private static PrimarySignature AddCertificates(SignedCms destination, SignedCms source) { using (var readStream = new MemoryStream(destination.Encode())) using (var writeStream = new MemoryStream()) { var certificates = GetBouncyCastleCertificates(destination) .Concat(GetBouncyCastleCertificates(source)) .Distinct() .ToList(); var certificateStore = X509StoreFactory.Create( "Certificate/" + BouncyCastleCollection, new X509CollectionStoreParameters(certificates)); var crlStore = new CmsSignedData(destination.Encode()).GetCrls(BouncyCastleCollection); var attributeCertificateStore = new CmsSignedData(destination.Encode()).GetAttributeCertificates(BouncyCastleCollection); CmsSignedDataParser.ReplaceCertificatesAndCrls( readStream, certificateStore, crlStore, attributeCertificateStore, writeStream); return(PrimarySignature.Load(writeStream.ToArray())); } }
public static MemoryStream ParseSignature(Stream stream, bool validateSignature) { var signedFile = new CmsSignedData(stream); if (validateSignature) { var certStore = signedFile.GetCertificates("Collection"); var certs = certStore.GetMatches(new X509CertStoreSelector()); var signerStore = signedFile.GetSignerInfos(); var signers = signerStore.GetSigners(); foreach (object tempCertification in certs) { var certification = tempCertification as Org.BouncyCastle.X509.X509Certificate; foreach (object tempSigner in signers) { var signer = tempSigner as SignerInformation; if (!signer.Verify(certification.GetPublicKey())) { throw new SignatureException(Resources.ErrorMessages.SignatureException); } } } } var memoryStream = new MemoryStream(); signedFile.SignedContent.Write(memoryStream); return(memoryStream); }
public byte[] VerifySignature(CmsSignedData cms) { var isGost = false; var signer = cms.GetSignerInfos().GetSigners(); foreach (var s in signer) { var sig = (SignerInformation)s; isGost = sig.DigestAlgOid.Contains("1.2.643"); } PkiService service; if (isGost) { service = new GOSTPkiService(); } else { service = new RSAPkiService(); } return(service.VerifySignature(cms)); }
public Queue <string> GetSignersCommonNames(CmsSignedData cms) { var lst = new Queue <string>(); var store = cms.GetCertificates("COLLECTION"); var signers = cms.GetSignerInfos(); foreach (var sig in signers.GetSigners()) { var signer = (SignerInformation)sig; foreach (var st in store.GetMatches(signer.SignerID)) { var crt = (X509Certificate)st; var dn = crt.SubjectDN.ToString(); var regex = new Regex(@"^CN=|,\S.*"); var commonName = regex.Replace(dn, ""); lst.Enqueue(commonName); } } return(lst); }
private byte[] EncodeAndSign(string input) { var _signingCertificate = GetSigningCertificate(string.Empty); AsymmetricCipherKeyPair keyPair = DotNetUtilities.GetKeyPair(_signingCertificate.PrivateKey); X509Certificate bouncy = new X509CertificateParser().ReadCertificate(_signingCertificate.GetRawCertData()); byte[] content = new UTF8Encoding().GetBytes(input); var signedDataGenerator = new CmsSignedDataGenerator(); var processableByteArray = new CmsProcessableByteArray(content); IList certCollection = new ArrayList(); var chain = new X509Chain(); chain.Build(_signingCertificate); foreach (X509ChainElement link in chain.ChainElements) { certCollection.Add(DotNetUtilities.FromX509Certificate(link.Certificate)); } IX509Store certStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters( certCollection)); signedDataGenerator.AddCertificates(certStore); signedDataGenerator.AddSigner(keyPair.Private, bouncy, CmsSignedGenerator.DigestSha1); CmsSignedData signedData = signedDataGenerator.Generate(processableByteArray, true); return(signedData.GetEncoded()); }
/// <param name="signedData"></param> /// <returns></returns> public virtual CmsSignedData ExtendCMSSignedData(CmsSignedData signedData, Document originalData, SignatureParameters parameters) { SignerInformationStore signerStore = signedData.GetSignerInfos(); List <SignerInformation> siArray = new List <SignerInformation>(); //Iterator<SignerInformation> infos = signerStore.GetSigners().Iterator(); IEnumerator infos = signerStore.GetSigners().GetEnumerator(); while (infos.MoveNext()) { SignerInformation si = (SignerInformation)infos.Current; try { siArray.Add(ExtendCMSSignature(signedData, si, parameters, originalData)); } catch (IOException) { //LOG.Error("Exception when extending signature"); siArray.Add(si); } } SignerInformationStore newSignerStore = new SignerInformationStore(siArray); return(CmsSignedData.ReplaceSigners(signedData, newSignerStore)); }
private void VerifySignatures(CmsSignedData s, byte[] contentDigest) { IX509Store x509Certs = s.GetCertificates("Collection"); IX509Store x509Crls = s.GetCrls("Collection"); SignerInformationStore signers = s.GetSignerInfos(); foreach (SignerInformation signer in signers.GetSigners()) { ICollection certCollection = x509Certs.GetMatches(signer.SignerID); IEnumerator certEnum = certCollection.GetEnumerator(); certEnum.MoveNext(); X509Certificate cert = (X509Certificate)certEnum.Current; VerifySigner(signer, cert); if (contentDigest != null) { Assert.IsTrue(Arrays.AreEqual(contentDigest, signer.GetContentDigest())); } } ICollection certColl = x509Certs.GetMatches(null); ICollection crlColl = x509Crls.GetMatches(null); Assert.AreEqual(certColl.Count, s.GetCertificates("Collection").GetMatches(null).Count); Assert.AreEqual(crlColl.Count, s.GetCrls("Collection").GetMatches(null).Count); }
public static bool VerifySignatures(FileInfo contentFile, Stream signedDataStream) { CmsProcessable signedContent = null; CmsSignedData cmsSignedData = null; Org.BouncyCastle.X509.Store.IX509Store store = null; ICollection signers = null; bool verifiedStatus = false; try { //Org.BouncyCastle.Security.addProvider(new BouncyCastleProvider()); signedContent = new CmsProcessableFile(contentFile); cmsSignedData = new CmsSignedData(signedContent, signedDataStream); store = cmsSignedData.GetCertificates("Collection");//.getCertificates(); IX509Store certStore = cmsSignedData.GetCertificates("Collection"); signers = cmsSignedData.GetSignerInfos().GetSigners(); foreach (var item in signers) { SignerInformation signer = (SignerInformation)item; var certCollection = certStore.GetMatches(signer.SignerID); IEnumerator iter = certCollection.GetEnumerator(); iter.MoveNext(); var cert = (Org.BouncyCastle.X509.X509Certificate)iter.Current; verifiedStatus = signer.Verify(cert.GetPublicKey()); } } catch (Exception e) { throw e; } return(verifiedStatus); }
protected void SignDetached(Stream signed, Stream unsigned, X509Certificate2 selectedCert) { BC::X509.X509Certificate bcSelectedCert = DotNetUtilities.FromX509Certificate(selectedCert); #if NETFRAMEWORK trace.TraceEvent(TraceEventType.Information, 0, "Signing the message in name of {0}", selectedCert.Subject); #else logger.LogInformation("Signing the message in name of {0}", selectedCert.Subject); #endif BC.Crypto.ISignatureFactory sigFactory; try { SignatureAlgorithm signAlgo = EteeActiveConfig.Seal.NativeSignatureAlgorithm; BC::Crypto.AsymmetricCipherKeyPair keyPair = DotNetUtilities.GetKeyPair(selectedCert.PrivateKey); sigFactory = new Asn1SignatureFactory(signAlgo.Algorithm.FriendlyName, keyPair.Private); } catch (CryptographicException) { SignatureAlgorithm signAlgo = EteeActiveConfig.Seal.WindowsSignatureAlgorithm; sigFactory = new WinSignatureFactory(signAlgo.Algorithm, signAlgo.DigestAlgorithm, selectedCert.PrivateKey); } SignerInfoGenerator sigInfoGen = new SignerInfoGeneratorBuilder() .Build(sigFactory, bcSelectedCert); CmsSignedDataGenerator cmsSignedDataGen = new CmsSignedDataGenerator(); cmsSignedDataGen.AddSignerInfoGenerator(sigInfoGen); CmsSignedData detachedSignature = cmsSignedDataGen.Generate(new CmsProcessableProxy(unsigned), false); byte[] detachedSignatureBytes = detachedSignature.GetEncoded(); signed.Write(detachedSignatureBytes, 0, detachedSignatureBytes.Length); }
protected internal override SignerInformation ExtendCMSSignature(CmsSignedData signedData, SignerInformation si, SignatureParameters parameters, Document originalData) { if (parameters is null) { throw new ArgumentNullException(nameof(parameters)); } si = base.ExtendCMSSignature(signedData, si, parameters, originalData); IDictionary unsignedAttrs = si.UnsignedAttributes.ToDictionary(); CAdESSignature signature = new CAdESSignature(signedData, si.SignerID); DateTime signingTime = signature.SigningTime.Value; if (signingTime == null) { signingTime = parameters.SigningDate; } if (signingTime == null) { signingTime = DateTime.Now; } unsignedAttrs = ExtendUnsignedAttributes(unsignedAttrs, signature.SigningCertificate, signingTime, signature.CertificateSource); SignerInformation newsi = SignerInformation.ReplaceUnsignedAttributes(si, new BcCms.AttributeTable (unsignedAttrs)); return(newsi); }
protected internal override SignerInformation ExtendCMSSignature(CmsSignedData signedData, SignerInformation si, SignatureParameters parameters, Document originalData) { if (si is null) { throw new System.ArgumentNullException(nameof(si)); } if (SignatureTsa == null) { throw new System.ArgumentNullException(nameof(SignatureTsa)); } logger.Info("Extend signature with id " + si.SignerID); BcCms.AttributeTable unsigned = si.UnsignedAttributes; IDictionary unsignedAttrHash; if (unsigned is null) { unsignedAttrHash = new Dictionary <DerObjectIdentifier, Attribute>(); } else { unsignedAttrHash = si.UnsignedAttributes.ToDictionary(); } //TODO: jbonilla - What happens if it is already CAdES-T? It should not be extended again. Attribute signatureTimeStamp = GetTimeStampAttribute(PkcsObjectIdentifiers.IdAASignatureTimeStampToken, SignatureTsa, si.GetSignature()); unsignedAttrHash.Add(PkcsObjectIdentifiers.IdAASignatureTimeStampToken, signatureTimeStamp); SignerInformation newsi = SignerInformation.ReplaceUnsignedAttributes(si, new BcCms.AttributeTable (unsignedAttrHash)); return(newsi); }
private string SignMessage(string msg, bool isProd) { var gen = new CmsSignedDataGenerator(); X509Certificate2 certificate = GetCertificate(isProd); var privKey = DotNetUtilities.GetRsaKeyPair(certificate.GetRSAPrivateKey()).Private; var cert = DotNetUtilities.FromX509Certificate(certificate); gen.AddSigner(privKey, cert, CmsSignedDataGenerator.DigestSha1); var certX509 = DotNetUtilities.ToX509Certificate(cert.CertificateStructure); var certList = new List <Org.BouncyCastle.X509.X509Certificate>(); certList.Add(cert); X509CollectionStoreParameters PP = new X509CollectionStoreParameters(certList); IX509Store st1 = X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP); gen.AddCertificates(st1); Encoding EncodedMsg = Encoding.UTF8; byte[] dataToSign = EncodedMsg.GetBytes(msg); CmsProcessable data = new CmsProcessableByteArray(dataToSign); CmsSignedData signed = gen.Generate(PkcsObjectIdentifiers.Pkcs7, data, true); var result = signed.GetEncoded(); return(Convert.ToBase64String(result)); }
/// <summary> /// Method that performs the signing process /// </summary> /// <param name="input"></param> /// <param name="parameters"></param> /// <param name="signedData"></param> /// <returns></returns> private SignatureDocument ComputeSignature(CmsProcessableByteArray content, SignatureParameters parameters, CmsSignedData signedData) { byte[] toBeSigned = ToBeSigned(content, parameters, signedData, false); byte[] signature = parameters.Signer.SignData(toBeSigned, parameters.DigestMethod); PreComputedSigner preComputedSigner = new PreComputedSigner(signature); CustomCMSSignedDataGenerator generator = CreateSignedGenerator(preComputedSigner, parameters, signedData); CmsSignedData newSignedData = null; if (parameters.SignaturePackaging == SignaturePackaging.ATTACHED_IMPLICIT && parameters.PreCalculatedDigest == null) { newSignedData = generator.Generate(content, true); } else { if (parameters.PreCalculatedDigest != null) { generator.PreCalculatedDigest = parameters.PreCalculatedDigest; newSignedData = generator.Generate(null, false); } else if (content != null) { newSignedData = generator.Generate(content, false); } else { generator.PreCalculatedDigest = GetDigestValue(signedData.GetSignerInfos(), parameters.DigestMethod); newSignedData = generator.Generate(null, false); } } return(new SignatureDocument(new CmsSignedData(newSignedData.GetEncoded()))); }
byte[] extractSignedContent(byte[] signedFile) { CmsSignedData content = new CmsSignedData(signedFile); CmsProcessable signedContent = content.SignedContent; return((byte[])signedContent.GetContent()); }
// https://stackoverflow.com/questions/22658501/is-there-an-alternative-of-signedcms-in-winrt private byte[] CheckAndRemoveSignature(string data, out bool isValid) { isValid = false; // using bouncyCastle try { var bytes = System.Convert.FromBase64String(data); // assign data to CmsSignedData CmsSignedData sig = new CmsSignedData(bytes); // check if signature is valid var allSigsValid = VerifySignatures(sig); if (allSigsValid.Equals(true)) { isValid = true; } // get signature from cms byte[] content = sig.SignedContent.GetContent() as byte[]; return(content); } catch (System.Exception ex) { // cryptOutput.Text += "Error in 'BouncyCastle unsign' " + ex; } return(null); }
private void SignManigestFile(PassGeneratorRequest request) { X509Certificate2 card = GetCertificate(request); if (card == null) { throw new FileNotFoundException("Certificate could not be found. Please ensure the thumbprint and cert location values are correct."); } Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card); Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private; X509Certificate2 appleCA = GetAppleCertificate(); Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA); ArrayList intermediateCerts = new ArrayList(); intermediateCerts.Add(appleCert); intermediateCerts.Add(cert); Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts); Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP); CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1); generator.AddCertificates(st1); CmsProcessable content = new CmsProcessableByteArray(manifestFile); CmsSignedData signedData = generator.Generate(content, false); signatureFile = signedData.GetEncoded(); }
public Stream ToBeSigned(Document document, SignatureParameters parameters) { if (document is null) { throw new ArgumentNullException(nameof(document)); } if (parameters is null) { throw new ArgumentNullException(nameof(parameters)); } if (parameters.SignaturePackaging != SignaturePackaging.ENVELOPING && parameters.SignaturePackaging != SignaturePackaging.DETACHED) { throw new ArgumentException("Unsupported signature packaging " + parameters.SignaturePackaging); } byte[] toBeSigned = Streams.ReadAll(document.OpenStream()); CmsProcessableByteArray content = new CmsProcessableByteArray(toBeSigned); bool includeContent = true; if (parameters.SignaturePackaging == SignaturePackaging.DETACHED) { includeContent = false; } CmsSignedData signed = CreateCMSSignedDataGenerator(parameters, GetSigningProfile(parameters), false, null).Generate(content, includeContent); var e = signed.GetSignerInfos().GetSigners().GetEnumerator(); e.MoveNext(); var si = e.Current as SignerInformation; return(new MemoryStream(si.GetEncodedSignedAttributes())); }
public byte[] Sign(byte[] cmsData) { IList certs = new List <X509Certificate>(); byte[] signBytes = File.ReadAllBytes(GetFile()); X509Certificate2 signCert = new X509Certificate2(signBytes, Key, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable); certs.Add(DotNetUtilities.FromX509Certificate(signCert)); IX509Store x509Certs = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs)); CmsSignedDataGenerator gen = new CmsSignedDataGenerator(); AsymmetricCipherKeyPair pair = DotNetUtilities.GetKeyPair(signCert.PrivateKey); X509Certificate bX509Certificate = DotNetUtilities.FromX509Certificate(signCert); gen.AddSigner(pair.Private, bX509Certificate, CmsSignedGenerator.DigestSha1); gen.AddSigner(pair.Private, bX509Certificate, CmsSignedGenerator.DigestSha256); CmsSignedData unsignedData = new CmsSignedData(cmsData); gen.AddCertificates(x509Certs); CmsProcessable msg = new CmsProcessableByteArray(unsignedData.GetEncoded()); CmsSignedData cmsSignedData = gen.Generate(CmsSignedGenerator.Data, msg, true); byte[] p7MData = cmsSignedData.GetEncoded(); return(p7MData); }
public static CmsSignedData ReplaceSigners(CmsSignedData signedData, SignerInformationStore signerInformationStore) { CmsSignedData cmsSignedData = new CmsSignedData(signedData); cmsSignedData.signerInfoStore = signerInformationStore; Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector(); Asn1EncodableVector asn1EncodableVector2 = new Asn1EncodableVector(); foreach (SignerInformation signer in signerInformationStore.GetSigners()) { asn1EncodableVector.Add(Helper.FixAlgID(signer.DigestAlgorithmID)); asn1EncodableVector2.Add(signer.ToSignerInfo()); } Asn1Set asn1Set = new DerSet(asn1EncodableVector); Asn1Set asn1Set2 = new DerSet(asn1EncodableVector2); Asn1Sequence asn1Sequence = (Asn1Sequence)signedData.signedData.ToAsn1Object(); asn1EncodableVector2 = new Asn1EncodableVector(asn1Sequence[0], asn1Set); for (int i = 2; i != asn1Sequence.Count - 1; i++) { asn1EncodableVector2.Add(asn1Sequence[i]); } asn1EncodableVector2.Add(asn1Set2); cmsSignedData.signedData = SignedData.GetInstance(new BerSequence(asn1EncodableVector2)); cmsSignedData.contentInfo = new ContentInfo(cmsSignedData.contentInfo.ContentType, cmsSignedData.signedData); return(cmsSignedData); }
private CmsSignedData(CmsSignedData c) { signedData = c.signedData; contentInfo = c.contentInfo; signedContent = c.signedContent; signerInfoStore = c.signerInfoStore; }
/// <summary><inheritDoc></inheritDoc></summary> /// <exception cref="System.IO.IOException"></exception> protected override Document SignDocumentInternal(Document document, SignatureParameters parameters, DigestSigner signer) { if (parameters.SignaturePackaging != SignaturePackaging.ENVELOPING && parameters.SignaturePackaging != SignaturePackaging.DETACHED) { throw new ArgumentException("Unsupported signature packaging " + parameters.SignaturePackaging); } ExternalDigestSigner factory = new ExternalDigestSigner(signer, parameters); CmsSignedDataGenerator generator = CreateCMSSignedDataGenerator( factory, parameters, GetSigningProfile(parameters), true, null); byte[] toBeSigned = Streams.ReadAll(document.OpenStream()); var content = new CmsProcessableByteArray(toBeSigned); CmsSignedData data = generator.Generate(content, parameters.SignaturePackaging != SignaturePackaging.DETACHED); Document signedDocument = new CMSSignedDocument(data); CAdESSignatureExtension extension = GetExtensionProfile(parameters); if (extension != null) { signedDocument = extension.ExtendSignatures( new CMSSignedDocument(data), document, parameters); } return(signedDocument); }
/// <exception cref="System.IO.IOException"></exception> protected internal override SignerInformation ExtendCMSSignature(CmsSignedData signedData , SignerInformation si, SignatureParameters parameters, Document originalData) { if (this.signatureTsa == null) { throw new ConfigurationException(ConfigurationException.MSG.CONFIGURE_TSP_SERVER); } //LOG.Info("Extend signature with id " + si.SignerID); BcCms.AttributeTable unsigned = si.UnsignedAttributes; //IDictionary<DerObjectIdentifier, Attribute> unsignedAttrHash = null; IDictionary unsignedAttrHash = null; if (unsigned == null) { unsignedAttrHash = new Dictionary <DerObjectIdentifier, Attribute>(); } else { unsignedAttrHash = si.UnsignedAttributes.ToDictionary(); } //TODO jbonilla - ¿Qué ocurre si ya es CAdES-T? No se debería volver a extender. Attribute signatureTimeStamp = GetTimeStampAttribute(PkcsObjectIdentifiers.IdAASignatureTimeStampToken , this.signatureTsa, digestAlgorithm, si.GetSignature()); //unsignedAttrHash.Put(PkcsObjectIdentifiers.IdAASignatureTimeStampToken, signatureTimeStamp); unsignedAttrHash.Add(PkcsObjectIdentifiers.IdAASignatureTimeStampToken, signatureTimeStamp); SignerInformation newsi = SignerInformation.ReplaceUnsignedAttributes(si, new BcCms.AttributeTable (unsignedAttrHash)); return(newsi); }
private void SignManigestFile(PassGeneratorRequest request, string manifestFileAndPath) { byte[] dataToSign = File.ReadAllBytes(manifestFileAndPath); X509Certificate2 card = GetCertificate(request); Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card); Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private; X509Certificate2 appleCA = GetAppleCertificate(); Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA); ArrayList intermediateCerts = new ArrayList(); intermediateCerts.Add(appleCert); intermediateCerts.Add(cert); Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts); Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP); CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1); generator.AddCertificates(st1); CmsProcessable content = new CmsProcessableByteArray(dataToSign); CmsSignedData signedData = generator.Generate(content, false); string outputDirectory = Path.GetDirectoryName(manifestFileAndPath); string signatureFileAndPath = Path.Combine(outputDirectory, "signature"); File.WriteAllBytes(signatureFileAndPath, signedData.GetEncoded()); }
internal X509Certificate GenerateCertificate(String certificateString) { X509Certificate x509Certificate = null; try { byte[] bytes = Convert.FromBase64CharArray(certificateString.ToCharArray(), 0, certificateString.Length); CmsSignedData cmsSignedData = new CmsSignedData(bytes); IX509Store store = cmsSignedData.GetCertificates("Collection"); ICollection allCertificates = store.GetMatches(null); IEnumerator enumerator = allCertificates.GetEnumerator(); while (enumerator.MoveNext()) { x509Certificate = (X509Certificate)enumerator.Current; Console.WriteLine("Server Generated Certificate: " + x509Certificate.ToString()); } } catch (Exception ex) { System.Diagnostics.Debug.WriteLine("Certificate generation error: " + ex); throw new Exception("Certificate generation error"); } return(x509Certificate); }
public static byte[] GenerateSignature(List <X509Certificate> certificateChain, AsymmetricKeyEntry privateKey, byte[] messageToSign, AttributeTable signedAttributesTable) { X509Certificate signingCertificate = certificateChain[certificateChain.Count - 1]; #if MAX_CMS_COMPATIBILITY // Optional: This is the order that codesign uses: List <X509Certificate> cmsChain = new List <X509Certificate>(); if (certificateChain.Count > 1) { cmsChain.AddRange(certificateChain.GetRange(0, certificateChain.Count - 1)); cmsChain.Reverse(); } cmsChain.Add(signingCertificate); certificateChain = cmsChain; #endif IX509Store certificateStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certificateChain)); CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); #if MAX_CMS_COMPATIBILITY // Optional: BouncyCastle v1.8.3 has the option to use DER instead of BER to store the certificate chain generator.UseDerForCerts = true; #endif generator.AddSigner(privateKey.Key, signingCertificate, CmsSignedDataGenerator.DigestSha256, signedAttributesTable, null); generator.AddCertificates(certificateStore); CmsSignedData cmsSignature = generator.Generate(CmsSignedGenerator.Data, new CmsProcessableByteArray(messageToSign), false); return(cmsSignature.GetEncoded()); }
public static bool ValidateSignature(byte[] messageBytes, byte[] signatureBytes, X509Certificate certificate) { CmsProcessable signedContent = new CmsProcessableByteArray(messageBytes); CmsSignedData signedData = new CmsSignedData(signedContent, signatureBytes); IX509Store certificateStore = signedData.GetCertificates("Collection"); SignerInformationStore signerInfoStore = signedData.GetSignerInfos(); ICollection signers = signerInfoStore.GetSigners(); foreach (SignerInformation signer in signers) { bool isChainValid = ValidateCertificateChain(certificateStore, signer.SignerID); if (!isChainValid) { return(false); } bool verified = signer.Verify(certificate); if (!verified) { return(false); } } return(true); }
public SignatureDocument(CmsSignedData signedData) { _signedData = signedData; _certs = CmsUtilities.GetCertificatesFromStore(_signedData.GetCertificates("Collection")); _signaturePackaging = _signedData.SignedContent != null ? SignaturePackaging.ATTACHED_IMPLICIT : SignaturePackaging.DETACHED_EXPLICIT; ReadSignersInfo(); }
public static void ReadXmlSigned(this Fattura fattura, Stream stream, bool validateSignature = true) { CmsSignedData signedFile = new CmsSignedData(stream); if (validateSignature) { IX509Store certStore = signedFile.GetCertificates("Collection"); ICollection certs = certStore.GetMatches(new X509CertStoreSelector()); SignerInformationStore signerStore = signedFile.GetSignerInfos(); ICollection signers = signerStore.GetSigners(); foreach (object tempCertification in certs) { Org.BouncyCastle.X509.X509Certificate certification = tempCertification as Org.BouncyCastle.X509.X509Certificate; foreach (object tempSigner in signers) { SignerInformation signer = tempSigner as SignerInformation; if (!signer.Verify(certification.GetPublicKey())) { throw new FatturaElettronicaSignatureException(Resources.ErrorMessages.SignatureException); } } } } using (var memoryStream = new MemoryStream()) { signedFile.SignedContent.Write(memoryStream); fattura.ReadXml(memoryStream); } }
public CAdESOCSPSource(CmsSignedData cms) { var signers = cms.GetSignerInfos().GetSigners().GetEnumerator(); signers.MoveNext(); cmsSignedData = cms; signerId = ((SignerInformation)signers.Current).SignerID; }
public void CreateSign() { byte[] data = File.ReadAllBytes(Path.Combine(_settings.PackagePath, _manifestFilename)); X509Certificate2 certificate = new X509Certificate2(_settings.CertificatePath, _settings.CertificatePassword, X509KeyStorageFlags.Exportable); X509Certificate2 intermCertificate = new X509Certificate2(_settings.IntermCertificatePath); var privKey = SecurityUtils.GetRsaKeyPair(certificate.GetRSAPrivateKey()).Private; var cert = SecurityUtils.FromX509Certificate(certificate); var interm = SecurityUtils.FromX509Certificate(intermCertificate); CmsProcessableByteArray content = new CmsProcessableByteArray(data); CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSigner(privKey, cert, CmsSignedGenerator.EncryptionRsa, CmsSignedGenerator.DigestSha256); CmsSignedData signedContent = generator.Generate(content, false); var si = signedContent.GetSignerInfos(); var signer = si.GetSigners().Cast <SignerInformation>().First(); SignerInfo signerInfo = signer.ToSignerInfo(); Asn1EncodableVector digestAlgorithmsVector = new Asn1EncodableVector(); digestAlgorithmsVector.Add(new AlgorithmIdentifier( algorithm: new DerObjectIdentifier(_oidSHA256), parameters: DerNull.Instance)); // Construct SignedData.encapContentInfo ContentInfo encapContentInfo = new ContentInfo( contentType: new DerObjectIdentifier(_oidPKCS7IdData), content: null); Asn1EncodableVector certificatesVector = new Asn1EncodableVector(); certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetEncoded()))); certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(interm.GetEncoded()))); // Construct SignedData.signerInfos Asn1EncodableVector signerInfosVector = new Asn1EncodableVector(); signerInfosVector.Add(signerInfo.ToAsn1Object()); // Construct SignedData SignedData signedData = new SignedData( digestAlgorithms: new DerSet(digestAlgorithmsVector), contentInfo: encapContentInfo, certificates: new BerSet(certificatesVector), crls: null, signerInfos: new DerSet(signerInfosVector)); ContentInfo contentInfo = new ContentInfo( contentType: new DerObjectIdentifier(_oidPKCS7IdSignedData), content: signedData); File.WriteAllBytes(Path.Combine(_settings.PackagePath, _signatureFilename), contentInfo.GetDerEncoded()); }
public void Test4_2() { byte[] data = GetRfc4134Data("4.2.bin"); CmsSignedData signedData = new CmsSignedData(data); VerifySignatures(signedData); CmsSignedDataParser parser = new CmsSignedDataParser(data); VerifySignatures(parser); }
public void Test4_3() { CmsProcessableByteArray unencap = new CmsProcessableByteArray(exContent); byte[] data = GetRfc4134Data("4.3.bin"); CmsSignedData signedData = new CmsSignedData(unencap, data); VerifySignatures(signedData, sha1); CmsSignedDataParser parser = new CmsSignedDataParser( new CmsTypedStream(unencap.GetInputStream()), data); VerifySignatures(parser); }
public void Test4_4() { byte[] data = GetRfc4134Data("4.4.bin"); byte[] counterSigCert = GetRfc4134Data("AliceRSASignByCarl.cer"); CmsSignedData signedData = new CmsSignedData(data); VerifySignatures(signedData, sha1); VerifySignerInfo4_4(GetFirstSignerInfo(signedData.GetSignerInfos()), counterSigCert); CmsSignedDataParser parser = new CmsSignedDataParser(data); VerifySignatures(parser); VerifySignerInfo4_4(GetFirstSignerInfo(parser.GetSignerInfos()), counterSigCert); }
private void VerifySignatures(CmsSignedData s, byte[] contentDigest) { IX509Store x509Certs = s.GetCertificates("Collection"); IX509Store x509Crls = s.GetCrls("Collection"); SignerInformationStore signers = s.GetSignerInfos(); foreach (SignerInformation signer in signers.GetSigners()) { ICollection certCollection = x509Certs.GetMatches(signer.SignerID); IEnumerator certEnum = certCollection.GetEnumerator(); certEnum.MoveNext(); X509Certificate cert = (X509Certificate) certEnum.Current; VerifySigner(signer, cert); if (contentDigest != null) { Assert.IsTrue(Arrays.AreEqual(contentDigest, signer.GetContentDigest())); } } ICollection certColl = x509Certs.GetMatches(null); ICollection crlColl = x509Crls.GetMatches(null); Assert.AreEqual(certColl.Count, s.GetCertificates("Collection").GetMatches(null).Count); Assert.AreEqual(crlColl.Count, s.GetCrls("Collection").GetMatches(null).Count); }
private void VerifySignatures(CmsSignedData s) { VerifySignatures(s, null); }