/// <summary>
/// Initializes a new instance of <strong>PkcsSignerInfoBuilder</strong> class from existing signer information. All data from existing
/// signer information is copied to builder.
/// </summary>
/// <param name="signerInfo">Existing signer information to copy the information from.</param>
/// <exception cref="ArgumentNullException">
/// <strong>signerInfo</strong> parameter is null.
/// </exception>
public PkcsSignerInfoBuilder(PkcsSignerInfo signerInfo)
{
if (signerInfo == null)
{
throw new ArgumentNullException(nameof(signerInfo));
}
initializeFromSignerInfo(signerInfo);
}
Boolean checkSingleHash(PkcsSignerInfo signerInfo)
{
Byte[] hashValue = getHashValue(signerInfo);
if (hashValue == null)
{
return(false);
}
Byte[] hash = calculateHash(signerInfo.HashAlgorithm.AlgorithmId);
return(compareHashes(hashValue, hash));
}
Byte[] getHashValue(PkcsSignerInfo signerInfo)
{
X509Attribute attr = signerInfo.AuthenticatedAttributes[MESSAGE_DIGEST];
if (attr == null)
{
return(null);
}
var asn = new Asn1Reader(attr.RawData);
return(asn.GetPayload());
}
Boolean checkSingleSignature(PkcsSignerInfo signerInfo, Boolean validOnly)
{
X509Certificate2Collection certs;
X509Certificate2 signerCert = null;
switch (signerInfo.Issuer.Type)
{
case SubjectIdentifierType.IssuerAndSerialNumber:
var issuerAndSerial = (X509IssuerSerial)signerInfo.Issuer.Value;
certs = Certificates.Find(X509FindType.FindBySerialNumber, issuerAndSerial.SerialNumber, validOnly);
certs = certs.Find(X509FindType.FindByIssuerDistinguishedName, issuerAndSerial.Issuer, validOnly);
if (certs.Count > 0)
{
signerCert = certs[0];
}
break;
case SubjectIdentifierType.SubjectKeyIdentifier:
String si = signerInfo.Issuer.Value.ToString();
certs = Certificates.Find(X509FindType.FindBySubjectKeyIdentifier, si, true);
if (certs.Count > 0)
{
signerCert = certs[0];
}
break;
case SubjectIdentifierType.NoSignature:
return(checkSingleHash(signerInfo));
default:
throw new ArgumentOutOfRangeException();
}
// return False if we can't find signer certificate.
if (signerCert == null)
{
return(false);
}
// if hash check passed, do hash signature validation.
var signer = new MessageSigner(signerCert, new Oid2(signerInfo.HashAlgorithm.AlgorithmId, false));
Byte[] data = signerInfo.AuthenticatedAttributes.Encode();
data[0] = 0x31;
if (validOnly)
{
return(signer.VerifyData(data, signerInfo.EncryptedHash) && checkCertChain(signerCert));
}
return(signer.VerifyData(data, signerInfo.EncryptedHash));
}
void initializeFromSignerInfo(PkcsSignerInfo signerInfo)
{
Version = signerInfo.Version;
SubjectIdentifier = signerInfo.Issuer.Type;
signerCert = signerInfo.Issuer;
X509Attribute attribute = signerInfo.AuthenticatedAttributes.FirstOrDefault(x => x.Oid.Value == CONTENT_TYPE);
if (attribute != null)
{
ContentType = new Asn1ObjectIdentifier(attribute.RawData).Value;
}
pubKeyAlgId = signerInfo.EncryptedHashAlgorithm;
hashAlgId = signerInfo.HashAlgorithm;
hashValue = signerInfo.EncryptedHash;
_authAttributes.AddRange(signerInfo.AuthenticatedAttributes);
}