public byte[] Sign(byte[] cmsData) { IList certs = new List<X509Certificate>(); byte[] signBytes = File.ReadAllBytes(GetFile()); X509Certificate2 signCert = new X509Certificate2(signBytes, Key, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable); certs.Add(DotNetUtilities.FromX509Certificate(signCert)); IX509Store x509Certs = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs)); CmsSignedDataGenerator gen = new CmsSignedDataGenerator(); AsymmetricCipherKeyPair pair = DotNetUtilities.GetKeyPair(signCert.PrivateKey); X509Certificate bX509Certificate = DotNetUtilities.FromX509Certificate(signCert); gen.AddSigner(pair.Private, bX509Certificate, CmsSignedGenerator.DigestSha1); gen.AddSigner(pair.Private, bX509Certificate, CmsSignedGenerator.DigestSha256); CmsSignedData unsignedData = new CmsSignedData(cmsData); gen.AddCertificates(x509Certs); CmsProcessable msg = new CmsProcessableByteArray(unsignedData.GetEncoded()); CmsSignedData cmsSignedData = gen.Generate(CmsSignedGenerator.Data, msg, true); byte[] p7MData = cmsSignedData.GetEncoded(); return p7MData; }
public void TestSha1AndMD5WithRsaEncapsulatedRepeated() { IList certList = new ArrayList(); CmsProcessable msg = new CmsProcessableByteArray(Encoding.ASCII.GetBytes("Hello World!")); certList.Add(OrigCert); certList.Add(SignCert); IX509Store x509Certs = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(certList)); CmsSignedDataGenerator gen = new CmsSignedDataGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataGenerator.DigestSha1); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataGenerator.DigestMD5); gen.AddCertificates(x509Certs); CmsSignedData s = gen.Generate(msg, true); s = new CmsSignedData(ContentInfo.GetInstance(Asn1Object.FromByteArray(s.GetEncoded()))); x509Certs = s.GetCertificates("Collection"); SignerInformationStore signers = s.GetSignerInfos(); Assert.AreEqual(2, signers.Count); SignerID sid = null; ICollection c = signers.GetSigners(); foreach (SignerInformation signer in c) { ICollection certCollection = x509Certs.GetMatches(signer.SignerID); IEnumerator certEnum = certCollection.GetEnumerator(); certEnum.MoveNext(); X509Certificate cert = (X509Certificate) certEnum.Current; sid = signer.SignerID; Assert.IsTrue(signer.Verify(cert)); // // check content digest // byte[] contentDigest = (byte[])gen.GetGeneratedDigests()[signer.DigestAlgOid]; AttributeTable table = signer.SignedAttributes; Asn1.Cms.Attribute hash = table[CmsAttributes.MessageDigest]; Assert.IsTrue(Arrays.AreEqual(contentDigest, ((Asn1OctetString)hash.AttrValues[0]).GetOctets())); } c = signers.GetSigners(sid); Assert.AreEqual(2, c.Count); // // try using existing signer // gen = new CmsSignedDataGenerator(); gen.AddSigners(s.GetSignerInfos()); gen.AddCertificates(s.GetCertificates("Collection")); gen.AddCrls(s.GetCrls("Collection")); s = gen.Generate(msg, true); s = new CmsSignedData(ContentInfo.GetInstance(Asn1Object.FromByteArray(s.GetEncoded()))); x509Certs = s.GetCertificates("Collection"); signers = s.GetSignerInfos(); c = signers.GetSigners(); Assert.AreEqual(2, c.Count); foreach (SignerInformation signer in c) { ICollection certCollection = x509Certs.GetMatches(signer.SignerID); IEnumerator certEnum = certCollection.GetEnumerator(); certEnum.MoveNext(); X509Certificate cert = (X509Certificate) certEnum.Current; Assert.AreEqual(true, signer.Verify(cert)); } CheckSignerStoreReplacement(s, signers); }
private void SubjectKeyIDTest( IAsymmetricCipherKeyPair signaturePair, X509Certificate signatureCert, string digestAlgorithm) { IList certList = new ArrayList(); IList crlList = new ArrayList(); CmsProcessable msg = new CmsProcessableByteArray(Encoding.ASCII.GetBytes("Hello World!")); certList.Add(signatureCert); certList.Add(OrigCert); crlList.Add(SignCrl); IX509Store x509Certs = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(certList)); IX509Store x509Crls = X509StoreFactory.Create( "CRL/Collection", new X509CollectionStoreParameters(crlList)); CmsSignedDataGenerator gen = new CmsSignedDataGenerator(); gen.AddSigner(signaturePair.Private, CmsTestUtil.CreateSubjectKeyId(signatureCert.GetPublicKey()).GetKeyIdentifier(), digestAlgorithm); gen.AddCertificates(x509Certs); gen.AddCrls(x509Crls); CmsSignedData s = gen.Generate(msg, true); Assert.AreEqual(3, s.Version); MemoryStream bIn = new MemoryStream(s.GetEncoded(), false); Asn1InputStream aIn = new Asn1InputStream(bIn); s = new CmsSignedData(ContentInfo.GetInstance(aIn.ReadObject())); x509Certs = s.GetCertificates("Collection"); x509Crls = s.GetCrls("Collection"); SignerInformationStore signers = s.GetSignerInfos(); foreach (SignerInformation signer in signers.GetSigners()) { ICollection certCollection = x509Certs.GetMatches(signer.SignerID); IEnumerator certEnum = certCollection.GetEnumerator(); certEnum.MoveNext(); X509Certificate cert = (X509Certificate) certEnum.Current; Assert.IsTrue(signer.Verify(cert)); } // // check for CRLs // ArrayList crls = new ArrayList(x509Crls.GetMatches(null)); Assert.AreEqual(1, crls.Count); Assert.IsTrue(crls.Contains(SignCrl)); // // try using existing signer // gen = new CmsSignedDataGenerator(); gen.AddSigners(s.GetSignerInfos()); gen.AddCertificates(s.GetCertificates("Collection")); gen.AddCrls(s.GetCrls("Collection")); s = gen.Generate(msg, true); bIn = new MemoryStream(s.GetEncoded(), false); aIn = new Asn1InputStream(bIn); s = new CmsSignedData(ContentInfo.GetInstance(aIn.ReadObject())); x509Certs = s.GetCertificates("Collection"); x509Crls = s.GetCrls("Collection"); signers = s.GetSignerInfos(); foreach (SignerInformation signer in signers.GetSigners()) { ICollection certCollection = x509Certs.GetMatches(signer.SignerID); IEnumerator certEnum = certCollection.GetEnumerator(); certEnum.MoveNext(); X509Certificate cert = (X509Certificate) certEnum.Current; Assert.IsTrue(signer.Verify(cert)); } CheckSignerStoreReplacement(s, signers); }
// Sign the message with the private key of the signer. public byte[] SignMsg(Byte[] msg, X509Certificate2 signerCert, bool detached) { // Place message in a ContentInfo object. // This is required to build a SignedCms object. ContentInfo contentInfo = new ContentInfo(msg); // Instantiate SignedCms object with the ContentInfo above. // Has default SubjectIdentifierType IssuerAndSerialNumber. SignedCms signedCms = new SignedCms(contentInfo, detached); // Formulate a CmsSigner object for the signer. CmsSigner cmsSigner = new CmsSigner(signerCert); // Include the following line if the top certificate in the // smartcard is not in the trusted list. cmsSigner.IncludeOption = X509IncludeOption.EndCertOnly; // Sign the CMS/PKCS #7 message. The second argument is // needed to ask for the pin. signedCms.ComputeSignature(cmsSigner, false); // TODO: Here the user can fail the password or cancel...what to do? // Encode the CMS/PKCS #7 message. byte[] bb = signedCms.Encode(); //return bb here if no timestamp is to be applied if (!Config.Stamp) return bb; CmsSignedData sd = new CmsSignedData(bb); SignerInformationStore signers = sd.GetSignerInfos(); byte[] signature = null; SignerInformation signer = null; foreach (SignerInformation signer_ in signers.GetSigners()) { signer = signer_; break; } signature = signer.GetSignature(); Org.BouncyCastle.Asn1.Cms.AttributeTable at = new Org.BouncyCastle.Asn1.Cms.AttributeTable(GetTimestamp(signature)); signer = SignerInformation.ReplaceUnsignedAttributes(signer, at); IList signerInfos = new ArrayList(); signerInfos.Add(signer); sd = CmsSignedData.ReplaceSigners(sd, new SignerInformationStore(signerInfos)); bb = sd.GetEncoded(); return bb; }
private void EncapsulatedTest( AsymmetricCipherKeyPair signaturePair, X509Certificate signatureCert, string digestAlgorithm) { CmsProcessable msg = new CmsProcessableByteArray(Encoding.ASCII.GetBytes("Hello World!")); IX509Store x509Certs = CmsTestUtil.MakeCertStore(signatureCert, OrigCert); IX509Store x509Crls = CmsTestUtil.MakeCrlStore(SignCrl); CmsSignedDataGenerator gen = new CmsSignedDataGenerator(); gen.AddSigner(signaturePair.Private, signatureCert, digestAlgorithm); gen.AddCertificates(x509Certs); gen.AddCrls(x509Crls); CmsSignedData s = gen.Generate(msg, true); s = new CmsSignedData(ContentInfo.GetInstance(Asn1Object.FromByteArray(s.GetEncoded()))); x509Certs = s.GetCertificates("Collection"); x509Crls = s.GetCrls("Collection"); SignerInformationStore signers = s.GetSignerInfos(); ICollection c = signers.GetSigners(); foreach (SignerInformation signer in c) { ICollection certCollection = x509Certs.GetMatches(signer.SignerID); IEnumerator certEnum = certCollection.GetEnumerator(); certEnum.MoveNext(); X509Certificate cert = (X509Certificate) certEnum.Current; Assert.AreEqual(digestAlgorithm, signer.DigestAlgOid); Assert.IsTrue(signer.Verify(cert)); } // // check for CRLs // ArrayList crls = new ArrayList(x509Crls.GetMatches(null)); Assert.AreEqual(1, crls.Count); Assert.IsTrue(crls.Contains(SignCrl)); // // try using existing signer // gen = new CmsSignedDataGenerator(); gen.AddSigners(s.GetSignerInfos()); gen.AddCertificates(s.GetCertificates("Collection")); gen.AddCrls(s.GetCrls("Collection")); s = gen.Generate(msg, true); s = new CmsSignedData(ContentInfo.GetInstance(Asn1Object.FromByteArray(s.GetEncoded()))); x509Certs = s.GetCertificates("Collection"); x509Crls = s.GetCrls("Collection"); signers = s.GetSignerInfos(); c = signers.GetSigners(); foreach (SignerInformation signer in c) { ICollection certCollection = x509Certs.GetMatches(signer.SignerID); IEnumerator certEnum = certCollection.GetEnumerator(); certEnum.MoveNext(); X509Certificate cert = (X509Certificate) certEnum.Current; Assert.IsTrue(signer.Verify(cert)); } CheckSignerStoreReplacement(s, signers); }