public void TestArgumentExceptions ()
{
var signer = new CmsSigner (Path.Combine ("..", "..", "TestData", "smime", "smime.p12"), "no.secret");
Assert.Throws<ArgumentNullException> (() => new CmsSigner ((IEnumerable<X509Certificate>) null, signer.PrivateKey));
Assert.Throws<ArgumentException> (() => new CmsSigner (new X509Certificate[0], signer.PrivateKey));
Assert.Throws<ArgumentNullException> (() => new CmsSigner (signer.CertificateChain, null));
Assert.Throws<ArgumentNullException> (() => new CmsSigner ((X509Certificate) null, signer.PrivateKey));
Assert.Throws<ArgumentNullException> (() => new CmsSigner (signer.Certificate, null));
Assert.Throws<ArgumentNullException> (() => new CmsSigner ((X509Certificate2) null));
Assert.Throws<ArgumentNullException> (() => new CmsSigner ((Stream) null, "password"));
Assert.Throws<ArgumentNullException> (() => new CmsSigner (Stream.Null, null));
Assert.Throws<ArgumentNullException> (() => new CmsSigner ((string) null, "password"));
Assert.Throws<ArgumentNullException> (() => new CmsSigner ("fileName", null));
}
/// <summary>
/// Cryptographically signs and encrypts the specified entity.
/// </summary>
/// <remarks>
/// Cryptographically signs entity using the supplied signer and then
/// encrypts the result to the specified recipients.
/// </remarks>
/// <returns>The signed and encrypted entity.</returns>
/// <param name="signer">The signer.</param>
/// <param name="recipients">The recipients.</param>
/// <param name="entity">The entity.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="recipients"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public static ApplicationPkcs7Mime SignAndEncrypt(CmsSigner signer, CmsRecipientCollection recipients, MimeEntity entity)
{
if (signer == null)
{
throw new ArgumentNullException("signer");
}
if (recipients == null)
{
throw new ArgumentNullException("recipients");
}
if (entity == null)
{
throw new ArgumentNullException("entity");
}
using (var ctx = (SecureMimeContext)CryptographyContext.Create("application/pkcs7-mime")) {
return(SignAndEncrypt(ctx, signer, recipients, entity));
}
}
/// <summary>
/// Signs and encrypts the specified content for the specified recipients.
/// </summary>
/// <param name="signer">The signer.</param>
/// <param name="recipients">The recipients.</param>
/// <param name="content">The content.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="recipients"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="content"/> is <c>null</c>.</para>
/// </exception>
public ApplicationPkcs7Mime SignAndEncrypt(CmsSigner signer, CmsRecipientCollection recipients, Stream content)
{
// FIXME: find out what exceptions BouncyCastle can throw...
if (signer == null)
{
throw new ArgumentNullException("signer");
}
if (recipients == null)
{
throw new ArgumentNullException("recipients");
}
if (content == null)
{
throw new ArgumentNullException("content");
}
using (var signed = Sign(signer, content, true)) {
return(new ApplicationPkcs7Mime(SecureMimeType.EnvelopedData, Envelope(recipients, signed)));
}
}
/// <summary>
/// Cryptographically signs and encrypts the specified entity.
/// </summary>
/// <remarks>
/// Cryptographically signs entity using the supplied signer and then
/// encrypts the result to the specified recipients.
/// </remarks>
/// <returns>The signed and encrypted entity.</returns>
/// <param name="ctx">The S/MIME context to use for signing and encrypting.</param>
/// <param name="signer">The signer.</param>
/// <param name="recipients">The recipients.</param>
/// <param name="entity">The entity.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="ctx"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="recipients"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public static ApplicationPkcs7Mime SignAndEncrypt(SecureMimeContext ctx, CmsSigner signer, CmsRecipientCollection recipients, MimeEntity entity)
{
if (ctx == null)
{
throw new ArgumentNullException("ctx");
}
if (signer == null)
{
throw new ArgumentNullException("signer");
}
if (recipients == null)
{
throw new ArgumentNullException("recipients");
}
if (entity == null)
{
throw new ArgumentNullException("entity");
}
return(Encrypt(ctx, recipients, MultipartSigned.Create(ctx, signer, entity)));
}
/// <summary>
/// Gets the <see cref="CmsSigner"/> for the specified mailbox.
/// </summary>
/// <remarks>
/// <para>Constructs a <see cref="CmsSigner"/> with the appropriate signing certificate
/// for the specified mailbox.</para>
/// <para>If the mailbox is a <see cref="SecureMailboxAddress"/>, the
/// <see cref="SecureMailboxAddress.Fingerprint"/> property will be used instead of
/// the mailbox address for database lookups.</para>
/// </remarks>
/// <returns>A <see cref="CmsSigner"/>.</returns>
/// <param name="mailbox">The mailbox.</param>
/// <param name="digestAlgo">The preferred digest algorithm.</param>
/// <exception cref="CertificateNotFoundException">
/// A certificate for the specified <paramref name="mailbox"/> could not be found.
/// </exception>
protected override CmsSigner GetCmsSigner(MailboxAddress mailbox, DigestAlgorithm digestAlgo)
{
var now = DateTime.UtcNow;
foreach (var certificate in certificates)
{
AsymmetricKeyParameter key;
if (certificate.NotBefore > now || certificate.NotAfter < now)
{
continue;
}
var keyUsage = certificate.GetKeyUsageFlags();
if (keyUsage != 0 && (keyUsage & SecureMimeContext.DigitalSignatureKeyUsageFlags) == 0)
{
continue;
}
if (!keys.TryGetValue(certificate, out key))
{
continue;
}
var address = certificate.GetSubjectEmailAddress();
if (address.Equals(mailbox.Address, StringComparison.OrdinalIgnoreCase))
{
var signer = new CmsSigner(certificate, key);
signer.DigestAlgorithm = digestAlgo;
return(signer);
}
}
throw new CertificateNotFoundException(mailbox, "A valid signing certificate could not be found.");
}
/// <summary>
/// Creates a new <see cref="MultipartSigned"/>.
/// </summary>
/// <remarks>
/// Cryptographically signs the entity using the supplied signer in order
/// to generate a detached signature and then adds the entity along with
/// the detached signature data to a new multipart/signed part.
/// </remarks>
/// <returns>A new <see cref="MultipartSigned"/> instance.</returns>
/// <param name="signer">The signer.</param>
/// <param name="entity">The entity to sign.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="System.NotSupportedException">
/// A cryptography context suitable for signing could not be found.
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public static MultipartSigned Create (CmsSigner signer, MimeEntity entity)
{
using (var ctx = (SecureMimeContext) CryptographyContext.Create ("application/pkcs7-signature")) {
return Create (ctx, signer, entity);
}
}
/// <summary>
/// Creates a new <see cref="MultipartSigned"/>.
/// </summary>
/// <remarks>
/// Cryptographically signs the entity using the supplied signer in order
/// to generate a detached signature and then adds the entity along with
/// the detached signature data to a new multipart/signed part.
/// </remarks>
/// <returns>A new <see cref="MultipartSigned"/> instance.</returns>
/// <param name="ctx">The S/MIME context to use for signing.</param>
/// <param name="signer">The signer.</param>
/// <param name="entity">The entity to sign.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="ctx"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public static MultipartSigned Create (SecureMimeContext ctx, CmsSigner signer, MimeEntity entity)
{
if (ctx == null)
throw new ArgumentNullException ("ctx");
if (signer == null)
throw new ArgumentNullException ("signer");
if (entity == null)
throw new ArgumentNullException ("entity");
PrepareEntityForSigning (entity);
using (var memory = new MemoryBlockStream ()) {
using (var filtered = new FilteredStream (memory)) {
// Note: see rfc3156, section 3 - second note
filtered.Add (new ArmoredFromFilter ());
// Note: see rfc3156, section 5.4 (this is the main difference between rfc2015 and rfc3156)
filtered.Add (new TrailingWhitespaceFilter ());
// Note: see rfc2015 or rfc3156, section 5.1
filtered.Add (new Unix2DosFilter ());
entity.WriteTo (filtered);
filtered.Flush ();
}
memory.Position = 0;
// Note: we need to parse the modified entity structure to preserve any modifications
var parser = new MimeParser (memory, MimeFormat.Entity);
var parsed = parser.ParseEntity ();
memory.Position = 0;
// sign the cleartext content
var micalg = ctx.GetDigestAlgorithmName (signer.DigestAlgorithm);
var signature = ctx.Sign (signer, memory);
var signed = new MultipartSigned ();
// set the protocol and micalg Content-Type parameters
signed.ContentType.Parameters["protocol"] = ctx.SignatureProtocol;
signed.ContentType.Parameters["micalg"] = micalg;
// add the modified/parsed entity as our first part
signed.Add (parsed);
// add the detached signature as the second part
signed.Add (signature);
return signed;
}
}
public void TestArgumentExceptions ()
{
var path = Path.Combine ("..", "..", "TestData", "smime", "smime.p12");
var entity = new TextPart ("plain") { Text = "This is some text..." };
var mailbox = new MailboxAddress ("MimeKit UnitTests", "*****@*****.**");
var recipients = new CmsRecipientCollection ();
var signer = new CmsSigner (path, "no.secret");
var mailboxes = new [] { mailbox };
recipients.Add (new CmsRecipient (signer.Certificate));
using (var ctx = new TemporarySecureMimeContext ()) {
using (var file = File.OpenRead (path))
ctx.Import (file, "no.secret");
// Compress
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Compress (null, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Compress (ctx, null));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Compress (null));
// Encrypt
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Encrypt (null, mailboxes, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Encrypt (null, recipients, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Encrypt (ctx, (IEnumerable<MailboxAddress>) null, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Encrypt (ctx, (CmsRecipientCollection) null, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Encrypt (ctx, recipients, null));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Encrypt (ctx, mailboxes, null));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Encrypt ((IEnumerable<MailboxAddress>) null, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Encrypt ((CmsRecipientCollection) null, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Encrypt (recipients, null));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Encrypt (mailboxes, null));
// Sign
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Sign (null, mailbox, DigestAlgorithm.Sha1, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Sign (null, signer, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Sign (ctx, (MailboxAddress) null, DigestAlgorithm.Sha1, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Sign (ctx, (CmsSigner) null, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Sign (ctx, mailbox, DigestAlgorithm.Sha1, null));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Sign (ctx, signer, null));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Sign ((MailboxAddress) null, DigestAlgorithm.Sha1, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Sign ((CmsSigner) null, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Sign (mailbox, DigestAlgorithm.Sha1, null));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.Sign (signer, null));
// SignAndEncrypt
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.SignAndEncrypt (null, mailbox, DigestAlgorithm.Sha1, mailboxes, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.SignAndEncrypt (ctx, null, DigestAlgorithm.Sha1, mailboxes, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.SignAndEncrypt (ctx, mailbox, DigestAlgorithm.Sha1, null, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.SignAndEncrypt (ctx, mailbox, DigestAlgorithm.Sha1, mailboxes, null));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.SignAndEncrypt (null, DigestAlgorithm.Sha1, mailboxes, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.SignAndEncrypt (mailbox, DigestAlgorithm.Sha1, null, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.SignAndEncrypt (mailbox, DigestAlgorithm.Sha1, mailboxes, null));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.SignAndEncrypt (null, signer, recipients, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.SignAndEncrypt (ctx, null, recipients, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.SignAndEncrypt (ctx, signer, null, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.SignAndEncrypt (ctx, signer, recipients, null));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.SignAndEncrypt (null, recipients, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.SignAndEncrypt (signer, null, entity));
Assert.Throws<ArgumentNullException> (() => ApplicationPkcs7Mime.SignAndEncrypt (signer, recipients, null));
var compressed = ApplicationPkcs7Mime.Compress (ctx, entity);
var encrypted = ApplicationPkcs7Mime.Encrypt (recipients, entity);
var signed = ApplicationPkcs7Mime.Sign (signer, entity);
// Decompress
Assert.Throws<ArgumentNullException> (() => compressed.Decompress (null));
Assert.Throws<InvalidOperationException> (() => encrypted.Decompress (ctx));
Assert.Throws<InvalidOperationException> (() => signed.Decompress (ctx));
// Decrypt
Assert.Throws<ArgumentNullException> (() => encrypted.Decrypt (null));
Assert.Throws<InvalidOperationException> (() => compressed.Decrypt (ctx));
Assert.Throws<InvalidOperationException> (() => signed.Decrypt (ctx));
// Verify
Assert.Throws<ArgumentNullException> (() => {
MimeEntity mime;
signed.Verify (null, out mime);
});
Assert.Throws<InvalidOperationException> (() => {
MimeEntity mime;
compressed.Verify (ctx, out mime);
});
Assert.Throws<InvalidOperationException> (() => {
MimeEntity mime;
encrypted.Verify (ctx, out mime);
});
}
}
/// <summary> /// Cryptographically signs and encapsulates the content using the specified signer. /// </summary> /// <remarks> /// Cryptographically signs and encapsulates the content using the specified signer. /// </remarks> /// <returns>A new <see cref="MimeKit.Cryptography.ApplicationPkcs7Mime"/> instance /// containing the detached signature data.</returns> /// <param name="signer">The signer.</param> /// <param name="content">The content.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="signer"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="content"/> is <c>null</c>.</para> /// </exception> public abstract ApplicationPkcs7Mime EncapsulatedSign(CmsSigner signer, Stream content);
/// <summary>
/// Sign the content using the specified signer.
/// </summary>
/// <returns>A new <see cref="MimeKit.Cryptography.ApplicationPkcs7Signature"/> instance
/// containing the detached signature data.</returns>
/// <param name="signer">The signer.</param>
/// <param name="content">The content.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="content"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public ApplicationPkcs7Signature Sign(CmsSigner signer, Stream content)
{
if (signer == null)
throw new ArgumentNullException ("signer");
if (signer.Certificate == null)
throw new ArgumentException ("No signer certificate specified.", "signer");
if (signer.PrivateKey == null)
throw new ArgumentException ("No private key specified.", "signer");
if (content == null)
throw new ArgumentNullException ("content");
return new ApplicationPkcs7Signature (Sign (signer, content, false));
}
public void MultipartSign (MimeMessage message, X509Certificate2 certificate)
{
// digitally sign our message body using our custom S/MIME cryptography context
using (var ctx = new MySecureMimeContext ()) {
var signer = new CmsSigner (certificate) {
DigestAlgorithm = DigestAlgorithm.Sha1
};
message.Body = MultipartSigned.Create (ctx, signer, message.Body);
}
}
/// <summary>
/// Gets the <see cref="CmsSigner"/> for the specified mailbox.
/// </summary>
/// <returns>A <see cref="CmsSigner"/>.</returns>
/// <param name="mailbox">The mailbox.</param>
/// <param name="digestAlgo">The preferred digest algorithm.</param>
/// <exception cref="CertificateNotFoundException">
/// A certificate for the specified <paramref name="mailbox"/> could not be found.
/// </exception>
protected override CmsSigner GetCmsSigner(MailboxAddress mailbox, DigestAlgorithm digestAlgo)
{
foreach (var certificate in certificates) {
AsymmetricKeyParameter key;
if (!keys.TryGetValue (certificate, out key))
continue;
if (certificate.GetSubjectEmailAddress () == mailbox.Address) {
var signer = new CmsSigner (certificate, key);
signer.DigestAlgorithm = digestAlgo;
return signer;
}
}
throw new CertificateNotFoundException (mailbox, "A valid signing certificate could not be found.");
}
/// <summary>
/// Gets the <see cref="CmsSigner"/> for the specified mailbox.
/// </summary>
/// <remarks>
/// <para>Constructs a <see cref="CmsSigner"/> with the appropriate signing certificate
/// for the specified mailbox.</para>
/// <para>If the mailbox is a <see cref="SecureMailboxAddress"/>, the
/// <see cref="SecureMailboxAddress.Fingerprint"/> property will be used instead of
/// the mailbox address for database lookups.</para>
/// </remarks>
/// <returns>A <see cref="CmsSigner"/>.</returns>
/// <param name="mailbox">The mailbox.</param>
/// <param name="digestAlgo">The preferred digest algorithm.</param>
/// <exception cref="CertificateNotFoundException">
/// A certificate for the specified <paramref name="mailbox"/> could not be found.
/// </exception>
protected override CmsSigner GetCmsSigner (MailboxAddress mailbox, DigestAlgorithm digestAlgo)
{
foreach (var record in dbase.Find (mailbox, DateTime.UtcNow, true, CmsSignerFields)) {
if (record.KeyUsage != X509KeyUsageFlags.None && (record.KeyUsage & SecureMimeContext.DigitalSignatureKeyUsageFlags) == 0)
continue;
var signer = new CmsSigner (record.Certificate, record.PrivateKey);
signer.DigestAlgorithm = digestAlgo;
return signer;
}
throw new CertificateNotFoundException (mailbox, "A valid signing certificate could not be found.");
}
/// <summary>
/// Gets the <see cref="CmsSigner"/> for the specified mailbox.
/// </summary>
/// <returns>A <see cref="CmsSigner"/>.</returns>
/// <param name="mailbox">The mailbox.</param>
/// <param name="digestAlgo">The preferred digest algorithm.</param>
/// <exception cref="CertificateNotFoundException">
/// A certificate for the specified <paramref name="mailbox"/> could not be found.
/// </exception>
protected override CmsSigner GetCmsSigner(MailboxAddress mailbox, DigestAlgorithm digestAlgo)
{
foreach (var certificate in store.Certificates) {
var key = store.GetPrivateKey (certificate);
if (key != null && certificate.GetSubjectEmailAddress () == mailbox.Address) {
var signer = new CmsSigner (certificate, key);
signer.DigestAlgorithm = digestAlgo;
return signer;
}
}
throw new CertificateNotFoundException (mailbox, "A valid signing certificate could not be found.");
}
/// <summary>
/// Creates a new <see cref="MultipartSigned"/>.
/// </summary>
/// <remarks>
/// Cryptographically signs the entity using the supplied signer in order
/// to generate a detached signature and then adds the entity along with
/// the detached signature data to a new multipart/signed part.
/// </remarks>
/// <returns>A new <see cref="MultipartSigned"/> instance.</returns>
/// <param name="signer">The signer.</param>
/// <param name="entity">The entity to sign.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="System.NotSupportedException">
/// A cryptography context suitable for signing could not be found.
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public static MultipartSigned Create(CmsSigner signer, MimeEntity entity)
{
using (var ctx = (SecureMimeContext)CryptographyContext.Create("application/pkcs7-signature"))
return(Create(ctx, signer, entity));
}
/// <summary>
/// Gets the <see cref="CmsSigner"/> for the specified mailbox.
/// </summary>
/// <returns>A <see cref="CmsSigner"/>.</returns>
/// <param name="mailbox">The mailbox.</param>
/// <param name="digestAlgo">The preferred digest algorithm.</param>
/// <exception cref="CertificateNotFoundException">
/// A certificate for the specified <paramref name="mailbox"/> could not be found.
/// </exception>
protected override CmsSigner GetCmsSigner (MailboxAddress mailbox, DigestAlgorithm digestAlgo)
{
var now = DateTime.Now;
foreach (var certificate in certificates) {
AsymmetricKeyParameter key;
if (certificate.NotBefore > now || certificate.NotAfter < now)
continue;
var keyUsage = certificate.GetKeyUsageFlags ();
if (keyUsage != 0 && (keyUsage & SecureMimeContext.DigitalSignatureKeyUsageFlags) == 0)
continue;
if (!keys.TryGetValue (certificate, out key))
continue;
if (certificate.GetSubjectEmailAddress () == mailbox.Address) {
var signer = new CmsSigner (certificate, key);
signer.DigestAlgorithm = digestAlgo;
return signer;
}
}
throw new CertificateNotFoundException (mailbox, "A valid signing certificate could not be found.");
}
/// <summary>
/// Cryptographically signs the specified entity.
/// </summary>
/// <remarks>
/// <para>Signs the entity using the supplied signer and <see cref="SecureMimeContext"/>.</para>
/// <para>For better interoperability with other mail clients, you should use
/// <see cref="MultipartSigned.Create(SecureMimeContext, CmsSigner, MimeEntity)"/>
/// instead as the multipart/signed format is supported among a much larger
/// subset of mail client software.</para>
/// </remarks>
/// <returns>The signed entity.</returns>
/// <param name="ctx">The S/MIME context to use for signing.</param>
/// <param name="signer">The signer.</param>
/// <param name="entity">The entity.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="ctx"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public static ApplicationPkcs7Mime Sign (SecureMimeContext ctx, CmsSigner signer, MimeEntity entity)
{
if (ctx == null)
throw new ArgumentNullException ("ctx");
if (signer == null)
throw new ArgumentNullException ("signer");
if (entity == null)
throw new ArgumentNullException ("entity");
using (var memory = new MemoryBlockStream ()) {
var options = FormatOptions.CloneDefault ();
options.NewLineFormat = NewLineFormat.Dos;
entity.WriteTo (options, memory);
memory.Position = 0;
return ctx.EncapsulatedSign (signer, memory);
}
}
/// <summary>
/// Sign and encapsulate the content using the specified signer.
/// </summary>
/// <returns>A new <see cref="MimeKit.Cryptography.ApplicationPkcs7Mime"/> instance
/// containing the detached signature data.</returns>
/// <param name="signer">The signer.</param>
/// <param name="content">The content.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="content"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public ApplicationPkcs7Mime EncapsulatedSign(CmsSigner signer, Stream content)
{
if (signer == null)
throw new ArgumentNullException ("signer");
if (signer.Certificate == null)
throw new ArgumentException ("No signer certificate specified.", "signer");
if (signer.PrivateKey == null)
throw new ArgumentException ("No private key specified.", "signer");
if (content == null)
throw new ArgumentNullException ("content");
return new ApplicationPkcs7Mime (SecureMimeType.SignedData, Sign (signer, content, true));
}
/// <summary>
/// Cryptographically signs the specified entity.
/// </summary>
/// <remarks>
/// <para>Signs the entity using the supplied signer.</para>
/// <para>For better interoperability with other mail clients, you should use
/// <see cref="MultipartSigned.Create(SecureMimeContext, CmsSigner, MimeEntity)"/>
/// instead as the multipart/signed format is supported among a much larger
/// subset of mail client software.</para>
/// </remarks>
/// <returns>The signed entity.</returns>
/// <param name="signer">The signer.</param>
/// <param name="entity">The entity.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public static ApplicationPkcs7Mime Sign (CmsSigner signer, MimeEntity entity)
{
if (signer == null)
throw new ArgumentNullException ("signer");
if (entity == null)
throw new ArgumentNullException ("entity");
using (var ctx = (SecureMimeContext) CryptographyContext.Create ("application/pkcs7-mime")) {
return Sign (ctx, signer, entity);
}
}
Stream Sign(CmsSigner signer, Stream content, bool encapsulate)
{
var cms = new CmsSignedDataStreamGenerator ();
cms.AddSigner (signer.PrivateKey, signer.Certificate, GetDigestOid (signer.DigestAlgorithm),
signer.SignedAttributes, signer.UnsignedAttributes);
var memory = new MemoryStream ();
using (var stream = cms.Open (memory, encapsulate)) {
content.CopyTo (stream, 4096);
}
memory.Position = 0;
return memory;
}
/// <summary>
/// Cryptographically signs and encrypts the specified entity.
/// </summary>
/// <remarks>
/// Cryptographically signs entity using the supplied signer and then
/// encrypts the result to the specified recipients.
/// </remarks>
/// <returns>The signed and encrypted entity.</returns>
/// <param name="ctx">The S/MIME context to use for signing and encrypting.</param>
/// <param name="signer">The signer.</param>
/// <param name="recipients">The recipients.</param>
/// <param name="entity">The entity.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="ctx"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="recipients"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public static ApplicationPkcs7Mime SignAndEncrypt (SecureMimeContext ctx, CmsSigner signer, CmsRecipientCollection recipients, MimeEntity entity)
{
if (ctx == null)
throw new ArgumentNullException ("ctx");
if (signer == null)
throw new ArgumentNullException ("signer");
if (recipients == null)
throw new ArgumentNullException ("recipients");
if (entity == null)
throw new ArgumentNullException ("entity");
return Encrypt (ctx, recipients, MultipartSigned.Create (ctx, signer, entity));
}
/// <summary> /// Cryptographically signs the content using the specified signer. /// </summary> /// <remarks> /// Cryptographically signs the content using the specified signer. /// </remarks> /// <returns>A new <see cref="MimeKit.Cryptography.ApplicationPkcs7Signature"/> instance /// containing the detached signature data.</returns> /// <param name="signer">The signer.</param> /// <param name="content">The content.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="signer"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="content"/> is <c>null</c>.</para> /// </exception> public abstract ApplicationPkcs7Signature Sign(CmsSigner signer, Stream content);
/// <summary>
/// Cryptographically signs and encrypts the specified entity.
/// </summary>
/// <remarks>
/// Cryptographically signs entity using the supplied signer and then
/// encrypts the result to the specified recipients.
/// </remarks>
/// <returns>The signed and encrypted entity.</returns>
/// <param name="signer">The signer.</param>
/// <param name="recipients">The recipients.</param>
/// <param name="entity">The entity.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="recipients"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public static ApplicationPkcs7Mime SignAndEncrypt (CmsSigner signer, CmsRecipientCollection recipients, MimeEntity entity)
{
if (signer == null)
throw new ArgumentNullException ("signer");
if (recipients == null)
throw new ArgumentNullException ("recipients");
if (entity == null)
throw new ArgumentNullException ("entity");
using (var ctx = (SecureMimeContext) CryptographyContext.Create ("application/pkcs7-mime")) {
return SignAndEncrypt (ctx, signer, recipients, entity);
}
}
