Ejemplo n.º 1
0
        /// <summary>5.3.2 使用证书进行PKCS7签名 2011-12-19
        ///
        /// </summary>
        /// <param name="sSource"></param>
        /// <param name="isNotHasSource"></param>
        /// <param name="pwd"></param>
        /// <param name="oCert"></param>
        /// <returns></returns>
        public static String signPKCS7ByCertificate(String sSource, Boolean isNotHasSource, String pwd, SecuInter.X509Certificate oCert)
        {
            SecuInter.Signer     oSigner     = new SecuInter.Signer();
            SecuInter.SignedData oSignedData = new SecuInter.SignedData();
            SecuInter.Utilities  oUtil       = new SecuInter.Utilities();
            if (sSource == "")
            {
                throw new Exception("原文内容为空!");
            }


            oSigner.Certificate   = oCert;
            oSigner.HashAlgorithm = SECUINTER_HASH_ALGORITHM.SECUINTER_SHA1_ALGORITHM;
            oSigner.UseSigningCertificateAttribute = false;
            oSigner.UseSigningTime = false;
            if (!String.IsNullOrEmpty(pwd))
            {
                bool ok = oSigner.SetUserPIN(pwd);
                if (!ok)
                {
                    throw new Exception("密码有误!");
                }
            }
            oSignedData.Content  = sSource;
            oSignedData.Detached = isNotHasSource;

            object arrRT = oSignedData.Sign(oSigner, SECUINTER_CMS_ENCODE_TYPE.SECUINTER_CMS_ENCODE_BASE64);

            oSignedData = null;
            oSigner     = null;
            return(arrRT.ToString());
        }
Ejemplo n.º 2
0
        /// <summary>5.3.4 PKCS7签名验证并获取证书 2011-12-19
        ///
        /// </summary>
        /// <param name="sSource"></param>
        /// <param name="sSignature"></param>
        /// <param name="isNotHasSource"></param>
        /// <returns></returns>
        public static SecuInter.X509Certificate verifyPKCS7(String sSource, string sSignature, Boolean isNotHasSource)
        {
            SecuInter.X509Certificate oCertSign = null;
            SignedData signedData = new SignedData();
            Utilities  util       = new Utilities();

            if (isNotHasSource == true)
            {//不含原文情况,将原文设入签名数据中
                signedData.Content = sSource;
            }

            if (!signedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY))
            {
                throw new Exception("签名验证不正确");
            }
            if (isNotHasSource == false)
            {                                                                    //含原文情况,比对原文和签名信息,进行验证
                if (!sSource.Equals(util.ByteArraytoString(signedData.Content))) //
                {
                    throw new Exception("发生错误,签名原文不一致!");
                }
            }
            // '判断验证结果与签名时数据是否一致
            SecuInter.Signers signers = signedData.Signers;
            IEnumerator       enumer  = signers.GetEnumerator();

            while (enumer.MoveNext()) //第一张证书为客户端签名证书
            {
                SecuInter.Signer          signer = (SecuInter.Signer)enumer.Current;
                SecuInter.X509Certificate oCert  = (SecuInter.X509Certificate)signer.Certificate;

                oCertSign = oCert; //'验证通过,取签名的证书
                break;
            }
            if (oCertSign == null)
            {
                throw new Exception("签名信息中无证书!");
            }
            signedData = null;
            util       = null;
            return(oCertSign);
        }
Ejemplo n.º 3
0
        /// <summary>
        /// PKCS#7时间戳签名
        /// </summary>
        /// <param name="bContent">签名内容</param>
        /// <param name="tsaUrl">时间戳服务器URL</param>
        /// <param name="IsNotHasSource"></param>
        /// <returns>签名值</returns>
        public static String signPKCS7WithTSA(String bContent, String tsaUrl, Boolean IsNotHasSource)
        {
            if (bContent == "")
            {
                throw new Exception("原文内容为空!");
            }
            if (tsaUrl == "")
            {
                throw new Exception("时间戳URL为空!");
            }

            SecuInter.X509Certificate oCert = getX509Certificate(SECUINTER_CURRENT_USER_STORE, SECUINTER_MY_STORE, SECUINTER_CERTTYPE_SIGN, SECUINTER_NETCA_OTHER);
            if (oCert == null)
            {
                throw new Exception("未选择证书!");
            }

            SecuInter.Signer          oSigner          = new SecuInter.Signer();
            SecuInter.SignedData      oSignedData      = new SecuInter.SignedData();
            SecuInter.X509Certificate oX509Certificate = new SecuInter.X509Certificate();
            //oX509Certificate = oCert;
            oSigner.Certificate   = oCert;
            oSigner.HashAlgorithm = SecuInter.SECUINTER_HASH_ALGORITHM.SECUINTER_SHA1_ALGORITHM;
            oSigner.UseSigningCertificateAttribute = false;
            oSigner.UseSigningTime = true;
            oSignedData.Content    = bContent;
            oSignedData.Detached   = IsNotHasSource;

            Object arrRT = oSignedData.SignWithTSATimeStamp(oSigner, tsaUrl, "", oX509Certificate, SECUINTER_CMS_ENCODE_TYPE.SECUINTER_CMS_ENCODE_BASE64);

            oSignedData      = null;
            oSigner          = null;
            oCert            = null;
            oX509Certificate = null;
            return(arrRT.ToString());
        }
Ejemplo n.º 4
0
        /// <summary>5.3.5 带原文PKCS7签名,验证并获取原文 2011-12-19
        /// 含原文签名情况下使用
        /// </summary>
        /// <param name="sSignature"></param>
        /// <returns></returns>
        public static String getSourceFromPKCS7SignData(string sSignature)
        {
            String     sSource     = "";
            SignedData oSignedData = new SignedData();
            Utilities  oUtilities  = new Utilities();

            if (!oSignedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY))
            {
                throw new Exception("签名验证不正确");
            }
            SecuInter.Signers signers = oSignedData.Signers;
            IEnumerator       enumer  = signers.GetEnumerator();

            while (enumer.MoveNext()) //第一张证书为客户端签名证书
            {
                SecuInter.Signer          signer = (SecuInter.Signer)enumer.Current;
                SecuInter.X509Certificate oCert  = (SecuInter.X509Certificate)signer.Certificate;
                oCert.Display();
            }
            sSource     = oUtilities.ByteArraytoString(oSignedData.Content);
            oSignedData = null;
            oUtilities  = null;
            return(sSource);
        }
Ejemplo n.º 5
0
        /// <summary>5.3.4 PKCS7签名验证并获取证书 2011-12-19
        ///
        /// </summary>
        /// <param name="sSource"></param>
        /// <param name="sSignature"></param>
        /// <param name="isNotHasSource"></param>
        /// <returns></returns>
        public static SecuInter.X509Certificate verifyPKCS7(String sSource, string sSignature, Boolean isNotHasSource, ref String signTime)
        {
            SecuInter.X509Certificate oCertSign = null;
            SignedData signedData = new SignedData();
            Utilities  util       = new Utilities();

            if (isNotHasSource == true)
            {//不含原文情况,将原文设入签名数据中
                signedData.Content = sSource;
            }

            if (!signedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY))
            {
                throw new Exception("签名验证不正确");
            }
            if (isNotHasSource == false)
            {                                                                    //含原文情况,比对原文和签名信息,进行验证
                if (!sSource.Equals(util.ByteArraytoString(signedData.Content))) //
                {
                    throw new Exception("发生错误,签名原文不一致!");
                }
            }
            int iCertCount = signedData.Signers.Count;

            //获取签名时间
            if (iCertCount == 1)
            {
                if (signedData.HasTSATimestamp(0))
                {
                    signTime = (signedData.getTSATimeStamp(0).ToString("yyyy-MM-dd HH:mm:ss"));
                }
            }
            else
            {
                for (var i = 0; i < iCertCount; i++)
                {
                    signedData.Signers[i].Certificate.Display();
                    if (signedData.HasTSATimestamp(i))
                    {
                        signTime = (signedData.getTSATimeStamp(i).ToString("yyyy-MM-dd HH:mm:ss"));
                    }
                }
            }
            // '判断验证结果与签名时数据是否一致
            SecuInter.Signers signers = signedData.Signers;
            IEnumerator       enumer  = signers.GetEnumerator();

            while (enumer.MoveNext()) //第一张证书为客户端签名证书
            {
                SecuInter.Signer          signer = (SecuInter.Signer)enumer.Current;
                SecuInter.X509Certificate oCert  = (SecuInter.X509Certificate)signer.Certificate;

                oCertSign = oCert; //'验证通过,取签名的证书
                break;
            }
            if (oCertSign == null)
            {
                throw new Exception("签名信息中无证书!");
            }
            signedData = null;
            util       = null;
            return(oCertSign);
        }