/**
* Replace the signerinformation store associated with the passed
* in message contained in the stream original with the new one passed in.
* You would probably only want to do this if you wanted to change the unsigned
* attributes associated with a signer, or perhaps delete one.
* <p>
* The output stream is returned unclosed.
* </p>
* @param original the signed data stream to be used as a base.
* @param signerInformationStore the new signer information store to use.
* @param out the stream to Write the new signed data object to.
* @return out.
*/
public static Stream ReplaceSigners(
Stream original,
SignerInformationStore signerInformationStore,
Stream outStr)
{
Asn1StreamParser inStr = new Asn1StreamParser(original, CmsUtilities.MaximumMemory);
ContentInfoParser contentInfo = new ContentInfoParser((Asn1SequenceParser)inStr.ReadObject());
SignedDataParser signedData = SignedDataParser.GetInstance(contentInfo.GetContent(Asn1Tags.Sequence));
BerSequenceGenerator sGen = new BerSequenceGenerator(outStr);
sGen.AddObject(CmsObjectIdentifiers.SignedData);
BerSequenceGenerator sigGen = new BerSequenceGenerator(sGen.GetRawOutputStream(), 0, true);
// version number
sigGen.AddObject(signedData.Version);
// digests
signedData.GetDigestAlgorithms().ToAsn1Object(); // skip old ones
Asn1EncodableVector digestAlgs = new Asn1EncodableVector();
foreach (SignerInformation signer in signerInformationStore.GetSigners())
{
digestAlgs.Add(FixAlgID(signer.DigestAlgorithmID));
}
WriteToGenerator(sigGen, new DerSet(digestAlgs));
// encap content info
ContentInfoParser encapContentInfo = signedData.GetEncapContentInfo();
BerSequenceGenerator eiGen = new BerSequenceGenerator(sigGen.GetRawOutputStream());
eiGen.AddObject(encapContentInfo.ContentType);
Asn1OctetStringParser octs = (Asn1OctetStringParser)encapContentInfo.GetContent(Asn1Tags.OctetString);
if (octs != null)
{
BerOctetStringGenerator octGen = new BerOctetStringGenerator(
eiGen.GetRawOutputStream(), 0, true);
byte[] inBuffer = new byte[4096];
byte[] outBuffer = new byte[4096];
Stream inOctets = octs.GetOctetStream();
Stream outOctets = octGen.GetOctetOutputStream(outBuffer);
int len;
while ((len = inOctets.Read(inBuffer, 0, inBuffer.Length)) > 0)
{
outOctets.Write(inBuffer, 0, len);
}
outOctets.Close();
}
eiGen.Close();
WriteSetToGeneratorTagged(sigGen, signedData.GetCertificates(), 0);
WriteSetToGeneratorTagged(sigGen, signedData.GetCrls(), 1);
Asn1EncodableVector signerInfos = new Asn1EncodableVector();
foreach (SignerInformation signer in signerInformationStore.GetSigners())
{
signerInfos.Add(signer.ToSignerInfo());
}
WriteToGenerator(sigGen, new DerSet(signerInfos));
sigGen.Close();
sGen.Close();
return outStr;
}
/**
* Replace the certificate and CRL information associated with this
* CMSSignedData object with the new one passed in.
* <p>
* The output stream is returned unclosed.
* </p>
* @param original the signed data stream to be used as a base.
* @param certsAndCrls the new certificates and CRLs to be used.
* @param out the stream to Write the new signed data object to.
* @return out.
* @exception CmsException if there is an error processing the CertStore
*/
public static Stream ReplaceCertificatesAndCrls(
Stream original,
IX509Store x509Certs,
IX509Store x509Crls,
IX509Store x509AttrCerts,
Stream outStr)
{
if (x509AttrCerts != null)
throw new NotImplementedException("Currently can't replace attribute certificates");
Asn1StreamParser inStr = new Asn1StreamParser(original, CmsUtilities.MaximumMemory);
ContentInfoParser contentInfo = new ContentInfoParser((Asn1SequenceParser)inStr.ReadObject());
SignedDataParser signedData = SignedDataParser.GetInstance(contentInfo.GetContent(Asn1Tags.Sequence));
BerSequenceGenerator sGen = new BerSequenceGenerator(outStr);
sGen.AddObject(CmsObjectIdentifiers.SignedData);
BerSequenceGenerator sigGen = new BerSequenceGenerator(sGen.GetRawOutputStream(), 0, true);
// version number
sigGen.AddObject(signedData.Version);
// digests
WriteToGenerator(sigGen, signedData.GetDigestAlgorithms().ToAsn1Object());
// encap content info
ContentInfoParser encapContentInfo = signedData.GetEncapContentInfo();
BerSequenceGenerator eiGen = new BerSequenceGenerator(sigGen.GetRawOutputStream());
eiGen.AddObject(encapContentInfo.ContentType);
Asn1OctetStringParser octs = (Asn1OctetStringParser)encapContentInfo.GetContent(Asn1Tags.OctetString);
if (octs != null)
{
BerOctetStringGenerator octGen = new BerOctetStringGenerator(eiGen.GetRawOutputStream(), 0, true);
byte[] inBuffer = new byte[4096];
byte[] outBuffer = new byte[4096];
Stream inOctets = octs.GetOctetStream();
Stream outOctets = octGen.GetOctetOutputStream(outBuffer);
int len;
while ((len = inOctets.Read(inBuffer, 0, inBuffer.Length)) > 0)
{
outOctets.Write(inBuffer, 0, len);
}
outOctets.Close();
}
eiGen.Close();
//
// skip existing certs and CRLs
//
GetAsn1Set(signedData.GetCertificates());
GetAsn1Set(signedData.GetCrls());
//
// replace the certs and crls in the SignedData object
//
Asn1Set certs;
try
{
certs = CmsUtilities.CreateDerSetFromList(
CmsUtilities.GetCertificatesFromStore(x509Certs));
}
catch (X509StoreException e)
{
throw new CmsException("error getting certs from certStore", e);
}
if (certs.Count > 0)
{
WriteToGenerator(sigGen, new DerTaggedObject(false, 0, certs));
}
Asn1Set crls;
try
{
crls = CmsUtilities.CreateDerSetFromList(
CmsUtilities.GetCrlsFromStore(x509Crls));
}
catch (X509StoreException e)
{
throw new CmsException("error getting crls from certStore", e);
}
if (crls.Count > 0)
{
WriteToGenerator(sigGen, new DerTaggedObject(false, 1, crls));
}
WriteToGenerator(sigGen, signedData.GetSignerInfos().ToAsn1Object());
sigGen.Close();
sGen.Close();
return outStr;
}
