Ejemplo n.º 1
0
        public void ComputeSignatureCmsSignerUnknown()
        {
            ContentInfo ci = new ContentInfo(asnNull);
            SignedCms   sp = new SignedCms(ci);

            CmsSigner signer = new CmsSigner(SubjectIdentifierType.Unknown, GetCertificate(true));

            signer.Certificates.Add(new X509Certificate2(intca_cer));
            signer.Certificates.Add(new X509Certificate2(root_cer));
            sp.ComputeSignature(signer);

            byte[] encoded = sp.Encode();
            string s       = BitConverter.ToString(encoded);

#if DEBUG
            FileStream fs = File.OpenWrite("ComputeSignaturePkcs7SignerUnknown.der");
            fs.Write(encoded, 0, encoded.Length);
            fs.Close();
#endif
            RoundTrip(encoded);
        }
Ejemplo n.º 2
0
        public static void SignerInfo_AddRemoveUnsignedAttributes_JoinCounterSignaturesAttributesIntoOne()
        {
            byte[]      message = { 1, 2, 3, 4, 5 };
            ContentInfo content = new ContentInfo(message);
            SignedCms   cms     = new SignedCms(content);

            using (X509Certificate2 signerCert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey())
            {
                CmsSigner signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, signerCert);
                cms.ComputeSignature(signer);
            }

            using (X509Certificate2 counterSigner1cert = Certificates.Dsa1024.TryGetCertificateWithPrivateKey())
            {
                CmsSigner counterSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, counterSigner1cert);
                counterSigner.IncludeOption   = X509IncludeOption.EndCertOnly;
                counterSigner.DigestAlgorithm = new Oid(Oids.Sha1, Oids.Sha1);
                cms.SignerInfos[0].ComputeCounterSignature(counterSigner);
            }

            using (X509Certificate2 counterSigner2cert = Certificates.ECDsaP256Win.TryGetCertificateWithPrivateKey())
            {
                CmsSigner counterSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, counterSigner2cert);
                cms.SignerInfos[0].ComputeCounterSignature(counterSigner);
            }

            Assert.Equal(2, cms.SignerInfos[0].UnsignedAttributes.Count);
            Assert.Equal(1, cms.SignerInfos[0].UnsignedAttributes[0].Values.Count);
            Assert.Equal(1, cms.SignerInfos[0].UnsignedAttributes[1].Values.Count);
            cms.CheckSignature(true);

            AsnEncodedData counterSignature = cms.SignerInfos[0].UnsignedAttributes[0].Values[0];

            cms.SignerInfos[0].RemoveUnsignedAttribute(counterSignature);
            cms.SignerInfos[0].AddUnsignedAttribute(counterSignature);

            Assert.Equal(1, cms.SignerInfos[0].UnsignedAttributes.Count);
            Assert.Equal(2, cms.SignerInfos[0].UnsignedAttributes[0].Values.Count);
            cms.CheckSignature(true);
        }
Ejemplo n.º 3
0
        private static CmsSigner CreateCmsSigner(SignPackageRequest request)
        {
            // Subject Key Identifier (SKI) is smaller and less prone to accidental matching than issuer and serial
            // number.  However, to ensure cross-platform verification, SKI should only be used if the certificate
            // has the SKI extension attribute.
            CmsSigner signer;

            if (request.Certificate.Extensions[Oids.SubjectKeyIdentifier] == null)
            {
                signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, request.Certificate);
            }
            else
            {
                signer = new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, request.Certificate);
            }

            request.BuildCertificateChainOnce();

            var chain = request.Chain;

            foreach (var certificate in chain)
            {
                signer.Certificates.Add(certificate);
            }

            var attributes = SigningUtility.GetSignedAttributes(request, chain);

            foreach (var attribute in attributes)
            {
                signer.SignedAttributes.Add(attribute);
            }

            // We built the chain ourselves and added certificates.
            // Passing any other value here would trigger another chain build
            // and possibly add duplicate certs to the collection.
            signer.IncludeOption   = X509IncludeOption.None;
            signer.DigestAlgorithm = request.SignatureHashAlgorithm.ConvertToOid();

            return(signer);
        }
Ejemplo n.º 4
0
        public static byte[] FirmaFileBouncy(byte[] data, X509Certificate2 cert)
        {
            try
            {
                SHA256Managed        hashSha256 = new SHA256Managed();
                byte[]               certHash   = hashSha256.ComputeHash(cert.RawData);
                EssCertIDv2          essCert1   = new EssCertIDv2(new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier("2.16.840.1.101.3.4.2.1"), certHash);
                SigningCertificateV2 scv2       = new SigningCertificateV2(new EssCertIDv2[] { essCert1 });
                Org.BouncyCastle.Asn1.Cms.Attribute CertHAttribute = new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2));
                Asn1EncodableVector v = new Asn1EncodableVector();
                v.Add(CertHAttribute);
                Org.BouncyCastle.Asn1.Cms.AttributeTable AT = new Org.BouncyCastle.Asn1.Cms.AttributeTable(v);

                CmsSignedDataGenWithRsaCsp cms = new CmsSignedDataGenWithRsaCsp();

                var rsa = (RSACryptoServiceProvider)cert.PrivateKey;
                Org.BouncyCastle.X509.X509Certificate certCopy = DotNetUtilities.FromX509Certificate(cert);
                cms.MyAddSigner(rsa, certCopy, "1.2.840.113549.1.1.1", "2.16.840.1.101.3.4.2.1", AT, null);
                ArrayList certList = new ArrayList();
                certList.Add(certCopy);
                Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(certList);
                Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
                cms.AddCertificates(st1);
                //mi ricavo il file da firmare
                CmsSignedData Firmato = cms.Generate(new CmsProcessableByteArray(data), false);

                CmsSigner cmsSigner = new CmsSigner(cert);
                cmsSigner.IncludeOption = X509IncludeOption.EndCertOnly;

                System.Security.Cryptography.Pkcs.ContentInfo contentInfo = new System.Security.Cryptography.Pkcs.ContentInfo(Firmato.GetEncoded());
                SignedCms signedCms = new SignedCms();
                signedCms.Decode(Firmato.GetEncoded());
                byte[] ret = signedCms.Encode();
                return(ret);
            }
            catch
            {
                return(null);
            }
        }
Ejemplo n.º 5
0
        public async Task RejectsMutuallyExclusiveCounterSignaturesCommitmentTypes(SignatureType[] counterSignatureTypes)
        {
            // Arrange
            var packageStream = await GetSignedPackageStream1Async();

            ModifySignatureContent(
                packageStream,
                configuredSignedCms: signedCms =>
            {
                using (var counterCertificate = SigningTestUtility.GenerateCertificate(subjectName: null, modifyGenerator: null))
                {
                    TestUtility.RequireSignedPackage(_corePackageService, _message.PackageId, counterCertificate.ComputeSHA256Thumbprint());

                    var cmsSigner = new CmsSigner(counterCertificate);
                    foreach (var type in counterSignatureTypes)
                    {
                        cmsSigner.SignedAttributes.Add(AttributeUtility.CreateCommitmentTypeIndication(type));
                    }

                    signedCms.SignerInfos[0].ComputeCounterSignature(cmsSigner);
                }
            });

            // Act
            var result = await _target.ValidateAsync(
                _packageKey,
                _packageStream,
                _message,
                _token);

            // Assert
            VerifyPackageSigningStatus(result, ValidationStatus.Failed, PackageSigningStatus.Invalid);
            var issue = Assert.Single(result.Issues);

            Assert.Equal(ValidationIssueCode.ClientSigningVerificationFailure, issue.IssueCode);
            var typedIssue = Assert.IsType <ClientSigningVerificationFailure>(issue);

            Assert.Equal("NU3000", typedIssue.ClientCode);
            Assert.Equal("The commitment-type-indication attribute contains an invalid combination of values.", typedIssue.ClientMessage);
        }
Ejemplo n.º 6
0
        public byte[] GetSignature(byte[] content)
        {
            if (content == null)
            {
                throw new ArgumentNullException(nameof(content));
            }

            var certificate = _CertificateProvider.GetCertificate();

            if (!certificate.HasPrivateKey)
            {
                throw new InvalidOperationException($"Certificate does not have a private key - Subject:{certificate.Subject} Thumbprint:{certificate.Thumbprint}.");
            }

            var contentInfo = new ContentInfo(content);
            var signedCms   = new SignedCms(contentInfo, true);

            var signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, certificate)
            {
                IncludeOption = X509IncludeOption.EndCertOnly
            };

            try
            {
                signedCms.ComputeSignature(signer);
            }
            catch (Exception e)
            {
                //NB. Cannot catch the internal exception type (cross-platform design of .NET Core)
                if (e.GetType().Name == "WindowsCryptographicException" && e.Message == "Keyset does not exist" && !WindowsIdentityQueries.CurrentUserIsAdministrator())
                {
                    throw new InvalidOperationException("Failed to sign with certificate when current user does not have UAC elevated permissions.", e);
                }

                throw;
            }

            return(signedCms.Encode());
        }
Ejemplo n.º 7
0
        /// <summary>
        /// Signs the message with a GOST digital signature and returns the attached signature (CMS format, base64 encoding).
        /// </summary>
        public static string ComputeAttachedSignature(X509Certificate2 certificate, byte[] message)
        {
            // The following line opens the private key.
            // It requires that the current user has permissions to use the private key.
            // Permissions are given using MMC console, Certificates snap-in.
            var privateKey = (GostAsymmetricAlgorithm)certificate.GetPrivateKeyAlgorithm();
            var publicKey  = (GostAsymmetricAlgorithm)certificate.GetPublicKeyAlgorithm();

            // Create GOST-compliant signature helper
            var signedCms = new GostSignedCms(new ContentInfo(message), detached: false);

            // The object that has the signer information
            var signer = new CmsSigner(certificate);

            // Computing the CMS/PKCS#7 signature
            signedCms.ComputeSignature(signer, true);

            // Encoding the CMS/PKCS#7 message
            var encoded = signedCms.Encode();

            return(Convert.ToBase64String(encoded));
        }
Ejemplo n.º 8
0
        /// <summary>
        /// Creates <see cref="SignedCms"/> for raw content and a collection of signing certificate
        /// </summary>
        /// <param name="content">The <c>byte</c> array to sign</param>
        /// <param name="signingCertificates">The certificates with which to sign.</param>
        /// <returns>An instance of <see cref="SignedCms"/> holdling the signatures</returns>
        public SignedCms CreateSignature(byte[] content, X509Certificate2Collection signingCertificates)
        {
            if (content == null)
            {
                throw new SignatureException(SignatureError.NullContent);
            }

            if (signingCertificates == null)
            {
                throw new SignatureException(SignatureError.NoCertificates);
            }

            SignedCms signature = new SignedCms(CreateDataContainer(content), true); // true: Detached Signature

            for (int i = 0, count = signingCertificates.Count; i < count; ++i)
            {
                CmsSigner signer = CreateSigner(signingCertificates[i]);
                signature.ComputeSignature(signer, true);  // true: don't prompt the user
            }

            return(signature);
        }
Ejemplo n.º 9
0
        /// <summary>
        /// Crea la firma CMS/PKCS #7
        /// </summary>
        private static byte[] SignMsg(byte[] Message, SysX509.X509Certificate2 SignerCertificate, bool Detached)
        {
            //Creamos el contenedor
            ContentInfo contentInfo = new ContentInfo(Message);

            //Instanciamos el objeto SignedCms con el contenedor
            SignedCms objSignedCms = new SignedCms(contentInfo, Detached);

            //Creamos el "firmante"
            CmsSigner objCmsSigner = new CmsSigner(SignerCertificate);

            // Include the following line if the top certificate in the
            // smartcard is not in the trusted list.
            objCmsSigner.IncludeOption = SysX509.X509IncludeOption.EndCertOnly;

            //  Sign the CMS/PKCS #7 message. The second argument is
            //  needed to ask for the pin.
            objSignedCms.ComputeSignature(objCmsSigner, false);

            //Encodeamos el mensaje CMS/PKCS #7
            return(objSignedCms.Encode());
        }
Ejemplo n.º 10
0
        public void TestArgumentExceptions()
        {
            var       path  = Path.Combine("..", "..", "TestData", "smime", "smime.p12");
            var       chain = new X509CertificateChain();
            CmsSigner signer;

            using (var stream = File.OpenRead(path))
                signer = new CmsSigner(stream, "no.secret");

            Assert.Throws <ArgumentNullException> (() => new X509CertificateChain(null));
            Assert.Throws <ArgumentNullException> (() => chain.Add(null));
            Assert.Throws <ArgumentNullException> (() => chain.AddRange(null));
            Assert.Throws <ArgumentNullException> (() => chain.Contains(null));
            Assert.Throws <ArgumentNullException> (() => chain.CopyTo(null, 0));
            Assert.Throws <ArgumentOutOfRangeException> (() => chain.CopyTo(new X509Certificate[0], -1));
            Assert.Throws <ArgumentNullException> (() => chain.IndexOf(null));
            Assert.Throws <ArgumentOutOfRangeException> (() => chain.Insert(-1, signer.Certificate));
            Assert.Throws <ArgumentNullException> (() => chain.Insert(0, null));
            Assert.Throws <ArgumentNullException> (() => chain[0] = null);
            Assert.Throws <ArgumentNullException> (() => chain.Remove(null));
            Assert.Throws <ArgumentOutOfRangeException> (() => chain.RemoveAt(-1));
        }
Ejemplo n.º 11
0
        // This generates a package with a basic signed CMS.
        // The signature MUST NOT have any signed or unsigned attributes.
        public static async Task <FileInfo> SignPackageFileWithBasicSignedCmsAsync(
            TestDirectory directory,
            FileInfo packageFile,
            X509Certificate2 certificate)
        {
            SignatureContent signatureContent;

            using (var stream = packageFile.OpenRead())
                using (var hashAlgorithm = HashAlgorithmName.SHA256.GetHashProvider())
                {
                    var hash = hashAlgorithm.ComputeHash(stream, leaveStreamOpen: false);
                    signatureContent = new SignatureContent(SigningSpecifications.V1, HashAlgorithmName.SHA256, Convert.ToBase64String(hash));
                }

            var signedPackageFile = new FileInfo(Path.Combine(directory, Guid.NewGuid().ToString()));
            var cmsSigner         = new CmsSigner(certificate)
            {
                DigestAlgorithm = HashAlgorithmName.SHA256.ConvertToOid(),
                IncludeOption   = X509IncludeOption.WholeChain
            };

            var contentInfo = new ContentInfo(signatureContent.GetBytes());
            var signature   = new SignedCms(contentInfo);

            signature.ComputeSignature(cmsSigner);

            Assert.Empty(signature.SignerInfos[0].SignedAttributes);
            Assert.Empty(signature.SignerInfos[0].UnsignedAttributes);

            using (var packageReadStream = packageFile.OpenRead())
                using (var packageWriteStream = signedPackageFile.OpenWrite())
                    using (var package = new SignedPackageArchive(packageReadStream, packageWriteStream))
                        using (var signatureStream = new MemoryStream(signature.Encode()))
                        {
                            await package.AddSignatureAsync(signatureStream, CancellationToken.None);
                        }

            return(signedPackageFile);
        }
Ejemplo n.º 12
0
        public static void SignaturePadding_InvalidValue()
        {
            RSASignaturePaddingMode badMode = (RSASignaturePaddingMode)(-1);

            // Currently we support all RSASignaturePaddings. However we want to make sure we fail properly
            // if an unsupported one is added later, so construct a bogus padding.
            RSASignaturePadding badPadding = (RSASignaturePadding)typeof(RSASignaturePadding)
                                             .GetConstructor(BindingFlags.NonPublic | BindingFlags.Instance, new Type[] { typeof(RSASignaturePaddingMode) })
                                             .Invoke(new object[] { badMode });

            // Test setter
            CmsSigner signer = new CmsSigner();

            AssertExtensions.Throws <ArgumentException>("value", () => signer.SignaturePadding = badPadding);

            // Test ctor
            AssertExtensions.Throws <ArgumentException>("signaturePadding", () => new CmsSigner(
                                                            SubjectIdentifierType.IssuerAndSerialNumber,
                                                            certificate: null,
                                                            privateKey: null,
                                                            badPadding));
        }
Ejemplo n.º 13
0
        private static PrimarySignature CreateRepositoryCountersignature(CmsSigner cmsSigner, SignPackageRequest request, PrimarySignature primarySignature)
        {
            var cms = new SignedCms();

            cms.Decode(primarySignature.GetBytes());

            try
            {
                cms.SignerInfos[0].ComputeCounterSignature(cmsSigner);
            }
            catch (CryptographicException ex) when(ex.HResult == INVALID_PROVIDER_TYPE_HRESULT)
            {
                var exceptionBuilder = new StringBuilder();

                exceptionBuilder.AppendLine(Strings.SignFailureCertificateInvalidProviderType);
                exceptionBuilder.AppendLine(CertificateUtility.X509Certificate2ToString(request.Certificate, Common.HashAlgorithmName.SHA256));

                throw new SignatureException(NuGetLogCode.NU3001, exceptionBuilder.ToString());
            }

            return(PrimarySignature.Load(cms));
        }
Ejemplo n.º 14
0
        /// <summary>
        /// Encodes the specified ar message. THIS IS FOR THE TEST CHANNEL
        /// </summary>
        /// <param name="arMessage">The ar message.</param>
        /// <param name="signerCert">The signer cert.</param>
        /// <param name="signerPassword">The signer password.</param>
        /// <returns></returns>
        internal static byte[] EncodeMDN(byte[] arMessage, string signerCert, string signerPassword)
        {
            byte[] signature = null;
            try
            {
                X509Certificate2 cert = new X509Certificate2(signerCert, signerPassword);

                ContentInfo contentInfo = new ContentInfo(arMessage);

                SignedCms signedCms = new SignedCms(contentInfo, true);
                CmsSigner cmsSigner = new CmsSigner(cert);

                signedCms.ComputeSignature(cmsSigner);
                signature = signedCms.Encode();
            }
            catch (Exception ex)
            {
                Log.Error($"Encoding Exception occured : {ex.Message}");
            }

            return(signature);
        }
Ejemplo n.º 15
0
        private static byte[] CreateSignedDataPkcs7(byte[] encryptedMessageData, X509Certificate2 localPrivateKey)
        {
            // Create the outer envelope, signed with the local private key
            var signer = new CmsSigner(localPrivateKey)
            {
                DigestAlgorithm = Oids.Pkcs.MD5
            };

            // Message Type (messageType): https://tools.ietf.org/html/draft-nourse-scep-23#section-3.1.1.2
            // PKCS#10 request = PKCSReq (19)
            var messageType = new AsnEncodedData(Oids.Scep.MessageType, DerEncoding.EncodePrintableString("19"));

            signer.SignedAttributes.Add(messageType);

            // Tranaction ID (transId): https://tools.ietf.org/html/draft-nourse-scep-23#section-3.1.1.1
            var sha             = new SHA512Managed();
            var hashedKey       = sha.ComputeHash(localPrivateKey.GetPublicKey());
            var hashedKeyString = Convert.ToBase64String(hashedKey);
            var transactionId   = new Pkcs9AttributeObject(Oids.Scep.TransactionId, DerEncoding.EncodePrintableString(hashedKeyString));

            signer.SignedAttributes.Add(transactionId);

            // Sender Nonce (senderNonce): https://tools.ietf.org/html/draft-nourse-scep-23#section-3.1.1.5
            lastSenderNonce = new byte[16];
            RNGCryptoServiceProvider.Create().GetBytes(lastSenderNonce);
            var nonce = new Pkcs9AttributeObject(Oids.Scep.SenderNonce, DerEncoding.EncodeOctet(lastSenderNonce));

            signer.SignedAttributes.Add(nonce);

            // Seems that the oid is not needed for this envelope
            var signedContent = new ContentInfo(encryptedMessageData); //new Oid("1.2.840.113549.1.7.1", "data"), encryptedMessageData);
            var signedMessage = new SignedCms(signedContent);

            signedMessage.ComputeSignature(signer);

            var encodedMessage = signedMessage.Encode();

            return(encodedMessage);
        }
        public static byte[] SignFile(X509Certificate2 cert, byte[] data)
        {
            try
            {
                ContentInfo content   = new ContentInfo(data);
                SignedCms   signedCms = new SignedCms(content, false);
                if (VerifySign(data))
                {
                    signedCms.Decode(data);
                }

                CmsSigner signer = new CmsSigner(cert);
                signer.IncludeOption = X509IncludeOption.WholeChain;
                signedCms.ComputeSignature(signer);

                return(signedCms.Encode());
            }
            catch (Exception ex)
            {
                throw new Exception("Erro ao assinar arquivo. A mensagem retornada foi: " + ex.Message);
            }
        }
Ejemplo n.º 17
0
        static void Main(string[] args)
        {
            var data = Encoding.ASCII.GetBytes("Hi!");

            var hash        = HashAlgorithm.Create("SHA256").ComputeHash(data);
            var certificate = new X509Certificate2(Convert.FromBase64String(cert), pwd);
            // So since I've no idea how you got p7s, i improvised here:
            var cms    = new SignedCms(new ContentInfo(hash), true); // true -> Detached
            var signer = new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, certificate);

            cms.ComputeSignature(signer);
            var data2 = cms.Encode();
            // assuming this was in p7s file
            var xx = Convert.ToBase64String(data2);
            // this passes, this is the .Net validation from OP
            var cms2 = new SignedCms(new ContentInfo(hash), true);

            cms2.Decode(Convert.FromBase64String(xx));
            cms2.CheckSignature(true);
            // Same in bouncy castle:
            BCUtil.Validate(certificate, hash, xx);
        }
Ejemplo n.º 18
0
        public static void SignWithImplicitSubjectKeyIdentifier()
        {
            byte[]      contentBytes = { 9, 8, 7, 6, 5 };
            ContentInfo contentInfo  = new ContentInfo(contentBytes);
            SignedCms   cms          = new SignedCms(contentInfo, false);

            using (X509Certificate2 signerCert = Certificates.RSAKeyTransferCapi1.TryGetCertificateWithPrivateKey())
            {
                // This cert has no Subject Key Identifier extension.
                Assert.Null(signerCert.Extensions[Oids.SubjectKeyIdentifier]);

                CmsSigner signer = new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, signerCert);
                cms.ComputeSignature(signer);
            }

            Assert.Equal(
                "6B4A6B92FDED07EE0119F3674A96D1A70D2A588D",
                (string)cms.SignerInfos[0].SignerIdentifier.Value);

            // Assert.NoThrow
            cms.CheckSignature(true);
        }
Ejemplo n.º 19
0
        /// <summary>
        /// Firma mensaje
        /// </summary>
        /// <param name="argBytesMsg">Bytes del mensaje</param>
        /// <param name="argCertFirmante">Certificado usado para firmar</param>
        /// <returns>Bytes del mensaje firmado</returns>
        /// <remarks></remarks>
        public static byte[] FirmaBytesMensaje(byte[] argBytesMsg, X509Certificate2 argCertFirmante)
        {
            const string ID_FNC = "[FirmaBytesMensaje]";

            try
            {
                // Pongo el mensaje en un objeto ContentInfo (requerido para construir el obj SignedCms)
                var infoContenido = new ContentInfo(argBytesMsg);
                var cmsFirmado    = new SignedCms(infoContenido);

                // Creo objeto CmsSigner que tiene las caracteristicas del firmante
                var cmsFirmante = new CmsSigner(argCertFirmante)
                {
                    IncludeOption = X509IncludeOption.EndCertOnly
                };


                if (VerboseMode)
                {
                    Console.WriteLine($@"{ID_FNC}***Firmando bytes del mensaje...");
                }

                // Firmo el mensaje PKCS #7
                cmsFirmado.ComputeSignature(cmsFirmante);

                if (VerboseMode)
                {
                    Console.WriteLine($@"{ID_FNC}***OK mensaje firmado");
                }

                // Encodeo el mensaje PKCS #7.
                return(cmsFirmado.Encode());
            }
            catch (Exception excepcionAlFirmar)
            {
                throw new Exception($"{ID_FNC}***Error al firmar: {excepcionAlFirmar.Message}");
            }
        }
Ejemplo n.º 20
0
        /// <summary>
        /// Generates a cryptographic signature for a given message
        /// </summary>
        /// <param name="message">The message to sign</param>
        /// <param name="signingCertificate">The certificate to sign the message with</param>
        /// <param name="encryptionCertificate">An optional encryption certificate to include along with the signature</param>
        /// <returns>The signature for the specified message</returns>
        internal static byte[] GetSignature(string message, X509Certificate2 signingCertificate, X509Certificate2 encryptionCertificate)
        {
            byte[] messageBytes = Encoding.ASCII.GetBytes(message);

            SignedCms signedCms = new SignedCms(new ContentInfo(messageBytes), true);

            CmsSigner cmsSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, signingCertificate);

            cmsSigner.IncludeOption = X509IncludeOption.WholeChain;

            if (encryptionCertificate != null)
            {
                cmsSigner.Certificates.Add(encryptionCertificate);
            }

            Pkcs9SigningTime signingTime = new Pkcs9SigningTime();

            cmsSigner.SignedAttributes.Add(signingTime);

            signedCms.ComputeSignature(cmsSigner, false);

            return(signedCms.Encode());
        }
Ejemplo n.º 21
0
        public static void CreateSignature_RsaPadding_DefaultToPkcs1()
        {
            ContentInfo content = new ContentInfo(new byte[] { 1, 2, 3 });
            SignedCms   cms     = new SignedCms(content);

            byte[] cmsBytes;

            using (X509Certificate2 cert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey())
            {
                CmsSigner signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, cert, null, null);
                cms.ComputeSignature(signer);
                cmsBytes = cms.Encode();
            }

            cms = new SignedCms();
            cms.Decode(cmsBytes);
            cms.CheckSignature(true); // Assert.NoThrow
            Assert.Single(cms.SignerInfos);

            SignerInfo signerInfo = cms.SignerInfos[0];

            Assert.Equal(Oids.Rsa, signerInfo.SignatureAlgorithm.Value);
        }
Ejemplo n.º 22
0
        //http://stackoverflow.com/questions/11526572/openssl-smime-in-c-sharp
        public static void Sign(string basePath)
        {
            var cert = new X509Certificate2(yourCertFile, yourCertFilePassword);

            var buffer = File.ReadAllBytes(Path.Combine(basePath, "manifest.json"));

            ContentInfo cont   = new ContentInfo(buffer);
            var         cms    = new SignedCms(cont, true);
            var         signer = new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, cert);

            signer.IncludeOption = X509IncludeOption.ExcludeRoot;

            // TODO: You MUST visit this URL and download/install Apple's certificates
            // http://www.apple.com/certificateauthority/
            // Apple Inc. Root Certificate
            // Apple Computer, Inc. Root Certificate
            // Worldwide Developer Relations
            cms.ComputeSignature(signer);

            var myCmsMessage = cms.Encode();

            File.WriteAllBytes(Path.Combine(basePath, "signature"), myCmsMessage);
        }
Ejemplo n.º 23
0
        public AsnElt Encode()
        {
            SignedCms signed = new SignedCms(
                new ContentInfo(
                    IdPkInitAuthData,
                    AuthPack.Encode().Encode()
                    )
                );

            var signer = new CmsSigner(PKCert);

            if (!VerifyCerts)
            {
                signer.IncludeOption = X509IncludeOption.EndCertOnly; // only the end certificate is included in the X.509 chain information.
            }
            signed.ComputeSignature(signer, silent: false);

            return(AsnElt.Make(AsnElt.SEQUENCE, new AsnElt[] {
                AsnElt.Make(AsnElt.CONTEXT, 0, new AsnElt[] {
                    AsnElt.MakeBlob(signed.Encode())
                })
            }));
        }
Ejemplo n.º 24
0
        private static void VerifyWithExplicitPrivateKey(X509Certificate2 cert, AsymmetricAlgorithm key)
        {
            using (var pubCert = new X509Certificate2(cert.RawData))
            {
                Assert.False(pubCert.HasPrivateKey);

                byte[]      content     = { 9, 8, 7, 6, 5 };
                ContentInfo contentInfo = new ContentInfo(content);

                SignedCms cms    = new SignedCms(contentInfo);
                CmsSigner signer = new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, pubCert, key)
                {
                    IncludeOption   = X509IncludeOption.EndCertOnly,
                    DigestAlgorithm = new Oid(Oids.Sha1, Oids.Sha1)
                };

                cms.ComputeSignature(signer);
                cms.CheckSignature(true);

                Assert.Equal(1, cms.SignerInfos.Count);
                Assert.Equal(pubCert, cms.SignerInfos[0].Certificate);
            }
        }
        public byte[] Sign(string certificateThumbprint, byte[] data, bool detached)
        {
            var store = new X509Store(StoreLocation.CurrentUser);

            store.Open(OpenFlags.ReadOnly);

            var certificates = store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false);

            if (certificates.Count == 0)
            {
                throw new Exception("Сертификат с отпечатком " + certificateThumbprint + " не найден в хранилище " + store.Location + ". Пользователь " + Environment.UserName);
            }

            var contentInfo = new ContentInfo(data);
            var signedCms   = new SignedCms(contentInfo, detached);
            var cmsSigner   = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, certificates[0]);

            cmsSigner.SignedAttributes.Add(new Pkcs9SigningTime(DateTime.Now));

            signedCms.ComputeSignature(cmsSigner, true);

            return(signedCms.Encode());
        }
Ejemplo n.º 26
0
        public async Task <byte[]> Handle(Stream file)
        {
            var data = await ReadFully(file);

            var envelopedCms = new EnvelopedCms(new ContentInfo(data));

            envelopedCms.Encrypt(new CmsRecipient(cert));

            var encryptedMessage = envelopedCms.Encode();

            var signedCms = new SignedCms(new ContentInfo(encryptedMessage));

            var signer = new CmsSigner(cert)
            {
                IncludeOption = X509IncludeOption.EndCertOnly
            };

            signedCms.ComputeSignature(signer);

            var result = signedCms.Encode();

            return(result);
        }
Ejemplo n.º 27
0
        private byte[] Sign(byte[] data, X509Certificate2 signingCert)
        {
            // create ContentInfo
            ContentInfo content = new ContentInfo(data);

            // SignedCms represents signed data
            SignedCms signedMessage = new SignedCms(content);



            // create a signer
            CmsSigner signer = new CmsSigner(signingCert);

            // sign the data
            //Orig:signedMessage.ComputeSignature(signer);
            signedMessage.ComputeSignature(signer, false);

            // create PKCS #7 byte array
            byte[] signedBytes = signedMessage.Encode();

            // return signed data
            return(signedBytes);
        }
Ejemplo n.º 28
0
        /// <summary>
        /// Подписывает документ.
        /// </summary>
        /// <param name="userId">ИД пользователя.</param>
        /// <param name="seanceId">ИД сеанса (клиентского подключения).</param>
        /// <param name="certificateId">ИД сертификата.</param>
        /// <param name="document">Документ.</param>
        /// <param name="data">Подписываемые данные.</param>
        /// <param name="contentType">Тип подписываемых данных.</param>
        /// <returns>ИД операции.</returns>
        public string SignDocument(int userId, int seanceId, int certificateId, DocumentModel document,
                                   Stream data, ContentType contentType)
        {
            byte[] signature;

            using (var certificate = CertificateManager.GetUserCertificate(userId, certificateId))
            {
                using (var ms = new MemoryStream())
                {
                    data.CopyTo(ms);

                    var contentInfo = new ContentInfo(ms.ToArray());
                    var signedCms   = new SignedCms(contentInfo, true);
                    var cmsSigner   = new CmsSigner(certificate);

                    cmsSigner.IncludeOption        = X509IncludeOption.EndCertOnly;
                    cmsSigner.SignerIdentifierType = SubjectIdentifierType.IssuerAndSerialNumber;
                    cmsSigner.SignedAttributes.Add(new Pkcs9SigningTime(DateTime.Now));

                    signedCms.ComputeSignature(cmsSigner, true);
                    signature = signedCms.Encode();
                }
            }

            var newOperationId = Guid.NewGuid().ToString();

            RequestResultsStorage.SaveRequestResult(userId, newOperationId, null);

            // Имитируем работу.
            Task.Delay(TimeSpan.FromSeconds(10))
            .ContinueWith(t =>
            {
                RequestResultsStorage.SaveRequestResult(userId, newOperationId, signature);
            });

            return(newOperationId);
        }
        /// <summary>
        /// Firma mensaje
        /// </summary>
        /// <param name="messageBytes">Bytes del mensaje</param>
        /// <param name="signerCertificate">Certificado usado para firmar</param>
        /// <returns>Bytes del mensaje firmado</returns>
        /// <remarks></remarks>
        public static byte[] SignMessageBytes(byte[] messageBytes, X509Certificate2 signerCertificate)
        {
            const string ID_FNC = "[FirmaBytesMensaje]";

            try
            {
                // Pongo el mensaje en un objeto ContentInfo (requerido para construir el obj SignedCms)
                var contentInfo = new ContentInfo(messageBytes);
                var signedCms   = new SignedCms(contentInfo);

                // Creo objeto CmsSigner que tiene las caracteristicas del firmante
                var cmsSigner = new CmsSigner(signerCertificate)
                {
                    IncludeOption = X509IncludeOption.EndCertOnly
                };

                if (VerboseMode)
                {
                    Console.WriteLine(ID_FNC + "***Firmando bytes del mensaje...");
                }

                // Firmo el mensaje PKCS #7
                signedCms.ComputeSignature(cmsSigner);

                if (VerboseMode)
                {
                    Console.WriteLine(ID_FNC + "***OK mensaje firmado");
                }

                // Encodeo el mensaje PKCS #7.
                return(signedCms.Encode());
            }
            catch (Exception ex)
            {
                throw new Exception(ID_FNC + "***Error al firmar: " + ex.Message);
            }
        }
Ejemplo n.º 30
0
        public void TestSignerIdentifierType()
        {
            var path = Path.Combine("..", "..", "TestData", "smime", "smime.p12");
            List <X509Certificate> certificates;
            AsymmetricKeyParameter key;
            var       password = "******";
            CmsSigner signer;

            signer = new CmsSigner(path, password, SubjectIdentifierType.SubjectKeyIdentifier);
            Assert.AreEqual(SubjectIdentifierType.SubjectKeyIdentifier, signer.SignerIdentifierType, "new CmsSigner (string, string)");
            Assert.AreEqual(RsaSignaturePaddingScheme.Pkcs1, signer.RsaSignaturePaddingScheme, "RsaSignaturePaddingScheme");
            Assert.IsNull(signer.RsaSignaturePadding, "RsaSignaturePadding");

            using (var stream = File.OpenRead(path))
                signer = new CmsSigner(stream, password, SubjectIdentifierType.SubjectKeyIdentifier);
            Assert.AreEqual(SubjectIdentifierType.SubjectKeyIdentifier, signer.SignerIdentifierType, "new CmsSigner (Stream, string)");
            Assert.AreEqual(RsaSignaturePaddingScheme.Pkcs1, signer.RsaSignaturePaddingScheme, "RsaSignaturePaddingScheme");
            Assert.IsNull(signer.RsaSignaturePadding, "RsaSignaturePadding");

            LoadPkcs12(path, password, out certificates, out key);

            signer = new CmsSigner(certificates, key, SubjectIdentifierType.SubjectKeyIdentifier);
            Assert.AreEqual(SubjectIdentifierType.SubjectKeyIdentifier, signer.SignerIdentifierType, "new CmsSigner (chain, key)");
            Assert.AreEqual(RsaSignaturePaddingScheme.Pkcs1, signer.RsaSignaturePaddingScheme, "RsaSignaturePaddingScheme");
            Assert.IsNull(signer.RsaSignaturePadding, "RsaSignaturePadding");

            signer = new CmsSigner(certificates[0], key, SubjectIdentifierType.SubjectKeyIdentifier);
            Assert.AreEqual(SubjectIdentifierType.SubjectKeyIdentifier, signer.SignerIdentifierType, "new CmsSigner (certificate, key)");
            Assert.AreEqual(RsaSignaturePaddingScheme.Pkcs1, signer.RsaSignaturePaddingScheme, "RsaSignaturePaddingScheme");
            Assert.IsNull(signer.RsaSignaturePadding, "RsaSignaturePadding");

            signer = new CmsSigner(new X509Certificate2(path, password, X509KeyStorageFlags.Exportable), SubjectIdentifierType.SubjectKeyIdentifier);
            Assert.AreEqual(SubjectIdentifierType.SubjectKeyIdentifier, signer.SignerIdentifierType, "new CmsSigner (X509Certificate2)");
            Assert.AreEqual(RsaSignaturePaddingScheme.Pkcs1, signer.RsaSignaturePaddingScheme, "RsaSignaturePaddingScheme");
            Assert.IsNull(signer.RsaSignaturePadding, "RsaSignaturePadding");
        }
Ejemplo n.º 31
0
 /// <summary>
 /// The <see cref="M:System.Security.Cryptography.Pkcs.SignerInfo.ComputeCounterSignature(System.Security.Cryptography.Pkcs.CmsSigner)"/> method creates a countersignature by using the specified signer and adds the signature to the CMS/PKCS #7 message. Countersignatures are restricted to one level.
 /// </summary>
 /// <param name="signer">A <see cref="T:System.Security.Cryptography.Pkcs.CmsSigner"/> object that represents the counter signer.</param><exception cref="T:System.ArgumentNullException">A null reference was passed to a method that does not accept it as a valid argument. </exception><exception cref="T:System.Security.Cryptography.CryptographicException">A cryptographic operation could not be completed.</exception>
 public void ComputeCounterSignature(CmsSigner signer)
 {
     if (this.m_parentSignerInfo != null)
         throw new CryptographicException(-2147483647);
     if (signer == null)
         throw new ArgumentNullException("signer");
     if (signer.Certificate == null)
         signer.Certificate = PkcsUtils.SelectSignerCertificate();
     if (!signer.Certificate.HasPrivateKey)
         throw new CryptographicException(-2146893811);
     this.CounterSign(signer);
 }
Ejemplo n.º 32
0
        private bool signFile(string file, string outFile, string algoritmus, bool detached)
        {
            try
            {
                string saveTo = Path.GetDirectoryName(file);
                string tmpDir = FastZep.FastZepFolder + "tmp";
                if (lbValue == "") {
                    return false;
                }
                if (Directory.Exists(tmpDir))
                {
                    Directory.Delete(tmpDir, true);
                }
                Directory.CreateDirectory(tmpDir);

                string date = DateTime.Now.Subtract(TimeSpan.FromHours(1)).ToString("yyyyMMddHHmmss") + "Z";

                Directory.CreateDirectory(tmpDir + "\\D" + date + "\\Policy\\");
                string certFile = tmpDir + "\\D" + date + "\\Policy\\P" + date + ".der";
                string sigFile = tmpDir + "\\D" + date + "\\S" + date + ".p7s";

                string emlFile = tmpDir + "\\D" + date + "\\M" + date + ".eml";
                Directory.CreateDirectory(tmpDir + "\\D" + date + "\\");
                TextWriter eml = new StreamWriter(emlFile);
                eml.WriteLine("MIME-Version: 1.0");
                eml.WriteLine("Content-Type: " + MimeType(file));
                eml.WriteLine("Content-Transfer-Encoding: base64");
                eml.WriteLine("Content-Disposition: filename=\"" + Path.GetFileName(file) + "\"");
                eml.WriteLine();
                FileStream fs = new FileStream(file, FileMode.Open);
                byte[] filebytes = new byte[fs.Length];
                fs.Read(filebytes, 0, Convert.ToInt32(fs.Length));
                string encodedData = Convert.ToBase64String(filebytes, Base64FormattingOptions.InsertLineBreaks);
                eml.Write(encodedData);
                eml.Close();
                fs.Close();

                byte[] buffer = File.ReadAllBytes(emlFile);
                ContentInfo contentInfo = new ContentInfo(buffer);
                X509Store store = new X509Store();
                store.Open(OpenFlags.ReadOnly);
                X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySerialNumber, lbValue, false);
                int i = 0;
                foreach (X509Certificate2 cert in certs)
                {
                    i++;
                    SignedCms signedCms = new SignedCms(SubjectIdentifierType.IssuerAndSerialNumber, contentInfo, !detached);
                    CmsSigner cmsSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, cert);

                    cmsSigner.SignedAttributes.Add(new Pkcs9SigningTime());
                    cmsSigner.IncludeOption = X509IncludeOption.WholeChain;

                    ESSCertIDv2 cer2 = new ESSCertIDv2(cert);
                    X509Chain chain = new X509Chain();
                    chain.Build(cert);

                    /*

                    /**/

                    //cmsSigner.UnsignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.21", CertRefs.get(chain)));
                    //cmsSigner.UnsignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.22", CertCrls.get(chain)));
                    //cmsSigner.UnsignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.23", OtherCerts.get(chain)));
                    //cmsSigner.UnsignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.24", OtherCrls.get(chain)));
                    /**/
                    //cmsSigner.SignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.47", cer2.get()));
                    //cmsSigner.SignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.15", getPolicy(false)));

                    /**/
                    signedCms.ComputeSignature(cmsSigner, false);
                    File.WriteAllBytes(certFile, getPolicy(true));
                    File.WriteAllBytes(sigFile, signedCms.Encode());
                }
                if (i == 0)
                {
                    throw new Exception("Failed" + Marshal.GetLastWin32Error().ToString());
                }
                SignedCms signedCms2 = new SignedCms();

                byte[] encodedMessage = File.ReadAllBytes(sigFile);
                signedCms2.Decode(encodedMessage);

                BHI.Rats.RatsCompressionManager.Zip(tmpDir, outFile);
                Directory.Delete(tmpDir, true);
                return true;
            }
            catch (CryptographicException e)
            {
                var error = e.Message.ToString();
                if (error == "Unknown error \"-1073741275\".") {
                    error = "Nepodarilo sa načítať certifikát. odpojte a pripojte čítačku.";
                }
                if (error == "An internal error occurred.\r\n") {
                    error = "Došlo ku chybe pri podpisovaní. Pravdepodobne nemáte pripojený USB kľúč alebo čítačku kariet.";
                }
                Console.WriteLine("Signing failed: " + error.ToString());
                if (e.InnerException != null)
                {
                    Console.WriteLine("Inner Exception: " + e.InnerException.ToString());
                }
                MessageBox.Show(error, "Chyba pri podpisovaní", MessageBoxButtons.OK, MessageBoxIcon.Error);

            }catch (Exception exc)
            {
                MessageBox.Show(exc.Message + "\n" + Marshal.GetLastWin32Error().ToString(), "Chyba pri podpisovaní", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
            return false;
        }
        /// <summary>
        /// Gets the cms signer for the specified <see cref="MimeKit.MailboxAddress"/>.
        /// </summary>
        /// <returns>The cms signer.</returns>
        /// <param name="mailbox">The mailbox.</param>
        /// <param name="digestAlgo">The preferred digest algorithm.</param>
        /// <exception cref="CertificateNotFoundException">
        /// A certificate for the specified <paramref name="mailbox"/> could not be found.
        /// </exception>
        protected override CmsSigner GetCmsSigner(MailboxAddress mailbox, DigestAlgorithm digestAlgo)
        {
            var store = new X509Store (StoreName.My, StoreLocation);

            store.Open (OpenFlags.ReadOnly);

            try {
                foreach (var certificate in store.Certificates) {
                    if (!certificate.HasPrivateKey)
                        continue;

                    if (certificate.GetNameInfo (X509NameType.EmailName, false) != mailbox.Address)
                        continue;

                    var pair = DotNetUtilities.GetKeyPair (certificate.PrivateKey);
                    var cert = DotNetUtilities.FromX509Certificate (certificate);
                    var signer = new CmsSigner (cert, pair.Private);
                    signer.DigestAlgorithm = digestAlgo;

                    return signer;
                }
            } finally {
                store.Close ();
            }

            throw new CertificateNotFoundException (mailbox, "A valid signing certificate could not be found.");
        }
 public void ComputeCounterSignature(CmsSigner signer)
 {
 }
 public void ComputeSignature(CmsSigner signer)
 {
 }
		/// <summary>
		/// Gets the cms signer for the specified <see cref="MimeKit.MailboxAddress"/>.
		/// </summary>
		/// <remarks>
		/// Gets the cms signer for the specified <see cref="MimeKit.MailboxAddress"/>.
		/// </remarks>
		/// <returns>The cms signer.</returns>
		/// <param name="mailbox">The mailbox.</param>
		/// <param name="digestAlgo">The preferred digest algorithm.</param>
		/// <exception cref="CertificateNotFoundException">
		/// A certificate for the specified <paramref name="mailbox"/> could not be found.
		/// </exception>
		protected override CmsSigner GetCmsSigner (MailboxAddress mailbox, DigestAlgorithm digestAlgo)
		{
			var certificate = GetCmsSignerCertificate (mailbox);
			var pair = DotNetUtilities.GetKeyPair (certificate.PrivateKey);
			var cert = DotNetUtilities.FromX509Certificate (certificate);
			var signer = new CmsSigner (cert, pair.Private);
			signer.DigestAlgorithm = digestAlgo;
			return signer;
		}
 public void ComputeSignature(CmsSigner signer, bool silent)
 {
 }
Ejemplo n.º 38
0
        /// <summary> 
        /// Construye un Login Ticket obtenido del WSAA 
        /// </summary> 
        /// <param name="argServicio">Servicio al que se desea acceder</param> 
        /// <param name="argUrlWsaa">URL del WSAA</param> 
        /// <param name="argRutaCertX509Firmante">Ruta del certificado X509 (con clave privada) usado para firmar</param> 
        /// <param name="argVerbose">Nivel detallado de descripcion? true/false</param> 
        /// <remarks></remarks> 
        public void Obtener(string argServicio, string argUrlWsaa, string argRutaCertX509Firmante, bool argVerbose)
        {
            RutaDelCertificadoFirmante = argRutaCertX509Firmante;

            string cmsFirmadoBase64;
            string respuesta;

            XmlNode xmlNodoUniqueId;
            XmlNode xmlNodoGenerationTime;
            XmlNode xmlNodoExpirationTime;
            XmlNode xmlNodoService;

            // PASO 1: Genero el Login Ticket Request
            try {
                solicitudXML = new XmlDocument ();
                solicitudXML.LoadXml (solicitudPlantillaXML);

                xmlNodoUniqueId = solicitudXML.SelectSingleNode ("//uniqueId");
                xmlNodoGenerationTime = solicitudXML.SelectSingleNode ("//generationTime");
                xmlNodoExpirationTime = solicitudXML.SelectSingleNode ("//expirationTime");
                xmlNodoService = solicitudXML.SelectSingleNode ("//service");

                var now = DateTime.Now;

                xmlNodoGenerationTime.InnerText = now.ToString ("s");
                xmlNodoExpirationTime.InnerText = now.AddHours (12).ToString ("s");
                xmlNodoUniqueId.InnerText = Convert.ToString (_globalUniqueID);
                xmlNodoService.InnerText = Servicio;

                _globalUniqueID += 1;

            } catch (Exception ex) {
                throw new Exception ("Error GENERANDO el Ticket de acceso : " + ex.Message);
            }

            // PASO 2: Firmo el Login Ticket Request
            try {
                // Convierto el login ticket request a bytes, para firmar
                Encoding EncodedMsg = Encoding.UTF8;
                byte[] msgBytes = EncodedMsg.GetBytes (solicitudXML.OuterXml);
                byte[] encodedSignedCms;
                // Firmo el msg y paso a Base64
                try {
                    var certList = new ArrayList ();
                    CMSTypedData msg = new CMSProcessableByteArray ("Hello world!".getBytes ());

                    certList.add (signCert);

                    Store certs = new JcaCertStore (certList);

                    var gen = new  CMSSignedDataGenerator ();
                    ContentSigner sha1Signer = new JcaContentSignerBuilder ("SHA1withRSA").setProvider ("BC").build (signKP.getPrivate ());

                    gen.addSignerInfoGenerator (
                        new JcaSignerInfoGeneratorBuilder (
                            new JcaDigestCalculatorProviderBuilder ().setProvider ("BC").build ())
                        .build (sha1Signer, signCert));

                    gen.addCertificates (certs);

                    CMSSignedData sigData = gen.generate (msg, false);

                    cmsFirmadoBase64 = Convert.ToBase64String (encodedSignedCms);
                    // Pongo el mensaje en un objeto ContentInfo (requerido para construir el obj SignedCms)
                    var infoContenido = new System.Security.Cryptography.Pkcs.ContentInfo (msgBytes);
                    var cmsFirmado = new SignedCms (infoContenido);

                    // Creo objeto CmsSigner que tiene las caracteristicas del firmante
                    var cmsFirmante = new CmsSigner (certificadoFirmante);
                    cmsFirmante.IncludeOption = X509IncludeOption.EndCertOnly;

                    // Firmo el mensaje PKCS #7
                    cmsFirmado.ComputeSignature (cmsFirmante);
                    // Encodeo el mensaje PKCS #7.
                    encodedSignedCms = cmsFirmado.Encode ();
                } catch (Exception excepcionAlFirmar) {
                    throw new Exception ("***Error al firmar: " + excepcionAlFirmar.Message);
                }
            } catch (Exception excepcionAlFirmar) {
                throw new Exception ("***Error FIRMANDO el LoginTicketRequest : " + excepcionAlFirmar.Message);
            }

            // PASO 3: Invoco al WSAA para obtener el Login Ticket Response
            try {
                var wsaa = new  WSAA.LoginCMSService ();
                respuesta = wsaa.loginCms (cmsFirmadoBase64);
            } catch (Exception ex) {
                throw new Exception ("Error INVOCANDO al servicio WSAA : " + ex.Message);
            }

            // PASO 4: Analizo el Login Ticket Response recibido del WSAA
            try {
                respuestaXML = new XmlDocument ();
                respuestaXML.LoadXml (respuesta);

                id = UInt32.Parse (respuestaXML.SelectSingleNode ("//uniqueId").InnerText);
                generacion = DateTime.Parse (respuestaXML.SelectSingleNode ("//generationTime").InnerText);
                expiracion = DateTime.Parse (respuestaXML.SelectSingleNode ("//expirationTime").InnerText);
                firma = respuestaXML.SelectSingleNode ("//sign").InnerText;
                token = respuestaXML.SelectSingleNode ("//token").InnerText;
            } catch (Exception ex) {
                throw new Exception ("Error ANALIZANDO el LoginTicketResponse : " + ex.Message);
            }
        }
Ejemplo n.º 39
0
 private void CounterSign(CmsSigner signer)
 {
     CspParameters parameters = new CspParameters();
     if (!X509Utils.GetPrivateKeyInfo(X509Utils.GetCertContext(signer.Certificate), ref parameters))
         throw new CryptographicException(Marshal.GetLastWin32Error());
     KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
     KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Sign);
     containerPermission.AccessEntries.Add(accessEntry);
     containerPermission.Demand();
     uint dwIndex = (uint)PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0);
     SafeLocalAllocHandle localAllocHandle = CAPI.LocalAlloc(64U, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
     CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer);
     try
     {
         Marshal.StructureToPtr((object)signerEncodeInfo, localAllocHandle.DangerousGetHandle(), false);
         if (!CAPI.CryptMsgCountersign(this.m_signedCms.GetCryptMsgHandle(), dwIndex, 1U, localAllocHandle.DangerousGetHandle()))
             throw new CryptographicException(Marshal.GetLastWin32Error());
         this.m_signedCms.ReopenToDecode();
     }
     finally
     {
         Marshal.DestroyStructure(localAllocHandle.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
         localAllocHandle.Dispose();
         signerEncodeInfo.Dispose();
     }
     int num = (int)PkcsUtils.AddCertsToMessage(this.m_signedCms.GetCryptMsgHandle(), this.m_signedCms.Certificates, PkcsUtils.CreateBagOfCertificates(signer));
 }
Ejemplo n.º 40
0
 public void ComputeSignature(CmsSigner signer)
 {
     this.ComputeSignature(signer, true);
 }
Ejemplo n.º 41
0
 public void ComputeSignature(CmsSigner signer, bool silent)
 {
     if (signer == null)
         throw new ArgumentNullException("signer");
     if (this.ContentInfo.Content.Length == 0)
         throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Sign_Empty_Content"));
     if (SubjectIdentifierType.NoSignature == signer.SignerIdentifierType)
     {
         if (this.m_safeCryptMsgHandle != null && !this.m_safeCryptMsgHandle.IsInvalid)
             throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Sign_No_Signature_First_Signer"));
         this.Sign(signer, silent);
     }
     else
     {
         if (signer.Certificate == null)
         {
             if (silent)
                 throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_RecipientCertificateNotFound"));
             signer.Certificate = PkcsUtils.SelectSignerCertificate();
         }
         if (!signer.Certificate.HasPrivateKey)
             throw new CryptographicException(-2146893811);
         CspParameters parameters = new CspParameters();
         if (!X509Utils.GetPrivateKeyInfo(X509Utils.GetCertContext(signer.Certificate), ref parameters))
             throw new CryptographicException(SignedCms.SafeGetLastWin32Error());
         KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
         KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Sign);
         containerPermission.AccessEntries.Add(accessEntry);
         containerPermission.Demand();
         if (this.m_safeCryptMsgHandle == null || this.m_safeCryptMsgHandle.IsInvalid)
             this.Sign(signer, silent);
         else
             this.CoSign(signer, silent);
     }
 }
Ejemplo n.º 42
0
 private void CoSign(CmsSigner signer, bool silent)
 {
     CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer, silent);
     try
     {
         SafeLocalAllocHandle localAllocHandle = CAPI.LocalAlloc(64U, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
         try
         {
             Marshal.StructureToPtr((object)signerEncodeInfo, localAllocHandle.DangerousGetHandle(), false);
             if (!CAPI.CryptMsgControl(this.m_safeCryptMsgHandle, 0U, 6U, localAllocHandle.DangerousGetHandle()))
                 throw new CryptographicException(Marshal.GetLastWin32Error());
         }
         finally
         {
             Marshal.DestroyStructure(localAllocHandle.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
             localAllocHandle.Dispose();
         }
     }
     finally
     {
         signerEncodeInfo.Dispose();
     }
     int num = (int)PkcsUtils.AddCertsToMessage(this.m_safeCryptMsgHandle, this.Certificates, PkcsUtils.CreateBagOfCertificates(signer));
 }
Ejemplo n.º 43
0
 private unsafe void Sign(CmsSigner signer, bool silent)
 {
     CAPI.CMSG_SIGNED_ENCODE_INFO signedEncodeInfo = new CAPI.CMSG_SIGNED_ENCODE_INFO(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNED_ENCODE_INFO)));
     CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer, silent);
     byte[] encodedMessage = (byte[])null;
     try
     {
         SafeLocalAllocHandle localAllocHandle = CAPI.LocalAlloc(0U, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
         try
         {
             Marshal.StructureToPtr((object)signerEncodeInfo, localAllocHandle.DangerousGetHandle(), false);
             X509Certificate2Collection bagOfCertificates = PkcsUtils.CreateBagOfCertificates(signer);
             SafeLocalAllocHandle encodedCertBlob = PkcsUtils.CreateEncodedCertBlob(bagOfCertificates);
             signedEncodeInfo.cSigners = 1U;
             signedEncodeInfo.rgSigners = localAllocHandle.DangerousGetHandle();
             signedEncodeInfo.cCertEncoded = (uint)bagOfCertificates.Count;
             if (bagOfCertificates.Count > 0)
                 signedEncodeInfo.rgCertEncoded = encodedCertBlob.DangerousGetHandle();
             SafeCryptMsgHandle safeCryptMsgHandle = string.Compare(this.ContentInfo.ContentType.Value, "1.2.840.113549.1.7.1", StringComparison.OrdinalIgnoreCase) != 0 ? CAPI.CryptMsgOpenToEncode(65537U, this.Detached ? 4U : 0U, 2U, new IntPtr((void*)&signedEncodeInfo), this.ContentInfo.ContentType.Value, IntPtr.Zero) : CAPI.CryptMsgOpenToEncode(65537U, this.Detached ? 4U : 0U, 2U, new IntPtr((void*)&signedEncodeInfo), IntPtr.Zero, IntPtr.Zero);
             if (safeCryptMsgHandle == null || safeCryptMsgHandle.IsInvalid)
                 throw new CryptographicException(Marshal.GetLastWin32Error());
             if (this.ContentInfo.Content.Length > 0 && !CAPI.CAPISafe.CryptMsgUpdate(safeCryptMsgHandle, this.ContentInfo.pContent, (uint)this.ContentInfo.Content.Length, true))
                 throw new CryptographicException(Marshal.GetLastWin32Error());
             encodedMessage = PkcsUtils.GetContent(safeCryptMsgHandle);
             safeCryptMsgHandle.Dispose();
             encodedCertBlob.Dispose();
         }
         finally
         {
             Marshal.DestroyStructure(localAllocHandle.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
             localAllocHandle.Dispose();
         }
     }
     finally
     {
         signerEncodeInfo.Dispose();
     }
     SafeCryptMsgHandle safeCryptMsgHandle1 = SignedCms.OpenToDecode(encodedMessage, this.ContentInfo, this.Detached);
     if (this.m_safeCryptMsgHandle != null && !this.m_safeCryptMsgHandle.IsInvalid)
         this.m_safeCryptMsgHandle.Dispose();
     this.m_safeCryptMsgHandle = safeCryptMsgHandle1;
     GC.KeepAlive((object)signer);
 }