public static string SignCmsGost2012(string data, string tlsNumber, int pin, byte[] rawCertificate, byte[] key)
{
var requestBytes = Encoding.UTF8.GetBytes(data);
var typedData = new CmsProcessableByteArray(requestBytes);
var gen = new CmsSignedDataGenerator();
var signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder();
var attrs = GetSigningParameters(tlsNumber, pin);
var parameters = new DefaultSignedAttributeTableGenerator(attrs);
signerInfoGeneratorBuilder.WithSignedAttributeGenerator(parameters);
var factory = new Asn1SignatureFactory(SingingAlgorithm, GetKey(key));
var bcCertificate = GetBankCertificate(rawCertificate);
gen.AddSignerInfoGenerator(signerInfoGeneratorBuilder.Build(factory, bcCertificate));
gen.AddCertificates(MakeCertStore(bcCertificate));
var signed = gen.Generate(typedData, false);
var signedBytes = signed.GetEncoded();
return(Convert.ToBase64String(signedBytes));
}
private static byte[] SignData(byte[] data, Pkcs12Store signCertificate, DateTime? requestTimestamp = null)
{
var signCertAlias = signCertificate.Aliases.Cast<string>().First(signCertificate.IsKeyEntry);
var signCertEntry = signCertificate.GetCertificate(signCertAlias);
var signCert = signCertEntry.Certificate;
var signPkEntry = signCertificate.GetKey(signCertAlias);
var signPk = signPkEntry.Key;
string digestName;
if (signCert.SigAlgOid == PkcsObjectIdentifiers.Sha1WithRsaEncryption.Id)
{
digestName = "SHA1";
}
else if (signCert.SigAlgOid == PkcsObjectIdentifiers.Sha256WithRsaEncryption.Id)
{
digestName = "SHA256";
}
else
{
throw new ExtraException($"Unsupported digest algorithm {signCert.SigAlgName}");
}
var digestOid = DigestUtilities.GetObjectIdentifier(digestName).Id;
var digest = DigestUtilities.CalculateDigest(digestName, data);
var signedAttrs = new Dictionary<object, object>()
{
{ CmsAttributeTableParameter.Digest, digest }
};
if (requestTimestamp.HasValue)
{
var signTimestamp = new Org.BouncyCastle.Asn1.Cms.Attribute(CmsAttributes.SigningTime, new DerSet(new Time(requestTimestamp.Value.ToUniversalTime())));
signedAttrs.Add(signTimestamp.AttrType, signTimestamp);
}
var signedAttrGen = new DefaultSignedAttributeTableGenerator();
var signedAttrTable = signedAttrGen.GetAttributes(signedAttrs);
var generator = new CmsSignedDataGenerator();
generator.AddSigner(signPk, signCert, digestOid, new DefaultSignedAttributeTableGenerator(signedAttrTable), null);
var signedData = generator.Generate(new CmsProcessableByteArray(data), true);
return signedData.GetEncoded();
}
/// <exception cref="System.IO.IOException"></exception>
//private CmsSignedDataGenerator CreateCMSSignedDataGenerator(ContentSigner contentSigner
// , DigestCalculatorProvider digestCalculatorProvider, SignatureParameters parameters
// , CAdESProfileBES cadesProfile, bool includeUnsignedAttributes, CmsSignedData originalSignedData
// )
private CmsSignedDataGenerator CreateCMSSignedDataGenerator(ISigner signer
, SignatureParameters parameters, CAdESProfileBES cadesProfile
, bool includeUnsignedAttributes, CmsSignedData originalSignedData
)
{
try
{
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
X509Certificate signerCertificate = parameters.SigningCertificate;
//X509CertificateHolder certHolder = new X509CertificateHolder(signerCertificate.GetEncoded());
ArrayList certList = new ArrayList();
certList.Add(signerCertificate);
IX509Store certHolder = X509StoreFactory.Create("CERTIFICATE/COLLECTION",
new X509CollectionStoreParameters(certList));
//jbonilla - El provider siempre es BC C#
//SignerInfoGeneratorBuilder sigInfoGeneratorBuilder = new SignerInfoGeneratorBuilder
// (digestCalculatorProvider);
CmsAttributeTableGenerator signedAttrGen = new DefaultSignedAttributeTableGenerator
(new AttributeTable(cadesProfile.GetSignedAttributes(parameters)));
CmsAttributeTableGenerator unsignedAttrGen = new SimpleAttributeTableGenerator
((includeUnsignedAttributes) ? new AttributeTable(cadesProfile.GetUnsignedAttributes
(parameters)) : null);
//jbonilla - No existe ContentSigner en BC C#
//SignerInfoGenerator sigInfoGen = sigInfoGeneratorBuilder.Build(contentSigner, certHolder);
//generator.AddSignerInfoGenerator(sigInfoGen);
generator.SignerProvider = signer;
generator.AddSigner(new NullPrivateKey(), signerCertificate, parameters.SignatureAlgorithm.GetOid()
, parameters.DigestAlgorithm.GetOid(), signedAttrGen, unsignedAttrGen);
if (originalSignedData != null)
{
generator.AddSigners(originalSignedData.GetSignerInfos());
}
//ICollection<X509Certificate> certs = new AList<X509Certificate>();
IList certs = new ArrayList();
//certs.AddItem(parameters.SigningCertificate);
certs.Add(parameters.SigningCertificate);
if (parameters.CertificateChain != null)
{
foreach (X509Certificate c in parameters.CertificateChain)
{
if (!c.SubjectDN.Equals(parameters.SigningCertificate.SubjectDN))
{
//certs.AddItem(c);
certs.Add(c);
}
}
}
//JcaCertStore certStore = new JcaCertStore(certs);
IX509Store certStore = X509StoreFactory.Create("Certificate/Collection",
new X509CollectionStoreParameters(certs));
generator.AddCertificates(certStore);
if (originalSignedData != null)
{
generator.AddCertificates(originalSignedData.GetCertificates("Collection"));
}
return generator;
}
catch (CmsException e)
{
throw new IOException("CmsException", e);
}
catch (CertificateEncodingException e)
{
throw new IOException("CertificateEncodingException", e);
}
/*catch (OperatorCreationException e)
{
throw new IOException(e);
}*/
}
