private void IncorporateCertificateRefs(CompleteCertificateRefs completeCertificateRefs , ValidationContext ctx) { if (ctx.GetNeededCertificates().Count > 1) { foreach (CertificateAndContext certificate in ctx.GetNeededCertificates()) { X509Certificate x509Cert = certificate.GetCertificate(); //jbonilla Don't include signing certificate if (!x509Cert.Equals(ctx.GetCertificate())) { Cert chainCert = new Cert(); chainCert.IssuerSerial.X509IssuerName = x509Cert.IssuerDN.ToString(); chainCert.IssuerSerial.X509SerialNumber = x509Cert.SerialNumber.ToString(); //TODO jbonilla DigestMethod parameter? chainCert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url; chainCert.CertDigest.DigestValue = DotNetUtilities.ToX509Certificate2(x509Cert).GetCertHash(); //unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.Id = "CompleteCertificateRefsId-" + this.uid; completeCertificateRefs.CertRefs.CertCollection.Add(chainCert); } } } else { throw new ArgumentException("Needed certificates empty", "chain"); } }
/// <summary> /// Inserta en la lista de certificados el certificado y comprueba la valided del certificado. /// </summary> /// <param name="cert"></param> /// <param name="unsignedProperties"></param> /// <param name="addCertValue"></param> /// <param name="extraCerts"></param> private void AddCertificate(X509Certificate2 cert, UnsignedProperties unsignedProperties, bool addCert, X509Certificate2[] extraCerts = null) { if (addCert) { if (CertificateChecked(cert, unsignedProperties)) { return; } string guidCert = Guid.NewGuid().ToString(); Cert chainCert = new Cert(); chainCert.IssuerSerial.X509IssuerName = cert.IssuerName.Name; chainCert.IssuerSerial.X509SerialNumber = CertUtil.HexToDecimal(cert.SerialNumber); DigestUtil.SetCertDigest(cert.GetRawCertData(), _firma.RefsDigestMethod, chainCert.CertDigest); chainCert.URI = "#Cert" + guidCert; unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.CertCollection.Add(chainCert); EncapsulatedX509Certificate encapsulatedX509Certificate = new EncapsulatedX509Certificate(); encapsulatedX509Certificate.Id = "Cert" + guidCert; encapsulatedX509Certificate.PkiData = cert.GetRawCertData(); unsignedProperties.UnsignedSignatureProperties.CertificateValues.EncapsulatedX509CertificateCollection.Add(encapsulatedX509Certificate); } var chain = CertUtil.GetCertChain(cert, extraCerts).ChainElements; if (chain.Count > 1) { X509ChainElementEnumerator enumerator = chain.GetEnumerator(); enumerator.MoveNext(); // el mismo certificado que el pasado por parametro enumerator.MoveNext(); bool valid = ValidateCertificateByCRL(unsignedProperties, cert, enumerator.Current.Certificate); if (!valid) { var ocspCerts = ValidateCertificateByOCSP(unsignedProperties, cert, enumerator.Current.Certificate); if (ocspCerts != null) { X509Certificate2 startOcspCert = DetermineStartCert(new List<X509Certificate2>(ocspCerts)); if (startOcspCert.IssuerName.Name != enumerator.Current.Certificate.SubjectName.Name) { var chainOcsp = CertUtil.GetCertChain(startOcspCert, ocspCerts); AddCertificate(chainOcsp.ChainElements[1].Certificate, unsignedProperties, true, ocspCerts); } } } AddCertificate(enumerator.Current.Certificate, unsignedProperties, true, extraCerts); } }
private void AddSignatureProperties(SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties, UnsignedSignatureProperties unsignedSignatureProperties, string mimeType, X509Certificate2 certificado) { Cert cert; cert = new Cert(); cert.IssuerSerial.X509IssuerName = certificado.IssuerName.Name; cert.IssuerSerial.X509SerialNumber = CertUtil.HexToDecimal(certificado.SerialNumber); DigestUtil.SetCertDigest(_signCertificate.GetRawCertData(), _refsMethodUri, cert.CertDigest); signedSignatureProperties.SigningCertificate.CertCollection.Add(cert); if (!string.IsNullOrEmpty(_policyId)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = false; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyId.Identifier.IdentifierUri = _policyId; } if (!string.IsNullOrEmpty(_policyUri)) { SigPolicyQualifier spq = new SigPolicyQualifier(); spq.AnyXmlElement = _document.CreateElement("SPURI", XadesSignedXml.XadesNamespaceUri); spq.AnyXmlElement.InnerText = _policyUri; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyQualifiers.SigPolicyQualifierCollection.Add(spq); } if (!string.IsNullOrEmpty(_policyHash)) { signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyId.SigPolicyHash.DigestValue = Convert.FromBase64String(PolicyHash); } signedSignatureProperties.SigningTime = DateTime.Now; if (!string.IsNullOrEmpty(mimeType)) { DataObjectFormat newDataObjectFormat = new DataObjectFormat(); newDataObjectFormat.MimeType = mimeType; newDataObjectFormat.ObjectReferenceAttribute = "#" + _objectReference; signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat); } }
private void AddSignedSignatureProperties(SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties, UnsignedSignatureProperties unsignedSignatureProperties) { XmlDocument xmlDocument; Cert cert; xmlDocument = new XmlDocument(); cert = new Cert(); cert.IssuerSerial.X509IssuerName = this.Certificate.IssuerName.Name; cert.IssuerSerial.X509SerialNumber = this.Certificate.SerialNumber; cert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url; cert.CertDigest.DigestValue = this.Certificate.GetCertHash(); signedSignatureProperties.SigningCertificate.CertCollection.Add(cert); signedSignatureProperties.SigningTime = DateTime.Parse(this.signingTimeTextBox.Text); signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = true; if (this.includeSignatureProductionPlaceCheckBox.Checked) { signedSignatureProperties.SignatureProductionPlace.City = this.signatureCityTextBox.Text; signedSignatureProperties.SignatureProductionPlace.StateOrProvince = this.signatureStateOrProvinceTextBox.Text; signedSignatureProperties.SignatureProductionPlace.PostalCode = this.signaturePostalCodeTextBox.Text; signedSignatureProperties.SignatureProductionPlace.CountryName = this.signatureCountryNameTextBox.Text; } if (this.includeSignerRoleCheckBox.Checked) { ClaimedRole newClaimedRole = new ClaimedRole(); xmlDocument.LoadXml(this.claimedRoleTextBox.Text); newClaimedRole.AnyXmlElement = (XmlElement)xmlDocument.FirstChild; signedSignatureProperties.SignerRole.ClaimedRoles.ClaimedRoleCollection.Add(newClaimedRole); } if (this.includeCommitmentTypeIndicationCheckBox.Checked) { CommitmentTypeIndication newCommitmentTypeIndication = new CommitmentTypeIndication(); newCommitmentTypeIndication.CommitmentTypeId.Identifier.IdentifierUri = this.commitmentTypeIdentifierURITextBox.Text; switch (this.commitmentTypeIndicatorQualifierComboBox.Text) { case "": newCommitmentTypeIndication.CommitmentTypeId.Identifier.Qualifier = KnownQualifier.Uninitalized; break; case "OIDAsURI": newCommitmentTypeIndication.CommitmentTypeId.Identifier.Qualifier = KnownQualifier.OIDAsURI; break; case "OIDAsURN": newCommitmentTypeIndication.CommitmentTypeId.Identifier.Qualifier = KnownQualifier.OIDAsURN; break; } newCommitmentTypeIndication.CommitmentTypeId.Description = this.commitmentTypeIndicationIdTextBox.Text; newCommitmentTypeIndication.AllSignedDataObjects = true; signedDataObjectProperties.CommitmentTypeIndicationCollection.Add(newCommitmentTypeIndication); } if (this.includeDataObjectFormatCheckBox.Checked) { DataObjectFormat newDataObjectFormat = new DataObjectFormat(); newDataObjectFormat.Description = this.dataObjectDescriptionTextBox.Text; newDataObjectFormat.MimeType = this.dataObjectFormatMimetypeTextBox.Text; newDataObjectFormat.ObjectReferenceAttribute = this.dataObjectReferenceTextBox.Text; signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat); } }
private void addCounterSignatureButton_Click(object sender, System.EventArgs e) { X509Certificate2 certificateForCounterSignature = this.LetUserChooseCertificate(); if (certificateForCounterSignature != null) { this.xadesSignedXml.SignatureValueId = this.signatureValueIdTextBox.Text; XmlElement parentSignatureXmlElement = this.xadesSignedXml.GetXml(); XmlDocument parentSignatureXmlDocument = new XmlDocument(); parentSignatureXmlDocument.AppendChild(parentSignatureXmlDocument.ImportNode(parentSignatureXmlElement, true)); XadesSignedXml counterSignature = new XadesSignedXml(parentSignatureXmlDocument); RSACryptoServiceProvider rsaKey = (RSACryptoServiceProvider) this.Certificate.PrivateKey; counterSignature.SigningKey = rsaKey; KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data((X509Certificate) certificateForCounterSignature)); keyInfo.AddClause(new RSAKeyValue(rsaKey)); counterSignature.KeyInfo = keyInfo; Cert cert = new Cert(); cert.IssuerSerial.X509IssuerName = certificateForCounterSignature.IssuerName.Name; cert.IssuerSerial.X509SerialNumber = certificateForCounterSignature.SerialNumber; cert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url; cert.CertDigest.DigestValue = certificateForCounterSignature.GetCertHash(); counterSignature.Signature.Id = "CounterSignatureId"; XadesObject counterSignatureXadesObject = new XadesObject(); counterSignatureXadesObject.Id = "CounterSignatureXadesObjectId"; counterSignatureXadesObject.QualifyingProperties.Target = "#CounterSignatureId"; counterSignatureXadesObject.QualifyingProperties.SignedProperties.Id = "CounterSignatureSignedProperiesId"; Reference newReference = new Reference(); newReference.Uri = "#" + this.xadesSignedXml.SignatureValueId; counterSignature.AddReference(newReference); SignedSignatureProperties signedSignatureProperties = counterSignatureXadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties; signedSignatureProperties.SigningCertificate.CertCollection.Add(cert); signedSignatureProperties.SigningTime = DateTime.Parse(this.signingTimeTextBox.Text); signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = true; counterSignature.AddXadesObject(counterSignatureXadesObject); counterSignature.ComputeSignature(); UnsignedProperties unsignedProperties = this.xadesSignedXml.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CounterSignatureCollection.Add(counterSignature); this.xadesSignedXml.UnsignedProperties = unsignedProperties; this.ShowSignature(); } }
private void injectXadesCInformationButton_Click(object sender, System.EventArgs e) { UnsignedProperties unsignedProperties = null; Cert chainCert = null; SHA1 sha1Managed; byte[] crlDigest; CRLRef incCRLRef; if (this.includeCertificateChainCheckBox.Checked) { if (this.Chain != null) { unsignedProperties = this.xadesSignedXml.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs = new CompleteCertificateRefs(); foreach (X509ChainElement element in this.Chain.ChainElements) { chainCert = new Cert(); chainCert.IssuerSerial.X509IssuerName = element.Certificate.IssuerName.Name; chainCert.IssuerSerial.X509SerialNumber = element.Certificate.SerialNumber; chainCert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url; chainCert.CertDigest.DigestValue = this.Certificate.GetCertHash(); unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.Id = this.completeCertificateRefsTextBox.Text; unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.CertCollection.Add(chainCert); } this.xadesSignedXml.UnsignedProperties = unsignedProperties; } else { MessageBox.Show("The certificate chain was not accepted, can't add certificate chain information to CompleteCertificateRefs element"); } } if (this.includeCrlCheckBox.Checked) { //In this sample we will load the CRL from file on a CRL archive. Stream crlStream = File.OpenRead(this.crlFileTextBox.Text); sha1Managed = new SHA1Managed(); crlDigest = sha1Managed.ComputeHash(crlStream); crlStream.Close(); incCRLRef = new CRLRef(); incCRLRef.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url; incCRLRef.CertDigest.DigestValue = crlDigest; incCRLRef.CRLIdentifier.UriAttribute = this.crlFileTextBox.Text; Asn1Parser asn1Parser; asn1Parser = new Asn1Parser(); asn1Parser.ParseAsn1(this.GetFileBytes(this.crlFileTextBox.Text)); XmlNode searchXmlNode; searchXmlNode = asn1Parser.ParseTree.SelectSingleNode("//Universal_Constructed_Sequence/Universal_Constructed_Sequence/Universal_Constructed_Sequence/Universal_Constructed_Set/Universal_Constructed_Sequence/Universal_Primitive_PrintableString"); if (searchXmlNode != null) { incCRLRef.CRLIdentifier.Issuer = searchXmlNode.Attributes["Value"].Value; } else { throw new Exception("Parse error TSA response: can't find Issuer in CRL"); } searchXmlNode = asn1Parser.ParseTree.SelectSingleNode("//Universal_Constructed_Sequence/Universal_Constructed_Sequence/Universal_Primitive_UtcTime"); if (searchXmlNode != null) { incCRLRef.CRLIdentifier.IssueTime = DateTime.Parse(searchXmlNode.Attributes["Value"].Value); } else { throw new Exception("Parse error TSA response: can't find IssueTime in CRL"); } unsignedProperties = this.xadesSignedXml.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs = new CompleteRevocationRefs(); unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.Id = this.completeRevocationRefsIdTextBox.Text; unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.CRLRefs.CRLRefCollection.Add(incCRLRef); this.xadesSignedXml.UnsignedProperties = unsignedProperties; } if (this.includeCrlCheckBox.Checked || this.includeCertificateChainCheckBox.Checked) { this.ShowSignature(); } }
/// <summary> /// Load state from an XML element /// </summary> /// <param name="xmlElement">XML element containing new state</param> public void LoadXml(System.Xml.XmlElement xmlElement) { XmlNamespaceManager xmlNamespaceManager; XmlNodeList xmlNodeList; IEnumerator enumerator; XmlElement iterationXmlElement; Cert newCert; if (xmlElement == null) { throw new ArgumentNullException("xmlElement"); } xmlNamespaceManager = new XmlNamespaceManager(xmlElement.OwnerDocument.NameTable); xmlNamespaceManager.AddNamespace("xsd", XadesSignedXml.XadesNamespaceUri); this.certCollection.Clear(); xmlNodeList = xmlElement.SelectNodes("xsd:Cert", xmlNamespaceManager); enumerator = xmlNodeList.GetEnumerator(); try { while (enumerator.MoveNext()) { iterationXmlElement = enumerator.Current as XmlElement; if (iterationXmlElement != null) { newCert = new Cert(); newCert.LoadXml(iterationXmlElement); this.certCollection.Add(newCert); } } } finally { IDisposable disposable = enumerator as IDisposable; if (disposable != null) { disposable.Dispose(); } } }
/// <summary> /// Add typed object to the collection /// </summary> /// <param name="objectToAdd">Typed object to be added to collection</param> /// <returns>The object that has been added to collection</returns> public Cert Add(Cert objectToAdd) { base.Add(objectToAdd); return objectToAdd; }
/// <summary> /// Add typed object to the collection /// </summary> /// <param name="objectToAdd">Typed object to be added to collection</param> /// <returns>The object that has been added to collection</returns> public Cert Add(Cert objectToAdd) { base.Add(objectToAdd); return(objectToAdd); }
private void AddSignedSignatureProperties(SignedSignatureProperties signedSignatureProperties, SignedDataObjectProperties signedDataObjectProperties, UnsignedSignatureProperties unsignedSignatureProperties, SignatureParameters parameters ) { XmlDocument xmlDocument; Cert cert; SystemX509.X509Certificate2 x509Cert; x509Cert = DotNetUtilities.ToX509Certificate2(parameters.SigningCertificate); xmlDocument = new XmlDocument(); cert = new Cert(); cert.IssuerSerial.X509IssuerName = x509Cert.IssuerName.Name; cert.IssuerSerial.X509SerialNumber = x509Cert.SerialNumber; cert.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url; cert.CertDigest.DigestValue = x509Cert.GetCertHash(); signedSignatureProperties.SigningCertificate.CertCollection.Add(cert); signedSignatureProperties.SigningTime = parameters.SigningDate; signedSignatureProperties.SignaturePolicyIdentifier.SignaturePolicyImplied = true; DataObjectFormat newDataObjectFormat = new DataObjectFormat(); //TODO jbonilla - Replace Description with text parameter newDataObjectFormat.Description = "Generado con 'intisign'"; newDataObjectFormat.MimeType = "text/xml"; newDataObjectFormat.ObjectReferenceAttribute = "#xml_ref_id"; signedDataObjectProperties.DataObjectFormatCollection.Add(newDataObjectFormat); }