension extension = GetExtensionProfile(parameters);
            Document signedDocument           = new CMSSignedDocument(data);

            if (extension != null)
            {
                signedDocument = extension.ExtendSignatures(signedDocument, document, parameters);
            }

            return(signedDocument);
        }
Beispiel #6
0
        public virtual Document ExtendDocument(Document document, Document originalDocument, SignatureParameters parameters)
        {
            if (parameters is null)
            {
                throw new ArgumentNullException(nameof(parameters));
            }

            CAdESSignatureExtension extension = GetExtensionProfile(parameters);

            if (extension != null)
            {
                return(extension.ExtendSignatures(document, originalDocument, parameters));
            }
            else
            {
                throw new ArgumentException("No extension for " + parameters.SignatureProfile);
            }
        }