private Attribute MakeSigningCertificateAttribute(SignatureParameters parameters)
{
try
{
byte[] certHash = DigestUtilities.CalculateDigest
(parameters.DigestAlgorithm.GetName(),
parameters.SigningCertificate.GetEncoded());
if (parameters.DigestAlgorithm == DigestAlgorithm.SHA1)
{
SigningCertificate sc = new SigningCertificate(new EssCertID(certHash));
return(new Attribute(PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(sc
)));
}
else
{
EssCertIDv2 essCert = new EssCertIDv2(new AlgorithmIdentifier(parameters.DigestAlgorithm
.GetOid()), certHash);
SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert }
);
return(new Attribute(PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet
(scv2)));
}
}
catch (NoSuchAlgorithmException e)
{
throw new RuntimeException(e);
}
catch (CertificateException e)
{
throw new RuntimeException(e);
}
}
public void CreateSigningCertificateV2_WithValidInput_ReturnsAttribute(Common.HashAlgorithmName hashAlgorithmName)
{
using (var certificate = _fixture.GetDefaultCertificate())
{
var attribute = AttributeUtility.CreateSigningCertificateV2(certificate, hashAlgorithmName);
Assert.Equal(Oids.SigningCertificateV2, attribute.Oid.Value);
Assert.Equal(1, attribute.Values.Count);
var signingCertificateV2 = SigningCertificateV2.Read(attribute.Values[0].RawData);
Assert.Equal(1, signingCertificateV2.Certificates.Count);
var essCertIdV2 = signingCertificateV2.Certificates[0];
var expectedHash = SignTestUtility.GetHash(certificate, hashAlgorithmName);
SignTestUtility.VerifyByteArrays(expectedHash, essCertIdV2.CertificateHash);
Assert.Equal(
hashAlgorithmName,
CryptoHashUtility.OidToHashAlgorithmName(essCertIdV2.HashAlgorithm.Algorithm.Value));
Assert.Equal(certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name);
var serialNumber = certificate.GetSerialNumber();
// Convert from little endian to big endian.
Array.Reverse(serialNumber);
SignTestUtility.VerifyByteArrays(
serialNumber,
essCertIdV2.IssuerSerial.SerialNumber);
}
}
private Asn1EncodableVector CreateSignatureAttribute(byte[] dataHashSha256, X509Certificate signingCertificate)
{
Asn1EncodableVector signedAttributesVector = new Asn1EncodableVector();
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
attrType: new DerObjectIdentifier(Oid.PKCS9AtContentType),
attrValues: new DerSet(new DerObjectIdentifier(Oid.PKCS7IdData))));
// Add PKCS#9 messageDigest signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
attrType: new DerObjectIdentifier(Oid.PKCS9AtMessageDigest),
attrValues: new DerSet(new DerOctetString(dataHashSha256))));
// Add PKCS#9 signingTime signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
attrType: new DerObjectIdentifier(Oid.PKCS9AtSigningTime),
attrValues: new DerSet(new Org.BouncyCastle.Asn1.Cms.Time(new DerUtcTime(DateTime.UtcNow)))));
// Add SigningCertificateV2
byte[] certHash = this.ComputeHash(signingCertificate.GetEncoded());
EssCertIDv2 essCert1 = new EssCertIDv2(new AlgorithmIdentifier(new DerObjectIdentifier(Oid.SHA256)), certHash);
SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert1 });
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
attrType: new DerObjectIdentifier(Oid.SigningCertificateV2),
attrValues: new DerSet(scv2)));
return(signedAttributesVector);
}
// Sign the message with the private key of the signer.
static public byte[] SignMsg(Byte[] msg, X509Certificate2 signerCert, bool detached, bool UsaTSA, string TSAurl, string TSAuser, string TSApass)
{
try
{
SHA256Managed hashSha256 = new SHA256Managed();
byte[] certHash = hashSha256.ComputeHash(signerCert.RawData);
EssCertIDv2 essCert1 = new EssCertIDv2(new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier("2.16.840.1.101.3.4.2.1"), certHash);
SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert1 });
Org.BouncyCastle.Asn1.Cms.Attribute CertHAttribute = new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2));
Asn1EncodableVector v = new Asn1EncodableVector();
v.Add(CertHAttribute);
Org.BouncyCastle.Asn1.Cms.AttributeTable AT = new Org.BouncyCastle.Asn1.Cms.AttributeTable(v);
CmsSignedDataGenWithRsaCsp cms = new CmsSignedDataGenWithRsaCsp();
var rsa = (RSACryptoServiceProvider)signerCert.PrivateKey;
Org.BouncyCastle.X509.X509Certificate certCopy = DotNetUtilities.FromX509Certificate(signerCert);
cms.MyAddSigner(rsa, certCopy, "1.2.840.113549.1.1.1", "2.16.840.1.101.3.4.2.1", AT, null);
ArrayList certList = new ArrayList();
certList.Add(certCopy);
Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(certList);
Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
cms.AddCertificates(st1);
CmsProcessableByteArray file = new CmsProcessableByteArray(msg); //CmsProcessableFile(File);
CmsSignedData Firmato = cms.Generate(file, false); //se settato a true, il secondo argomento integra l'intero file
byte[] bb = Firmato.GetEncoded();
if (UsaTSA)
{
CmsSignedData sd = new CmsSignedData(bb);
SignerInformationStore signers = sd.GetSignerInfos();
byte[] signature = null;
SignerInformation signer = null;
foreach (SignerInformation signer_ in signers.GetSigners())
{
signer = signer_;
break;
}
signature = signer.GetSignature();
Org.BouncyCastle.Asn1.Cms.AttributeTable at = new Org.BouncyCastle.Asn1.Cms.AttributeTable(GetTimestamp(signature, TSAurl, TSAuser, TSApass));
signer = SignerInformation.ReplaceUnsignedAttributes(signer, at);
IList signerInfos = new ArrayList();
signerInfos.Add(signer);
sd = CmsSignedData.ReplaceSigners(sd, new SignerInformationStore(signerInfos));
bb = sd.GetEncoded();
}
return(bb);
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
return(null);
}
}
private static void VerifyAttributes(
CryptographicAttributeObjectCollection attributes,
SignPackageRequest request)
{
var pkcs9SigningTimeAttributeFound = false;
var commitmentTypeIndicationAttributeFound = false;
var signingCertificateV2AttributeFound = false;
foreach (var attribute in attributes)
{
Assert.Equal(1, attribute.Values.Count);
switch (attribute.Oid.Value)
{
case "1.2.840.113549.1.9.5": // PKCS #9 signing time
Assert.IsType <Pkcs9SigningTime>(attribute.Values[0]);
pkcs9SigningTimeAttributeFound = true;
break;
case Oids.CommitmentTypeIndication:
var qualifier = CommitmentTypeQualifier.Read(attribute.Values[0].RawData);
var expectedCommitmentType = AttributeUtility.GetSignatureTypeOid(request.SignatureType);
Assert.Equal(expectedCommitmentType, qualifier.CommitmentTypeIdentifier.Value);
commitmentTypeIndicationAttributeFound = true;
break;
case Oids.SigningCertificateV2:
var signingCertificateV2 = SigningCertificateV2.Read(attribute.Values[0].RawData);
Assert.Equal(1, signingCertificateV2.Certificates.Count);
var essCertIdV2 = signingCertificateV2.Certificates[0];
Assert.Equal(SignTestUtility.GetHash(request.Certificate, request.SignatureHashAlgorithm), essCertIdV2.CertificateHash);
Assert.Equal(request.SignatureHashAlgorithm.ConvertToOidString(), essCertIdV2.HashAlgorithm.Algorithm.Value);
Assert.Equal(request.Certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name);
SignTestUtility.VerifySerialNumber(request.Certificate, essCertIdV2.IssuerSerial);
Assert.Null(signingCertificateV2.Policies);
signingCertificateV2AttributeFound = true;
break;
}
}
Assert.True(pkcs9SigningTimeAttributeFound);
Assert.True(commitmentTypeIndicationAttributeFound);
Assert.True(signingCertificateV2AttributeFound);
}
public TimeStampToken(CmsSignedData signedData)
{
tsToken = signedData;
if (!tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo))
{
throw new TspValidationException("ContentInfo object not for a time stamp.");
}
ICollection signers = tsToken.GetSignerInfos().GetSigners();
if (signers.Count != 1)
{
throw new ArgumentException("Time-stamp token signed by " + signers.Count + " signers, but it must contain just the TSA signature.");
}
IEnumerator enumerator = signers.GetEnumerator();
enumerator.MoveNext();
tsaSignerInfo = (SignerInformation)enumerator.Current;
try
{
CmsProcessable signedContent = tsToken.SignedContent;
MemoryStream memoryStream = new MemoryStream();
signedContent.Write(memoryStream);
tstInfo = new TimeStampTokenInfo(TstInfo.GetInstance(Asn1Object.FromByteArray(memoryStream.ToArray())));
Org.BouncyCastle.Asn1.Cms.Attribute attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate];
if (attribute != null)
{
SigningCertificate instance = SigningCertificate.GetInstance(attribute.AttrValues[0]);
certID = new CertID(EssCertID.GetInstance(instance.GetCerts()[0]));
}
else
{
attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];
if (attribute == null)
{
throw new TspValidationException("no signing certificate attribute found, time stamp invalid.");
}
SigningCertificateV2 instance2 = SigningCertificateV2.GetInstance(attribute.AttrValues[0]);
certID = new CertID(EssCertIDv2.GetInstance(instance2.GetCerts()[0]));
}
}
catch (CmsException ex)
{
throw new TspException(ex.Message, ex.InnerException);
}
}
public TimeStampToken(CmsSignedData signedData)
{
//IL_0063: Unknown result type (might be due to invalid IL or missing references)
//IL_0094: Unknown result type (might be due to invalid IL or missing references)
//IL_009a: Expected O, but got Unknown
tsToken = signedData;
if (!tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo))
{
throw new TspValidationException("ContentInfo object not for a time stamp.");
}
global::System.Collections.ICollection signers = tsToken.GetSignerInfos().GetSigners();
if (signers.get_Count() != 1)
{
throw new ArgumentException(string.Concat((object)"Time-stamp token signed by ", (object)signers.get_Count(), (object)" signers, but it must contain just the TSA signature."));
}
global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)signers).GetEnumerator();
enumerator.MoveNext();
tsaSignerInfo = (SignerInformation)enumerator.get_Current();
try
{
CmsProcessable signedContent = tsToken.SignedContent;
MemoryStream val = new MemoryStream();
signedContent.Write((Stream)(object)val);
tstInfo = new TimeStampTokenInfo(TstInfo.GetInstance(Asn1Object.FromByteArray(val.ToArray())));
Attribute attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate];
if (attribute != null)
{
SigningCertificate instance = SigningCertificate.GetInstance(attribute.AttrValues[0]);
certID = new CertID(EssCertID.GetInstance(instance.GetCerts()[0]));
return;
}
attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];
if (attribute == null)
{
throw new TspValidationException("no signing certificate attribute found, time stamp invalid.");
}
SigningCertificateV2 instance2 = SigningCertificateV2.GetInstance(attribute.AttrValues[0]);
certID = new CertID(EssCertIDv2.GetInstance(instance2.GetCerts()[0]));
}
catch (CmsException ex)
{
throw new TspException(((global::System.Exception)ex).get_Message(), ((global::System.Exception)ex).get_InnerException());
}
}
private void basicSha256Test(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
{
var sInfoGenerator = makeInfoGenerator(privateKey, cert, TspAlgorithms.Sha256, null, null);
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
sInfoGenerator,
Asn1DigestFactory.Get(NistObjectIdentifiers.IdSha256), new DerObjectIdentifier("1.2"), true);
tsTokenGen.SetCertificates(certs);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha256, new byte[32], BigInteger.ValueOf(100));
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, new BigInteger("23"), DateTime.Now);
Assert.AreEqual((int)PkiStatus.Granted, tsResp.Status);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
tsToken.Validate(cert);
Asn1.Cms.AttributeTable table = tsToken.SignedAttributes;
Assert.NotNull(table[PkcsObjectIdentifiers.IdAASigningCertificateV2]);
Asn1DigestFactory digCalc = Asn1DigestFactory.Get(NistObjectIdentifiers.IdSha256);
IStreamCalculator calc = digCalc.CreateCalculator();
using (Stream s = calc.Stream)
{
var crt = cert.GetEncoded();
s.Write(crt, 0, crt.Length);
}
byte[] certHash = ((SimpleBlockResult)calc.GetResult()).Collect();
SigningCertificateV2 sigCertV2 = SigningCertificateV2.GetInstance(table[PkcsObjectIdentifiers.IdAASigningCertificateV2].AttrValues[0]);
Assert.IsTrue(Arrays.AreEqual(certHash, sigCertV2.GetCerts()[0].GetCertHash()));
}
/// <summary>
/// Método para crear el atributo que contiene la información del certificado empleado para la firma
/// </summary>
/// <param name="parameters"></param>
/// <returns></returns>
private BcCms.Attribute MakeSigningCertificateAttribute(SignatureParameters parameters)
{
X509Certificate certificate = new X509CertificateParser().ReadCertificate(parameters.Certificate.GetRawCertData());
TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(
certificate.GetTbsCertificate()));
GeneralName gn = new GeneralName(tbs.Issuer);
GeneralNames gns = new GeneralNames(gn);
IssuerSerial issuerSerial = new IssuerSerial(gns, tbs.SerialNumber);
byte[] certHash = DigestUtilities.CalculateDigest(parameters.DigestMethod.Name, certificate.GetEncoded());
var policies = GetPolicyInformation(certificate);
if (parameters.DigestMethod == DigestMethod.SHA1)
{
SigningCertificate sc = null;
if (policies != null)
{
Asn1EncodableVector v = new Asn1EncodableVector();
v.Add(new DerSequence(new EssCertID(certHash, issuerSerial)));
v.Add(new DerSequence(policies));
sc = SigningCertificate.GetInstance(new DerSequence(v));
}
else
{
sc = new SigningCertificate(new EssCertID(certHash, issuerSerial));
}
return(new BcCms.Attribute(PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(sc)));
}
else
{
EssCertIDv2 essCert = new EssCertIDv2(new AlgorithmIdentifier(parameters.DigestMethod
.Oid), certHash, issuerSerial);
SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert }, policies);
return(new BcCms.Attribute(PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet
(scv2)));
}
}
private Attribute MakeSigningCertificateAttribute(SignatureParameters parameters)
{
byte[] certHash = DigestUtilities.CalculateDigest(Helpers.CmsSignedHelper.Instance.GetDigestAlgName(parameters.DigestAlgorithmOID), parameters.SigningCertificate.GetEncoded());
if (parameters.DigestAlgorithmOID == DigestAlgorithm.SHA1.OID)
{
SigningCertificate sc = new SigningCertificate(new EssCertID(certHash, new IssuerSerial(
new GeneralNames(new GeneralName(parameters.SigningCertificate.IssuerDN)),
new DerInteger(parameters.SigningCertificate.SerialNumber))));
//SigningCertificate sc = new SigningCertificate(new EssCertID(certHash));
return(new Attribute(PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(sc)));
}
else
{
EssCertIDv2 essCert = new EssCertIDv2(new AlgorithmIdentifier(new DerObjectIdentifier(parameters.DigestAlgorithmOID)), certHash, new IssuerSerial(
new GeneralNames(new GeneralName(parameters.SigningCertificate.IssuerDN)),
new DerInteger(parameters.SigningCertificate.SerialNumber)));
SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert });
return(new Attribute(PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2)));
}
}
public static byte[] FirmaFileBouncy(byte[] data, X509Certificate2 cert)
{
try
{
SHA256Managed hashSha256 = new SHA256Managed();
byte[] certHash = hashSha256.ComputeHash(cert.RawData);
EssCertIDv2 essCert1 = new EssCertIDv2(new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier("2.16.840.1.101.3.4.2.1"), certHash);
SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert1 });
Org.BouncyCastle.Asn1.Cms.Attribute CertHAttribute = new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2));
Asn1EncodableVector v = new Asn1EncodableVector();
v.Add(CertHAttribute);
Org.BouncyCastle.Asn1.Cms.AttributeTable AT = new Org.BouncyCastle.Asn1.Cms.AttributeTable(v);
CmsSignedDataGenWithRsaCsp cms = new CmsSignedDataGenWithRsaCsp();
var rsa = (RSACryptoServiceProvider)cert.PrivateKey;
Org.BouncyCastle.X509.X509Certificate certCopy = DotNetUtilities.FromX509Certificate(cert);
cms.MyAddSigner(rsa, certCopy, "1.2.840.113549.1.1.1", "2.16.840.1.101.3.4.2.1", AT, null);
ArrayList certList = new ArrayList();
certList.Add(certCopy);
Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(certList);
Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
cms.AddCertificates(st1);
//mi ricavo il file da firmare
CmsSignedData Firmato = cms.Generate(new CmsProcessableByteArray(data), false);
CmsSigner cmsSigner = new CmsSigner(cert);
cmsSigner.IncludeOption = X509IncludeOption.EndCertOnly;
System.Security.Cryptography.Pkcs.ContentInfo contentInfo = new System.Security.Cryptography.Pkcs.ContentInfo(Firmato.GetEncoded());
SignedCms signedCms = new SignedCms();
signedCms.Decode(Firmato.GetEncoded());
byte[] ret = signedCms.Encode();
return(ret);
}
catch
{
return(null);
}
}
public void TestBasicSha256()
{
var sInfoGenerator = makeInfoGenerator(privateKey, cert, TspAlgorithms.Sha256, null, null);
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
sInfoGenerator,
Asn1DigestFactory.Get(NistObjectIdentifiers.IdSha256), new DerObjectIdentifier("1.2"), true);
tsTokenGen.SetCertificates(certs);
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha256, new byte[32]);
Assert.IsFalse(request.CertReq);
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
tsResp = new TimeStampResponse(tsResp.GetEncoded());
TimeStampToken tsToken = tsResp.TimeStampToken;
tsToken.Validate(cert);
TimeStampTokenInfo tstInfo = tsToken.TimeStampInfo;
AttributeTable table = tsToken.SignedAttributes;
var r = table.Get(PkcsObjectIdentifiers.IdAASigningCertificateV2);
Assert.NotNull(r);
Assert.AreEqual(PkcsObjectIdentifiers.IdAASigningCertificateV2, r.AttrType);
var set = r.AttrValues;
SigningCertificateV2 sCert = SigningCertificateV2.GetInstance(set[0]);
var issSerNum = sCert.GetCerts()[0].IssuerSerial;
Assert.AreEqual(cert.SerialNumber, issSerNum.Serial.Value);
}
/// <summary>
/// Creates the signed attributes.
/// </summary>
/// <returns>The signed attributes.</returns>
/// <param name="docHash">Document hash.</param>
/// <param name="signingCert">Signing cert.</param>
private static DerSet CreateSignedAttributes(byte[] docHash, X509Certificate signingCert)
{
Asn1EncodableVector signedAttrs = new Asn1EncodableVector();
signedAttrs.Add(new BCAttribute(
PkcsObjectIdentifiers.Pkcs9AtContentType,
new DerSet(PkcsObjectIdentifiers.Data)
));
signedAttrs.Add(new BCAttribute(
PkcsObjectIdentifiers.Pkcs9AtMessageDigest,
new DerSet(new DerOctetString(docHash))
));
// IdAASignerCertificateV2
byte[] certHash = CalculateSha256Hash(signingCert.GetEncoded());
GeneralNames issuer = new GeneralNames(new GeneralName(signingCert.IssuerDN));
IssuerSerial issuerSerial = new IssuerSerial(issuer, new DerInteger(signingCert.SerialNumber));
AlgorithmIdentifier algIdentifier =
new AlgorithmIdentifier(new DerObjectIdentifier(Sha256Oid));
EssCertIDv2 essCert = new EssCertIDv2(algIdentifier, certHash, issuerSerial);
SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert });
signedAttrs.Add(new BCAttribute(
PkcsObjectIdentifiers.IdAASigningCertificateV2,
new DerSet(scv2)
));
signedAttrs.Add(new BCAttribute(
PkcsObjectIdentifiers.Pkcs9AtSigningTime,
new DerSet(new DerUtcTime(System.DateTime.UtcNow))
));
return(new DerSet(signedAttrs));
}
public TimeStampToken(
CmsSignedData signedData)
{
this.tsToken = signedData;
if (!this.tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo))
{
throw new TspValidationException("ContentInfo object not for a time stamp.");
}
ICollection signers = tsToken.GetSignerInfos().GetSigners();
if (signers.Count != 1)
{
throw new ArgumentException("Time-stamp token signed by "
+ signers.Count
+ " signers, but it must contain just the TSA signature.");
}
IEnumerator signerEnum = signers.GetEnumerator();
signerEnum.MoveNext();
tsaSignerInfo = (SignerInformation)signerEnum.Current;
try
{
CmsProcessable content = tsToken.SignedContent;
MemoryStream bOut = new MemoryStream();
content.Write(bOut);
this.tstInfo = new TimeStampTokenInfo(
TstInfo.GetInstance(
Asn1Object.FromByteArray(bOut.ToArray())));
Asn1.Cms.Attribute attr = tsaSignerInfo.SignedAttributes[
PkcsObjectIdentifiers.IdAASigningCertificate];
// if (attr == null)
// {
// throw new TspValidationException(
// "no signing certificate attribute found, time stamp invalid.");
// }
//
// SigningCertificate signCert = SigningCertificate.GetInstance(
// attr.AttrValues[0]);
//
// this.certID = EssCertID.GetInstance(signCert.GetCerts()[0]);
if (attr != null)
{
SigningCertificate signCert = SigningCertificate.GetInstance(attr.AttrValues[0]);
this.certID = new CertID(EssCertID.GetInstance(signCert.GetCerts()[0]));
}
else
{
attr = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];
if (attr == null)
{
throw new TspValidationException("no signing certificate attribute found, time stamp invalid.");
}
SigningCertificateV2 signCertV2 = SigningCertificateV2.GetInstance(attr.AttrValues[0]);
this.certID = new CertID(EssCertIDv2.GetInstance(signCertV2.GetCerts()[0]));
}
}
catch (CmsException e)
{
throw new TspException(e.Message, e.InnerException);
}
}
public byte[] FirmaFileBouncy(string NomeFile, X509Certificate2 cert, bool GiaFirmato, bool UsaTSA, string TSAurl, string TSAuser, string TSApass, out string RisFirma)
{
try
{
SHA256Managed hashSha256 = new SHA256Managed();
byte[] certHash = hashSha256.ComputeHash(cert.RawData);
EssCertIDv2 essCert1 = new EssCertIDv2(new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier("2.16.840.1.101.3.4.2.1"), certHash);
SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert1 });
Org.BouncyCastle.Asn1.Cms.Attribute CertHAttribute = new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2));
Asn1EncodableVector v = new Asn1EncodableVector();
v.Add(CertHAttribute);
Org.BouncyCastle.Asn1.Cms.AttributeTable AT = new Org.BouncyCastle.Asn1.Cms.AttributeTable(v);
CmsSignedDataGenWithRsaCsp cms = new CmsSignedDataGenWithRsaCsp();
var rsa = (RSACryptoServiceProvider)cert.PrivateKey;
Org.BouncyCastle.X509.X509Certificate certCopy = DotNetUtilities.FromX509Certificate(cert);
cms.MyAddSigner(rsa, certCopy, "1.2.840.113549.1.1.1", "2.16.840.1.101.3.4.2.1", AT, null);
ArrayList certList = new ArrayList();
certList.Add(certCopy);
Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(certList);
Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
cms.AddCertificates(st1);
//mi ricavo il file da firmare
FileInfo FileDaAprire = new FileInfo(NomeFile);
/*CmsSignedData Firmato;
* if (GiaFirmato) {
* CmsSignedData signedData = new CmsSignedData(File.ReadAllBytes(NomeFile));
* if (signedData!=null){
* SignerInformationStore signers = signedData.GetSignerInfos();
* certList.Add(signers.GetSigners());
* //MessageBox.Show(signedData.ContentInfo.GetEncoded().Length.ToString());
* //signedData.ContentInfo.GetEncoded();
* }
* certList.Insert(0,certCopy);
* CmsProcessableByteArray file = new CmsProcessableByteArray(signedData.ContentInfo.GetEncoded());
* Firmato = cms.Generate(file, true);
* } else {
* certList.Add(certCopy);
* CmsProcessableFile file = new CmsProcessableFile(FileDaAprire);
* Firmato = cms.Generate(file, true);
* }
*/
CmsProcessableFile file = new CmsProcessableFile(FileDaAprire);
CmsSignedData Firmato = cms.Generate(file, true);
byte[] Encoded = Firmato.GetEncoded();
if (UsaTSA)
{
CmsSignedData sd = new CmsSignedData(Encoded);
SignerInformationStore signers = sd.GetSignerInfos();
byte[] signature = null;
SignerInformation signer = null;
foreach (SignerInformation signer_ in signers.GetSigners())
{
signer = signer_;
break;
}
signature = signer.GetSignature();
Org.BouncyCastle.Asn1.Cms.AttributeTable at = new Org.BouncyCastle.Asn1.Cms.AttributeTable(GetTimestamp(signature, TSAurl, TSAuser, TSApass));
signer = SignerInformation.ReplaceUnsignedAttributes(signer, at);
IList signerInfos = new ArrayList();
signerInfos.Add(signer);
sd = CmsSignedData.ReplaceSigners(sd, new SignerInformationStore(signerInfos));
Encoded = sd.GetEncoded();
}
RisFirma = "";
return(Encoded);
}
catch (Exception ex)
{
RisFirma = ex.ToString();
return(null);
}
}
private void ReadInformation()
{
if (_signerInformation.SignedAttributes[PkcsObjectIdentifiers.Pkcs9AtSigningTime] != null)
{
_signingDate = DerUtcTime.GetInstance(_signerInformation.SignedAttributes[PkcsObjectIdentifiers.Pkcs9AtSigningTime].AttrValues[0]).ToDateTime().ToLocalTime();
}
if (_signerInformation.SignedAttributes[PkcsObjectIdentifiers.IdAAEtsSignerAttr] != null)
{
var signerAttr = SignerAttribute.GetInstance(_signerInformation.SignedAttributes[PkcsObjectIdentifiers.IdAAEtsSignerAttr].AttrValues[0]);
List <string> claimedRoles = new List <string>();
foreach (BcCms.Attribute claimedAttr in signerAttr.ClaimedAttributes)
{
foreach (var value in claimedAttr.AttrValues)
{
claimedRoles.Add(DerUtf8String.GetInstance(value).GetString());
}
}
_signerRoles = claimedRoles;
}
if (_signerInformation.UnsignedAttributes != null &&
_signerInformation.UnsignedAttributes[PkcsObjectIdentifiers.IdAASignatureTimeStampToken] != null)
{
_timeStamp = new TimeStampToken(new CmsSignedData(_signerInformation.UnsignedAttributes[PkcsObjectIdentifiers.IdAASignatureTimeStampToken].AttrValues[0].GetEncoded()));
}
// Se leen las contrafirmas
var signers = _signerInformation.GetCounterSignatures().GetSigners();
_counterSignatures = new List <SignerInfoNode>();
foreach (var signer in signers)
{
SignerInfoNode node = new SignerInfoNode((SignerInformation)signer, _sigDocument);
_counterSignatures.Add(node);
}
// Se intenta identificar el certificado empleado para la firma, esto quizás se pueda mejorar
byte[] certHash = null;
IssuerSerial issuerSerial = null;
if (_signerInformation.DigestAlgOid == DigestMethod.SHA1.Oid)
{
BcCms.Attribute attr = _signerInformation.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate];
SigningCertificate sc = SigningCertificate.GetInstance(attr.AttrValues[0]);
EssCertID ecid = sc.GetCerts()[0];
issuerSerial = ecid.IssuerSerial;
certHash = ecid.GetCertHash();
}
else
{
BcCms.Attribute attr = _signerInformation.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];
SigningCertificateV2 sc2 = SigningCertificateV2.GetInstance(attr.AttrValues[0]);
EssCertIDv2 ecid = sc2.GetCerts()[0];
issuerSerial = ecid.IssuerSerial;
certHash = ecid.GetCertHash();
}
DigestMethod digestMethod = DigestMethod.GetByOid(_signerInformation.DigestAlgOid);
foreach (X509CertificateStructure cs in _sigDocument.Certificates)
{
if (issuerSerial == null || cs.TbsCertificate.SerialNumber.Equals(issuerSerial.Serial))
{
byte[] currentCertHash = digestMethod.CalculateDigest(cs.GetEncoded());
if (certHash.SequenceEqual(currentCertHash))
{
_certificate = new X509Certificate(cs);
break;
}
}
}
}
public string SignWithCMS(String serializedJson)
{
byte[] data = Encoding.UTF8.GetBytes(serializedJson);
Pkcs11InteropFactories factories = new Pkcs11InteropFactories();
using (IPkcs11Library pkcs11Library = factories.Pkcs11LibraryFactory.LoadPkcs11Library(factories, DllLibPath, AppType.MultiThreaded))
{
ISlot slot = pkcs11Library.GetSlotList(SlotsType.WithTokenPresent).FirstOrDefault();
if (slot is null)
{
return("No slots found");
}
ITokenInfo tokenInfo = slot.GetTokenInfo();
ISlotInfo slotInfo = slot.GetSlotInfo();
using (var session = slot.OpenSession(SessionType.ReadWrite))
{
session.Login(CKU.CKU_USER, Encoding.UTF8.GetBytes(TokenPin));
var certificateSearchAttributes = new List <IObjectAttribute>()
{
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509)
};
IObjectHandle certificate = session.FindAllObjects(certificateSearchAttributes).FirstOrDefault();
if (certificate is null)
{
return("Certificate not found");
}
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.MaxAllowed);
// find cert by thumbprint
var foundCerts = store.Certificates.Find(X509FindType.FindByIssuerName, TokenCertificate, false);
//var foundCerts = store.Certificates.Find(X509FindType.FindBySerialNumber, "2b1cdda84ace68813284519b5fb540c2", true);
if (foundCerts.Count == 0)
{
return("no device detected");
}
var certForSigning = foundCerts[0];
store.Close();
ContentInfo content = new ContentInfo(new Oid("1.2.840.113549.1.7.5"), data);
SignedCms cms = new SignedCms(content, true);
EssCertIDv2 bouncyCertificate = new EssCertIDv2(new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier(new DerObjectIdentifier("1.2.840.113549.1.9.16.2.47")), this.HashBytes(certForSigning.RawData));
SigningCertificateV2 signerCertificateV2 = new SigningCertificateV2(new EssCertIDv2[] { bouncyCertificate });
CmsSigner signer = new CmsSigner(certForSigning);
signer.DigestAlgorithm = new Oid("2.16.840.1.101.3.4.2.1");
signer.SignedAttributes.Add(new Pkcs9SigningTime(DateTime.UtcNow));
signer.SignedAttributes.Add(new AsnEncodedData(new Oid("1.2.840.113549.1.9.16.2.47"), signerCertificateV2.GetEncoded()));
cms.ComputeSignature(signer);
var output = cms.Encode();
return(Convert.ToBase64String(output));
}
}
}
private CmsSignedData GenerateTimestamp(
TimeStampRequest request,
BigInteger serialNumber,
DateTime generalizedTime)
{
var messageImprint = new MessageImprint(
new AlgorithmIdentifier(
new DerObjectIdentifier(request.MessageImprintAlgOid)), request.GetMessageImprintDigest());
DerInteger nonce = request.Nonce == null ? null : new DerInteger(request.Nonce);
var tstInfo = new TstInfo(
new DerObjectIdentifier(_options.Policy.Value),
messageImprint,
new DerInteger(serialNumber),
new DerGeneralizedTime(generalizedTime),
_options.Accuracy,
DerBoolean.False,
nonce,
tsa: null,
extensions: null);
var content = new CmsProcessableByteArray(tstInfo.GetEncoded());
var signedAttributes = new Asn1EncodableVector();
var certificateBytes = new Lazy <byte[]>(() => Certificate.GetEncoded());
if (_options.SigningCertificateUsage.HasFlag(SigningCertificateUsage.V1))
{
byte[] hash = _options.SigningCertificateV1Hash ?? DigestUtilities.CalculateDigest("SHA-1", certificateBytes.Value);
var signingCertificate = new SigningCertificate(new EssCertID(hash));
var attributeValue = new DerSet(signingCertificate);
var attribute = new BcAttribute(PkcsObjectIdentifiers.IdAASigningCertificate, attributeValue);
signedAttributes.Add(attribute);
}
if (_options.SigningCertificateUsage.HasFlag(SigningCertificateUsage.V2))
{
byte[] hash = DigestUtilities.CalculateDigest("SHA-256", certificateBytes.Value);
var signingCertificateV2 = new SigningCertificateV2(new EssCertIDv2(hash));
var attributeValue = new DerSet(signingCertificateV2);
var attribute = new BcAttribute(PkcsObjectIdentifiers.IdAASigningCertificateV2, attributeValue);
signedAttributes.Add(attribute);
}
var generator = new CmsSignedDataGenerator();
if (_options.ReturnSigningCertificate)
{
var certificates = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(new[] { Certificate }));
generator.AddCertificates(certificates);
}
generator.AddSigner(
_keyPair.Private,
Certificate,
_options.SignatureHashAlgorithm.Value,
new BcAttributeTable(signedAttributes),
new BcAttributeTable(DerSet.Empty));
CmsSignedData signedCms = generator.Generate(
PkcsObjectIdentifiers.IdCTTstInfo.Id,
content,
encapsulate: true);
return(signedCms);
}
public static Asn1EncodableVector GenerateSignerInfo(X509Certificate2 cert,
String digestAlgorithmName,
byte[] datos,
AdESPolicy policy,
bool signingCertificateV2,
byte[] messageDigest,
DateTime signDate,
bool padesMode,
String contentType,
String contentDescription)
{
// ALGORITMO DE HUELLA DIGITAL
AlgorithmIdentifier digestAlgorithmOID = SigUtils.MakeAlgId(AOAlgorithmID.GetOID(digestAlgorithmName));
// // ATRIBUTOS
// authenticatedAttributes
Asn1EncodableVector contexExpecific = InitContexExpecific(
digestAlgorithmName,
datos,
Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Data.Id,
messageDigest,
signDate,
padesMode
);
// Serial Number
// comentar lo de abajo para version del rfc 3852
if (signingCertificateV2)
{
// INICIO SINGING CERTIFICATE-V2
/** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber
* CertificateSerialNumber */
TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(
new Org.BouncyCastle.X509.X509Certificate(
X509CertificateStructure.GetInstance(
Asn1Object.FromByteArray(
cert.GetRawCertData()))).GetTbsCertificate()));
GeneralNames gns = new GeneralNames(new GeneralName(tbs.Issuer));
IssuerSerial isuerSerial = new IssuerSerial(gns, tbs.SerialNumber);
/** ESSCertIDv2 ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier
* DEFAULT {algorithm id-sha256}, certHash Hash, issuerSerial
* IssuerSerial OPTIONAL }
* Hash ::= OCTET STRING */
byte[] certHash = Digester.Digest(cert.GetRawCertData(), digestAlgorithmName);
EssCertIDv2[] essCertIDv2 = { new EssCertIDv2(digestAlgorithmOID, certHash, isuerSerial) };
/** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId,
* policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo
* OPTIONAL }
* CertPolicyId ::= OBJECT IDENTIFIER
* PolicyQualifierInfo ::= SEQUENCE { policyQualifierId
* PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */
SigningCertificateV2 scv2;
if (policy.GetPolicyIdentifier() != null)
{
/** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF
* ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL
* } */
scv2 = new SigningCertificateV2(essCertIDv2, GetPolicyInformation(policy)); // con politica
}
else
{
scv2 = new SigningCertificateV2(essCertIDv2); // Sin politica
}
// Secuencia con singningCertificate
contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2)));
// FIN SINGING CERTIFICATE-V2
}
else
{
// INICIO SINGNING CERTIFICATE
/** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber
* CertificateSerialNumber } */
TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(
new Org.BouncyCastle.X509.X509Certificate(
X509CertificateStructure.GetInstance(
Asn1Object.FromByteArray(
cert.GetRawCertData()))).GetTbsCertificate()));
GeneralName gn = new GeneralName(tbs.Issuer);
GeneralNames gns = new GeneralNames(gn);
IssuerSerial isuerSerial = new IssuerSerial(gns, tbs.SerialNumber);
/** ESSCertID ::= SEQUENCE { certHash Hash, issuerSerial IssuerSerial
* OPTIONAL }
* Hash ::= OCTET STRING -- SHA1 hash of entire certificate */
byte[] certHash = Digester.Digest(cert.GetRawCertData(), digestAlgorithmName);
EssCertID essCertID = new EssCertID(certHash, isuerSerial);
/** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId,
* policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo
* OPTIONAL }
* CertPolicyId ::= OBJECT IDENTIFIER
* PolicyQualifierInfo ::= SEQUENCE { policyQualifierId
* PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */
SigningCertificate scv;
if (policy.GetPolicyIdentifier() != null)
{
/** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF
* ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL
* } */
/*
* HAY QUE HACER UN SEQUENCE, YA QUE EL CONSTRUCTOR DE BOUNCY
* CASTLE NO TIENE DICHO CONSTRUCTOR.
*/
Asn1EncodableVector v = new Asn1EncodableVector();
v.Add(new DerSequence(essCertID));
v.Add(new DerSequence(GetPolicyInformation(policy)));
scv = SigningCertificate.GetInstance(new DerSequence(v)); // con politica
}
else
{
scv = new SigningCertificate(essCertID); // Sin politica
}
/** id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
* member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16)
* id-aa(2) 12 } */
// Secuencia con singningCertificate
contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(scv)));
}
// INICIO SIGPOLICYID ATTRIBUTE
if (policy.GetPolicyIdentifier() != null)
{
/**
* SigPolicyId ::= OBJECT IDENTIFIER Politica de firma.
*/
DerObjectIdentifier doiSigPolicyId = new DerObjectIdentifier(policy.GetPolicyIdentifier().ToLower().Replace("urn:oid:", ""));
/**
* OtherHashAlgAndValue ::= SEQUENCE {
* hashAlgorithm AlgorithmIdentifier,
* hashValue OCTET STRING }
*
*/
// Algoritmo para el hash
AlgorithmIdentifier hashid;
// si tenemos algoritmo de calculo de hash, lo ponemos
if (policy.GetPolicyIdentifierHashAlgorithm() != null)
{
hashid = SigUtils.MakeAlgId(
AOAlgorithmID.GetOID(
AOSignConstants.GetDigestAlgorithmName(
policy.GetPolicyIdentifierHashAlgorithm())));
}
// si no tenemos, ponemos el algoritmo de firma.
else
{
hashid = digestAlgorithmOID;
}
// hash del documento, descifrado en b64
byte[] hashed;
if (policy.GetPolicyIdentifierHash() != null)
{
hashed = System.Convert.FromBase64String(policy.GetPolicyIdentifierHash());
}
else
{
hashed = new byte[] { 0 };
}
DigestInfo otherHashAlgAndValue = new DigestInfo(hashid, hashed);
/**
* SigPolicyQualifierInfo ::= SEQUENCE {
* SigPolicyQualifierId SigPolicyQualifierId,
* SigQualifier ANY DEFINED BY policyQualifierId }
*/
AOSigPolicyQualifierInfo spqInfo = null;
if (policy.GetPolicyQualifier() != null)
{
spqInfo = new AOSigPolicyQualifierInfo(policy.GetPolicyQualifier().ToString());
}
/**
* SignaturePolicyId ::= SEQUENCE {
* sigPolicyId SigPolicyId,
* sigPolicyHash SigPolicyHash,
* sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF
* AOSigPolicyQualifierInfo OPTIONAL}
*
*/
Asn1EncodableVector v = new Asn1EncodableVector();
// sigPolicyId
v.Add(doiSigPolicyId);
// sigPolicyHash
v.Add(otherHashAlgAndValue.ToAsn1Object()); // como sequence
// sigPolicyQualifiers
if (spqInfo != null)
{
v.Add(spqInfo.toASN1Primitive());
}
DerSequence ds = new DerSequence(v);
// Secuencia con singningCertificate
contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAAEtsSigPolicyID, new DerSet(ds.ToAsn1Object())));
// FIN SIGPOLICYID ATTRIBUTE
}
/**
* Secuencia con el tipo de contenido firmado. No se agrega en firmas PAdES.
*
* ContentHints ::= SEQUENCE {
* contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL,
* contentType ContentType }
*/
if (contentType != null && !padesMode)
{
ContentHints contentHints;
if (contentDescription != null)
{
contentHints = new ContentHints(new DerObjectIdentifier(contentType),
new DerUtf8String(contentDescription));
}
else
{
contentHints = new ContentHints(new DerObjectIdentifier(contentType));
}
contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(
Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAAContentHint,
new DerSet(contentHints.ToAsn1Object())));
}
return(contexExpecific);
}
