// in case we just want to timestamp the file public bool Timestamp(string fileName) { try { AuthenticodeDeformatter def = new AuthenticodeDeformatter(fileName); byte[] signature = def.Signature; if (signature != null) { Open(fileName); PKCS7.ContentInfo ci = new PKCS7.ContentInfo(signature); pkcs7 = new PKCS7.SignedData(ci.Content); byte[] response = Timestamp(pkcs7.SignerInfo.Signature); ASN1 ts = new ASN1(Convert.FromBase64String(Encoding.ASCII.GetString(response))); // insert new certificates and countersignature into the original signature ASN1 asn = new ASN1(signature); ASN1 content = asn.Element(1, 0xA0); if (content == null) { return(false); } ASN1 signedData = content.Element(0, 0x30); if (signedData == null) { return(false); } // add the supplied certificates inside our signature ASN1 certificates = signedData.Element(3, 0xA0); if (certificates == null) { certificates = new ASN1(0xA0); signedData.Add(certificates); } for (int i = 0; i < ts[1][0][3].Count; i++) { certificates.Add(ts[1][0][3][i]); } // add an unauthentified attribute to our signature ASN1 signerInfoSet = signedData[signedData.Count - 1]; ASN1 signerInfo = signerInfoSet[0]; ASN1 unauthenticated = signerInfo[signerInfo.Count - 1]; if (unauthenticated.Tag != 0xA1) { unauthenticated = new ASN1(0xA1); signerInfo.Add(unauthenticated); } unauthenticated.Add(Attribute(countersignature, ts[1][0][4][0])); return(Save(fileName, asn.GetBytes())); } } catch (Exception e) { Console.WriteLine(e); } return(false); }
public AuthenticodeFormatter() { this.certs = new X509CertificateCollection(); this.crls = new ArrayList(); this.authority = Authority.Maximum; this.pkcs7 = new PKCS7.SignedData(); }
public AuthenticodeFormatter() : base() { certs = new X509CertificateCollection(); crls = new ArrayList(); authority = Authority.Maximum; pkcs7 = new PKCS7.SignedData(); }
private bool CheckSignature(string fileName) { this.filename = fileName; base.Open(this.filename); this.entry = base.GetSecurityEntry(); if (this.entry == null) { this.reason = 1; base.Close(); return(false); } PKCS7.ContentInfo contentInfo = new PKCS7.ContentInfo(this.entry); if (contentInfo.ContentType != "1.2.840.113549.1.7.2") { base.Close(); return(false); } PKCS7.SignedData signedData = new PKCS7.SignedData(contentInfo.Content); if (signedData.ContentInfo.ContentType != "1.3.6.1.4.1.311.2.1.4") { base.Close(); return(false); } this.coll = signedData.Certificates; ASN1 content = signedData.ContentInfo.Content; this.signedHash = content[0][1][1]; int length = this.signedHash.Length; HashAlgorithm hashAlgorithm; if (length != 16) { if (length != 20) { this.reason = 5; base.Close(); return(false); } hashAlgorithm = HashAlgorithm.Create("SHA1"); this.hash = base.GetHash(hashAlgorithm); } else { hashAlgorithm = HashAlgorithm.Create("MD5"); this.hash = base.GetHash(hashAlgorithm); } base.Close(); if (!this.signedHash.CompareValue(this.hash)) { this.reason = 2; } byte[] value = content[0].Value; hashAlgorithm.Initialize(); byte[] calculatedMessageDigest = hashAlgorithm.ComputeHash(value); bool flag = this.VerifySignature(signedData, calculatedMessageDigest, hashAlgorithm); return(flag && this.reason == 0); }
private bool CheckSignature(string fileName) { filename = fileName; Open(filename); entry = GetSecurityEntry(); if (entry == null) { reason = 1; Close(); return(false); } PKCS7.ContentInfo contentInfo = new PKCS7.ContentInfo(entry); if (contentInfo.ContentType != "1.2.840.113549.1.7.2") { Close(); return(false); } PKCS7.SignedData signedData = new PKCS7.SignedData(contentInfo.Content); if (signedData.ContentInfo.ContentType != "1.3.6.1.4.1.311.2.1.4") { Close(); return(false); } coll = signedData.Certificates; ASN1 content = signedData.ContentInfo.Content; signedHash = content[0][1][1]; HashAlgorithm hashAlgorithm = null; switch (signedHash.Length) { case 16: hashAlgorithm = HashAlgorithm.Create("MD5"); hash = GetHash(hashAlgorithm); break; case 20: hashAlgorithm = HashAlgorithm.Create("SHA1"); hash = GetHash(hashAlgorithm); break; default: reason = 5; Close(); return(false); } Close(); if (!signedHash.CompareValue(hash)) { reason = 2; } byte[] value = content[0].Value; hashAlgorithm.Initialize(); byte[] calculatedMessageDigest = hashAlgorithm.ComputeHash(value); return(VerifySignature(signedData, calculatedMessageDigest, hashAlgorithm) && reason == 0); }
public bool Timestamp(string fileName) { try { AuthenticodeDeformatter authenticodeDeformatter = new AuthenticodeDeformatter(fileName); byte[] signature = authenticodeDeformatter.Signature; if (signature != null) { base.Open(fileName); PKCS7.ContentInfo contentInfo = new PKCS7.ContentInfo(signature); this.pkcs7 = new PKCS7.SignedData(contentInfo.Content); byte[] bytes = this.Timestamp(this.pkcs7.SignerInfo.Signature); ASN1 asn = new ASN1(Convert.FromBase64String(Encoding.ASCII.GetString(bytes))); ASN1 asn2 = new ASN1(signature); ASN1 asn3 = asn2.Element(1, 160); if (asn3 == null) { return(false); } ASN1 asn4 = asn3.Element(0, 48); if (asn4 == null) { return(false); } ASN1 asn5 = asn4.Element(3, 160); if (asn5 == null) { asn5 = new ASN1(160); asn4.Add(asn5); } for (int i = 0; i < asn[1][0][3].Count; i++) { asn5.Add(asn[1][0][3][i]); } ASN1 asn6 = asn4[asn4.Count - 1]; ASN1 asn7 = asn6[0]; ASN1 asn8 = asn7[asn7.Count - 1]; if (asn8.Tag != 161) { asn8 = new ASN1(161); asn7.Add(asn8); } asn8.Add(this.Attribute("1.2.840.113549.1.9.6", asn[1][0][4][0])); return(this.Save(fileName, asn2.GetBytes())); } } catch (Exception value) { Console.WriteLine(value); } return(false); }
public bool Timestamp(string fileName) { try { AuthenticodeDeformatter authenticodeDeformatter = new AuthenticodeDeformatter(fileName); byte[] signature = authenticodeDeformatter.Signature; if (signature != null) { Open(fileName); PKCS7.ContentInfo contentInfo = new PKCS7.ContentInfo(signature); pkcs7 = new PKCS7.SignedData(contentInfo.Content); byte[] bytes = Timestamp(pkcs7.SignerInfo.Signature); ASN1 aSN = new ASN1(Convert.FromBase64String(Encoding.ASCII.GetString(bytes))); ASN1 aSN2 = new ASN1(signature); ASN1 aSN3 = aSN2.Element(1, 160); if (aSN3 == null) { return(false); } ASN1 aSN4 = aSN3.Element(0, 48); if (aSN4 == null) { return(false); } ASN1 aSN5 = aSN4.Element(3, 160); if (aSN5 == null) { aSN5 = new ASN1(160); aSN4.Add(aSN5); } for (int i = 0; i < aSN[1][0][3].Count; i++) { aSN5.Add(aSN[1][0][3][i]); } ASN1 aSN6 = aSN4[aSN4.Count - 1]; ASN1 aSN7 = aSN6[0]; ASN1 aSN8 = aSN7[aSN7.Count - 1]; if (aSN8.Tag != 161) { aSN8 = new ASN1(161); aSN7.Add(aSN8); } aSN8.Add(Attribute("1.2.840.113549.1.9.6", aSN[1][0][4][0])); return(Save(fileName, aSN2.GetBytes())); } } catch (Exception value) { Console.WriteLine(value); } return(false); }
public SoftwarePublisherCertificate(byte[] data) : this() { if (data == null) { throw new ArgumentNullException("data"); } PKCS7.ContentInfo contentInfo = new PKCS7.ContentInfo(data); if (contentInfo.ContentType != "1.2.840.113549.1.7.2") { throw new ArgumentException(Locale.GetText("Unsupported ContentType")); } this.pkcs7 = new PKCS7.SignedData(contentInfo.Content); }
public SoftwarePublisherCertificate(byte[] data) : this() { if (data == null) throw new ArgumentNullException ("data"); PKCS7.ContentInfo ci = new PKCS7.ContentInfo (data); if (ci.ContentType != PKCS7.Oid.signedData) { throw new ArgumentException ( Locale.GetText ("Unsupported ContentType")); } pkcs7 = new PKCS7.SignedData (ci.Content); }
public SoftwarePublisherCertificate(byte[] data) : this() { if (data == null) { throw new ArgumentNullException("data"); } PKCS7.ContentInfo ci = new PKCS7.ContentInfo(data); if (ci.ContentType != PKCS7.Oid.signedData) { throw new ArgumentException("Invalid signed data"); } pkcs7 = new PKCS7.SignedData(ci.Content); }
public void Unsorted() { ASN1 dt = ASN1Convert.FromDateTime(DateTime.UtcNow); ASN1 st = PKCS7.Attribute(PKCS7.Oid.signingTime, dt); PKCS7.SignedData sd = new PKCS7.SignedData(); sd.ContentInfo.ContentType = PKCS7.Oid.data; sd.ContentInfo.Content.Add(new ASN1(0x04, Encoding.UTF8.GetBytes("Mono"))); sd.SignerInfo.AuthenticatedAttributes.Add(st); sd.SignerInfo.Key = key; // note: key and cert and unrelated - this is just for testing sd.SignerInfo.Certificate = new X509Certificate(cert); sd.HashName = "SHA1"; // this trigger the addition of two new AA byte[] result = sd.GetBytes(); Assert.AreEqual(3, sd.SignerInfo.AuthenticatedAttributes.Count, "aa-Count"); // verify that attributes are sorted (as they are stored in a SET) Assert.AreEqual(24, (sd.SignerInfo.AuthenticatedAttributes [0] as ASN1).Length, "0"); Assert.AreEqual(28, (sd.SignerInfo.AuthenticatedAttributes [1] as ASN1).Length, "1"); Assert.AreEqual(35, (sd.SignerInfo.AuthenticatedAttributes [2] as ASN1).Length, "2"); }
private bool VerifySignature(PKCS7.SignedData sd, byte[] calculatedMessageDigest, HashAlgorithm ha) { string str = null; ASN1 asn = null; string str3; Dictionary <string, int> dictionary; for (int i = 0; i < sd.SignerInfo.AuthenticatedAttributes.Count; i++) { ASN1 asn2 = (ASN1)sd.SignerInfo.AuthenticatedAttributes[i]; str3 = ASN1Convert.ToOid(asn2[0]); if (str3 != null) { if (__f__switch_map1 == null) { dictionary = new Dictionary <string, int>(4) { { "1.2.840.113549.1.9.3", 0 }, { "1.2.840.113549.1.9.4", 1 }, { "1.3.6.1.4.1.311.2.1.11", 2 }, { "1.3.6.1.4.1.311.2.1.12", 3 } }; __f__switch_map1 = dictionary; } if (__f__switch_map1.TryGetValue(str3, out int num2)) { switch (num2) { case 0: str = ASN1Convert.ToOid(asn2[1][0]); break; case 1: asn = asn2[1][0]; break; } } } } if (str != "1.3.6.1.4.1.311.2.1.4") { return(false); } if (asn == null) { return(false); } if (!asn.CompareValue(calculatedMessageDigest)) { return(false); } string str4 = CryptoConfig.MapNameToOID(ha.ToString()); ASN1 asn3 = new ASN1(0x31); IEnumerator enumerator = sd.SignerInfo.AuthenticatedAttributes.GetEnumerator(); try { while (enumerator.MoveNext()) { ASN1 current = (ASN1)enumerator.Current; asn3.Add(current); } } finally { if (enumerator is IDisposable disposable) { disposable.Dispose(); } } ha.Initialize(); byte[] rgbHash = ha.ComputeHash(asn3.GetBytes()); byte[] signature = sd.SignerInfo.Signature; string issuerName = sd.SignerInfo.IssuerName; byte[] serialNumber = sd.SignerInfo.SerialNumber; X509CertificateCollection.X509CertificateEnumerator enumerator2 = this.coll.GetEnumerator(); try { while (enumerator2.MoveNext()) { X509Certificate current = enumerator2.Current; if (this.CompareIssuerSerial(issuerName, serialNumber, current) && (current.PublicKey.Length > (signature.Length >> 3))) { this.signingCertificate = current; RSACryptoServiceProvider rSA = (RSACryptoServiceProvider)current.RSA; if (rSA.VerifyHash(rgbHash, str4, signature)) { this.signerChain.LoadCertificates(this.coll); this.trustedRoot = this.signerChain.Build(current); goto Label_0295; } } } } finally { if (enumerator2 is IDisposable disposable2) { disposable2.Dispose(); } } Label_0295: if (sd.SignerInfo.UnauthenticatedAttributes.Count == 0) { this.trustedTimestampRoot = true; } else { for (int j = 0; j < sd.SignerInfo.UnauthenticatedAttributes.Count; j++) { ASN1 asn5 = (ASN1)sd.SignerInfo.UnauthenticatedAttributes[j]; str3 = ASN1Convert.ToOid(asn5[0]); if (str3 != null) { if (__f__switch_map2 == null) { dictionary = new Dictionary <string, int>(1) { { "1.2.840.113549.1.9.6", 0 } }; __f__switch_map2 = dictionary; } if (__f__switch_map2.TryGetValue(str3, out int num2) && (num2 == 0)) { PKCS7.SignerInfo cs = new PKCS7.SignerInfo(asn5[1]); this.trustedTimestampRoot = this.VerifyCounterSignature(cs, signature); } } } } return(this.trustedRoot && this.trustedTimestampRoot); }
public SoftwarePublisherCertificate() { this.pkcs7 = new PKCS7.SignedData(); this.pkcs7.ContentInfo.ContentType = "1.2.840.113549.1.7.1"; }
private bool VerifySignature(PKCS7.SignedData sd, byte[] calculatedMessageDigest, HashAlgorithm ha) { string a = null; ASN1 asn = null; int i = 0; while (i < sd.SignerInfo.AuthenticatedAttributes.Count) { ASN1 asn2 = (ASN1)sd.SignerInfo.AuthenticatedAttributes[i]; string text = ASN1Convert.ToOid(asn2[0]); string text2 = text; switch (text2) { case "1.2.840.113549.1.9.3": a = ASN1Convert.ToOid(asn2[1][0]); break; case "1.2.840.113549.1.9.4": asn = asn2[1][0]; break; } IL_F1: i++; continue; goto IL_F1; } if (a != "1.3.6.1.4.1.311.2.1.4") { return(false); } if (asn == null) { return(false); } if (!asn.CompareValue(calculatedMessageDigest)) { return(false); } string str = CryptoConfig.MapNameToOID(ha.ToString()); ASN1 asn3 = new ASN1(49); foreach (object obj in sd.SignerInfo.AuthenticatedAttributes) { ASN1 asn4 = (ASN1)obj; asn3.Add(asn4); } ha.Initialize(); byte[] rgbHash = ha.ComputeHash(asn3.GetBytes()); byte[] signature = sd.SignerInfo.Signature; string issuerName = sd.SignerInfo.IssuerName; byte[] serialNumber = sd.SignerInfo.SerialNumber; foreach (X509Certificate x509Certificate in this.coll) { if (this.CompareIssuerSerial(issuerName, serialNumber, x509Certificate) && x509Certificate.PublicKey.Length > signature.Length >> 3) { this.signingCertificate = x509Certificate; RSACryptoServiceProvider rsacryptoServiceProvider = (RSACryptoServiceProvider)x509Certificate.RSA; if (rsacryptoServiceProvider.VerifyHash(rgbHash, str, signature)) { this.signerChain.LoadCertificates(this.coll); this.trustedRoot = this.signerChain.Build(x509Certificate); break; } } } if (sd.SignerInfo.UnauthenticatedAttributes.Count == 0) { this.trustedTimestampRoot = true; } else { int j = 0; while (j < sd.SignerInfo.UnauthenticatedAttributes.Count) { ASN1 asn5 = (ASN1)sd.SignerInfo.UnauthenticatedAttributes[j]; string text3 = ASN1Convert.ToOid(asn5[0]); string text2 = text3; if (text2 != null) { if (AuthenticodeDeformatter.< > f__switch$map2 == null) { AuthenticodeDeformatter.< > f__switch$map2 = new Dictionary <string, int>(1) { { "1.2.840.113549.1.9.6", 0 } }; } int num; if (AuthenticodeDeformatter.< > f__switch$map2.TryGetValue(text2, out num)) { if (num == 0) { PKCS7.SignerInfo cs = new PKCS7.SignerInfo(asn5[1]); this.trustedTimestampRoot = this.VerifyCounterSignature(cs, signature); } } } IL_35D: j++; continue; goto IL_35D; } } return(this.trustedRoot && this.trustedTimestampRoot); }
public void Decode(byte[] encodedMessage) { PKCS7.ContentInfo ci = new PKCS7.ContentInfo(encodedMessage); if (ci.ContentType != PKCS7.Oid.signedData) { throw new Exception(""); } PKCS7.SignedData sd = new PKCS7.SignedData(ci.Content); SubjectIdentifierType type = SubjectIdentifierType.Unknown; object o = null; X509Certificate2 x509 = null; if (sd.SignerInfo.Certificate != null) { x509 = new X509Certificate2(sd.SignerInfo.Certificate.RawData); } else if ((sd.SignerInfo.IssuerName != null) && (sd.SignerInfo.SerialNumber != null)) { byte[] serial = sd.SignerInfo.SerialNumber; Array.Reverse(serial); // ??? type = SubjectIdentifierType.IssuerAndSerialNumber; X509IssuerSerial xis = new X509IssuerSerial(); xis.IssuerName = sd.SignerInfo.IssuerName; xis.SerialNumber = ToString(serial, true); o = xis; // TODO: move to a FindCertificate (issuer, serial, collection) foreach (Mono.Security.X509.X509Certificate x in sd.Certificates) { if (x.IssuerName == sd.SignerInfo.IssuerName) { if (ToString(x.SerialNumber, true) == xis.SerialNumber) { x509 = new X509Certificate2(x.RawData); break; } } } } else if (sd.SignerInfo.SubjectKeyIdentifier != null) { string ski = ToString(sd.SignerInfo.SubjectKeyIdentifier, false); type = SubjectIdentifierType.SubjectKeyIdentifier; o = (object)ski; // TODO: move to a FindCertificate (ski, collection) foreach (Mono.Security.X509.X509Certificate x in sd.Certificates) { if (ToString(GetKeyIdentifier(x), false) == ski) { x509 = new X509Certificate2(x.RawData); break; } } } SignerInfo si = new SignerInfo(sd.SignerInfo.HashName, x509, type, o, sd.SignerInfo.Version); // si.AuthenticatedAttributes // si.UnauthenticatedAttributes _info.Add(si); ASN1 content = sd.ContentInfo.Content; Oid oid = new Oid(sd.ContentInfo.ContentType); if (!_detached || _content == null) { if (content[0] == null) { throw new ArgumentException("ContentInfo has no content. Detached signature ?"); } _content = new ContentInfo(oid, content[0].Value); } foreach (Mono.Security.X509.X509Certificate x in sd.Certificates) { _certs.Add(new X509Certificate2(x.RawData)); } _version = sd.Version; }
private bool VerifySignature(PKCS7.SignedData sd, byte[] calculatedMessageDigest, HashAlgorithm ha) { string a = null; ASN1 aSN = null; for (int i = 0; i < sd.SignerInfo.AuthenticatedAttributes.Count; i++) { ASN1 aSN2 = (ASN1)sd.SignerInfo.AuthenticatedAttributes[i]; switch (ASN1Convert.ToOid(aSN2[0])) { case "1.2.840.113549.1.9.3": a = ASN1Convert.ToOid(aSN2[1][0]); break; case "1.2.840.113549.1.9.4": aSN = aSN2[1][0]; break; } } if (a != "1.3.6.1.4.1.311.2.1.4") { return(false); } if (aSN == null) { return(false); } if (!aSN.CompareValue(calculatedMessageDigest)) { return(false); } string str = CryptoConfig.MapNameToOID(ha.ToString()); ASN1 aSN3 = new ASN1(49); foreach (ASN1 authenticatedAttribute in sd.SignerInfo.AuthenticatedAttributes) { aSN3.Add(authenticatedAttribute); } ha.Initialize(); byte[] rgbHash = ha.ComputeHash(aSN3.GetBytes()); byte[] signature = sd.SignerInfo.Signature; string issuerName = sd.SignerInfo.IssuerName; byte[] serialNumber = sd.SignerInfo.SerialNumber; foreach (X509Certificate item in coll) { if (CompareIssuerSerial(issuerName, serialNumber, item) && item.PublicKey.Length > signature.Length >> 3) { signingCertificate = item; RSACryptoServiceProvider rSACryptoServiceProvider = (RSACryptoServiceProvider)item.RSA; if (rSACryptoServiceProvider.VerifyHash(rgbHash, str, signature)) { signerChain.LoadCertificates(coll); trustedRoot = signerChain.Build(item); break; } } } if (sd.SignerInfo.UnauthenticatedAttributes.Count == 0) { trustedTimestampRoot = true; } else { for (int j = 0; j < sd.SignerInfo.UnauthenticatedAttributes.Count; j++) { ASN1 aSN4 = (ASN1)sd.SignerInfo.UnauthenticatedAttributes[j]; switch (ASN1Convert.ToOid(aSN4[0])) { case "1.2.840.113549.1.9.6": { PKCS7.SignerInfo cs = new PKCS7.SignerInfo(aSN4[1]); trustedTimestampRoot = VerifyCounterSignature(cs, signature); break; } } } } return(trustedRoot && trustedTimestampRoot); }
//private bool VerifySignature (ASN1 cs, byte[] calculatedMessageDigest, string hashName) private bool VerifySignature (PKCS7.SignedData sd, byte[] calculatedMessageDigest, HashAlgorithm ha) { string contentType = null; ASN1 messageDigest = null; // string spcStatementType = null; // string spcSpOpusInfo = null; for (int i=0; i < sd.SignerInfo.AuthenticatedAttributes.Count; i++) { ASN1 attr = (ASN1) sd.SignerInfo.AuthenticatedAttributes [i]; string oid = ASN1Convert.ToOid (attr[0]); switch (oid) { case "1.2.840.113549.1.9.3": // contentType contentType = ASN1Convert.ToOid (attr[1][0]); break; case "1.2.840.113549.1.9.4": // messageDigest messageDigest = attr[1][0]; break; case "1.3.6.1.4.1.311.2.1.11": // spcStatementType (Microsoft code signing) // possible values // - individualCodeSigning (1 3 6 1 4 1 311 2 1 21) // - commercialCodeSigning (1 3 6 1 4 1 311 2 1 22) // spcStatementType = ASN1Convert.ToOid (attr[1][0][0]); break; case "1.3.6.1.4.1.311.2.1.12": // spcSpOpusInfo (Microsoft code signing) /* try { spcSpOpusInfo = System.Text.Encoding.UTF8.GetString (attr[1][0][0][0].Value); } catch (NullReferenceException) { spcSpOpusInfo = null; }*/ break; default: break; } } if (contentType != spcIndirectDataContext) return false; // verify message digest if (messageDigest == null) return false; if (!messageDigest.CompareValue (calculatedMessageDigest)) return false; // verify signature string hashOID = CryptoConfig.MapNameToOID (ha.ToString ()); // change to SET OF (not [0]) as per PKCS #7 1.5 ASN1 aa = new ASN1 (0x31); foreach (ASN1 a in sd.SignerInfo.AuthenticatedAttributes) aa.Add (a); ha.Initialize (); byte[] p7hash = ha.ComputeHash (aa.GetBytes ()); byte[] signature = sd.SignerInfo.Signature; // we need to find the specified certificate string issuer = sd.SignerInfo.IssuerName; byte[] serial = sd.SignerInfo.SerialNumber; foreach (X509Certificate x509 in coll) { if (CompareIssuerSerial (issuer, serial, x509)) { // don't verify is key size don't match if (x509.PublicKey.Length > (signature.Length >> 3)) { // return the signing certificate even if the signature isn't correct // (required behaviour for 2.0 support) signingCertificate = x509; RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA; if (rsa.VerifyHash (p7hash, hashOID, signature)) { signerChain.LoadCertificates (coll); trustedRoot = signerChain.Build (x509); break; } } } } // timestamp signature is optional if (sd.SignerInfo.UnauthenticatedAttributes.Count == 0) { trustedTimestampRoot = true; } else { for (int i = 0; i < sd.SignerInfo.UnauthenticatedAttributes.Count; i++) { ASN1 attr = (ASN1) sd.SignerInfo.UnauthenticatedAttributes[i]; string oid = ASN1Convert.ToOid (attr[0]); switch (oid) { case PKCS7.Oid.countersignature: // SEQUENCE { // OBJECT IDENTIFIER // countersignature (1 2 840 113549 1 9 6) // SET { PKCS7.SignerInfo cs = new PKCS7.SignerInfo (attr[1]); trustedTimestampRoot = VerifyCounterSignature (cs, signature); break; default: // we don't support other unauthenticated attributes break; } } } return (trustedRoot && trustedTimestampRoot); }
private bool CheckSignature (string fileName) { filename = fileName; Open (filename); entry = GetSecurityEntry (); if (entry == null) { // no signature is present reason = 1; Close (); return false; } PKCS7.ContentInfo ci = new PKCS7.ContentInfo (entry); if (ci.ContentType != PKCS7.Oid.signedData) { Close (); return false; } PKCS7.SignedData sd = new PKCS7.SignedData (ci.Content); if (sd.ContentInfo.ContentType != spcIndirectDataContext) { Close (); return false; } coll = sd.Certificates; ASN1 spc = sd.ContentInfo.Content; signedHash = spc [0][1][1]; HashAlgorithm ha = null; switch (signedHash.Length) { case 16: ha = HashAlgorithm.Create ("MD5"); hash = GetHash (ha); break; case 20: ha = HashAlgorithm.Create ("SHA1"); hash = GetHash (ha); break; default: reason = 5; Close (); return false; } Close (); if (!signedHash.CompareValue (hash)) { reason = 2; } // messageDigest is a hash of spcIndirectDataContext (which includes the file hash) byte[] spcIDC = spc [0].Value; ha.Initialize (); // re-using hash instance byte[] messageDigest = ha.ComputeHash (spcIDC); bool sign = VerifySignature (sd, messageDigest, ha); return (sign && (reason == 0)); }
private bool CheckSignature(string fileName) { this.filename = fileName; base.Open(this.filename); this.entry = base.GetSecurityEntry(); if (this.entry == null) { this.reason = 1; base.Close(); return(false); } PKCS7.ContentInfo info = new PKCS7.ContentInfo(this.entry); if (info.ContentType != "1.2.840.113549.1.7.2") { base.Close(); return(false); } PKCS7.SignedData sd = new PKCS7.SignedData(info.Content); if (sd.ContentInfo.ContentType != "1.3.6.1.4.1.311.2.1.4") { base.Close(); return(false); } this.coll = sd.Certificates; ASN1 content = sd.ContentInfo.Content; this.signedHash = content[0][1][1]; HashAlgorithm hash = null; switch (this.signedHash.Length) { case 0x10: hash = HashAlgorithm.Create("MD5"); this.hash = base.GetHash(hash); break; case 20: hash = HashAlgorithm.Create("SHA1"); this.hash = base.GetHash(hash); break; default: this.reason = 5; base.Close(); return(false); } base.Close(); if (!this.signedHash.CompareValue(this.hash)) { this.reason = 2; } byte[] buffer = content[0].Value; hash.Initialize(); byte[] calculatedMessageDigest = hash.ComputeHash(buffer); return(this.VerifySignature(sd, calculatedMessageDigest, hash) && (this.reason == 0)); }
public SoftwarePublisherCertificate() { pkcs7 = new PKCS7.SignedData(); pkcs7.ContentInfo.ContentType = PKCS7.Oid.data; }