static void TestGetUserInfo(string[] args) { // Step 1 - Defining the request string method = "socialize.getUserInfo"; GSRequest request = new GSRequest(apiKey, secretKey, method, true); // Step 2 - Adding parameters request.SetParam("uid", "di1"); // set the "uid" parameter to user's ID request.SetParam("enabledProviders", "*,testnetwork,testnetwork2"); request.SetParam("status", "I feel great 22222"); // set the "status" parameter to "I feel great" // Step 3 - Sending the request GSResponse response = request.Send(); bool validate = SigUtils.ValidateUserSignature( response.GetString("UID", ""), response.GetString("signatureTimestamp", ""), secretKey, response.GetString("UIDSignature", "")); // Step 4 - handling the request's response. if (response.GetErrorCode() == 0) { // SUCCESS! response status = OK Console.WriteLine("Success in setStatus operation."); } else { // Error Console.WriteLine("Got error on setStatus: {0}", response.GetErrorMessage()); } }
public static string GetDynamicSessionSignatureUserSigned(string gigyaAuthCookie, int timeoutInSeconds, string applicationKey, string secret) { var epoch = DateTime.UtcNow.DateTimeToUnixTimestamp(); string expirationTime = (epoch + timeoutInSeconds).ToString(); string signature = SigUtils.CalcSignature(gigyaAuthCookie + "_" + expirationTime + "_" + applicationKey, secret); return(expirationTime + '_' + applicationKey + "_" + signature); }
private void verifyResponseSignature(GSResponse res, string format) { if (!format.Equals("xml", StringComparison.InvariantCultureIgnoreCase)) { GSObject data = res.GetData(); if (null != data) { if (cbMethods.Text.IndexOf("getUserInfo", StringComparison.InvariantCultureIgnoreCase) > -1) { string uid = data.GetString("UID", ""); string uidSig = data.GetString("UIDSignature", ""); string sigTimestamp = data.GetString("signatureTimestamp", ""); if (SigUtils.ValidateUserSignature(uid, sigTimestamp, txtSecKey.Text, uidSig)) { lblVerifiedSig.Text = "Signature is verified"; lblVerifiedSig.ForeColor = Color.Green; } else { lblVerifiedSig.Text = "Invalid signature !!!"; lblVerifiedSig.ForeColor = Color.Red; } } if (cbMethods.Text.IndexOf("getFriendsInfo", StringComparison.InvariantCultureIgnoreCase) > -1) { GSArray friends = data.GetArray("friends"); if (null != friends && friends.Length > 0) { GSObject firstFriend = friends.GetObject(0); string friendSig = firstFriend.GetString("friendshipSignature"); string tsSig = firstFriend.GetString("signatureTimestamp"); string friendUID = firstFriend.GetString("UID"); if (SigUtils.ValidateFriendSignature(txtUID.Text, tsSig, friendUID, txtSecKey.Text, friendSig)) { lblVerifiedSig.Text = "1ST friend's signature is verified"; lblVerifiedSig.ForeColor = Color.Green; } else { lblVerifiedSig.Text = "Invalid signature (1ST friend's) !!!"; lblVerifiedSig.ForeColor = Color.Red; } } } } } }
public static byte[] PreSign(String digestAlgorithmName, byte[] content, X509Certificate2[] signerCertificateChain, AdESPolicy policy, bool signingCertificateV2, byte[] messageDigest, DateTime signDate, bool padesMode, String contentType, String contentDescription) { if (signerCertificateChain == null || signerCertificateChain.Length == 0) { throw new ArgumentException("La cadena de certificados debe contener al menos una entrada"); } // Atributos firmados Asn1Set signedAttributes; signedAttributes = SigUtils.GetAttributeSet( new Org.BouncyCastle.Asn1.Cms.AttributeTable( CAdESUtils.GenerateSignerInfo( signerCertificateChain[0], digestAlgorithmName, content, policy, signingCertificateV2, messageDigest, signDate, padesMode, contentType, contentDescription ) ) ); return(signedAttributes.GetEncoded("DER")); }
public bool ValidateSignature(string userId, IGigyaModuleSettings settings, GSResponse response, bool disableSignatureExchange = false) { return(SigUtils.ValidateUserSignature(userId, response.GetString(Constants.GigyaFields.SignatureTimestamp, null), settings.ApplicationSecret, response.GetString(Constants.GigyaFields.UserIdSignature, null))); }
public static Asn1EncodableVector GenerateSignerInfo(X509Certificate2 cert, String digestAlgorithmName, byte[] datos, AdESPolicy policy, bool signingCertificateV2, byte[] messageDigest, DateTime signDate, bool padesMode, String contentType, String contentDescription) { // ALGORITMO DE HUELLA DIGITAL AlgorithmIdentifier digestAlgorithmOID = SigUtils.MakeAlgId(AOAlgorithmID.GetOID(digestAlgorithmName)); // // ATRIBUTOS // authenticatedAttributes Asn1EncodableVector contexExpecific = InitContexExpecific( digestAlgorithmName, datos, Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Data.Id, messageDigest, signDate, padesMode ); // Serial Number // comentar lo de abajo para version del rfc 3852 if (signingCertificateV2) { // INICIO SINGING CERTIFICATE-V2 /** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber * CertificateSerialNumber */ TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance( Asn1Object.FromByteArray( new Org.BouncyCastle.X509.X509Certificate( X509CertificateStructure.GetInstance( Asn1Object.FromByteArray( cert.GetRawCertData()))).GetTbsCertificate())); GeneralNames gns = new GeneralNames(new GeneralName(tbs.Issuer)); IssuerSerial isuerSerial = new IssuerSerial(gns, tbs.SerialNumber); /** ESSCertIDv2 ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier * DEFAULT {algorithm id-sha256}, certHash Hash, issuerSerial * IssuerSerial OPTIONAL } * Hash ::= OCTET STRING */ byte[] certHash = Digester.Digest(cert.GetRawCertData(), digestAlgorithmName); EssCertIDv2[] essCertIDv2 = { new EssCertIDv2(digestAlgorithmOID, certHash, isuerSerial) }; /** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId, * policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo * OPTIONAL } * CertPolicyId ::= OBJECT IDENTIFIER * PolicyQualifierInfo ::= SEQUENCE { policyQualifierId * PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */ SigningCertificateV2 scv2; if (policy.GetPolicyIdentifier() != null) { /** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF * ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL * } */ scv2 = new SigningCertificateV2(essCertIDv2, GetPolicyInformation(policy)); // con politica } else { scv2 = new SigningCertificateV2(essCertIDv2); // Sin politica } // Secuencia con singningCertificate contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2))); // FIN SINGING CERTIFICATE-V2 } else { // INICIO SINGNING CERTIFICATE /** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber * CertificateSerialNumber } */ TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance( Asn1Object.FromByteArray( new Org.BouncyCastle.X509.X509Certificate( X509CertificateStructure.GetInstance( Asn1Object.FromByteArray( cert.GetRawCertData()))).GetTbsCertificate())); GeneralName gn = new GeneralName(tbs.Issuer); GeneralNames gns = new GeneralNames(gn); IssuerSerial isuerSerial = new IssuerSerial(gns, tbs.SerialNumber); /** ESSCertID ::= SEQUENCE { certHash Hash, issuerSerial IssuerSerial * OPTIONAL } * Hash ::= OCTET STRING -- SHA1 hash of entire certificate */ byte[] certHash = Digester.Digest(cert.GetRawCertData(), digestAlgorithmName); EssCertID essCertID = new EssCertID(certHash, isuerSerial); /** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId, * policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo * OPTIONAL } * CertPolicyId ::= OBJECT IDENTIFIER * PolicyQualifierInfo ::= SEQUENCE { policyQualifierId * PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */ SigningCertificate scv; if (policy.GetPolicyIdentifier() != null) { /** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF * ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL * } */ /* * HAY QUE HACER UN SEQUENCE, YA QUE EL CONSTRUCTOR DE BOUNCY * CASTLE NO TIENE DICHO CONSTRUCTOR. */ Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(new DerSequence(essCertID)); v.Add(new DerSequence(GetPolicyInformation(policy))); scv = SigningCertificate.GetInstance(new DerSequence(v)); // con politica } else { scv = new SigningCertificate(essCertID); // Sin politica } /** id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) * member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) * id-aa(2) 12 } */ // Secuencia con singningCertificate contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(scv))); } // INICIO SIGPOLICYID ATTRIBUTE if (policy.GetPolicyIdentifier() != null) { /** * SigPolicyId ::= OBJECT IDENTIFIER Politica de firma. */ DerObjectIdentifier doiSigPolicyId = new DerObjectIdentifier(policy.GetPolicyIdentifier().ToLower().Replace("urn:oid:", "")); /** * OtherHashAlgAndValue ::= SEQUENCE { * hashAlgorithm AlgorithmIdentifier, * hashValue OCTET STRING } * */ // Algoritmo para el hash AlgorithmIdentifier hashid; // si tenemos algoritmo de calculo de hash, lo ponemos if (policy.GetPolicyIdentifierHashAlgorithm() != null) { hashid = SigUtils.MakeAlgId( AOAlgorithmID.GetOID( AOSignConstants.GetDigestAlgorithmName( policy.GetPolicyIdentifierHashAlgorithm()))); } // si no tenemos, ponemos el algoritmo de firma. else { hashid = digestAlgorithmOID; } // hash del documento, descifrado en b64 byte[] hashed; if (policy.GetPolicyIdentifierHash() != null) { hashed = System.Convert.FromBase64String(policy.GetPolicyIdentifierHash()); } else { hashed = new byte[] { 0 }; } DigestInfo otherHashAlgAndValue = new DigestInfo(hashid, hashed); /** * SigPolicyQualifierInfo ::= SEQUENCE { * SigPolicyQualifierId SigPolicyQualifierId, * SigQualifier ANY DEFINED BY policyQualifierId } */ AOSigPolicyQualifierInfo spqInfo = null; if (policy.GetPolicyQualifier() != null) { spqInfo = new AOSigPolicyQualifierInfo(policy.GetPolicyQualifier().ToString()); } /** * SignaturePolicyId ::= SEQUENCE { * sigPolicyId SigPolicyId, * sigPolicyHash SigPolicyHash, * sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF * AOSigPolicyQualifierInfo OPTIONAL} * */ Asn1EncodableVector v = new Asn1EncodableVector(); // sigPolicyId v.Add(doiSigPolicyId); // sigPolicyHash v.Add(otherHashAlgAndValue.ToAsn1Object()); // como sequence // sigPolicyQualifiers if (spqInfo != null) { v.Add(spqInfo.toASN1Primitive()); } DerSequence ds = new DerSequence(v); // Secuencia con singningCertificate contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAAEtsSigPolicyID, new DerSet(ds.ToAsn1Object()))); // FIN SIGPOLICYID ATTRIBUTE } /** * Secuencia con el tipo de contenido firmado. No se agrega en firmas PAdES. * * ContentHints ::= SEQUENCE { * contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL, * contentType ContentType } */ if (contentType != null && !padesMode) { ContentHints contentHints; if (contentDescription != null) { contentHints = new ContentHints(new DerObjectIdentifier(contentType), new DerUtf8String(contentDescription)); } else { contentHints = new ContentHints(new DerObjectIdentifier(contentType)); } contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute( Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAAContentHint, new DerSet(contentHints.ToAsn1Object()))); } return(contexExpecific); }
public Task <bool> ValidateUIDSignature(string UID, string timestamp, string signature) { int iTimeStamp = (int)(System.DateTime.Parse(timestamp).Subtract(new System.DateTime(1970, 1, 1))).TotalSeconds; return(Task.FromResult <bool>(SigUtils.ValidateUserSignature(UID, iTimeStamp.ToString(), secretKey, signature))); }
public static byte[] PostSign(String digestAlgorithmName, byte[] content, X509Certificate2[] signerCertificateChain, byte[] signature, byte[] signedAttributes) { if (signerCertificateChain == null || signerCertificateChain.Length == 0) { throw new ArgumentException("La cadena de certificados debe contener al menos una entrada"); } TbsCertificateStructure tbsCertificateStructure; //TODO Revisar esta parte del código /** * * Revisar esta parte del código * */ tbsCertificateStructure = TbsCertificateStructure.GetInstance( Asn1Object.FromByteArray( new Org.BouncyCastle.X509.X509Certificate( X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(signerCertificateChain[0].GetRawCertData()))).GetTbsCertificate() ) ); SignerIdentifier signerIdentifier = new SignerIdentifier( new IssuerAndSerialNumber(X509Name.GetInstance(tbsCertificateStructure.Issuer), tbsCertificateStructure.SerialNumber) ); // Algoritmo de huella digital AlgorithmIdentifier digestAlgorithmOID; digestAlgorithmOID = SigUtils.MakeAlgId(AOAlgorithmID.GetOID(digestAlgorithmName)); // EncryptionAlgorithm AlgorithmIdentifier keyAlgorithmIdentifier; keyAlgorithmIdentifier = SigUtils.MakeAlgId(AOAlgorithmID.GetOID("RSA")); // Firma PKCS#1 codificada Asn1OctetString encodedPKCS1Signature = new DerOctetString(signature); // Atributos firmados Asn1Set asn1SignedAttributes; asn1SignedAttributes = (Asn1Set)Asn1Object.FromByteArray(signedAttributes); // SignerInfo Asn1EncodableVector signerInfo = new Asn1EncodableVector(); signerInfo.Add(new SignerInfo(signerIdentifier, digestAlgorithmOID, asn1SignedAttributes, keyAlgorithmIdentifier, encodedPKCS1Signature, null)); // ContentInfo ContentInfo contentInfo; if (content != null) { MemoryStream baos = new MemoryStream(); CmsProcessable msg = new CmsProcessableByteArray(content); msg.Write(baos); contentInfo = new ContentInfo(new DerObjectIdentifier(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Data.Id), new BerOctetString(baos.ToArray())); } else { contentInfo = new ContentInfo(new DerObjectIdentifier(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Data.Id), null); } // Certificados List <Asn1Encodable> ce = new List <Asn1Encodable>(); foreach (X509Certificate2 cert in signerCertificateChain) { /** * * Revisar el uso que hacemos de X509CertificateStructure * ya que puede ser un posible punto de errores * */ ce.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetRawCertData()))); } Asn1Set certificates = SigUtils.CreateBerSetFromList(ce); // Algoritmos de huella digital Asn1EncodableVector digestAlgorithms = new Asn1EncodableVector(); digestAlgorithms.Add(digestAlgorithmOID); return(new ContentInfo( Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.SignedData, new SignedData( new DerSet(digestAlgorithms), contentInfo, certificates, null, new DerSet(signerInfo) ) ).GetEncoded("DER")); }