public ReadySignatureFactory(ISigner signer, string digestOID)
{
this.signer = signer;
#pragma warning disable CS0618 // Type or member is obsolete
this.algID = new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier(digestOID);
#pragma warning restore CS0618 // Type or member is obsolete
}
private static BcEssCertIdV2 CreateBcEssCertIdV2(HashAlgorithmName hashAlgorithmName, string text)
{
var hash = CryptoHashUtility.ComputeHash(hashAlgorithmName, Encoding.UTF8.GetBytes(text));
var bcAlgorithmIdentifier = new BcAlgorithmIdentifier(
new DerObjectIdentifier(hashAlgorithmName.ConvertToOidString()));
return(new BcEssCertIdV2(bcAlgorithmIdentifier, hash));
}
public void Read_WithValidInput_ReturnsAlgorithmIdentifier(string oid)
{
var bytes = new BcAlgorithmIdentifier(new DerObjectIdentifier(oid)).GetDerEncoded();
var algorithmId = AlgorithmIdentifier.Read(bytes);
Assert.Equal(oid, algorithmId.Algorithm.Value);
}
public void Read_WithExplicitNullParameters_ReturnsAlgorithmIdentifier()
{
var bytes = new BcAlgorithmIdentifier(new DerObjectIdentifier(Oids.Sha256), DerNull.Instance).GetDerEncoded();
var algorithmId = AlgorithmIdentifier.Read(bytes);
Assert.Equal(Oids.Sha256, algorithmId.Algorithm.Value);
}
public void Read_WithInvalidHashedMessage_Throws()
{
var bcAlgorithmIdentifier = new BcAlgorithmIdentifier(new DerObjectIdentifier(Oids.Sha256));
var bcMessageImprint = new DerSequence(bcAlgorithmIdentifier, new DerOctetString(new byte[0]));
var bytes = bcMessageImprint.GetDerEncoded();
var exception = Assert.Throws <CryptographicException>(() => MessageImprint.Read(bytes));
Assert.Equal("The ASN.1 data is invalid.", exception.Message);
}
public void Read_WithValidInput_ReturnsInstance(string oid)
{
var data = Encoding.UTF8.GetBytes("peach");
var hashAlgorithmName = CryptoHashUtility.OidToHashAlgorithmName(oid);
var hash = hashAlgorithmName.ComputeHash(data);
var bcAlgorithmIdentifier = new BcAlgorithmIdentifier(new DerObjectIdentifier(oid));
var bcMessageImprint = new BcMessageImprint(bcAlgorithmIdentifier, hash);
var bytes = bcMessageImprint.GetDerEncoded();
var messageImprint = MessageImprint.Read(bytes);
Assert.Equal(oid, messageImprint.HashAlgorithm.Algorithm.Value);
Assert.Equal(hash, messageImprint.HashedMessage);
}
} // End Function SignHashInternal
private byte[] DerEncode(byte[] hash,
Org.BouncyCastle.Crypto.IDigest digest
)
{
Org.BouncyCastle.Asn1.DerObjectIdentifier digestOid = this.m_oidMap[digest.AlgorithmName];
Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier algid =
new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier(
digestOid, Org.BouncyCastle.Asn1.DerNull.Instance
);
Org.BouncyCastle.Asn1.X509.DigestInfo di =
new Org.BouncyCastle.Asn1.X509.DigestInfo(algid, hash);
return(di.GetDerEncoded());
} // End Function DerEncode
/// <summary>
/// Constructor which also specifies a source of randomness to be used if one is required.
/// </summary>
/// <param name="hashAlgorithm">The name of the signature algorithm to use.</param>
/// <param name="generator">The signature generator.</param>
public KeyVaultSignatureFactory(HashAlgorithmName hashAlgorithm, X509SignatureGenerator generator)
{
Org.BouncyCastle.Asn1.DerObjectIdentifier sigOid;
if (hashAlgorithm == HashAlgorithmName.SHA256)
{
sigOid = Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Sha256WithRsaEncryption;
}
else if (hashAlgorithm == HashAlgorithmName.SHA384)
{
sigOid = Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Sha384WithRsaEncryption;
}
else if (hashAlgorithm == HashAlgorithmName.SHA512)
{
sigOid = Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Sha512WithRsaEncryption;
}
else
{
throw new ArgumentOutOfRangeException(nameof(hashAlgorithm));
}
_hashAlgorithm = hashAlgorithm;
_generator = generator;
_algID = new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier(sigOid);
}
static void Main(string[] args)
{
byte[] entradaArray = File.ReadAllBytes(@"certificado/arquivoTeste.txt");
AsymmetricKeyParameter chavePrivada;
X509Certificate certificadoX509 = getCertificadoX509(@"certificado/certificado.p12", "123!@#", out chavePrivada);
SHA512Managed hashSHA512 = new SHA512Managed();
SHA256Managed hashSHA256 = new SHA256Managed();
byte[] certificadoX509Hash = hashSHA256.ComputeHash(certificadoX509.GetEncoded());
byte[] EntradaHash = hashSHA512.ComputeHash(entradaArray);
CmsSignedDataGenerator geradorCms = new CmsSignedDataGenerator();
//
//atributos
//
Asn1EncodableVector atributosAssinados = new Asn1EncodableVector();
//1.2.840.113549.1.9.3 -> ContentType
//1.2.840.113549.1.7.1 -> RSA Security Data Inc
atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(CmsAttributes.ContentType, new DerSet(new DerObjectIdentifier("1.2.840.113549.1.7.1"))));
//1.2.840.113549.1.9.5 -> Signing Time
atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(CmsAttributes.SigningTime, new DerSet(new DerUtcTime(DateTime.Now))));
//1.2.840.113549.1.9.4 -> messageDigest
atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(CmsAttributes.MessageDigest, new DerSet(new DerOctetString(EntradaHash))));
//2.16.840.1.101.3.4.2.3 -> SHA-512
//2.16.840.1.101.3.4.2.1 -> SHA-256
//1.2.840.113549.1.9.16.5.1 -> sigPolicyQualifier-spuri
DerObjectIdentifier identificadorPolicyID = new DerObjectIdentifier("1.2.840.113549.1.9.16.2.15");
byte[] policyHASH = System.Text.Encoding.ASCII.GetBytes("0F6FA2C6281981716C95C79899039844523B1C61C2C962289CDAC7811FEEE29E");
List <SigPolicyQualifierInfo> sigPolicyQualifierInfos = new List <SigPolicyQualifierInfo>();
Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier algoritmoIdentificador = new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier("2.16.840.1.101.3.4.2.3");
SigPolicyQualifierInfo bcSigPolicyQualifierInfo = new SigPolicyQualifierInfo(new DerObjectIdentifier("1.2.840.113549.1.9.16.5.1"), new DerIA5String("http://politicas.icpbrasil.gov.br/PA_AD_RB_v2_2.der"));
sigPolicyQualifierInfos.Add(bcSigPolicyQualifierInfo);
SignaturePolicyId signaturePolicyId = new SignaturePolicyId(DerObjectIdentifier.GetInstance(new DerObjectIdentifier("2.16.76.1.7.1.6.2.2")), new OtherHashAlgAndValue(algoritmoIdentificador, new DerOctetString(policyHASH)), sigPolicyQualifierInfos);
atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(identificadorPolicyID, new DerSet(signaturePolicyId)));
//1.2.840.113549.1.9.16.2.47 -> id-aa-signingCertificateV2
Org.BouncyCastle.Asn1.Ess.EssCertIDv2 essCertIDv2;
essCertIDv2 = new Org.BouncyCastle.Asn1.Ess.EssCertIDv2(certificadoX509Hash);
atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(new DerObjectIdentifier("1.2.840.113549.1.9.16.2.47"), new DerSet(essCertIDv2)));
AttributeTable atributosAssinadosTabela = new AttributeTable(atributosAssinados);
//geradorCms.AddSigner(chavePrivada, certificadoX509, CmsSignedDataGenerator.DigestSha256, new DefaultSignedAttributeTableGenerator(atributosAssinadosTabela), null);
geradorCms.AddSigner(chavePrivada, certificadoX509, CmsSignedDataGenerator.DigestSha512, new DefaultSignedAttributeTableGenerator(atributosAssinadosTabela), null);
List <X509Certificate> certificadoX509Lista = new List <X509Certificate>();
certificadoX509Lista.Add(certificadoX509);
//storeCerts.AddRange(chain);
X509CollectionStoreParameters parametrosArmazem = new X509CollectionStoreParameters(certificadoX509Lista);
IX509Store armazemCertificado = X509StoreFactory.Create("CERTIFICATE/COLLECTION", parametrosArmazem);
geradorCms.AddCertificates(armazemCertificado);
var dadosAssinado = geradorCms.Generate(new CmsProcessableByteArray(entradaArray), true); // encapsulate = false for detached signature
Console.WriteLine("Codificado => " + Convert.ToBase64String(dadosAssinado.GetEncoded()));
}
