Exemple #1
0
        protected void SignDetached(Stream signed, Stream unsigned, X509Certificate2 selectedCert)
        {
            BC::X509.X509Certificate bcSelectedCert = DotNetUtilities.FromX509Certificate(selectedCert);
#if NETFRAMEWORK
            trace.TraceEvent(TraceEventType.Information, 0, "Signing the message in name of {0}", selectedCert.Subject);
#else
            logger.LogInformation("Signing the message in name of {0}", selectedCert.Subject);
#endif

            BC.Crypto.ISignatureFactory sigFactory;
            try
            {
                SignatureAlgorithm signAlgo = EteeActiveConfig.Seal.NativeSignatureAlgorithm;
                BC::Crypto.AsymmetricCipherKeyPair keyPair = DotNetUtilities.GetKeyPair(selectedCert.PrivateKey);
                sigFactory = new Asn1SignatureFactory(signAlgo.Algorithm.FriendlyName, keyPair.Private);
            }
            catch (CryptographicException)
            {
                SignatureAlgorithm signAlgo = EteeActiveConfig.Seal.WindowsSignatureAlgorithm;
                sigFactory = new WinSignatureFactory(signAlgo.Algorithm, signAlgo.DigestAlgorithm, selectedCert.PrivateKey);
            }

            SignerInfoGenerator sigInfoGen = new SignerInfoGeneratorBuilder()
                                             .Build(sigFactory, bcSelectedCert);

            CmsSignedDataGenerator cmsSignedDataGen = new CmsSignedDataGenerator();
            cmsSignedDataGen.AddSignerInfoGenerator(sigInfoGen);

            CmsSignedData detachedSignature = cmsSignedDataGen.Generate(new CmsProcessableProxy(unsigned), false);

            byte[] detachedSignatureBytes = detachedSignature.GetEncoded();
            signed.Write(detachedSignatureBytes, 0, detachedSignatureBytes.Length);
        }
Exemple #2
0
        private void SignManigestFile(PassGeneratorRequest request)
        {
            X509Certificate2 card = GetCertificate(request);

            if (card == null)
            {
                throw new FileNotFoundException("Certificate could not be found. Please ensure the thumbprint and cert location values are correct.");
            }

            Org.BouncyCastle.X509.X509Certificate          cert       = DotNetUtilities.FromX509Certificate(card);
            Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private;

            X509Certificate2 appleCA = GetAppleCertificate();

            Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA);

            ArrayList intermediateCerts = new ArrayList();

            intermediateCerts.Add(appleCert);
            intermediateCerts.Add(cert);

            Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts);
            Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);

            CmsSignedDataGenerator generator = new CmsSignedDataGenerator();

            generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1);
            generator.AddCertificates(st1);

            CmsProcessable content    = new CmsProcessableByteArray(manifestFile);
            CmsSignedData  signedData = generator.Generate(content, false);

            signatureFile = signedData.GetEncoded();
        }
Exemple #3
0
        public static byte[] GenerateSignature(List <X509Certificate> certificateChain, AsymmetricKeyEntry privateKey, byte[] messageToSign, AttributeTable signedAttributesTable)
        {
            X509Certificate signingCertificate = certificateChain[certificateChain.Count - 1];

#if MAX_CMS_COMPATIBILITY
            // Optional: This is the order that codesign uses:
            List <X509Certificate> cmsChain = new List <X509Certificate>();
            if (certificateChain.Count > 1)
            {
                cmsChain.AddRange(certificateChain.GetRange(0, certificateChain.Count - 1));
                cmsChain.Reverse();
            }
            cmsChain.Add(signingCertificate);
            certificateChain = cmsChain;
#endif
            IX509Store certificateStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certificateChain));

            CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
#if MAX_CMS_COMPATIBILITY
            // Optional: BouncyCastle v1.8.3 has the option to use DER instead of BER to store the certificate chain
            generator.UseDerForCerts = true;
#endif
            generator.AddSigner(privateKey.Key, signingCertificate, CmsSignedDataGenerator.DigestSha256, signedAttributesTable, null);
            generator.AddCertificates(certificateStore);
            CmsSignedData cmsSignature = generator.Generate(CmsSignedGenerator.Data, new CmsProcessableByteArray(messageToSign), false);
            return(cmsSignature.GetEncoded());
        }
        private void SignManigestFile(PassGeneratorRequest request, string manifestFileAndPath)
        {
            byte[] dataToSign = File.ReadAllBytes(manifestFileAndPath);

            X509Certificate2 card = GetCertificate(request);

            Org.BouncyCastle.X509.X509Certificate          cert       = DotNetUtilities.FromX509Certificate(card);
            Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private;

            X509Certificate2 appleCA = GetAppleCertificate();

            Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA);

            ArrayList intermediateCerts = new ArrayList();

            intermediateCerts.Add(appleCert);
            intermediateCerts.Add(cert);

            Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts);
            Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);

            CmsSignedDataGenerator generator = new CmsSignedDataGenerator();

            generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1);
            generator.AddCertificates(st1);

            CmsProcessable content    = new CmsProcessableByteArray(dataToSign);
            CmsSignedData  signedData = generator.Generate(content, false);

            string outputDirectory      = Path.GetDirectoryName(manifestFileAndPath);
            string signatureFileAndPath = Path.Combine(outputDirectory, "signature");

            File.WriteAllBytes(signatureFileAndPath, signedData.GetEncoded());
        }
Exemple #5
0
        private string SignMessage(string msg, bool isProd)
        {
            var gen = new CmsSignedDataGenerator();
            X509Certificate2 certificate = GetCertificate(isProd);
            var privKey = DotNetUtilities.GetRsaKeyPair(certificate.GetRSAPrivateKey()).Private;
            var cert    = DotNetUtilities.FromX509Certificate(certificate);

            gen.AddSigner(privKey, cert, CmsSignedDataGenerator.DigestSha1);
            var certX509 = DotNetUtilities.ToX509Certificate(cert.CertificateStructure);
            var certList = new List <Org.BouncyCastle.X509.X509Certificate>();

            certList.Add(cert);
            X509CollectionStoreParameters PP = new X509CollectionStoreParameters(certList);
            IX509Store st1 = X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);

            gen.AddCertificates(st1);
            Encoding EncodedMsg = Encoding.UTF8;

            byte[]         dataToSign = EncodedMsg.GetBytes(msg);
            CmsProcessable data       = new CmsProcessableByteArray(dataToSign);
            CmsSignedData  signed     = gen.Generate(PkcsObjectIdentifiers.Pkcs7, data, true);
            var            result     = signed.GetEncoded();

            return(Convert.ToBase64String(result));
        }
Exemple #6
0
        /// <summary>
        /// Method that performs the signing process
        /// </summary>
        /// <param name="input"></param>
        /// <param name="parameters"></param>
        /// <param name="signedData"></param>
        /// <returns></returns>
        private SignatureDocument ComputeSignature(CmsProcessableByteArray content, SignatureParameters parameters, CmsSignedData signedData)
        {
            byte[] toBeSigned = ToBeSigned(content, parameters, signedData, false);
            byte[] signature  = parameters.Signer.SignData(toBeSigned, parameters.DigestMethod);

            PreComputedSigner            preComputedSigner = new PreComputedSigner(signature);
            CustomCMSSignedDataGenerator generator         = CreateSignedGenerator(preComputedSigner, parameters, signedData);
            CmsSignedData newSignedData = null;

            if (parameters.SignaturePackaging == SignaturePackaging.ATTACHED_IMPLICIT && parameters.PreCalculatedDigest == null)
            {
                newSignedData = generator.Generate(content, true);
            }
            else
            {
                if (parameters.PreCalculatedDigest != null)
                {
                    generator.PreCalculatedDigest = parameters.PreCalculatedDigest;

                    newSignedData = generator.Generate(null, false);
                }
                else if (content != null)
                {
                    newSignedData = generator.Generate(content, false);
                }
                else
                {
                    generator.PreCalculatedDigest = GetDigestValue(signedData.GetSignerInfos(), parameters.DigestMethod);

                    newSignedData = generator.Generate(null, false);
                }
            }

            return(new SignatureDocument(new CmsSignedData(newSignedData.GetEncoded())));
        }
Exemple #7
0
        public byte[] Sign(byte[] cmsData)
        {
            IList certs = new List <X509Certificate>();

            byte[]           signBytes = File.ReadAllBytes(GetFile());
            X509Certificate2 signCert  = new X509Certificate2(signBytes, Key, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);

            certs.Add(DotNetUtilities.FromX509Certificate(signCert));
            IX509Store x509Certs = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs));

            CmsSignedDataGenerator  gen              = new CmsSignedDataGenerator();
            AsymmetricCipherKeyPair pair             = DotNetUtilities.GetKeyPair(signCert.PrivateKey);
            X509Certificate         bX509Certificate = DotNetUtilities.FromX509Certificate(signCert);

            gen.AddSigner(pair.Private, bX509Certificate, CmsSignedGenerator.DigestSha1);
            gen.AddSigner(pair.Private, bX509Certificate, CmsSignedGenerator.DigestSha256);
            CmsSignedData unsignedData = new CmsSignedData(cmsData);


            gen.AddCertificates(x509Certs);
            CmsProcessable msg           = new CmsProcessableByteArray(unsignedData.GetEncoded());
            CmsSignedData  cmsSignedData = gen.Generate(CmsSignedGenerator.Data, msg, true);

            byte[] p7MData = cmsSignedData.GetEncoded();
            return(p7MData);
        }
        private byte[] EncodeAndSign(string input)
        {
            var _signingCertificate         = GetSigningCertificate(string.Empty);
            AsymmetricCipherKeyPair keyPair = DotNetUtilities.GetKeyPair(_signingCertificate.PrivateKey);
            X509Certificate         bouncy  = new X509CertificateParser().ReadCertificate(_signingCertificate.GetRawCertData());

            byte[] content              = new UTF8Encoding().GetBytes(input);
            var    signedDataGenerator  = new CmsSignedDataGenerator();
            var    processableByteArray = new CmsProcessableByteArray(content);

            IList certCollection = new ArrayList();
            var   chain          = new X509Chain();

            chain.Build(_signingCertificate);
            foreach (X509ChainElement link in chain.ChainElements)
            {
                certCollection.Add(DotNetUtilities.FromX509Certificate(link.Certificate));
            }
            IX509Store certStore = X509StoreFactory.Create("Certificate/Collection",
                                                           new X509CollectionStoreParameters(
                                                               certCollection));

            signedDataGenerator.AddCertificates(certStore);
            signedDataGenerator.AddSigner(keyPair.Private, bouncy, CmsSignedGenerator.DigestSha1);

            CmsSignedData signedData = signedDataGenerator.Generate(processableByteArray, true);

            return(signedData.GetEncoded());
        }
Exemple #9
0
        public virtual Stream OpenStream()
        {
            Stream          output   = new MemoryStream();
            DerOutputStream derOuput = new DerOutputStream(output);

            derOuput.WriteObject(Asn1Object.FromByteArray(signedData.GetEncoded()));
            output.Seek(0, SeekOrigin.Begin);
            return(output);
        }
        private void SignManigestFile(PassGeneratorRequest request)
        {
            Trace.TraceInformation("Signing the manifest file...");

            X509Certificate2 card = GetCertificate(request);

            if (card == null)
            {
                throw new FileNotFoundException("Certificate could not be found. Please ensure the thumbprint and cert location values are correct.");
            }

            X509Certificate2 appleCA = GetAppleCertificate(request);

            if (appleCA == null)
            {
                throw new FileNotFoundException("Apple Certficate could not be found. Please downloaad from http://www.apple.com/certificateauthority/ and install into your LOCAL MACHINE certificate store.");
            }

            try
            {
                Org.BouncyCastle.X509.X509Certificate          cert       = DotNetUtilities.FromX509Certificate(card);
                Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private;

                Trace.TraceInformation("Fetching Apple Certificate for signing..");

                Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA);

                Trace.TraceInformation("Constructing the certificate chain..");

                ArrayList intermediateCerts = new ArrayList();

                intermediateCerts.Add(appleCert);
                intermediateCerts.Add(cert);

                Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts);
                Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);

                CmsSignedDataGenerator generator = new CmsSignedDataGenerator();

                generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1);
                generator.AddCertificates(st1);

                Trace.TraceInformation("Processing the signature..");

                CmsProcessable content    = new CmsProcessableByteArray(manifestFile);
                CmsSignedData  signedData = generator.Generate(content, false);

                signatureFile = signedData.GetEncoded();

                Trace.TraceInformation("The file has been successfully signed!");
            }
            catch (Exception exp)
            {
                Trace.TraceError("Failed to sign the manifest file: [{0}]", exp.Message);
                throw new ManifestSigningException("Failed to sign manifest", exp);
            }
        }
Exemple #11
0
        //  Sign the message with the private key of the signer.
        static public byte[] SignMsg(Byte[] msg, X509Certificate2 signerCert, bool detached, bool UsaTSA, string TSAurl, string TSAuser, string TSApass)
        {
            try
            {
                SHA256Managed        hashSha256 = new SHA256Managed();
                byte[]               certHash   = hashSha256.ComputeHash(signerCert.RawData);
                EssCertIDv2          essCert1   = new EssCertIDv2(new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier("2.16.840.1.101.3.4.2.1"), certHash);
                SigningCertificateV2 scv2       = new SigningCertificateV2(new EssCertIDv2[] { essCert1 });
                Org.BouncyCastle.Asn1.Cms.Attribute CertHAttribute = new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2));
                Asn1EncodableVector v = new Asn1EncodableVector();
                v.Add(CertHAttribute);
                Org.BouncyCastle.Asn1.Cms.AttributeTable AT = new Org.BouncyCastle.Asn1.Cms.AttributeTable(v);
                CmsSignedDataGenWithRsaCsp cms = new CmsSignedDataGenWithRsaCsp();
                var rsa = (RSACryptoServiceProvider)signerCert.PrivateKey;
                Org.BouncyCastle.X509.X509Certificate certCopy = DotNetUtilities.FromX509Certificate(signerCert);
                cms.MyAddSigner(rsa, certCopy, "1.2.840.113549.1.1.1", "2.16.840.1.101.3.4.2.1", AT, null);
                ArrayList certList = new ArrayList();
                certList.Add(certCopy);
                Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(certList);
                Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
                cms.AddCertificates(st1);
                CmsProcessableByteArray file    = new CmsProcessableByteArray(msg); //CmsProcessableFile(File);
                CmsSignedData           Firmato = cms.Generate(file, false);        //se settato a true, il secondo argomento integra l'intero file

                byte[] bb = Firmato.GetEncoded();

                if (UsaTSA)
                {
                    CmsSignedData          sd      = new CmsSignedData(bb);
                    SignerInformationStore signers = sd.GetSignerInfos();
                    byte[]            signature    = null;
                    SignerInformation signer       = null;
                    foreach (SignerInformation signer_ in signers.GetSigners())
                    {
                        signer = signer_;
                        break;
                    }

                    signature = signer.GetSignature();
                    Org.BouncyCastle.Asn1.Cms.AttributeTable at = new Org.BouncyCastle.Asn1.Cms.AttributeTable(GetTimestamp(signature, TSAurl, TSAuser, TSApass));
                    signer = SignerInformation.ReplaceUnsignedAttributes(signer, at);
                    IList signerInfos = new ArrayList();
                    signerInfos.Add(signer);
                    sd = CmsSignedData.ReplaceSigners(sd, new SignerInformationStore(signerInfos));
                    bb = sd.GetEncoded();
                }
                return(bb);
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.ToString());
                return(null);
            }
        }
Exemple #12
0
        private byte[] TimestampAuthorityResponse(EstEIDReader estEidReader, byte[] signedPkcs)
        {
            ArrayList newSigners = new ArrayList();

            CmsSignedData sd = new CmsSignedData(signedPkcs);

            foreach (SignerInformation si in sd.GetSignerInfos().GetSigners())
            {
                // possible TSA URLs
                //string TsaServerUrl = "http://www.edelweb.fr/cgi-bin/service-tsp";
                //string TsaServerUrl = "http://dse200.ncipher.com/TSS/HttpTspServer";

                byte[] signedDigest  = si.GetSignature();
                byte[] timeStampHash = ComputeHash(estEidReader, signedDigest);

                string TsaServerUrl = stamp.Url;
                string TsaUser      = stamp.User;
                string TsaPassword  = stamp.Password;
                string error        = string.Empty;

                byte[] timeStampToken = X509Utils.GetTimestampToken(TsaServerUrl,
                                                                    TsaUser,
                                                                    TsaPassword,
                                                                    timeStampHash,
                                                                    ref error);

                if (timeStampToken == null)
                {
                    throw new Exception(Resources.TSA_ERROR + error);
                }

                Hashtable  ht     = new Hashtable();
                Asn1Object derObj = new Asn1InputStream(timeStampToken).ReadObject();
                DerSet     derSet = new DerSet(derObj);

                Org.BouncyCastle.Asn1.Cms.Attribute unsignAtt = new Org.BouncyCastle.Asn1.Cms.Attribute(
                    new DerObjectIdentifier(X509Utils.ID_TIME_STAMP_TOKEN), derSet);

                ht.Add(X509Utils.ID_TIME_STAMP_TOKEN, unsignAtt);

                Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAtts = new Org.BouncyCastle.Asn1.Cms.AttributeTable(ht);

                newSigners.Add(SignerInformation.ReplaceUnsignedAttributes(si, unsignedAtts));
            }

            SignerInformationStore newSignerInformationStore = new SignerInformationStore(newSigners);

            CmsSignedData newSd = CmsSignedData.ReplaceSigners(sd, newSignerInformationStore);

            // Encode the CMS/PKCS #7 message
            return(newSd.GetEncoded());
        }
        /// <summary>
        ///  The method used to sign data with private key.
        ///  Signs the provided <code>data</code> and returns both data and
        ///  the signature in a PKCS#7 container.
        ///  https://csharp.hotexamples.com/examples/Org.BouncyCastle.Cms/CmsSignedDataGenerator/AddCrls/php-cmssigneddatagenerator-addcrls-method-examples.html
        /// </summary>
        /// <param name="data"></param>
        /// <param name="signCert"></param>
        /// <returns></returns>
        public static byte[] SignData(byte[] data, X509Certificate2 signCert)
        {
            IList certs = new List <Org.BouncyCastle.X509.X509Certificate>();

            certs.Add(DotNetUtilities.FromX509Certificate(signCert));
            IX509Store              x509Certs = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs));
            CmsSignedDataGenerator  gen       = new CmsSignedDataGenerator();
            AsymmetricCipherKeyPair pair      = DotNetUtilities.GetKeyPair(signCert.PrivateKey);

            Org.BouncyCastle.X509.X509Certificate bX509Certificate = DotNetUtilities.FromX509Certificate(signCert);
            gen.AddSigner(pair.Private, bX509Certificate, CmsSignedGenerator.DigestSha256);
            gen.AddCertificates(x509Certs);

            CmsProcessable msg           = new CmsProcessableByteArray(data);
            CmsSignedData  cmsSignedData = gen.Generate(CmsSignedGenerator.Data, msg, true);

            byte[] p7MData = cmsSignedData.GetEncoded();
            return(p7MData);
        }
Exemple #14
0
        /// <exception cref="System.IO.IOException"></exception>
        public virtual Document ExtendSignatures(Document document, Document originalData
                                                 , SignatureParameters parameters)
        {
            try
            {
                CmsSignedData            signedData  = new CmsSignedData(document.OpenStream());
                SignerInformationStore   signerStore = signedData.GetSignerInfos();
                List <SignerInformation> siArray     = new List <SignerInformation>();

                foreach (SignerInformation si in signerStore.GetSigners())
                {
                    try
                    {
                        //jbonilla - Hack para evitar errores cuando una firma ya ha sido extendida.
                        //Se asume que sólo se extiende las firmas desde BES.
                        //TODO jbonilla - Se debería validar hasta qué punto se extendió (BES, T, C, X, XL).
                        if (si.UnsignedAttributes.Count == 0)
                        {
                            siArray.Add(ExtendCMSSignature(signedData, si, parameters, originalData));
                        }
                        else
                        {
                            //LOG.Error("Already extended?");
                            siArray.Add(si);
                        }
                    }
                    catch (IOException)
                    {
                        //LOG.Error("Exception when extending signature");
                        siArray.Add(si);
                    }
                }

                SignerInformationStore newSignerStore = new SignerInformationStore(siArray);
                CmsSignedData          extended       = CmsSignedData.ReplaceSigners(signedData, newSignerStore);
                return(new InMemoryDocument(extended.GetEncoded()));
            }
            catch (CmsException)
            {
                throw new IOException("Cannot parse CMS data");
            }
        }
        public byte[] Sign(Stream data)
        {
            CmsProcessable msg = new CmsProcessableInputStream(data);

            CmsSignedDataGenerator gen = new CmsSignedDataGenerator();
            SignerInfoGenerator    signerInfoGenerator = new SignerInfoGeneratorBuilder()
                                                         .WithSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator())
                                                         .Build(new Asn1SignatureFactory(algorithm, key), chain[0]);

            gen.AddSignerInfoGenerator(signerInfoGenerator);

            X509CollectionStoreParameters collectionStoreParameters = new X509CollectionStoreParameters(new List <X509Certificate>(chain));
            IX509Store collectionStore = X509StoreFactory.Create("CERTIFICATE/COLLECTION", collectionStoreParameters);

            gen.AddCertificates(collectionStore);

            CmsSignedData sigData = gen.Generate(msg, false);

            return(sigData.GetEncoded());
        }
        private static SignedCms ModifyUnsignedAttributes(SignedCms signedCms, Func <AttributeTable, AttributeTable> modify)
        {
            byte[] bytes = signedCms.Encode();

            var bcSignedCms = new CmsSignedData(bytes);
            SignerInformationStore signerInfos = bcSignedCms.GetSignerInfos();
            SignerInformation      signerInfo  = GetFirstSignerInfo(signerInfos);

            AttributeTable updatedAttributes = modify(signerInfo.UnsignedAttributes);

            SignerInformation updatedSignerInfo = SignerInformation.ReplaceUnsignedAttributes(signerInfo, updatedAttributes);
            var updatedSignerInfos = new SignerInformationStore(updatedSignerInfo);

            CmsSignedData updatedBcSignedCms = CmsSignedData.ReplaceSigners(bcSignedCms, updatedSignerInfos);

            var updatedSignedCms = new SignedCms();

            updatedSignedCms.Decode(updatedBcSignedCms.GetEncoded());

            return(updatedSignedCms);
        }
Exemple #17
0
        public static byte[] FirmaFileBouncy(byte[] data, X509Certificate2 cert)
        {
            try
            {
                SHA256Managed        hashSha256 = new SHA256Managed();
                byte[]               certHash   = hashSha256.ComputeHash(cert.RawData);
                EssCertIDv2          essCert1   = new EssCertIDv2(new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier("2.16.840.1.101.3.4.2.1"), certHash);
                SigningCertificateV2 scv2       = new SigningCertificateV2(new EssCertIDv2[] { essCert1 });
                Org.BouncyCastle.Asn1.Cms.Attribute CertHAttribute = new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2));
                Asn1EncodableVector v = new Asn1EncodableVector();
                v.Add(CertHAttribute);
                Org.BouncyCastle.Asn1.Cms.AttributeTable AT = new Org.BouncyCastle.Asn1.Cms.AttributeTable(v);

                CmsSignedDataGenWithRsaCsp cms = new CmsSignedDataGenWithRsaCsp();

                var rsa = (RSACryptoServiceProvider)cert.PrivateKey;
                Org.BouncyCastle.X509.X509Certificate certCopy = DotNetUtilities.FromX509Certificate(cert);
                cms.MyAddSigner(rsa, certCopy, "1.2.840.113549.1.1.1", "2.16.840.1.101.3.4.2.1", AT, null);
                ArrayList certList = new ArrayList();
                certList.Add(certCopy);
                Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(certList);
                Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
                cms.AddCertificates(st1);
                //mi ricavo il file da firmare
                CmsSignedData Firmato = cms.Generate(new CmsProcessableByteArray(data), false);

                CmsSigner cmsSigner = new CmsSigner(cert);
                cmsSigner.IncludeOption = X509IncludeOption.EndCertOnly;

                System.Security.Cryptography.Pkcs.ContentInfo contentInfo = new System.Security.Cryptography.Pkcs.ContentInfo(Firmato.GetEncoded());
                SignedCms signedCms = new SignedCms();
                signedCms.Decode(Firmato.GetEncoded());
                byte[] ret = signedCms.Encode();
                return(ret);
            }
            catch
            {
                return(null);
            }
        }
Exemple #18
0
        protected void SignDetached(Stream signed, Stream unsigned, BC::Crypto.AsymmetricCipherKeyPair bcKeyPair, byte[] keyId)
        {
#if NETFRAMEWORK
            trace.TraceEvent(TraceEventType.Information, 0, "Signing the message in name of {0}", Convert.ToBase64String(keyId));
#else
            logger.LogInformation("Signing the message in name of {0}", Convert.ToBase64String(keyId));
#endif

            SignatureAlgorithm signAlgo = EteeActiveConfig.Seal.NativeSignatureAlgorithm;
            var sigFactory = new Asn1SignatureFactory(signAlgo.Algorithm.FriendlyName, bcKeyPair.Private);

            SignerInfoGenerator sigInfoGen = new SignerInfoGeneratorBuilder()
                                             .Build(sigFactory, keyId);

            CmsSignedDataGenerator cmsSignedDataGen = new CmsSignedDataGenerator();
            cmsSignedDataGen.AddSignerInfoGenerator(sigInfoGen);

            CmsSignedData detachedSignature = cmsSignedDataGen.Generate(new CmsProcessableProxy(unsigned), false);

            byte[] detachedSignatureBytes = detachedSignature.GetEncoded();
            signed.Write(detachedSignatureBytes, 0, detachedSignatureBytes.Length);
        }
        /// <summary>
        /// Generates the signed cms data.
        /// </summary>
        /// <returns>The signed cms data.</returns>
        /// <param name="signingData">Signing data.</param>
        /// <param name="signerCert">Signer certificate/</param>
        /// <param name="privateKey">Signer private key.</param>
        private static byte[] GenerateSignedCmsData(DerSet signingData, X509Certificate signerCert, AsymmetricKeyParameter privateKey)
        {
            CmsSignedDataGenerator cmsDataGenerator = new CmsSignedDataGenerator();
            IX509Store             x509Certs        = X509StoreFactory.Create(
                "Certificate/Collection",
                new X509CollectionStoreParameters(new X509Certificate[] { signerCert }));

            cmsDataGenerator.AddCertificates(x509Certs);

            Org.BouncyCastle.Asn1.Cms.AttributeTable attTable = new Org.BouncyCastle.Asn1.Cms.AttributeTable(signingData);
            cmsDataGenerator.AddSigner(
                privateKey,
                signerCert,
                SignerUtilities.GetObjectIdentifier(Sha256WithRsa).Id,
                Sha256Oid,
                new SimpleAttributeTableGenerator(attTable),
                null);

            CmsSignedData detachedSignedData = cmsDataGenerator.Generate(null, false);

            return(detachedSignedData.GetEncoded());
        }
Exemple #20
0
        public byte[] GetSignedCms(Stream rangedStream)
        {
            rangedStream.Position = 0;

            CmsSignedDataGenerator signedDataGenerator = new CmsSignedDataGenerator();

            var cert = DotNetUtilities.FromX509Certificate(Certificate);
            var key  = DotNetUtilities.GetKeyPair(Certificate.PrivateKey);

            IX509Store x509Certs = X509StoreFactory.Create(
                "Certificate/Collection",
                new X509CollectionStoreParameters(new[] { cert }));

            signedDataGenerator.AddSigner(key.Private, cert, CmsSignedDataGenerator.DigestSha1);
            signedDataGenerator.AddCertificates(x509Certs);

            CmsProcessableInputStream msg = new CmsProcessableInputStream(rangedStream);

            CmsSignedData signedData = signedDataGenerator.Generate(msg, false);

            return(signedData.GetEncoded());
        }
Exemple #21
0
        public static byte[] SignBC(string text, X509Certificate2 cert)

        {
            Org.BouncyCastle.X509.X509Certificate          cert2 = DotNetUtilities.FromX509Certificate(cert);
            Org.BouncyCastle.Crypto.AsymmetricKeyParameter K     = DotNetUtilities.GetKeyPair(cert.PrivateKey).Private;
            CmsSignedDataGenerator generator = new CmsSignedDataGenerator();

            generator.AddSigner(K, cert2, CmsSignedDataGenerator.EncryptionRsa, CmsSignedDataGenerator.DigestSha256);

            List <Org.BouncyCastle.X509.X509Certificate> certList = new List <Org.BouncyCastle.X509.X509Certificate>();

            certList.Add(cert2);

            Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(certList);
            Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);

            generator.AddCertificates(st1);
            byte[] data = Encoding.UTF8.GetBytes(text);

            CmsSignedData signedData = generator.Generate(new CmsProcessableByteArray(data), true);

            return(signedData.GetEncoded());
        }
Exemple #22
0
        private byte[] SignWithCertificate(byte[] bytesToSign)
        {
            var generator = new CmsSignedDataGenerator();

            var privKey     = _gatewayKeyProvider.SigningPrivateKey;
            var certificate = _gatewayKeyProvider.SigningCertificate;

            var certificates = new List <Org.BouncyCastle.X509.X509Certificate>();

            certificates.Add(certificate);

            var        storeParameters = new X509CollectionStoreParameters(certificates);
            IX509Store store           = X509StoreFactory.Create("Certificate/Collection", storeParameters);

            generator.AddSigner(privKey, certificate, CmsSignedGenerator.EncryptionRsa, CmsSignedGenerator.DigestSha256);

            generator.AddCertificates(store);

            var           message    = new CmsProcessableByteArray(bytesToSign);
            CmsSignedData signedData = generator.Generate(message, false);

            return(signedData.GetEncoded());
        }
Exemple #23
0
        /// <exception cref="System.IO.IOException"></exception>
        public virtual Document ExtendSignature(object signatureId, Document document, Document
                                                originalData, SignatureParameters parameters)
        {
            SignerID toExtendId = (SignerID)signatureId;

            try
            {
                CmsSignedData            signedData  = new CmsSignedData(document.OpenStream());
                SignerInformationStore   signerStore = signedData.GetSignerInfos();
                List <SignerInformation> siArray     = new List <SignerInformation>();
                //Iterator<object> infos = signerStore.GetSigners().Iterator();
                IEnumerator infos = signerStore.GetSigners().GetEnumerator();
                while (infos.MoveNext())
                {
                    SignerInformation si = (SignerInformation)infos.Current;
                    if (si.SignerID.Equals(toExtendId))
                    {
                        try
                        {
                            siArray.Add(ExtendCMSSignature(signedData, si, parameters, originalData));
                        }
                        catch (IOException)
                        {
                            //LOG.Error("Exception when extending signature");
                            siArray.Add(si);
                        }
                    }
                }
                SignerInformationStore newSignerStore = new SignerInformationStore(siArray);
                CmsSignedData          extended       = CmsSignedData.ReplaceSigners(signedData, newSignerStore);
                return(new InMemoryDocument(extended.GetEncoded()));
            }
            catch (CmsException)
            {
                throw new IOException("Cannot parse CMS data");
            }
        }
Exemple #24
0
        public byte[] FirmaFileBouncy(string NomeFile, X509Certificate2 cert, bool GiaFirmato, bool UsaTSA, string TSAurl, string TSAuser, string TSApass, out string RisFirma)
        {
            try
            {
                SHA256Managed        hashSha256 = new SHA256Managed();
                byte[]               certHash   = hashSha256.ComputeHash(cert.RawData);
                EssCertIDv2          essCert1   = new EssCertIDv2(new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier("2.16.840.1.101.3.4.2.1"), certHash);
                SigningCertificateV2 scv2       = new SigningCertificateV2(new EssCertIDv2[] { essCert1 });
                Org.BouncyCastle.Asn1.Cms.Attribute CertHAttribute = new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2));
                Asn1EncodableVector v = new Asn1EncodableVector();
                v.Add(CertHAttribute);
                Org.BouncyCastle.Asn1.Cms.AttributeTable AT = new Org.BouncyCastle.Asn1.Cms.AttributeTable(v);
                CmsSignedDataGenWithRsaCsp cms = new CmsSignedDataGenWithRsaCsp();
                var rsa = (RSACryptoServiceProvider)cert.PrivateKey;
                Org.BouncyCastle.X509.X509Certificate certCopy = DotNetUtilities.FromX509Certificate(cert);
                cms.MyAddSigner(rsa, certCopy, "1.2.840.113549.1.1.1", "2.16.840.1.101.3.4.2.1", AT, null);
                ArrayList certList = new ArrayList();
                certList.Add(certCopy);
                Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(certList);
                Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
                cms.AddCertificates(st1);
                //mi ricavo il file da firmare
                FileInfo FileDaAprire = new FileInfo(NomeFile);

                /*CmsSignedData Firmato;
                 * if (GiaFirmato) {
                 *      CmsSignedData signedData = new CmsSignedData(File.ReadAllBytes(NomeFile));
                 *      if (signedData!=null){
                 *              SignerInformationStore signers = signedData.GetSignerInfos();
                 *              certList.Add(signers.GetSigners());
                 *              //MessageBox.Show(signedData.ContentInfo.GetEncoded().Length.ToString());
                 *              //signedData.ContentInfo.GetEncoded();
                 *      }
                 *      certList.Insert(0,certCopy);
                 *      CmsProcessableByteArray file = new CmsProcessableByteArray(signedData.ContentInfo.GetEncoded());
                 *      Firmato = cms.Generate(file, true);
                 * } else {
                 *      certList.Add(certCopy);
                 *      CmsProcessableFile file = new CmsProcessableFile(FileDaAprire);
                 *      Firmato = cms.Generate(file, true);
                 * }
                 */
                CmsProcessableFile file    = new CmsProcessableFile(FileDaAprire);
                CmsSignedData      Firmato = cms.Generate(file, true);
                byte[]             Encoded = Firmato.GetEncoded();

                if (UsaTSA)
                {
                    CmsSignedData          sd      = new CmsSignedData(Encoded);
                    SignerInformationStore signers = sd.GetSignerInfos();
                    byte[]            signature    = null;
                    SignerInformation signer       = null;
                    foreach (SignerInformation signer_ in signers.GetSigners())
                    {
                        signer = signer_;
                        break;
                    }

                    signature = signer.GetSignature();
                    Org.BouncyCastle.Asn1.Cms.AttributeTable at = new Org.BouncyCastle.Asn1.Cms.AttributeTable(GetTimestamp(signature, TSAurl, TSAuser, TSApass));
                    signer = SignerInformation.ReplaceUnsignedAttributes(signer, at);
                    IList signerInfos = new ArrayList();
                    signerInfos.Add(signer);
                    sd      = CmsSignedData.ReplaceSigners(sd, new SignerInformationStore(signerInfos));
                    Encoded = sd.GetEncoded();
                }
                RisFirma = "";
                return(Encoded);
            }
            catch (Exception ex)
            {
                RisFirma = ex.ToString();
                return(null);
            }
        }
 public byte[] GetEncoded()
 {
     return(tsToken.GetEncoded());
 }
Exemple #26
0
        public virtual bool CheckIntegrity(Document detachedDocument)
        {
            try
            {
                bool ret             = false;
                SignerInformation si = null;
                if (detachedDocument != null)
                {
                    // Recreate a SignerInformation with the content using a CMSSignedDataParser

                    CmsSignedDataParser sp = new CmsSignedDataParser(new CmsTypedStream(detachedDocument.OpenStream()), _cmsSignedData.GetEncoded());
                    sp.GetSignedContent().Drain();
                    si = BCStaticHelpers.GetSigner(sp, signerInformation.SignerID);
                }
                else
                {
                    si = signerInformation;
                }
                ret = si.Verify(SigningCertificate);
                return(ret);
            }
            catch (CertificateExpiredException)
            {
                return(false);
            }
            catch (CmsException)
            {
                return(false);
            }
            catch (IOException)
            {
                return(false);
            }
        }
Exemple #27
0
 public byte[] GetDocumentBytes()
 {
     return(_signedData.GetEncoded());
 }
Exemple #28
0
        public virtual bool CheckIntegrity(Document detachedDocument)
        {
            //TODO jbonilla Verifier?
            //JcaSimpleSignerInfoVerifierBuilder verifier = new JcaSimpleSignerInfoVerifierBuilder
            //    ();
            try
            {
                bool ret             = false;
                SignerInformation si = null;
                if (detachedDocument != null)
                {
                    // Recreate a SignerInformation with the content using a CMSSignedDataParser
                    CmsSignedDataParser sp = new CmsSignedDataParser(new CmsTypedStream(detachedDocument
                                                                                        .OpenStream()), cmsSignedData.GetEncoded());
                    sp.GetSignedContent().Drain();
                    si = sp.GetSignerInfos().GetFirstSigner(signerInformation.SignerID);
                }
                else
                {
                    si = this.signerInformation;
                }
                //ret = si.Verify(verifier.Build(GetSigningCertificate()));
                ret = si.Verify(GetSigningCertificate());
                return(ret);
            }

            /*catch (OperatorCreationException)
             * {
             *      return false;
             * }*/
            catch (CmsException)
            {
                return(false);
            }
            catch (IOException)
            {
                return(false);
            }
        }
Exemple #29
0
 /// <summary>
 /// Gets the byte representation of the ETK.
 /// </summary>
 /// <returns>Binary form of the ETK</returns>
 public byte[] GetEncoded()
 {
     return(raw.GetEncoded());
 }