/// <exception cref="System.IO.IOException"></exception>
public virtual byte[] GetArchiveTimestampData(int index, Document originalDocument
)
{
ByteArrayOutputStream toTimestamp = new ByteArrayOutputStream();
BcCms.ContentInfo contentInfo = cmsSignedData.ContentInfo;
BcCms.SignedData signedData = BcCms.SignedData.GetInstance(contentInfo.Content);
// 5.4.1
if (signedData.EncapContentInfo == null || signedData.EncapContentInfo.
Content == null)
{
if (originalDocument != null)
{
//jbonilla Hack para leer un InputStream en su totalidad.
toTimestamp.Write(Streams.ReadAll(
originalDocument.OpenStream()));
}
else
{
throw new RuntimeException("Signature is detached and no original data provided."
);
}
}
else
{
BcCms.ContentInfo content = signedData.EncapContentInfo;
DerOctetString octet = (DerOctetString)content.Content;
BcCms.ContentInfo info2 = new BcCms.ContentInfo(new DerObjectIdentifier("1.2.840.113549.1.7.1"
), new BerOctetString(octet.GetOctets()));
toTimestamp.Write(info2.GetEncoded());
}
if (signedData.Certificates != null)
{
DerOutputStream output = new DerOutputStream(toTimestamp);
output.WriteObject(signedData.Certificates);
output.Close();
}
if (signedData.CRLs != null)
{
toTimestamp.Write(signedData.CRLs.GetEncoded());
}
if (signerInformation.UnsignedAttributes != null)
{
Asn1EncodableVector original = signerInformation.UnsignedAttributes.ToAsn1EncodableVector();
IList <BcCms.Attribute> timeStampToRemove = GetTimeStampToRemove(index);
Asn1EncodableVector filtered = new Asn1EncodableVector();
for (int i = 0; i < original.Count; i++)
{
Asn1Encodable enc = original[i];
if (!timeStampToRemove.Contains(enc))
{
filtered.Add(original[i]);
}
}
SignerInformation filteredInfo = SignerInformation.ReplaceUnsignedAttributes(signerInformation
, new BcCms.AttributeTable(filtered));
toTimestamp.Write(filteredInfo.ToSignerInfo().GetEncoded());
}
return(toTimestamp.ToByteArray());
}
/// <summary>
///
/// </summary>
/// <param name="x509_certificate2"></param>
/// <param name="plain_data"></param>
/// <returns></returns>
public byte[] GetEncryptedContent(X509Certificate2 x509_certificate2, byte[] plain_data)
{
tDESCrypto _cryptoService = new tDESCrypto();
// RecipientInfo 구조체 생성 및 설정
RecipientInfo _recipientInfo = this.GetKeyTransRecipientInfo(x509_certificate2, _cryptoService.Key);
// EncryptedContentInfo 구조체 생성 및 설정
DerOctetString _taxInvoce = new DerOctetString(plain_data);
byte[] _package = _taxInvoce.GetOctets();
byte[] _encrypt = _cryptoService.Encrypt(_package); // 대칭키로 암호화
EncryptedContentInfo _encryptedContentInfo = this.GetEncryptedContentInfo(_encrypt, _cryptoService.IV);
// EnvelopedData 구조체 생성 및 설정
Asn1Set _receipientInfos = new DerSet(_recipientInfo);
EnvelopedData _envelopedData = new EnvelopedData((OriginatorInfo)null, _receipientInfos, _encryptedContentInfo, (Asn1Set)null);
Org.BouncyCastle.Asn1.Cms.ContentInfo _content = new Org.BouncyCastle.Asn1.Cms.ContentInfo(new DerObjectIdentifier("1.2.840.113549.1.7.3"), _envelopedData);
return(_content.GetEncoded());
}
//-------------------------------------------------------------------------------------------------------------------------//
//
//-------------------------------------------------------------------------------------------------------------------------//
/// <summary>
/// RFC 3852 CMS 에 정의된 ContentInfo 구조체를 생성한다.
/// </summary>
/// <param name="x509_certificate2">랜덤키를 암호화하기 위한 공인인증서(국세청 공인인증서)</param>
/// <param name="plain_data">데이터</param>
/// <returns></returns>
public byte[] GetContentInfo(X509Certificate2 x509_certificate2, ArrayList plain_data)
{
tDESCrypto _cryptoService = new tDESCrypto();
// RecipientInfo 구조체 생성 및 설정
RecipientInfo _recipientInfo = this.GetKeyTransRecipientInfo(x509_certificate2, _cryptoService.Key);
// EncryptedContentInfo 구조체 생성 및 설정
byte[] _package = this.GetTaxInvoicePackage(plain_data);
byte[] _encrypt = _cryptoService.Encrypt(_package); // 대칭키로 암호화
EncryptedContentInfo _encryptedContentInfo = this.GetEncryptedContentInfo(_encrypt, _cryptoService.IV);
// EnvelopedData 구조체 생성 및 설정
Asn1Set _asn1Set = new DerSet(_recipientInfo);
EnvelopedData _envelope = new EnvelopedData((OriginatorInfo)null, _asn1Set, _encryptedContentInfo, (Asn1Set)null);
// RFC 3852의 구성 데이터인 SignedData, EnvelopedData, EncryptedData 등을 넣어주는 컨테이너인 ContentInfo 구조체를 생성 및 설정한다.
// ContentInfo 구조체는 표준전자세금계산서 개발지침(v1.0)의 58페이지 참조
Org.BouncyCastle.Asn1.Cms.ContentInfo _content = new Org.BouncyCastle.Asn1.Cms.ContentInfo(new DerObjectIdentifier("1.2.840.113549.1.7.3"), _envelope);
return(_content.GetEncoded());
}
private void pkcs7Test()
{
Asn1Encodable rootCert = Asn1Object.FromByteArray(CertPathTest.rootCertBin);
Asn1Encodable rootCrl = Asn1Object.FromByteArray(CertPathTest.rootCrlBin);
X509CertificateParser certParser = new X509CertificateParser();
X509CrlParser crlParser = new X509CrlParser();
SignedData sigData = new SignedData(
DerSet.Empty,
new ContentInfo(CmsObjectIdentifiers.Data, null),
new DerSet(
rootCert,
new DerTaggedObject(false, 2, Asn1Object.FromByteArray(AttrCertTest.attrCert))),
new DerSet(rootCrl),
DerSet.Empty);
ContentInfo info = new ContentInfo(CmsObjectIdentifiers.SignedData, sigData);
X509Certificate cert = certParser.ReadCertificate(info.GetEncoded());
if (cert == null || !AreEqual(cert.GetEncoded(), rootCert.ToAsn1Object().GetEncoded()))
{
Fail("PKCS7 cert not read");
}
X509Crl crl = crlParser.ReadCrl(info.GetEncoded());
if (crl == null || !AreEqual(crl.GetEncoded(), rootCrl.ToAsn1Object().GetEncoded()))
{
Fail("PKCS7 crl not read");
}
ArrayList col = new ArrayList(certParser.ReadCertificates(info.GetEncoded()));
if (col.Count != 1 || !col.Contains(cert))
{
Fail("PKCS7 cert collection not right");
}
col = new ArrayList(crlParser.ReadCrls(info.GetEncoded()));
if (col.Count != 1 || !col.Contains(crl))
{
Fail("PKCS7 crl collection not right");
}
// data with no certificates or CRLs
sigData = new SignedData(DerSet.Empty, new ContentInfo(CmsObjectIdentifiers.Data, null), DerSet.Empty, DerSet.Empty, DerSet.Empty);
info = new ContentInfo(CmsObjectIdentifiers.SignedData, sigData);
cert = certParser.ReadCertificate(info.GetEncoded());
if (cert != null)
{
Fail("PKCS7 cert present");
}
crl = crlParser.ReadCrl(info.GetEncoded());
if (crl != null)
{
Fail("PKCS7 crl present");
}
// data with absent certificates and CRLS
sigData = new SignedData(DerSet.Empty, new ContentInfo(CmsObjectIdentifiers.Data, null), null, null, DerSet.Empty);
info = new ContentInfo(CmsObjectIdentifiers.SignedData, sigData);
cert = certParser.ReadCertificate(info.GetEncoded());
if (cert != null)
{
Fail("PKCS7 cert present");
}
crl = crlParser.ReadCrl(info.GetEncoded());
if (crl != null)
{
Fail("PKCS7 crl present");
}
//
// sample message
//
ICollection certCol = certParser.ReadCertificates(pkcs7CrlProblem);
ICollection crlCol = crlParser.ReadCrls(pkcs7CrlProblem);
if (crlCol.Count != 0)
{
Fail("wrong number of CRLs: " + crlCol.Count);
}
if (certCol.Count != 4)
{
Fail("wrong number of Certs: " + certCol.Count);
}
}
private ITestResult SignedTest()
{
try
{
ContentInfo info = ContentInfo.GetInstance(
Asn1Object.FromByteArray(signedData));
SignedData sData = SignedData.GetInstance(info.Content);
sData = new SignedData(sData.DigestAlgorithms, sData.EncapContentInfo, sData.Certificates, sData.CRLs, sData.SignerInfos);
info = new ContentInfo(CmsObjectIdentifiers.SignedData, sData);
if (!Arrays.AreEqual(info.GetEncoded(), signedData))
{
return new SimpleTestResult(false, Name + ": CMS signed failed to re-encode");
}
return new SimpleTestResult(true, Name + ": Okay");
}
catch (Exception e)
{
return new SimpleTestResult(false, Name + ": CMS signed failed - " + e.ToString(), e);
}
}
private ITestResult EnvelopedTest()
{
try
{
// Key trans
ContentInfo info = ContentInfo.GetInstance(
Asn1Object.FromByteArray(envDataKeyTrns));
EnvelopedData envData = EnvelopedData.GetInstance(info.Content);
Asn1Set s = envData.RecipientInfos;
if (s.Count != 1)
{
return new SimpleTestResult(false, Name + ": CMS KeyTrans enveloped, wrong number of recipients");
}
RecipientInfo recip = RecipientInfo.GetInstance(s[0]);
if (recip.Info is KeyTransRecipientInfo)
{
KeyTransRecipientInfo inf = KeyTransRecipientInfo.GetInstance(recip.Info);
inf = new KeyTransRecipientInfo(inf.RecipientIdentifier, inf.KeyEncryptionAlgorithm, inf.EncryptedKey);
s = new DerSet(new RecipientInfo(inf));
}
else
{
return new SimpleTestResult(false, Name + ": CMS KeyTrans enveloped, wrong recipient type");
}
envData = new EnvelopedData(envData.OriginatorInfo, s, envData.EncryptedContentInfo, envData.UnprotectedAttrs);
info = new ContentInfo(CmsObjectIdentifiers.EnvelopedData, envData);
if (!Arrays.AreEqual(info.GetEncoded(), envDataKeyTrns))
{
return new SimpleTestResult(false, Name + ": CMS KeyTrans enveloped failed to re-encode");
}
// KEK
info = ContentInfo.GetInstance(
Asn1Object.FromByteArray(envDataKEK));
envData = EnvelopedData.GetInstance(info.Content);
s = envData.RecipientInfos;
if (s.Count != 1)
{
return new SimpleTestResult(false, Name + ": CMS KEK enveloped, wrong number of recipients");
}
recip = RecipientInfo.GetInstance(s[0]);
if (recip.Info is KekRecipientInfo)
{
KekRecipientInfo inf = KekRecipientInfo.GetInstance(recip.Info);
inf = new KekRecipientInfo(inf.KekID, inf.KeyEncryptionAlgorithm, inf.EncryptedKey);
s = new DerSet(new RecipientInfo(inf));
}
else
{
return new SimpleTestResult(false, Name + ": CMS KEK enveloped, wrong recipient type");
}
envData = new EnvelopedData(envData.OriginatorInfo, s, envData.EncryptedContentInfo, envData.UnprotectedAttrs);
info = new ContentInfo(CmsObjectIdentifiers.EnvelopedData, envData);
if (!Arrays.AreEqual(info.GetEncoded(), envDataKEK))
{
return new SimpleTestResult(false, Name + ": CMS KEK enveloped failed to re-encode");
}
// Nested NDEF problem
Asn1StreamParser asn1In = new Asn1StreamParser(new MemoryStream(envDataNestedNDEF, false));
ContentInfoParser ci = new ContentInfoParser((Asn1SequenceParser)asn1In.ReadObject());
EnvelopedDataParser ed = new EnvelopedDataParser((Asn1SequenceParser)ci
.GetContent(Asn1Tags.Sequence));
Touch(ed.Version);
ed.GetOriginatorInfo();
ed.GetRecipientInfos().ToAsn1Object();
EncryptedContentInfoParser eci = ed.GetEncryptedContentInfo();
Touch(eci.ContentType);
Touch(eci.ContentEncryptionAlgorithm);
Stream dataIn = ((Asn1OctetStringParser)eci.GetEncryptedContent(Asn1Tags.OctetString))
.GetOctetStream();
Streams.Drain(dataIn);
dataIn.Close();
// Test data doesn't have unprotected attrs, bug was being thrown by this call
Asn1SetParser upa = ed.GetUnprotectedAttrs();
if (upa != null)
{
upa.ToAsn1Object();
}
return new SimpleTestResult(true, Name + ": Okay");
}
catch (Exception e)
{
return new SimpleTestResult(false, Name + ": CMS enveloped failed - " + e.ToString(), e);
}
}
private ITestResult CompressionTest()
{
try
{
ContentInfo info = ContentInfo.GetInstance(
Asn1Object.FromByteArray(compData));
CompressedData data = CompressedData.GetInstance(info.Content);
data = new CompressedData(data.CompressionAlgorithmIdentifier, data.EncapContentInfo);
info = new ContentInfo(CmsObjectIdentifiers.CompressedData, data);
if (!Arrays.AreEqual(info.GetEncoded(), compData))
{
return new SimpleTestResult(false, Name + ": CMS compression failed to re-encode");
}
return new SimpleTestResult(true, Name + ": Okay");
}
catch (Exception e)
{
return new SimpleTestResult(false, Name + ": CMS compression failed - " + e.ToString(), e);
}
}