/**
* Return possible empty collection with signers matching the passed in SignerID
*
* @param selector a signer id to select against.
* @return a collection of SignerInformation objects.
*/
public ICollection GetSigners(
SignerID selector)
{
ArrayList list = (ArrayList) table[selector];
return list == null ? new ArrayList() : new ArrayList(list);
}
/**
* Return possible empty collection with signers matching the passed in SignerID
*
* @param selector a signer id to select against.
* @return a collection of SignerInformation objects.
*/
public ICollection GetSigners(
SignerID selector)
{
IList list = (IList) table[selector];
return list == null ? Platform.CreateArrayList() : Platform.CreateArrayList(list);
}
/**
* Return the first SignerInformation object that matches the
* passed in selector. Null if there are no matches.
*
* @param selector to identify a signer
* @return a single SignerInformation object. Null if none matches.
*/
public SignerInformation GetFirstSigner(
SignerID selector)
{
IList list = (IList)table[selector];
return(list == null ? null : (SignerInformation)list[0]);
}
/**
* Return the first SignerInformation object that matches the
* passed in selector. Null if there are no matches.
*
* @param selector to identify a signer
* @return a single SignerInformation object. Null if none matches.
*/
public SignerInformation GetFirstSigner(
SignerID selector)
{
IList list = (IList) table[selector];
return list == null ? null : (SignerInformation) list[0];
}
public SignerInformationStore(global::System.Collections.ICollection signerInfos)
{
global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)signerInfos).GetEnumerator();
try
{
while (enumerator.MoveNext())
{
SignerInformation signerInformation = (SignerInformation)enumerator.get_Current();
SignerID signerID = signerInformation.SignerID;
global::System.Collections.IList list = (global::System.Collections.IList)table.get_Item((object)signerID);
if (list == null)
{
table.set_Item((object)signerID, (object)(list = Platform.CreateArrayList(1)));
}
list.Add((object)signerInformation);
}
}
finally
{
global::System.IDisposable disposable = enumerator as global::System.IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
all = Platform.CreateArrayList(signerInfos);
}
/**
* Return possible empty collection with signers matching the passed in SignerID
*
* @param selector a signer id to select against.
* @return a collection of SignerInformation objects.
*/
public ICollection GetSigners(
SignerID selector)
{
IList list = (IList)table[selector];
return(list == null?Platform.CreateArrayList() : Platform.CreateArrayList(list));
}
internal SignerInformation(Org.BouncyCastle.Asn1.Cms.SignerInfo info, DerObjectIdentifier contentType, CmsProcessable content, IDigestCalculator digestCalculator)
{
this.info = info;
this.sid = new SignerID();
this.contentType = contentType;
this.isCounterSignature = (contentType == null);
try
{
SignerIdentifier signerID = info.SignerID;
if (signerID.IsTagged)
{
Asn1OctetString instance = Asn1OctetString.GetInstance(signerID.ID);
this.sid.SubjectKeyIdentifier = instance.GetEncoded();
}
else
{
Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber instance2 = Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber.GetInstance(signerID.ID);
this.sid.Issuer = instance2.Name;
this.sid.SerialNumber = instance2.SerialNumber.Value;
}
}
catch (IOException)
{
throw new ArgumentException("invalid sid in SignerInfo");
}
this.digestAlgorithm = info.DigestAlgorithm;
this.signedAttributeSet = info.AuthenticatedAttributes;
this.unsignedAttributeSet = info.UnauthenticatedAttributes;
this.encryptionAlgorithm = info.DigestEncryptionAlgorithm;
this.signature = info.EncryptedDigest.GetOctets();
this.content = content;
this.digestCalculator = digestCalculator;
}
/**
* Return possible empty collection with signers matching the passed in SignerID
*
* @param selector a signer id to select against.
* @return a collection of SignerInformation objects.
*/
public ICollection GetSigners(
SignerID selector)
{
ArrayList list = (ArrayList)table[selector];
return(list == null ? new ArrayList() : new ArrayList(list));
}
/// <summary>The default constructor for CAdESOCSPSource.</summary>
/// <remarks>The default constructor for CAdESOCSPSource.</remarks>
/// <param name="encodedCMS"></param>
/// <exception cref="Org.Bouncycastle.Cms.CmsException">Org.Bouncycastle.Cms.CmsException
/// </exception>
public CAdESOCSPSource(CmsSignedData cms)
{
IEnumerator signers = cms.GetSignerInfos().GetSigners().GetEnumerator();
signers.MoveNext();
this.cmsSignedData = cms;
this.signerId = ((SignerInformation)signers.Current).SignerID;
}
public SignerInformationStore(SignerInformation signerInfo)
{
this.all = Platform.CreateArrayList(1);
this.all.Add(signerInfo);
SignerID signerID = signerInfo.SignerID;
this.table[signerID] = this.all;
}
public SignerInformationStore(SignerInformation signerInfo)
{
all = Platform.CreateArrayList(1);
all.Add((object)signerInfo);
SignerID signerID = signerInfo.SignerID;
table.set_Item((object)signerID, (object)all);
}
public global::System.Collections.ICollection GetSigners(SignerID selector)
{
global::System.Collections.IList list = (global::System.Collections.IList)table.get_Item((object)selector);
if (list != null)
{
return((global::System.Collections.ICollection)Platform.CreateArrayList((global::System.Collections.ICollection)list));
}
return((global::System.Collections.ICollection)Platform.CreateArrayList());
}
public SignerInformation GetFirstSigner(SignerID selector)
{
global::System.Collections.IList list = (global::System.Collections.IList)table.get_Item((object)selector);
if (list != null)
{
return((SignerInformation)list.get_Item(0));
}
return(null);
}
public override bool Equals(object obj)
{
if (obj == this)
{
return(false);
}
SignerID signerID = obj as SignerID;
return(signerID != null && (Arrays.AreEqual(base.SubjectKeyIdentifier, signerID.SubjectKeyIdentifier) && object.Equals(base.SerialNumber, signerID.SerialNumber)) && X509CertStoreSelector.IssuersMatch(base.Issuer, signerID.Issuer));
}
public SignerInformation GetFirstSigner(SignerID selector)
{
IList list = (IList)this.table[selector];
if (list != null)
{
return((SignerInformation)list[0]);
}
return(null);
}
public ICollection GetSigners(SignerID selector)
{
IList list = (IList)this.table[selector];
if (list != null)
{
return(Platform.CreateArrayList(list));
}
return(Platform.CreateArrayList());
}
private readonly IDictionary table = Platform.CreateHashtable(); // Hashtable[SignerID, ArrayList[SignerInformation]]
/// <summary>
/// Create a store containing a single SignerInformation object.
/// </summary>
/// <param name="signerInfo">The signer information to contain.</param>
public SignerInformationStore(
SignerInformation signerInfo)
{
this.all = new List <SignerInformation>(1);
this.all.Add(signerInfo);
SignerID sid = signerInfo.SignerID;
table[sid] = all;
}
public override bool Equals(
Object o)
{
if (!(o is SignerID))
{
return(false);
}
SignerID id = (SignerID)o;
return(this.baseSelector.Equals(id.baseSelector));
}
/**
* Return possible empty collection with signers matching the passed in SignerID
*
* @param selector a signer id to select against.
* @return a collection of SignerInformation objects.
*/
public ICollection GetSigners(
SignerID selector)
{
ArrayList list = (ArrayList) table[selector];
return list == null ? new ArrayList() :
// MASC 20070307. CF compatibility patch
#if !NETCF
ArrayList.ReadOnly(list);
#else
list;
#endif
}
public SignerInformationStore(ICollection signerInfos)
{
foreach (SignerInformation signerInformation in signerInfos)
{
SignerID signerID = signerInformation.SignerID;
IList list = (IList)this.table[signerID];
if (list == null)
{
list = (this.table[signerID] = Platform.CreateArrayList(1));
}
list.Add(signerInformation);
}
this.all = Platform.CreateArrayList(signerInfos);
}
/**
* Protected constructor. In some cases clients have their own idea about how to encode
* the signed attributes and calculate the signature. This constructor is to allow developers
* to deal with that by extending off the class and overridng methods like getSignedAttributes().
*
* @param baseInfo the SignerInformation to base this one on.
*/
protected SignerInformation(SignerInformation baseInfo)
{
this.info = baseInfo.info;
this.contentType = baseInfo.contentType;
this.isCounterSignature = baseInfo.IsCounterSignature;
this.sid = baseInfo.SignerID;
this.digestAlgorithm = info.DigestAlgorithm;
this.signedAttributeSet = info.AuthenticatedAttributes;
this.unsignedAttributeSet = info.UnauthenticatedAttributes;
this.encryptionAlgorithm = info.DigestEncryptionAlgorithm;
this.signature = info.EncryptedDigest.GetOctets();
this.content = baseInfo.content;
this.resultDigest = baseInfo.resultDigest;
this.signedAttributeTable = baseInfo.signedAttributeTable;
this.unsignedAttributeTable = baseInfo.unsignedAttributeTable;
}
private readonly Hashtable table = new Hashtable(); // Hashtable[SignerID, ArrayList[SignerInformation]]
public SignerInformationStore(
ICollection signerInfos)
{
foreach (SignerInformation signer in signerInfos)
{
SignerID sid = signer.SignerID;
ArrayList list = (ArrayList)table[sid];
if (list == null)
{
table[sid] = list = new ArrayList(1);
}
list.Add(signer);
}
this.all = new ArrayList(signerInfos);
}
/// <summary>
/// Create a store containing a collection of SignerInformation objects.
/// </summary>
/// <param name="signerInfos">A collection of signer information objects to contain.</param>
public SignerInformationStore(
ICollection <SignerInformation> signerInfos)
{
foreach (SignerInformation signer in signerInfos)
{
SignerID sid = signer.SignerID;
IList list = (IList)table[sid];
if (list == null)
{
table[sid] = list = Platform.CreateArrayList(1);
}
list.Add(signer);
}
this.all = new List <SignerInformation>(signerInfos);
}
internal SignerInformation(
SignerInfo info,
DerObjectIdentifier contentType,
CmsProcessable content,
IDigestCalculator digestCalculator)
{
this.info = info;
this.sid = new SignerID();
this.contentType = contentType;
this.isCounterSignature = contentType == null;
try
{
SignerIdentifier s = info.SignerID;
if (s.IsTagged)
{
Asn1OctetString octs = Asn1OctetString.GetInstance(s.ID);
sid.SubjectKeyIdentifier = octs.GetEncoded();
}
else
{
Asn1.Cms.IssuerAndSerialNumber iAnds =
Asn1.Cms.IssuerAndSerialNumber.GetInstance(s.ID);
sid.Issuer = iAnds.Name;
sid.SerialNumber = iAnds.SerialNumber.Value;
}
}
catch (IOException)
{
throw new ArgumentException("invalid sid in SignerInfo");
}
this.digestAlgorithm = info.DigestAlgorithm;
this.signedAttributeSet = info.AuthenticatedAttributes;
this.unsignedAttributeSet = info.UnauthenticatedAttributes;
this.encryptionAlgorithm = info.DigestEncryptionAlgorithm;
this.signature = info.EncryptedDigest.GetOctets();
this.content = content;
this.digestCalculator = digestCalculator;
}
public override bool Equals(
object obj)
{
if (obj == this)
{
return(false);
}
SignerID id = obj as SignerID;
if (id == null)
{
return(false);
}
return(Arrays.AreEqual(SubjectKeyIdentifier, id.SubjectKeyIdentifier) &&
Platform.Equals(SerialNumber, id.SerialNumber) &&
IssuersMatch(Issuer, id.Issuer));
}
public override bool Equals(
object obj)
{
if (obj == this)
{
return(false);
}
SignerID id = obj as SignerID;
if (id == null)
{
return(false);
}
return(object.Equals(SerialNumber, id.SerialNumber) &&
object.Equals(IssuerAsString, id.IssuerAsString) &&
Arrays.AreSame(SubjectKeyIdentifier, id.SubjectKeyIdentifier));
}
internal SignerInformation(
Asn1.Cms.SignerInfo info,
DerObjectIdentifier contentType,
ICmsTypedData content,
byte[] digest)
{
this.info = info;
this.contentType = contentType;
this.isCounterSignature = contentType == null;
try
{
SignerIdentifier s = info.SignerID;
if (s.IsTagged)
{
Asn1OctetString octs = Asn1OctetString.GetInstance(s.ID);
this.sid = new SignerID(octs.GetEncoded());
}
else
{
Asn1.Cms.IssuerAndSerialNumber iAnds =
Asn1.Cms.IssuerAndSerialNumber.GetInstance(s.ID);
this.sid = new SignerID(iAnds.Name, iAnds.SerialNumber.Value);
}
}
catch (IOException)
{
throw new ArgumentException("invalid sid in SignerInfo");
}
this.digestAlgorithm = info.DigestAlgorithm;
this.signedAttributeSet = info.AuthenticatedAttributes;
this.unsignedAttributeSet = info.UnauthenticatedAttributes;
this.encryptionAlgorithm = info.DigestEncryptionAlgorithm;
this.signature = info.EncryptedDigest.GetOctets();
this.content = content;
this.resultDigest = digest;
}
/// <summary>
/// Inserta y valida los certificados del servidor de sellado de tiempo.
/// </summary>
/// <param name="unsignedProperties"></param>
private void AddTSACertificates(UnsignedProperties unsignedProperties, IEnumerable <OcspServer> ocspServers, IEnumerable <X509Crl> crlList, FirmaXadesNet.Crypto.DigestMethod digestMethod, bool addCertificateOcspUrl)
{
TimeStampToken token = new TimeStampToken(new CmsSignedData(unsignedProperties.UnsignedSignatureProperties.SignatureTimeStampCollection[0].EncapsulatedTimeStamp.PkiData));
IX509Store store = token.GetCertificates("Collection");
Org.BouncyCastle.Cms.SignerID signerId = token.SignerID;
List <X509Certificate2> tsaCerts = new List <X509Certificate2>();
foreach (var tsaCert in store.GetMatches(null))
{
X509Certificate2 cert = new X509Certificate2(((Org.BouncyCastle.X509.X509Certificate)tsaCert).GetEncoded());
tsaCerts.Add(cert);
}
X509Certificate2 startCert = DetermineStartCert(tsaCerts.ToArray());
AddCertificate(startCert, unsignedProperties, true, ocspServers, crlList, digestMethod, addCertificateOcspUrl, tsaCerts.ToArray());
}
internal SignerInformation(
SignerInfo info,
DerObjectIdentifier contentType,
CmsProcessable content,
byte[] digest)
{
this.info = info;
this.sid = new SignerID();
this.contentType = contentType;
try
{
SignerIdentifier s = info.SignerID;
if (s.IsTagged)
{
Asn1OctetString octs = Asn1OctetString.GetInstance(s.ID);
sid.SubjectKeyIdentifier = octs.GetOctets();
}
else
{
Asn1.Cms.IssuerAndSerialNumber iAnds =
Asn1.Cms.IssuerAndSerialNumber.GetInstance(s.ID);
sid.Issuer = iAnds.Name;
sid.SerialNumber = iAnds.SerialNumber.Value;
}
}
catch (IOException)
{
throw new ArgumentException("invalid sid in SignerInfo");
}
this.digestAlgorithm = info.DigestAlgorithm;
this.signedAttributes = info.AuthenticatedAttributes;
this.unsignedAttributes = info.UnauthenticatedAttributes;
this.encryptionAlgorithm = info.DigestEncryptionAlgorithm;
this.signature = info.EncryptedDigest.GetOctets();
this.content = content;
_digest = digest;
}
/// <inheritdoc />
public byte[] Decrypt(byte[] data)
{
foreach (var pkcsStore in _allSenderCertificates)
{
var certAlias = pkcsStore.Aliases.Cast<string>().First(x => pkcsStore.IsKeyEntry(x));
var certEntry = pkcsStore.GetCertificate(certAlias);
var cert = certEntry.Certificate;
var envelopedData = new CmsEnvelopedData(data);
var recepientInfos = envelopedData.GetRecipientInfos();
var recepientId = new RecipientID()
{
Issuer = cert.IssuerDN,
SerialNumber = cert.SerialNumber
};
var recepient = recepientInfos[recepientId];
if (recepient == null)
continue;
var privKeyEntry = pkcsStore.GetKey(certAlias);
var privKey = privKeyEntry.Key;
var decryptedData = recepient.GetContent(privKey);
var sig = new CmsSignedData(decryptedData);
var sigInfos = sig.GetSignerInfos();
var signerId = new SignerID()
{
Issuer = _receiverCertificate.IssuerDN,
SerialNumber = _receiverCertificate.SerialNumber
};
var signer = sigInfos.GetFirstSigner(signerId);
if (!signer.Verify(_receiverCertificate))
throw new ExtraEncryptionException("Failed to verify the signature.");
var verifiedData = new MemoryStream();
sig.SignedContent.Write(verifiedData);
return verifiedData.ToArray();
}
throw new ExtraEncryptionException("No certificate for decryption found.");
}
X509Certificate GetCertificate(IX509Store store, SignerID signer)
{
var matches = store.GetMatches (signer);
foreach (X509Certificate certificate in matches) {
return certificate;
}
return GetCertificate (signer);
}
/// <summary>The default constructor for CAdESOCSPSource.</summary>
/// <remarks>The default constructor for CAdESOCSPSource.</remarks>
/// <param name="encodedCMS"></param>
/// <exception cref="Org.Bouncycastle.Cms.CmsException">Org.Bouncycastle.Cms.CmsException
/// </exception>
public CAdESOCSPSource(CmsSignedData cms, SignerID id)
{
this.cmsSignedData = cms;
this.signerId = id;
}
public SignerInformation this[SignerID selector]
{
get { return(GetFirstMatch(selector)); }
}
/// <summary>
/// Verifies if the ETK contains a token that is still valid and can be trusted.
/// </summary>
/// <remarks>
/// <para>
/// This method checks if the certificate in the ETK is issued by a trusted party. Trust means
/// the root certificate is trusted by the computer it is running on and all
/// validation checks, including revocation, are successful. Root
/// certificates are trusted by the computer if present in the
/// <see cref="StoreName.Root"/> store.
/// </para>
/// <para>
/// This method no longer validates the signer of the ETK token due lack of signing time in the ETK.
/// The encryption certificate inside the ETK is still completely verified, this means there isn't a reduction in
/// security compared to the previous implementation.
/// </para>
/// </remarks>
/// <param name="checkRevocation">Checks if the certificates that issued the encryption cert aren't revoked</param>
/// <returns>Detailed information about the encryption certificate status</returns>
public CertificateSecurityInformation Verify(bool checkRevocation)
{
BC::X509Certificate encCert;
BC::X509Certificate authCert = null;
//Get encryption cert
encCert = DotNetUtilities.FromX509Certificate(ToCertificate());
trace.TraceEvent(TraceEventType.Information, 0, "Verifying ETK: {0}", encCert.SubjectDN.ToString());
//Get authentication cert
IX509Store certs = raw.GetCertificates("COLLECTION");
SignerID authCertSelector = new SignerID();
authCertSelector.Subject = encCert.IssuerDN;
ICollection authCertMatch = certs.GetMatches(authCertSelector);
IEnumerator iterator = authCertMatch.GetEnumerator();
while (iterator.MoveNext())
{
if (authCert == null || ((BC::X509Certificate)iterator.Current).IsValid(DateTime.UtcNow))
{
authCert = (BC::X509Certificate)iterator.Current;
}
}
if (authCert == null)
{
trace.TraceEvent(TraceEventType.Warning, 0, "Authentication certificate not found in ETK");
throw new InvalidMessageException("The ETK does not contain the authentication certificate");
}
return CertVerifier.VerifyEnc(encCert, authCert, DateTime.UtcNow, certs, checkRevocation);
}
