/// <summary>5.3.2 使用证书进行PKCS7签名 2011-12-19
///
/// </summary>
/// <param name="sSource"></param>
/// <param name="isNotHasSource"></param>
/// <param name="pwd"></param>
/// <param name="oCert"></param>
/// <returns></returns>
public static String signPKCS7ByCertificate(String sSource, Boolean isNotHasSource, String pwd, SecuInter.X509Certificate oCert)
{
SecuInter.Signer oSigner = new SecuInter.Signer();
SecuInter.SignedData oSignedData = new SecuInter.SignedData();
SecuInter.Utilities oUtil = new SecuInter.Utilities();
if (sSource == "")
{
throw new Exception("原文内容为空!");
}
oSigner.Certificate = oCert;
oSigner.HashAlgorithm = SECUINTER_HASH_ALGORITHM.SECUINTER_SHA1_ALGORITHM;
oSigner.UseSigningCertificateAttribute = false;
oSigner.UseSigningTime = false;
if (!String.IsNullOrEmpty(pwd))
{
bool ok = oSigner.SetUserPIN(pwd);
if (!ok)
{
throw new Exception("密码有误!");
}
}
oSignedData.Content = sSource;
oSignedData.Detached = isNotHasSource;
object arrRT = oSignedData.Sign(oSigner, SECUINTER_CMS_ENCODE_TYPE.SECUINTER_CMS_ENCODE_BASE64);
oSignedData = null;
oSigner = null;
return(arrRT.ToString());
}
/// <summary>5.3.4 PKCS7签名验证并获取证书 2011-12-19
///
/// </summary>
/// <param name="sSource"></param>
/// <param name="sSignature"></param>
/// <param name="isNotHasSource"></param>
/// <returns></returns>
public static SecuInter.X509Certificate verifyPKCS7(String sSource, string sSignature, Boolean isNotHasSource)
{
SecuInter.X509Certificate oCertSign = null;
SignedData signedData = new SignedData();
Utilities util = new Utilities();
if (isNotHasSource == true)
{//不含原文情况,将原文设入签名数据中
signedData.Content = sSource;
}
if (!signedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY))
{
throw new Exception("签名验证不正确");
}
if (isNotHasSource == false)
{ //含原文情况,比对原文和签名信息,进行验证
if (!sSource.Equals(util.ByteArraytoString(signedData.Content))) //
{
throw new Exception("发生错误,签名原文不一致!");
}
}
// '判断验证结果与签名时数据是否一致
SecuInter.Signers signers = signedData.Signers;
IEnumerator enumer = signers.GetEnumerator();
while (enumer.MoveNext()) //第一张证书为客户端签名证书
{
SecuInter.Signer signer = (SecuInter.Signer)enumer.Current;
SecuInter.X509Certificate oCert = (SecuInter.X509Certificate)signer.Certificate;
oCertSign = oCert; //'验证通过,取签名的证书
break;
}
if (oCertSign == null)
{
throw new Exception("签名信息中无证书!");
}
signedData = null;
util = null;
return(oCertSign);
}
/// <summary>
/// PKCS#7时间戳签名
/// </summary>
/// <param name="bContent">签名内容</param>
/// <param name="tsaUrl">时间戳服务器URL</param>
/// <param name="IsNotHasSource"></param>
/// <returns>签名值</returns>
public static String signPKCS7WithTSA(String bContent, String tsaUrl, Boolean IsNotHasSource)
{
if (bContent == "")
{
throw new Exception("原文内容为空!");
}
if (tsaUrl == "")
{
throw new Exception("时间戳URL为空!");
}
SecuInter.X509Certificate oCert = getX509Certificate(SECUINTER_CURRENT_USER_STORE, SECUINTER_MY_STORE, SECUINTER_CERTTYPE_SIGN, SECUINTER_NETCA_OTHER);
if (oCert == null)
{
throw new Exception("未选择证书!");
}
SecuInter.Signer oSigner = new SecuInter.Signer();
SecuInter.SignedData oSignedData = new SecuInter.SignedData();
SecuInter.X509Certificate oX509Certificate = new SecuInter.X509Certificate();
//oX509Certificate = oCert;
oSigner.Certificate = oCert;
oSigner.HashAlgorithm = SecuInter.SECUINTER_HASH_ALGORITHM.SECUINTER_SHA1_ALGORITHM;
oSigner.UseSigningCertificateAttribute = false;
oSigner.UseSigningTime = true;
oSignedData.Content = bContent;
oSignedData.Detached = IsNotHasSource;
Object arrRT = oSignedData.SignWithTSATimeStamp(oSigner, tsaUrl, "", oX509Certificate, SECUINTER_CMS_ENCODE_TYPE.SECUINTER_CMS_ENCODE_BASE64);
oSignedData = null;
oSigner = null;
oCert = null;
oX509Certificate = null;
return(arrRT.ToString());
}
/// <summary>5.3.5 带原文PKCS7签名,验证并获取原文 2011-12-19
/// 含原文签名情况下使用
/// </summary>
/// <param name="sSignature"></param>
/// <returns></returns>
public static String getSourceFromPKCS7SignData(string sSignature)
{
String sSource = "";
SignedData oSignedData = new SignedData();
Utilities oUtilities = new Utilities();
if (!oSignedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY))
{
throw new Exception("签名验证不正确");
}
SecuInter.Signers signers = oSignedData.Signers;
IEnumerator enumer = signers.GetEnumerator();
while (enumer.MoveNext()) //第一张证书为客户端签名证书
{
SecuInter.Signer signer = (SecuInter.Signer)enumer.Current;
SecuInter.X509Certificate oCert = (SecuInter.X509Certificate)signer.Certificate;
oCert.Display();
}
sSource = oUtilities.ByteArraytoString(oSignedData.Content);
oSignedData = null;
oUtilities = null;
return(sSource);
}
/// <summary>5.3.4 PKCS7签名验证并获取证书 2011-12-19
///
/// </summary>
/// <param name="sSource"></param>
/// <param name="sSignature"></param>
/// <param name="isNotHasSource"></param>
/// <returns></returns>
public static SecuInter.X509Certificate verifyPKCS7(String sSource, string sSignature, Boolean isNotHasSource, ref String signTime)
{
SecuInter.X509Certificate oCertSign = null;
SignedData signedData = new SignedData();
Utilities util = new Utilities();
if (isNotHasSource == true)
{//不含原文情况,将原文设入签名数据中
signedData.Content = sSource;
}
if (!signedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY))
{
throw new Exception("签名验证不正确");
}
if (isNotHasSource == false)
{ //含原文情况,比对原文和签名信息,进行验证
if (!sSource.Equals(util.ByteArraytoString(signedData.Content))) //
{
throw new Exception("发生错误,签名原文不一致!");
}
}
int iCertCount = signedData.Signers.Count;
//获取签名时间
if (iCertCount == 1)
{
if (signedData.HasTSATimestamp(0))
{
signTime = (signedData.getTSATimeStamp(0).ToString("yyyy-MM-dd HH:mm:ss"));
}
}
else
{
for (var i = 0; i < iCertCount; i++)
{
signedData.Signers[i].Certificate.Display();
if (signedData.HasTSATimestamp(i))
{
signTime = (signedData.getTSATimeStamp(i).ToString("yyyy-MM-dd HH:mm:ss"));
}
}
}
// '判断验证结果与签名时数据是否一致
SecuInter.Signers signers = signedData.Signers;
IEnumerator enumer = signers.GetEnumerator();
while (enumer.MoveNext()) //第一张证书为客户端签名证书
{
SecuInter.Signer signer = (SecuInter.Signer)enumer.Current;
SecuInter.X509Certificate oCert = (SecuInter.X509Certificate)signer.Certificate;
oCertSign = oCert; //'验证通过,取签名的证书
break;
}
if (oCertSign == null)
{
throw new Exception("签名信息中无证书!");
}
signedData = null;
util = null;
return(oCertSign);
}
