public void TestSha1WithRsaEncapsulatedSubjectKeyID() { MemoryStream bOut = new MemoryStream(); IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, CmsTestUtil.CreateSubjectKeyId(OrigCert.GetPublicKey()).GetKeyIdentifier(), CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage); Stream sigOut = gen.Open(bOut, true); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray()); sp.GetSignedContent().Drain(); VerifySignatures(sp); byte[] contentDigest = (byte[])gen.GetGeneratedDigests()[CmsSignedGenerator.DigestSha1]; ArrayList signers = new ArrayList(sp.GetSignerInfos().GetSigners()); AttributeTable table = ((SignerInformation)signers[0]).SignedAttributes; Asn1.Cms.Attribute hash = table[CmsAttributes.MessageDigest]; Assert.IsTrue(Arrays.AreEqual(contentDigest, ((Asn1OctetString)hash.AttrValues[0]).GetOctets())); // // try using existing signer // gen = new CmsSignedDataStreamGenerator(); gen.AddSigners(sp.GetSignerInfos()); // gen.AddCertificatesAndCRLs(sp.GetCertificatesAndCrls("Collection", "BC")); gen.AddCertificates(sp.GetCertificates("Collection")); bOut.SetLength(0); sigOut = gen.Open(bOut, true); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); CmsSignedData sd = new CmsSignedData(new CmsProcessableByteArray(testBytes), bOut.ToArray()); Assert.AreEqual(1, sd.GetSignerInfos().GetSigners().Count); VerifyEncodedData(bOut); }
public static Stream ReplaceCertificatesAndCrls(Stream original, IX509Store x509Certs, IX509Store x509Crls, IX509Store x509AttrCerts, Stream outStr) { CmsSignedDataStreamGenerator cmsSignedDataStreamGenerator = new CmsSignedDataStreamGenerator(); CmsSignedDataParser cmsSignedDataParser = new CmsSignedDataParser(original); cmsSignedDataStreamGenerator.AddDigests(cmsSignedDataParser.DigestOids); CmsTypedStream signedContent = cmsSignedDataParser.GetSignedContent(); bool flag = signedContent != null; Stream stream = cmsSignedDataStreamGenerator.Open(outStr, cmsSignedDataParser.SignedContentType.Id, flag); if (flag) { Streams.PipeAll(signedContent.ContentStream, stream); } if (x509AttrCerts != null) { cmsSignedDataStreamGenerator.AddAttributeCertificates(x509AttrCerts); } if (x509Certs != null) { cmsSignedDataStreamGenerator.AddCertificates(x509Certs); } if (x509Crls != null) { cmsSignedDataStreamGenerator.AddCrls(x509Crls); } cmsSignedDataStreamGenerator.AddSigners(cmsSignedDataParser.GetSignerInfos()); Platform.Dispose(stream); return(outStr); }
public void TestSha1WithRsa() { MemoryStream bOut = new MemoryStream(); IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert); IX509Store x509Crls = CmsTestUtil.MakeCrlStore(SignCrl, OrigCrl); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); gen.AddCrls(x509Crls); Stream sigOut = gen.Open(bOut); byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); CheckSigParseable(bOut.ToArray()); CmsSignedDataParser sp = new CmsSignedDataParser( new CmsTypedStream(new MemoryStream(testBytes, false)), bOut.ToArray()); sp.GetSignedContent().Drain(); // compute expected content digest byte[] hash = DigestUtilities.CalculateDigest("SHA1", testBytes); VerifySignatures(sp, hash); // // try using existing signer // gen = new CmsSignedDataStreamGenerator(); gen.AddSigners(sp.GetSignerInfos()); gen.AddCertificates(sp.GetCertificates("Collection")); gen.AddCrls(sp.GetCrls("Collection")); bOut.SetLength(0); sigOut = gen.Open(bOut, true); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); VerifyEncodedData(bOut); // // look for the CRLs // ArrayList col = new ArrayList(x509Crls.GetMatches(null)); Assert.AreEqual(2, col.Count); Assert.IsTrue(col.Contains(SignCrl)); Assert.IsTrue(col.Contains(OrigCrl)); }
IList <IDigitalSignature> GetDigitalSignatures(CmsSignedDataParser parser) { var certificates = parser.GetCertificates("Collection"); var signatures = new List <IDigitalSignature> (); var store = parser.GetSignerInfos(); foreach (SignerInformation signerInfo in store.GetSigners()) { var certificate = GetCertificate(certificates, signerInfo.SignerID); var signature = new SecureMimeDigitalSignature(signerInfo); Asn1EncodableVector vector = signerInfo.UnsignedAttributes.GetAll(CmsAttributes.SigningTime); foreach (Org.BouncyCastle.Asn1.Cms.Attribute attr in vector) { Time time = (Time)((DerSet)attr.AttrValues)[0]; signature.CreationDate = time.Date; break; } if (certificate != null) { signature.SignerCertificate = new SecureMimeDigitalCertificate(certificate); } // FIXME: verify the certificate chain with what we have in our local store // var chain = new X509Chain (); // chain.ChainPolicy.UrlRetrievalTimeout = OnlineCertificateRetrievalTimeout; // chain.ChainPolicy.RevocationMode = AllowOnlineCertificateRetrieval ? X509RevocationMode.Online : X509RevocationMode.Offline; // chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain; // //if (AllowSelfSignedCertificates) // // chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority; // chain.ChainPolicy.VerificationTime = DateTime.Now; // // if (!chain.Build (signerInfo.Certificate)) { // for (int i = 0; i < chain.ChainStatus.Length; i++) { // if (chain.ChainStatus[i].Status.HasFlag (X509ChainStatusFlags.Revoked)) { // signature.Errors |= DigitalSignatureError.CertificateRevoked; // signature.Status = DigitalSignatureStatus.Error; // } // // certificate.ChainStatus |= chain.ChainStatus[i].Status; // } // } signatures.Add(signature); } return(signatures); }
public void Test4_4() { byte[] data = GetRfc4134Data("4.4.bin"); byte[] counterSigCert = GetRfc4134Data("AliceRSASignByCarl.cer"); CmsSignedData signedData = new CmsSignedData(data); VerifySignatures(signedData, sha1); VerifySignerInfo4_4(GetFirstSignerInfo(signedData.GetSignerInfos()), counterSigCert); CmsSignedDataParser parser = new CmsSignedDataParser(data); VerifySignatures(parser); VerifySignerInfo4_4(GetFirstSignerInfo(parser.GetSignerInfos()), counterSigCert); }
public void Test4_4() { byte[] data = GetRfc4134Data("4.4.bin"); byte[] counterSigCert = GetRfc4134Data("AliceRSASignByCarl.cer"); CmsSignedData signedData = new CmsSignedData(data); VerifySignatures(signedData, sha1); VerifySignerInfo4_4(GetFirstSignerInfo(signedData.GetSignerInfos()), counterSigCert); CmsSignedDataParser parser = new CmsSignedDataParser(data); VerifySignatures(parser); VerifySignerInfo4_4(GetFirstSignerInfo(parser.GetSignerInfos()), counterSigCert); }
private void CheckSigParseable(byte[] sig) { CmsSignedDataParser sp = new CmsSignedDataParser(sig); sp.Version.ToString(); CmsTypedStream sc = sp.GetSignedContent(); if (sc != null) { sc.Drain(); } sp.GetAttributeCertificates("Collection"); sp.GetCertificates("Collection"); sp.GetCrls("Collection"); sp.GetSignerInfos(); sp.Close(); }
private SignerInformation ExtractSignerInfo(CmsSignedDataParser parser) { //Extract the signer info SignerInformationStore signerInfoStore = parser.GetSignerInfos(); if (signerInfoStore.Count != 1) { #if NETFRAMEWORK trace.TraceEvent(TraceEventType.Error, 0, "The message to complete does not contain a single signature"); #else logger.LogError("The message to complete does not contain a single signature"); #endif throw new InvalidMessageException("The message does not contain a single signature"); } return(signerInfoStore.GetSigners().Cast <SignerInformation>().First()); }
/// <summary> /// Imports certificates (as from a certs-only application/pkcs-mime part) /// from the specified stream. /// </summary> /// <param name="stream">The raw key data.</param> /// <exception cref="System.ArgumentNullException"> /// <paramref name="stream"/> is <c>null</c>. /// </exception> /// <exception cref="System.NotSupportedException"> /// Importing keys is not supported by this cryptography context. /// </exception> public override void Import(Stream stream) { if (stream == null) { throw new ArgumentNullException("stream"); } var parser = new CmsSignedDataParser(stream); var certs = parser.GetCertificates("Collection"); var store = parser.GetSignerInfos(); foreach (SignerInformation signerInfo in store.GetSigners()) { var matches = certs.GetMatches(signerInfo.SignerID); foreach (X509Certificate certificate in matches) { certificates.Add(certificate); } } }
public certificate Validate(byte[] data, byte[] signature) { using (var dataStream = new MemoryStream(data)) using (var signatureStream = new MemoryStream(signature)) { var cmsTypedStream = new CmsTypedStream(dataStream); var cmsSignedDataParser = new CmsSignedDataParser(cmsTypedStream, signatureStream); var store = cmsSignedDataParser.GetCertificates("Collection"); var signerInfos = cmsSignedDataParser.GetSignerInfos(); var signerInfo = signerInfos.GetSigners().OfType <SignerInformation>().First(); var certificate = store?.GetMatches(signerInfo?.SignerID) .OfType <X509Certificate>().FirstOrDefault(); if (certificate == null) { return(null); } Logger.Debug( CultureInfo.CurrentCulture, "Certificate found in signature {dn}", certificate.SubjectDN.ToString()); var now = DateTime.Now; if (now < certificate.NotBefore || now > certificate.NotAfter) { Logger.Info( CultureInfo.CurrentCulture, "The certificate is not valid right now as it is only valid between {startTime}-{endTime}", certificate.NotBefore, certificate.NotAfter); } return(new certificate { subject = certificate.SubjectDN.ToString(), certificate1 = certificate.GetEncoded() }); } }
public virtual bool CheckIntegrity(Document detachedDocument) { //TODO jbonilla Verifier? //JcaSimpleSignerInfoVerifierBuilder verifier = new JcaSimpleSignerInfoVerifierBuilder // (); try { bool ret = false; SignerInformation si = null; if (detachedDocument != null) { // Recreate a SignerInformation with the content using a CMSSignedDataParser CmsSignedDataParser sp = new CmsSignedDataParser(new CmsTypedStream(detachedDocument .OpenStream()), cmsSignedData.GetEncoded()); sp.GetSignedContent().Drain(); si = sp.GetSignerInfos().GetFirstSigner(signerInformation.SignerID); } else { si = this.signerInformation; } //ret = si.Verify(verifier.Build(GetSigningCertificate())); ret = si.Verify(GetSigningCertificate()); return(ret); } /*catch (OperatorCreationException) * { * return false; * }*/ catch (CmsException) { return(false); } catch (IOException) { return(false); } }
/// <summary> /// The method used to verify signature. /// </summary> /// <param name="sp"></param> /// <returns></returns> public static bool VerifySignatures(CmsSignedDataParser sp) { List <bool> result = new List <bool>(); IX509Store x509Certs = sp.GetCertificates("Collection"); SignerInformationStore signerInfos = sp.GetSignerInfos(); var signers = signerInfos.GetSigners(); foreach (SignerInformation signer in signers) { ICollection certCollection = x509Certs.GetMatches(signer.SignerID); foreach (Org.BouncyCastle.X509.X509Certificate cert in certCollection) { var isValid = signer.Verify(cert); if (!isValid) { throw new Exception("Certificate verification error, the signer could not be verified."); } result.Add(isValid); } } return(result.TrueForAll(m => m == true)); }
private void VerifySignatures(CmsSignedDataParser sp) { CmsTypedStream sc = sp.GetSignedContent(); if (sc != null) { sc.Drain(); } IX509Store x509Certs = sp.GetCertificates("Collection"); SignerInformationStore signers = sp.GetSignerInfos(); foreach (SignerInformation signer in signers.GetSigners()) { ICollection certCollection = x509Certs.GetMatches(signer.SignerID); IEnumerator certEnum = certCollection.GetEnumerator(); certEnum.MoveNext(); X509Certificate cert = (X509Certificate)certEnum.Current; VerifySigner(signer, cert); } }
public void TestSha1WithRsa() { IList certList = new ArrayList(); IList crlList = new ArrayList(); MemoryStream bOut = new MemoryStream(); certList.Add(OrigCert); certList.Add(SignCert); crlList.Add(SignCrl); crlList.Add(OrigCrl); IX509Store x509Certs = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(certList)); IX509Store x509Crls = X509StoreFactory.Create( "CRL/Collection", new X509CollectionStoreParameters(crlList)); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); gen.AddCrls(x509Crls); Stream sigOut = gen.Open(bOut); byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); CheckSigParseable(bOut.ToArray()); CmsSignedDataParser sp = new CmsSignedDataParser( new CmsTypedStream(new MemoryStream(testBytes, false)), bOut.ToArray()); sp.GetSignedContent().Drain(); // // compute expected content digest // IDigest md = DigestUtilities.GetDigest("SHA1"); md.BlockUpdate(testBytes, 0, testBytes.Length); byte[] hash = DigestUtilities.DoFinal(md); VerifySignatures(sp, hash); // // try using existing signer // gen = new CmsSignedDataStreamGenerator(); gen.AddSigners(sp.GetSignerInfos()); gen.AddCertificates(sp.GetCertificates("Collection")); gen.AddCrls(sp.GetCrls("Collection")); bOut.SetLength(0); sigOut = gen.Open(bOut, true); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); VerifyEncodedData(bOut); // // look for the CRLs // ArrayList col = new ArrayList(x509Crls.GetMatches(null)); Assert.AreEqual(2, col.Count); Assert.IsTrue(col.Contains(SignCrl)); Assert.IsTrue(col.Contains(OrigCrl)); }
private void VerifySignatures(CmsSignedDataParser sp) { CmsTypedStream sc = sp.GetSignedContent(); if (sc != null) { sc.Drain(); } IX509Store x509Certs = sp.GetCertificates("Collection"); SignerInformationStore signers = sp.GetSignerInfos(); foreach (SignerInformation signer in signers.GetSigners()) { ICollection certCollection = x509Certs.GetMatches(signer.SignerID); IEnumerator certEnum = certCollection.GetEnumerator(); certEnum.MoveNext(); X509Certificate cert = (X509Certificate)certEnum.Current; VerifySigner(signer, cert); } }
public static SignerInformation GetSigner(CmsSignedDataParser cms, SignerID id) => GetSignerInfoByEnumeration(cms.GetSignerInfos(), id) ?? GetSignerInfoByGetFirst(cms.GetSignerInfos(), id);