/// <summary>5.3.4 PKCS7签名验证并获取证书 2011-12-19
///
/// </summary>
/// <param name="sSource"></param>
/// <param name="sSignature"></param>
/// <param name="isNotHasSource"></param>
/// <returns></returns>
public static SecuInter.X509Certificate verifyPKCS7(String sSource, string sSignature, Boolean isNotHasSource)
{
SecuInter.X509Certificate oCertSign = null;
SignedData signedData = new SignedData();
Utilities util = new Utilities();
if (isNotHasSource == true)
{//不含原文情况,将原文设入签名数据中
signedData.Content = sSource;
}
if (!signedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY))
{
throw new Exception("签名验证不正确");
}
if (isNotHasSource == false)
{ //含原文情况,比对原文和签名信息,进行验证
if (!sSource.Equals(util.ByteArraytoString(signedData.Content))) //
{
throw new Exception("发生错误,签名原文不一致!");
}
}
// '判断验证结果与签名时数据是否一致
SecuInter.Signers signers = signedData.Signers;
IEnumerator enumer = signers.GetEnumerator();
while (enumer.MoveNext()) //第一张证书为客户端签名证书
{
SecuInter.Signer signer = (SecuInter.Signer)enumer.Current;
SecuInter.X509Certificate oCert = (SecuInter.X509Certificate)signer.Certificate;
oCertSign = oCert; //'验证通过,取签名的证书
break;
}
if (oCertSign == null)
{
throw new Exception("签名信息中无证书!");
}
signedData = null;
util = null;
return(oCertSign);
}
/// <summary>5.3.5 带原文PKCS7签名,验证并获取原文 2011-12-19
/// 含原文签名情况下使用
/// </summary>
/// <param name="sSignature"></param>
/// <returns></returns>
public static String getSourceFromPKCS7SignData(string sSignature)
{
String sSource = "";
SignedData oSignedData = new SignedData();
Utilities oUtilities = new Utilities();
if (!oSignedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY))
{
throw new Exception("签名验证不正确");
}
SecuInter.Signers signers = oSignedData.Signers;
IEnumerator enumer = signers.GetEnumerator();
while (enumer.MoveNext()) //第一张证书为客户端签名证书
{
SecuInter.Signer signer = (SecuInter.Signer)enumer.Current;
SecuInter.X509Certificate oCert = (SecuInter.X509Certificate)signer.Certificate;
oCert.Display();
}
sSource = oUtilities.ByteArraytoString(oSignedData.Content);
oSignedData = null;
oUtilities = null;
return(sSource);
}
/// <summary>5.3.4 PKCS7签名验证并获取证书 2011-12-19
///
/// </summary>
/// <param name="sSource"></param>
/// <param name="sSignature"></param>
/// <param name="isNotHasSource"></param>
/// <returns></returns>
public static SecuInter.X509Certificate verifyPKCS7(String sSource, string sSignature, Boolean isNotHasSource, ref String signTime)
{
SecuInter.X509Certificate oCertSign = null;
SignedData signedData = new SignedData();
Utilities util = new Utilities();
if (isNotHasSource == true)
{//不含原文情况,将原文设入签名数据中
signedData.Content = sSource;
}
if (!signedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY))
{
throw new Exception("签名验证不正确");
}
if (isNotHasSource == false)
{ //含原文情况,比对原文和签名信息,进行验证
if (!sSource.Equals(util.ByteArraytoString(signedData.Content))) //
{
throw new Exception("发生错误,签名原文不一致!");
}
}
int iCertCount = signedData.Signers.Count;
//获取签名时间
if (iCertCount == 1)
{
if (signedData.HasTSATimestamp(0))
{
signTime = (signedData.getTSATimeStamp(0).ToString("yyyy-MM-dd HH:mm:ss"));
}
}
else
{
for (var i = 0; i < iCertCount; i++)
{
signedData.Signers[i].Certificate.Display();
if (signedData.HasTSATimestamp(i))
{
signTime = (signedData.getTSATimeStamp(i).ToString("yyyy-MM-dd HH:mm:ss"));
}
}
}
// '判断验证结果与签名时数据是否一致
SecuInter.Signers signers = signedData.Signers;
IEnumerator enumer = signers.GetEnumerator();
while (enumer.MoveNext()) //第一张证书为客户端签名证书
{
SecuInter.Signer signer = (SecuInter.Signer)enumer.Current;
SecuInter.X509Certificate oCert = (SecuInter.X509Certificate)signer.Certificate;
oCertSign = oCert; //'验证通过,取签名的证书
break;
}
if (oCertSign == null)
{
throw new Exception("签名信息中无证书!");
}
signedData = null;
util = null;
return(oCertSign);
}