| public GetCertificates ( string type ) : IX509Store | ||
| type | string | |
| return | IX509Store | |
static void Main(string[] args)
{
//if (args.Length > 0)
//string fullFileName = Path.GetFullPath(args[0]);
foreach (string fileName in Directory.GetFiles("p7m"))
{
FileStream file = new FileStream(fileName, FileMode.Open);
bool isValid = true;
Console.WriteLine("File to decrypt: " + fileName);
try
{
CmsSignedData signedFile = new CmsSignedData(file);
IX509Store certStore = signedFile.GetCertificates("Collection");
ICollection certs = certStore.GetMatches(new X509CertStoreSelector());
SignerInformationStore signerStore = signedFile.GetSignerInfos();
ICollection signers = signerStore.GetSigners();
foreach (object tempCertification in certs)
{
X509Certificate certification = tempCertification as X509Certificate;
foreach (object tempSigner in signers)
{
SignerInformation signer = tempSigner as SignerInformation;
if (!signer.Verify(certification.GetPublicKey()))
{
isValid = false;
break;
}
}
}
string newFileName = Path.Combine(Directory.CreateDirectory("p7m-extracted").Name, Path.GetFileNameWithoutExtension(fileName));
using (var fileStream = new FileStream(newFileName, FileMode.Create, FileAccess.Write))
{
signedFile.SignedContent.Write(fileStream);
Console.WriteLine("File decrypted: " + newFileName);
}
}
catch (Exception ex)
{
isValid = false;
}
Console.WriteLine("File valid: " + isValid);
; }
Console.ReadLine();
}
public void TestSha1AndMD5WithRsaEncapsulatedRepeated()
{
IList certList = new ArrayList();
CmsProcessable msg = new CmsProcessableByteArray(Encoding.ASCII.GetBytes("Hello World!"));
certList.Add(OrigCert);
certList.Add(SignCert);
IX509Store x509Certs = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(certList));
CmsSignedDataGenerator gen = new CmsSignedDataGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataGenerator.DigestSha1);
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataGenerator.DigestMD5);
gen.AddCertificates(x509Certs);
CmsSignedData s = gen.Generate(msg, true);
s = new CmsSignedData(ContentInfo.GetInstance(Asn1Object.FromByteArray(s.GetEncoded())));
x509Certs = s.GetCertificates("Collection");
SignerInformationStore signers = s.GetSignerInfos();
Assert.AreEqual(2, signers.Count);
SignerID sid = null;
ICollection c = signers.GetSigners();
foreach (SignerInformation signer in c)
{
ICollection certCollection = x509Certs.GetMatches(signer.SignerID);
IEnumerator certEnum = certCollection.GetEnumerator();
certEnum.MoveNext();
X509Certificate cert = (X509Certificate) certEnum.Current;
sid = signer.SignerID;
Assert.IsTrue(signer.Verify(cert));
//
// check content digest
//
byte[] contentDigest = (byte[])gen.GetGeneratedDigests()[signer.DigestAlgOid];
AttributeTable table = signer.SignedAttributes;
Asn1.Cms.Attribute hash = table[CmsAttributes.MessageDigest];
Assert.IsTrue(Arrays.AreEqual(contentDigest, ((Asn1OctetString)hash.AttrValues[0]).GetOctets()));
}
c = signers.GetSigners(sid);
Assert.AreEqual(2, c.Count);
//
// try using existing signer
//
gen = new CmsSignedDataGenerator();
gen.AddSigners(s.GetSignerInfos());
gen.AddCertificates(s.GetCertificates("Collection"));
gen.AddCrls(s.GetCrls("Collection"));
s = gen.Generate(msg, true);
s = new CmsSignedData(ContentInfo.GetInstance(Asn1Object.FromByteArray(s.GetEncoded())));
x509Certs = s.GetCertificates("Collection");
signers = s.GetSignerInfos();
c = signers.GetSigners();
Assert.AreEqual(2, c.Count);
foreach (SignerInformation signer in c)
{
ICollection certCollection = x509Certs.GetMatches(signer.SignerID);
IEnumerator certEnum = certCollection.GetEnumerator();
certEnum.MoveNext();
X509Certificate cert = (X509Certificate) certEnum.Current;
Assert.AreEqual(true, signer.Verify(cert));
}
CheckSignerStoreReplacement(s, signers);
}
public void TestCounterSig()
{
CmsSignedData sig = new CmsSignedData(GetInput("counterSig.p7m"));
SignerInformationStore ss = sig.GetSignerInfos();
ArrayList signers = new ArrayList(ss.GetSigners());
SignerInformationStore cs = ((SignerInformation)signers[0]).GetCounterSignatures();
ArrayList csSigners = new ArrayList(cs.GetSigners());
Assert.AreEqual(1, csSigners.Count);
foreach (SignerInformation cSigner in csSigners)
{
ArrayList certCollection = new ArrayList(
sig.GetCertificates("Collection").GetMatches(cSigner.SignerID));
X509Certificate cert = (X509Certificate)certCollection[0];
Assert.IsNull(cSigner.SignedAttributes[Asn1.Pkcs.PkcsObjectIdentifiers.Pkcs9AtContentType]);
Assert.IsTrue(cSigner.Verify(cert));
}
VerifySignatures(sig);
}
private void VerifySignatures(
CmsSignedData s,
byte[] contentDigest)
{
IX509Store x509Certs = s.GetCertificates("Collection");
SignerInformationStore signers = s.GetSignerInfos();
ICollection c = signers.GetSigners();
foreach (SignerInformation signer in c)
{
ICollection certCollection = x509Certs.GetMatches(signer.SignerID);
IEnumerator certEnum = certCollection.GetEnumerator();
certEnum.MoveNext();
X509Certificate cert = (X509Certificate) certEnum.Current;
Assert.IsTrue(signer.Verify(cert));
if (contentDigest != null)
{
Assert.IsTrue(Arrays.AreEqual(contentDigest, signer.GetContentDigest()));
}
}
}
private void SubjectKeyIDTest(
IAsymmetricCipherKeyPair signaturePair,
X509Certificate signatureCert,
string digestAlgorithm)
{
IList certList = new ArrayList();
IList crlList = new ArrayList();
CmsProcessable msg = new CmsProcessableByteArray(Encoding.ASCII.GetBytes("Hello World!"));
certList.Add(signatureCert);
certList.Add(OrigCert);
crlList.Add(SignCrl);
IX509Store x509Certs = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(certList));
IX509Store x509Crls = X509StoreFactory.Create(
"CRL/Collection",
new X509CollectionStoreParameters(crlList));
CmsSignedDataGenerator gen = new CmsSignedDataGenerator();
gen.AddSigner(signaturePair.Private,
CmsTestUtil.CreateSubjectKeyId(signatureCert.GetPublicKey()).GetKeyIdentifier(),
digestAlgorithm);
gen.AddCertificates(x509Certs);
gen.AddCrls(x509Crls);
CmsSignedData s = gen.Generate(msg, true);
Assert.AreEqual(3, s.Version);
MemoryStream bIn = new MemoryStream(s.GetEncoded(), false);
Asn1InputStream aIn = new Asn1InputStream(bIn);
s = new CmsSignedData(ContentInfo.GetInstance(aIn.ReadObject()));
x509Certs = s.GetCertificates("Collection");
x509Crls = s.GetCrls("Collection");
SignerInformationStore signers = s.GetSignerInfos();
foreach (SignerInformation signer in signers.GetSigners())
{
ICollection certCollection = x509Certs.GetMatches(signer.SignerID);
IEnumerator certEnum = certCollection.GetEnumerator();
certEnum.MoveNext();
X509Certificate cert = (X509Certificate) certEnum.Current;
Assert.IsTrue(signer.Verify(cert));
}
//
// check for CRLs
//
ArrayList crls = new ArrayList(x509Crls.GetMatches(null));
Assert.AreEqual(1, crls.Count);
Assert.IsTrue(crls.Contains(SignCrl));
//
// try using existing signer
//
gen = new CmsSignedDataGenerator();
gen.AddSigners(s.GetSignerInfos());
gen.AddCertificates(s.GetCertificates("Collection"));
gen.AddCrls(s.GetCrls("Collection"));
s = gen.Generate(msg, true);
bIn = new MemoryStream(s.GetEncoded(), false);
aIn = new Asn1InputStream(bIn);
s = new CmsSignedData(ContentInfo.GetInstance(aIn.ReadObject()));
x509Certs = s.GetCertificates("Collection");
x509Crls = s.GetCrls("Collection");
signers = s.GetSignerInfos();
foreach (SignerInformation signer in signers.GetSigners())
{
ICollection certCollection = x509Certs.GetMatches(signer.SignerID);
IEnumerator certEnum = certCollection.GetEnumerator();
certEnum.MoveNext();
X509Certificate cert = (X509Certificate) certEnum.Current;
Assert.IsTrue(signer.Verify(cert));
}
CheckSignerStoreReplacement(s, signers);
}
public void TestUnsortedAttributes()
{
CmsSignedData s = new CmsSignedData(new CmsProcessableByteArray(disorderedMessage), disorderedSet);
IX509Store x509Certs = s.GetCertificates("Collection");
SignerInformationStore signers = s.GetSignerInfos();
ICollection c = signers.GetSigners();
foreach (SignerInformation signer in c)
{
ICollection certCollection = x509Certs.GetMatches(signer.SignerID);
IEnumerator certEnum = certCollection.GetEnumerator();
certEnum.MoveNext();
X509Certificate cert = (X509Certificate) certEnum.Current;
Assert.IsTrue(signer.Verify(cert));
}
}
private void EncapsulatedTest(
AsymmetricCipherKeyPair signaturePair,
X509Certificate signatureCert,
string digestAlgorithm)
{
CmsProcessable msg = new CmsProcessableByteArray(Encoding.ASCII.GetBytes("Hello World!"));
IX509Store x509Certs = CmsTestUtil.MakeCertStore(signatureCert, OrigCert);
IX509Store x509Crls = CmsTestUtil.MakeCrlStore(SignCrl);
CmsSignedDataGenerator gen = new CmsSignedDataGenerator();
gen.AddSigner(signaturePair.Private, signatureCert, digestAlgorithm);
gen.AddCertificates(x509Certs);
gen.AddCrls(x509Crls);
CmsSignedData s = gen.Generate(msg, true);
s = new CmsSignedData(ContentInfo.GetInstance(Asn1Object.FromByteArray(s.GetEncoded())));
x509Certs = s.GetCertificates("Collection");
x509Crls = s.GetCrls("Collection");
SignerInformationStore signers = s.GetSignerInfos();
ICollection c = signers.GetSigners();
foreach (SignerInformation signer in c)
{
ICollection certCollection = x509Certs.GetMatches(signer.SignerID);
IEnumerator certEnum = certCollection.GetEnumerator();
certEnum.MoveNext();
X509Certificate cert = (X509Certificate) certEnum.Current;
Assert.AreEqual(digestAlgorithm, signer.DigestAlgOid);
Assert.IsTrue(signer.Verify(cert));
}
//
// check for CRLs
//
ArrayList crls = new ArrayList(x509Crls.GetMatches(null));
Assert.AreEqual(1, crls.Count);
Assert.IsTrue(crls.Contains(SignCrl));
//
// try using existing signer
//
gen = new CmsSignedDataGenerator();
gen.AddSigners(s.GetSignerInfos());
gen.AddCertificates(s.GetCertificates("Collection"));
gen.AddCrls(s.GetCrls("Collection"));
s = gen.Generate(msg, true);
s = new CmsSignedData(ContentInfo.GetInstance(Asn1Object.FromByteArray(s.GetEncoded())));
x509Certs = s.GetCertificates("Collection");
x509Crls = s.GetCrls("Collection");
signers = s.GetSignerInfos();
c = signers.GetSigners();
foreach (SignerInformation signer in c)
{
ICollection certCollection = x509Certs.GetMatches(signer.SignerID);
IEnumerator certEnum = certCollection.GetEnumerator();
certEnum.MoveNext();
X509Certificate cert = (X509Certificate) certEnum.Current;
Assert.IsTrue(signer.Verify(cert));
}
CheckSignerStoreReplacement(s, signers);
}
/// <exception cref="System.IO.IOException"></exception>
//private CmsSignedDataGenerator CreateCMSSignedDataGenerator(ContentSigner contentSigner
// , DigestCalculatorProvider digestCalculatorProvider, SignatureParameters parameters
// , CAdESProfileBES cadesProfile, bool includeUnsignedAttributes, CmsSignedData originalSignedData
// )
private CmsSignedDataGenerator CreateCMSSignedDataGenerator(ISigner signer
, SignatureParameters parameters, CAdESProfileBES cadesProfile
, bool includeUnsignedAttributes, CmsSignedData originalSignedData
)
{
try
{
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
X509Certificate signerCertificate = parameters.SigningCertificate;
//X509CertificateHolder certHolder = new X509CertificateHolder(signerCertificate.GetEncoded());
ArrayList certList = new ArrayList();
certList.Add(signerCertificate);
IX509Store certHolder = X509StoreFactory.Create("CERTIFICATE/COLLECTION",
new X509CollectionStoreParameters(certList));
//jbonilla - El provider siempre es BC C#
//SignerInfoGeneratorBuilder sigInfoGeneratorBuilder = new SignerInfoGeneratorBuilder
// (digestCalculatorProvider);
CmsAttributeTableGenerator signedAttrGen = new DefaultSignedAttributeTableGenerator
(new AttributeTable(cadesProfile.GetSignedAttributes(parameters)));
CmsAttributeTableGenerator unsignedAttrGen = new SimpleAttributeTableGenerator
((includeUnsignedAttributes) ? new AttributeTable(cadesProfile.GetUnsignedAttributes
(parameters)) : null);
//jbonilla - No existe ContentSigner en BC C#
//SignerInfoGenerator sigInfoGen = sigInfoGeneratorBuilder.Build(contentSigner, certHolder);
//generator.AddSignerInfoGenerator(sigInfoGen);
generator.SignerProvider = signer;
generator.AddSigner(new NullPrivateKey(), signerCertificate, parameters.SignatureAlgorithm.GetOid()
, parameters.DigestAlgorithm.GetOid(), signedAttrGen, unsignedAttrGen);
if (originalSignedData != null)
{
generator.AddSigners(originalSignedData.GetSignerInfos());
}
//ICollection<X509Certificate> certs = new AList<X509Certificate>();
IList certs = new ArrayList();
//certs.AddItem(parameters.SigningCertificate);
certs.Add(parameters.SigningCertificate);
if (parameters.CertificateChain != null)
{
foreach (X509Certificate c in parameters.CertificateChain)
{
if (!c.SubjectDN.Equals(parameters.SigningCertificate.SubjectDN))
{
//certs.AddItem(c);
certs.Add(c);
}
}
}
//JcaCertStore certStore = new JcaCertStore(certs);
IX509Store certStore = X509StoreFactory.Create("Certificate/Collection",
new X509CollectionStoreParameters(certs));
generator.AddCertificates(certStore);
if (originalSignedData != null)
{
generator.AddCertificates(originalSignedData.GetCertificates("Collection"));
}
return generator;
}
catch (CmsException e)
{
throw new IOException("CmsException", e);
}
catch (CertificateEncodingException e)
{
throw new IOException("CertificateEncodingException", e);
}
/*catch (OperatorCreationException e)
{
throw new IOException(e);
}*/
}
private SignatureSecurityInformation VerifyInMem(Stream verifiedContent, Stream signed, SignatureSecurityInformation outer)
{
trace.TraceEvent(TraceEventType.Information, 0, "Verifying the {0} signature in memory", outer == null ? "inner" : "outer");
try
{
CmsSignedData signedData;
try
{
signedData = new CmsSignedData(signed);
trace.TraceEvent(TraceEventType.Verbose, 0, "Read the cms header");
}
catch (Exception e)
{
trace.TraceEvent(TraceEventType.Error, 0, "The message isn't a CMS Signed Data message: {0}", e.Message);
throw new InvalidMessageException("The message isn't a triple wrapped message", e);
}
if (verifiedContent != null)
{
signedData.SignedContent.Write(verifiedContent);
trace.TraceEvent(TraceEventType.Verbose, 0, "Copied the signed data");
}
IX509Store certs = signedData.GetCertificates("COLLECTION");
SignerInformationStore signerInfos = signedData.GetSignerInfos();
return Verify(signerInfos, certs, outer);
}
catch(CmsException cmse)
{
throw new InvalidMessageException("The message isn't a triple wrapped message", cmse);
}
}
