/** * Replace the certificate and CRL information associated with this * CMSSignedData object with the new one passed in. * <p> * The output stream is returned unclosed. * </p> * @param original the signed data stream to be used as a base. * @param certsAndCrls the new certificates and CRLs to be used. * @param out the stream to Write the new signed data object to. * @return out. * @exception CmsException if there is an error processing the CertStore */ public static Stream ReplaceCertificatesAndCrls( Stream original, IX509Store x509Certs, IX509Store x509Crls, IX509Store x509AttrCerts, Stream outStr) { // NB: SecureRandom would be ignored since using existing signatures only CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); CmsSignedDataParser parser = new CmsSignedDataParser(original); gen.AddDigests(parser.DigestOids); CmsTypedStream signedContent = parser.GetSignedContent(); bool encapsulate = (signedContent != null); Stream contentOut = gen.Open(outStr, parser.SignedContentType.Id, encapsulate); if (encapsulate) { Streams.PipeAll(signedContent.ContentStream, contentOut); } // gen.AddAttributeCertificates(parser.GetAttributeCertificates("Collection")); // gen.AddCertificates(parser.GetCertificates("Collection")); // gen.AddCrls(parser.GetCrls("Collection")); if (x509AttrCerts != null) { gen.AddAttributeCertificates(x509AttrCerts); } if (x509Certs != null) { gen.AddCertificates(x509Certs); } if (x509Crls != null) { gen.AddCrls(x509Crls); } gen.AddSigners(parser.GetSignerInfos()); BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.Dispose(contentOut); return(outStr); }
public CmsSignedDataParser( CmsTypedStream signedContent, byte[] sigBlock) : this(signedContent, new MemoryStream(sigBlock, false)) { }
/** * base constructor * * @param signedContent the content that was signed. * @param sigData the signature object. */ public CmsSignedDataParser( CmsTypedStream signedContent, Stream sigData) : base(sigData) { try { this._signedContent = signedContent; this._signedData = SignedDataParser.GetInstance(this.contentInfo.GetContent(Asn1Tags.Sequence)); this._digests = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateHashtable(); this._digestOids = new HashSet(); Asn1SetParser digAlgs = _signedData.GetDigestAlgorithms(); IAsn1Convertible o; while ((o = digAlgs.ReadObject()) != null) { AlgorithmIdentifier id = AlgorithmIdentifier.GetInstance(o.ToAsn1Object()); try { string digestOid = id.Algorithm.Id; string digestName = Helper.GetDigestAlgName(digestOid); if (!this._digests.Contains(digestName)) { this._digests[digestName] = Helper.GetDigestInstance(digestName); this._digestOids.Add(digestOid); } } catch (SecurityUtilityException) { // TODO Should do something other than ignore it } } // // If the message is simply a certificate chain message GetContent() may return null. // ContentInfoParser cont = _signedData.GetEncapContentInfo(); Asn1OctetStringParser octs = (Asn1OctetStringParser) cont.GetContent(Asn1Tags.OctetString); if (octs != null) { CmsTypedStream ctStr = new CmsTypedStream( cont.ContentType.Id, octs.GetOctetStream()); if (_signedContent == null) { this._signedContent = ctStr; } else { // // content passed in, need to read past empty encapsulated content info object if present // ctStr.Drain(); } } _signedContentType = _signedContent == null ? cont.ContentType : new DerObjectIdentifier(_signedContent.ContentType); } catch (IOException e) { throw new CmsException("io exception: " + e.Message, e); } }